📚 OpenRCE is preserved as a read-only archive. Launched at RECon Montreal in 2005. Registration and posting are disabled.





About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New


Customize Theme

Flag: Tornado! Hurricane!

 Forums >>  Brainstorms - General  >>  Methods for Analysing 1MB of Disassembled Code

Topic created on: October 6, 2006 04:20 CDT by Nishanth .

I have over 1 MB of disassembled code from Renesas controller, can anyone suggest techniques for analysing such large quantities of code. The code has to be manually analyzed.

  ryanlrussell     October 6, 2006 11:41.23 CDT
What is the purpose of analyzing the code?  Are you looking for vulnerabilities, trying to replicate functionality, looking for code theft, what?

  Nishanth     October 8, 2006 23:59.48 CDT
Hi Ryan,
        I want to analyse the code to study the working and replicate the functionality

  ryanlrussell     October 14, 2006 20:57.05 CDT
Very good, you've got the hardest of the RE tasks I asked about :)

So, you'll probably want to do some really good static analysis.  Seems like the vast majority of the people who do that use IDA Pro.  

You'll have to figure out some logistical things, such as what language to re-implement in.  You might consider figuring out a way to patch the existing binary to call parts of your new code as you go, so you've got a way to test things before you're at 100% replicated.  That's assuming you're trying to do something like source-code recovery.

Or it could be slightly worse, which is you're copying functionality of what will be a competing program, in which case you'll have to separate analysis and reimplementation for legal reasons.  Make sure you've got a good lawyer for that bit.

Anything else you can share, even hypothetically, to narrow down what kind of work you need to do?

For example, one could be trying to "replicate the functionality of iTunes".  It may turn out that they only mean the decryption piece, which is a (relatively) tiny portion of the 30+MB of iTunes executable and DLLs.

Note: Registration is required to post to the forums.

There are 31,328 total registered users.


Recently Created Topics
[help] Unpacking VMP...
Mar/12
Reverse Engineering ...
Jul/06
let 'IDAPython' impo...
Sep/24
set 'IDAPython' as t...
Sep/24
GuessType return une...
Sep/20
About retrieving the...
Sep/07
How to find specific...
Aug/15
How to get data depe...
Jul/07
Identify RVA data in...
May/06
Question about memor...
Dec/12


Recent Forum Posts
Finding the procedur...
rolEYder
Question about debbu...
rolEYder
Identify RVA data in...
sohlow
let 'IDAPython' impo...
sohlow
How to find specific...
hackgreti
Problem with ollydbg
sh3dow
How can I write olly...
sh3dow
New LoadMAP plugin v...
mefisto...
Intel pin in loaded ...
djnemo
OOP_RE tool available?
Bl4ckm4n


Recent Blog Entries
halsten
Mar/14
Breaking IonCUBE VM
oleavr
Oct/24
Anatomy of a code tracer
hasherezade
Sep/24
IAT Patcher - new tool for ...
oleavr
Aug/27
CryptoShark: code tracer ba...
oleavr
Jun/25
Build a debugger in 5 minutes
More ...


Recent Blog Comments
nieo on:
Mar/22
IAT Patcher - new tool for ...
djnemo on:
Nov/17
Kernel debugger vs user mod...
acel on:
Nov/14
Kernel debugger vs user mod...
pedram on:
Dec/21
frida.github.io: scriptable...
capadleman on:
Jun/19
Using NtCreateThreadEx for ...
More ...


Imagery
SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit