-
-
[转帖]IDA Pro Decompiler Basics Microcode and x86 Calling Conventions
-
发表于: 2021-1-27 11:29
-
IDA Pro Decompiler Basics Microcode and x86 Calling Conventions
Join us for a look under the hood at how IDA Pro optimizes their microcode (IL) to provide a clean decompiled view. We also reverse engineer a bug in calling convention identification for x86 can lead to cascading issues in the intermediate representation as it is optimized.
Automated Malware Unpacking
df1K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2#2L8Y4m8S2j5#2)9J5k6h3#2W2i4K6u0r3
Introduction to IDA's microcode
526K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2&6L8%4g2@1N6h3u0W2i4K6u0W2j5$3!0E0i4K6u0r3N6$3q4@1j5$3S2Q4x3@1k6$3i4K6y4p5g2q4)9J5k6q4W2C8K9q4)9J5k6g2)9J5k6g2)9J5k6g2)9J5y4X3&6T1M7%4m8Q4x3@1t1`.
__fastcall
31cK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6V1L8$3y4K6i4K6u0W2L8h3W2U0M7X3!0K6L8$3k6@1i4K6u0W2j5$3!0E0i4K6u0r3k6h3&6Q4x3X3c8#2M7#2)9J5c8X3y4H3M7q4)9J5c8W2)9J5k6g2)9J5k6g2)9J5k6b7`.`.
__thiscall
28bK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6V1L8$3y4K6i4K6u0W2L8h3W2U0M7X3!0K6L8$3k6@1i4K6u0W2j5$3!0E0i4K6u0r3k6h3&6Q4x3X3c8#2M7#2)9J5c8X3y4H3M7q4)9J5c8W2)9J5k6g2)9J5k6g2)9J5k6b7`.`.
How to force a call type
a84K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2Z5k6i4S2Q4x3X3c8J5j5i4W2K6i4K6u0W2j5$3!0E0i4K6u0r3M7s2u0G2k6s2g2U0N6s2y4Q4x3V1k6V1k6h3y4Q4x3X3g2Q4x3X3g2Q4x3X3f1`.
Lucid IDA Plugin View Microcode
6fdK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6Y4j5h3q4K6k6h3c8W2L8r3g2F1i4K6u0r3L8s2g2U0K9h3b7`.
Feedback, questions, and suggestions are always welcome : )
Sergei b9aK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6@1N6$3W2@1N6r3g2J5i4K6u0W2j5$3!0E0i4K6u0r3K9r3g2J5M7X3y4G2M7X3f1`.
Sean 292K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6@1N6$3W2@1N6r3g2J5i4K6u0W2j5$3!0E0i4K6u0r3M7$3g2S2L8X3#2%4
As always check out our tools, tutorials, and more content over at 231K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2G2M7r3g2F1j5h3&6S2L8s2W2K6K9i4y4Q4x3X3g2F1k6i4b7`.
317K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6%4N6%4N6Q4x3X3g2&6L8%4g2@1N6h3u0W2i4K6u0W2j5$3!0E0i4K6u0r3N6$3q4@1j5$3S2Q4x3@1k6$3i4K6y4p5g2o6m8@1k6r3Z5I4g2@1c8A6L8@1@1`.
|
|
|---|---|
