Quote:
Originally Posted by Raham
@Vam
its better to use atleast pattern matching for deobfuscating this routine.
for example : handler : 0x50,0x60,0x40,0x70,0x80 if run together it will for example
equal to MOV R32,R32
|
In principle, the intermediate code, about which you speak, explore the user does not need, it makes the intermediate code decompiler. Notice more attention to the analysis already decompiled code (log file) - with the right understanding of it is possible to manually restore source code of virtualization function nearly 100% of cases.