|
|
|
|
#1
04-09-2005, 19:21
|
||||
|
||||
|
how will a polymorphic engine fail the disassembler?
the code will be different but doesnt it still consist of x86 instructions? 
|
|
#2
04-09-2005, 22:12
|
|||
|
|||
|
You should read the "Intel Architecture Software Developer's Manual, Volume 2: Instruction Set Reference".
(I personally think its written like crap but try it yourself) For a length-disassembler this should help you: http://vx.netlux.org/lib/vzo16.html Greetz, Cobi
|
|
#3
04-09-2005, 22:30
|
||||
|
||||
|
"how will a polymorphic engine fail the disassembler?"
A polymorphic engine, used in software protection, (polymorphism, in the meaning of object oriented languages, is a completely different thing) usually features code obfuscation. A "brainless" software disassembler will take the first companionate set of bytes as the instruction and miss many places in the log (you can try it in any debugger... take PeLock, as example, and perform single step tracing of decryption code - you will understand what I mean). "the code will be different but doesnt it still consist of x86 instructions?" This time it is not only about different code but obfuscation used in polymorph engines. These tricks will fool usual software disassembler. Last edited by dyn!o; 04-10-2005 at 01:43.
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Hex-rays PPC decompiler and bctr instruction | jonwil | General Discussion | 0 | 04-10-2021 20:17 |
| [idaref] IDA Pro Instruction Reference Plugin | sh3dow | Community Tools | 2 | 01-03-2015 19:03 |
| Strange Instruction CTS BE | thomasantony | General Discussion | 2 | 03-23-2005 04:41 |
Hybrid Mode
