Reversing : The Hacker's Guide to Reverse Engineering

As presented here, this function is pretty much impossible to decipher—it’s very difficult to differentiate between the differen ...

because these make it much easier to reverse programs. The same problem holds true for .NET executables as well: no matter how w ...

Precompiled Assemblies If you’re willing to sacrifice portability, precompiling your .NET assemblies is undoubtedly the best way ...

This goes back to the same problem I discussed over and over again in Part III of this book. Encryption algorithms, no matter ho ...

make sure that code is properly obfuscated. Otherwise, it will be exceedingly easy to recover an accurate approximation of your ...

...

457 This chapter differs from the rest of this book in the sense that it does not dis- cuss any practical reversing techniques, ...

language specifications. From this high-level representation, the compiler gen- erates an intermediate representation of the sou ...

Additionally, the decompiled output might be structured somewhat differ- ently from the original source code because of compiler ...

Generally speaking, intermediate representations consist of tiny instruction sets, as opposed to the huge instruction sets of so ...

Expressions and Expression Trees One of the primary differences between assembly language (regardless of the specific platform) ...

The idea with this kind of tree is that it is an elegant structured representa- tion of a sequence of arithmetic instructions. E ...

The Front End Decompiler front ends perform the opposite function of compiler back ends. Compiler back ends take a compiler’s in ...

couldn’t directly update the EFLAGSregister (nowadays this is easy, because the two units are implemented on a single chip). Thi ...

can either flow into the BB representing the branch target address or into the BB that contains the code immediately following t ...

The control flow graph in Figure 13.3 is quite primitive. It is essentially a graphical representation of the low-level control ...

locations. The resulting information from this type of analysis can be used for a number of different things in the decompilatio ...

One prominent feature of SSA is its support of φ-functions (pronounced “fy functions”). φ-functions are positions in the code wh ...

idiv ecx mov edx, DWORD PTR _x$[esp+28] lea eax, DWORD PTR [eax+edx*2] In this code sequence each value is first loaded into a r ...

represent actual local variables that were defined in the original program. Elim- inating them might reduce program readability. ...