Detect code entries in the middle of functions

ergrelet / themida-spotter-bn

A Binary Ninja plugin to detect Themida, WinLicense and Code Virtualizer's obfuscated code locations.

GNU General Public License v3.0

61 stars 2 forks source link

Detect code entries in the middle of functions #1

Closed ergrelet closed 2 months ago

ergrelet commented 2 months ago

Currently, the plugin is only able to detect obfuscated code entries that appear at the beginning of a function. This works well when functions are obfuscated via MAP files.
But if functions are protected using macros, the plugin will potentially miss some code entries located in the middle of functions.