![]() You REALLY have to know what's going on with the hardware and the intentions of malware authors so you don't blindly accept what your tools are telling you. The telling part was that these conditionals had no other purpose other than to confuse IDA, so you could see the intent was malicious. ![]() The fact that the conditional was there confused IDA such that it miscalculated the stack usage for many of the functions in the binary and refused to designate them as procedures (which can be decompiled). ![]() ![]() Recently I had to manually patch code that was (in assembly) a conditional jump on conditions that at runtime were always true or always false, so the "conditional" part was a red herring. ![]()
0 Comments
Leave a Reply. |