View Full Version : Hex-Rays against Aurora

Hex Blog
January 20th, 2010, 08:19
As everyone knows, Google and some other companies were under a targeted attack a few days ago. A vulnerability in the Internet Explorer was used to penetrate the computers.

An IDA user very kindly sent us the following link


As it is visible from the screenshots, the code is somewhat nasty to analysis, because it consists of very short blocks like this:


Even displayed in the graph mode, the output is still lengthy and messy:


We were pleasantly surprised to see how the decompiler handles this code:


I renamed some variables and specified their types, but even without this, the output was very readable.

Just one more example. Virtually all functions are obfuscated with this quite simple technique:


Yet the decompiler output is pleasing to the eye:


I'm very impressed by the results

We are currently completing support for intrinsic functions in the decompiler (it turned out that there are literally hundreds and hundreds of them). Also, SEE based scalar floating point computations will be mapped to high level constructs. It will probably take a few more weeks before the code stabilizes, it won't be long. Thanks for being patient


January 21st, 2010, 00:45
hi Hex Blog,can you shared the samples? thx

January 21st, 2010, 06:02
[Originally Posted by frozenrain;84837]hi Hex Blog,can you shared the samples? thx

Could it be that the more mankind develops, the less brain is needed by individuals?

January 21st, 2010, 14:35
Well... he forgot the 'b' in his nick after frozen I gues...

But then again people like me living in glass houses should not throw stones.... wot?

Have Phun

January 21st, 2010, 15:02
[Originally Posted by Aimless;84851]
But then again people like me living in glass houses should not throw stones...

Uuuuuhmmm, I think that goes for me, too , but I couldn't resist when I read frozenrain's post.

January 21st, 2010, 16:17
Certainly one would have thought that the "Imported blog" linsting would have been a "clue"!