Reverse Engineering: Structs and Nodes in Bomb6.exe

Sourceopensecuritytraining.info


  • Coloring can help to clarify
    • Be consistent in your coloring methodology
  • Collapse and Analyze algorithm:
    1. Find bold line (that’s the loop)
    2. Start at bold line’s arrow head and follow it backwards
      • If encounter another bold line’s arrow head, collapse that inner loop first
    3. Collapse loop
    4. After all loops have been collapsed, analyze starting at the beginning of the function
      • Pseudo-code it
      • Re-collapse
      • Next
  • Use script (e.g. IDC) to define large structures
auto struct_id, member_id;
struct_id = AddStrucEx(
1, //index
'MyStruct', //name
0 // is_union
);
member_id = AddStrucMember(
struct_id, // long id
'my_member', // string name
0x220, // long offset
FF_DWRD, // long flag
-1, // long typeid
4 // long nbytes
);

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s