all InfoSec news
Igor’s Tip of the Week #164: Where’s my code? The case of missing function arguments
Malware Analysis, News and Indicators - Latest topics malware.news
Let’s consider this snippet from decompilation of an x86 Windows binary:
The same function is called twice with the same argument and the last one doesn’t seem to use the result of the GetComputerNameExW
call.
By switching to disassembly, we can see that eax
is initialized before each call with a string address:
However the decompiler does not consider it, because on x86 the stack is the usual way of passing arguments and eax
is most commonly just a temporary …
argument binary call called case code disassembly function malware analysis missing result week windows x86