all InfoSec news
Igor’s Tip of the Week #143: Fixing wrong address references in the decompiler
Malware Analysis, News and Indicators - Latest topics malware.news
When decompiling code without high-level metadata (especially firmware), you may observe strange-looking address expressions which do not seem to make sense.
What are these and how to fix/improve the pseudocode?
Because on the CPU level there is no difference between an address and a simple number, distinguishing addresses and plain numbers is a difficult task which is not solvable in general case without actually executing the code. IDA uses some heuristics to try and detect when a number looks …
address code cpu decompiler decompiling firmware fix high malware analysis may metadata pseudocode simple