Reverse Engineering: Structs and Nodes in Bomb6.exe

Coloring can help to clarify
- Be consistent in your coloring methodology
Collapse and Analyze algorithm:

Find bold line (that’s the loop)
Start at bold line’s arrow head and follow it backwards
- If encounter another bold line’s arrow head, collapse that inner loop first
Collapse loop
After all loops have been collapsed, analyze starting at the beginning of the function

Pseudo-code it
Re-collapse
Next

Use script (e.g. IDC) to define large structures

auto struct_id, member_id;
struct_id = AddStrucEx(
    1,           //index
    'MyStruct',  //name
    0            // is_union
);
member_id = AddStrucMember(
    struct_id,   // long id
    'my_member', // string name
    0x220,       // long offset
    FF_DWRD,     // long flag
    -1,          // long typeid
    4            // long nbytes
);

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

%d bloggers like this:

	Peter Kruse on Let’s Learn: In-Depth on…
	mark Johnson on Malware Traffic Internals: Bla…
	Passion on Let’s Learn: In-Depth Re…
	Unknown on Programming Challenge in …
	Hung-Ting on Installing Cuckoo Sandbox on M…

	Peter Kruse on Let’s Learn: In-Depth on…
	mark Johnson on Malware Traffic Internals: Bla…
	Passion on Let’s Learn: In-Depth Re…
	Unknown on Programming Challenge in …
	Hung-Ting on Installing Cuckoo Sandbox on M…

	Peter Kruse on Let’s Learn: In-Depth on…
	mark Johnson on Malware Traffic Internals: Bla…
	Passion on Let’s Learn: In-Depth Re…
	Unknown on Programming Challenge in …
	Hung-Ting on Installing Cuckoo Sandbox on M…

Share this:

Like this:

Related

Leave a Reply Cancel reply