Self-made Disassembly reverse analysis tool Iteration Fifth version (i)

This version adds several features that are written separately.

This article is about a feature that shows the relationship of a selected conditional directive to another conditional branch.

Their relationship is shown in the first edition branch pattern distribution, and the second edition of the Assembly code counterpart.

Red indicates the target being selected

Blue indicates the execution position of the instruction being selected, possibly because the condition jumps in and jumps directly into the selected conditional branch (, ignoring the condition).

Green is indicated in the selected conditional branch, because other conditions jump to the code that leaves the current branch directly.

Purple indicates that within the selected conditional branch, the branch is unconditionally jumped and the code that leaves the current branch is immediately removed.

Light purple means that within the selected conditional branch, the unconditional jump branch is still within the current branch code.

Light Gray indicates that the relationship with the selected conditional branch is, contains, or is included, and is tied, and the relationship with the selected conditional directive is relatively simple and does not give a highlight warning.

It can be used in the process of reverse analysis, positioning in the scope of attention to detailed analysis.

You can also step forward to see the relationship changes, such as the following 4 cards:

In the process of reverse analysis, a branch structure model can be selected to further apply the analysis according to the relation pattern of jump.

The simplest is to include the relationship, (and no blue line, Green Line, purple appearance), you can apply the pattern:

if (!) {    if (!) {        // ...    }}

And equally simple is the juxtaposition relationship (and no blue line, Green Line, Purple appears, but does not contain each other and is included), can be applied to the pattern:

if (!) {}if (!) {}// ...

If you have other colors, you need to analyze them and apply some kind of branching structure to reverse the situation.

This feature is introduced here and is the basic starting point of this tool.

The branch structure is like the organization of the function machine code, if the branch structure (organization structure) is not clear to reverse the analysis of a piece of disassembly code, such as the loss of partition organization information partition data.

Self-made Disassembly reverse analysis tool Iteration Fifth version (i)