Some samples are using call instruction instead of push to mix code/data in one section. This approach confuses IDA and makes static analysis less pleasant.
MazeTracer can account for each call and ret. By analyzing those sequences, the problematic calls could be filtered and latter fixed in IDA with MazeUI.
Some samples are using
callinstruction instead ofpushto mix code/data in one section. This approach confuses IDA and makes static analysis less pleasant.MazeTracer can account for each
callandret. By analyzing those sequences, the problematiccalls could be filtered and latter fixed in IDA with MazeUI.