top | item 17990542

(no title)

bowyakka | 7 years ago

So while I am sure the author checked this, it bears mentioning that disassembling CISC is more of a black art than RISC. You can feed any binary file into a disassembler and get x86 code out, even if that code is invalid.

For example here is a "program" except it's really a meme gif off my phone. https://imgur.com/gallery/hoDKeC9

discuss

monocasa|7 years ago

Yeah, but it's really clear that his stuff is real x86. lgdt followed by setting up all the data segment registers followed by a long jump to the code segment is about as x86 as you can get.

umanwizard|7 years ago

Are you experienced with reading x86 assembly?

It's crystal clear that the gif from your phone is gibberish (or extremely obfuscated), whereas the code from the article is normal-looking.

bowyakka|7 years ago

I am, I am not faulting the original author just pointing out you can get disassemblers to come up with x86.

From the comment right under the picture I took

> yeah, pretty typical function prolog, what's the question ?

Except we know it is not.

I am more saying to people be careful pushing any old binary blob through capstone without considering what it might produce, I get this at $DAYJOB where people disassemble VAX from things that are just data.