all InfoSec news
Igor’s Tip of the Week #155: Splitting stack variables in the decompiler
Malware Analysis, News and Indicators - Latest topics malware.news
We’ve covered splitting expressions before, but there may be situations where it can’t be used.
For example, consider following situation:
The decompiler decided that the function returns a 64-bit integer and allocated a 64-bit stack varible for it. For example, the code may be manipulating a register pair commonly used for 64-bit variables (eax:edx
) which triggers the heirustics for recovering 64-bit calculations. However, here it seems to be a false positive: we can see separate accesses to the …
64-bit code decompiler function integer malware analysis may register stack week