Open rfalke opened 4 years ago
Background: https://reverseengineering.stackexchange.com/questions/1531/what-is-overlapping-instructions-obfuscation
Subject: https://github.com/rfalke/decompiler-subjects/blob/master/from_holdec/overlapping_instructions/ia32_elf/subject.exe
In this subject the method add_one() is the most basic case. But reko detects wrongly void as return type.
add_one()
Another method is return_constant() which reko decompiles as:
return_constant()
void return_constant() { while (true) ; }
but should be a simple ...{ return -1163082564;} or ... {return 0xbaacc4bc;}.
...{ return -1163082564;}
... {return 0xbaacc4bc;}
Still relevant in 0.11.4.0-931ca7d.
rfalke
commented
1 year ago rfalke
commented
1 year ago
Background: https://reverseengineering.stackexchange.com/questions/1531/what-is-overlapping-instructions-obfuscation
Subject: https://github.com/rfalke/decompiler-subjects/blob/master/from_holdec/overlapping_instructions/ia32_elf/subject.exe
In this subject the method
add_one()is the most basic case. But reko detects wrongly void as return type.Another method is
return_constant()which reko decompiles as:but should be a simple
...{ return -1163082564;}or... {return 0xbaacc4bc;}.