Blog Comments

  1. deroko's Avatar
    Hi Pyrae,

    hook of kiuserexceptiondispatcher will solve that problem with wrong access
    I'm still wondering how cpuid checks will deal with hw virtualisation anyhow it's not problem to keep vm context updated in static trace, only have to edit code a lille bit to handle context in decompiler code.
  2. Pyrae's Avatar
    Hi deroko,
    thanks for sharing your thoughts on this one.
    Though i'm kind of a fundamentalist as far as code reconstruction is concerend (i.e. I don't consider anything less than the best possible reconstruction of native code "ownage"), your approach is certainly a lot more advanced than the usual dump-it-all-and-fix-it one you mentioned.
    I'm sure you are aware though that for this 'dynamic decompiling' method to give perfect results quite some extra care (like e.g. preventing execution of the actual opcode operation/handling possible crash conditions, detecting and handling conditional branches etc.) must be taken.
    Defining the term 'ownage' is kinda boring as after all the methods (mixture of static and dynamic components of the approach) depend on the reverser's goals and personal taste.
    I can say however, that trying to achieve best possible VM-to-x86 conversion using more static methods is a very intriguing task as well, e.g. working out algos to reduce the complexity introduced by the larger register set of most VMs.
    Another interesting - yet not so 'leet' - approach could be to actively(!) relocate the stuff bloating up the images of the 'idiot's approach', effectively giving marginally larger resulting binaries.

    P.S. Seems like you created some really sexy target, yates. Just have a look at the blogs in here...
    Updated October 16th, 2007 at 21:56 by Pyrae