3.18 C++
IDAwill show references only todummy_data1anddummy_data2, but not to the text strings.
Global variables and even functions may be accessed like that.
3.17.3 Virtual machine / pseudo-code.
A programmer can construct his/her ownPLorISAand interpreter for it.
(Like the pre-5.0 Visual Basic, .NET or Java machines). The reverse engineer will have to spend some time
to understand the meaning and details of all of theISA’s instructions.
He/she will also have to write a disassembler/decompiler of some sort.
3.17.4 Other things to mention
Myown(yetweak)attempttopatchtheTinyCcompilertoproduceobfuscatedcode:http://go.yurichev.
com/17220.
Using theMOVinstruction for really complicated things: [Stephen Dolan,mov is Turing-complete, (2013)]
(^22).
3.17.5 Exercise
3.18 C++
3.18.1 Classes
A simple example
Internally, the representation of C++ classes is almost the same as the structures.
Let’s try an example with two variables, two constructors and one method:
#include <stdio.h>
class c
{
private:
int v1;
int v2;
public:
c() // default ctor
{
v1=667;
v2=999;
};
c(int a, int b) // ctor
{
v1=a;
v2=b;
};void dump()
{
printf ("%d; %d\n", v1, v2);
};
};
(^22) Also available ashttp://www.cl.cam.ac.uk/~sd601/papers/mov.pdf