CHAPTER 63. OTHER THINGS CHAPTER 63. OTHER THINGS

Chapter 63

Other things

63.1 General idea.

A reverse engineer should try to be in programmer’s shoes as often as possible. To take his/her viewpoint and ask himself,
how would one solve some task the specific case.

63.2 C++

RTTI(51.1.5 on page 536)-data may be also useful for C++ class identification.

63.3 Some binary file patterns

Sometimes, we can clearly spot an array of 16/32/64-bit values visually, in hex editor. Here is an example of very typical
MIPS code. As we may remember, every MIPS (and also ARM in ARM mode or ARM64) instruction has size of 32 bits (or 4
bytes), so such code is array of 32-bit values. By looking at this screenshot, we may see some kind of pattern. Vertical red
lines are added for clarity: