ba4f00da

REPLY:  08f5b048

PID: SoupGate-Win32 v1.05
XPost: alt.folklore.computers

gareth evans  wrote:
> On 04/01/2021 22:50, Dan Espen wrote:
>> Pancho  writes:
>>
>>> Most compilers leave fingerprints on executables you don't need an AI
>>> to detect them. I remember decompiling in the early 80's but complex
>>> modern code can often be a challenge to naively reverse engineer a
>>> high level understanding from even if you do have source code. Take
>>> away sensible variable and function names and you are stuffed.
>>
>> I've had more than one experience in putting those meaningful variable
>> names right back.  It's actually pretty easy, a somewhat rote process.
>> Find the read input instruction.  Since you know the layout of the input
>> record, you now have labels to many of the references to that input
>> area.
>>
>> I think you can work out how to proceed.
>
> ISTR that my attack on the executable started by seeking out lines
> of code that might be subroutine calls, "JSR PC, address" in the
> PDP11 code. This served to create a number of identifiable and
> separate blocks from which to proceed.
>
> Of course, this was much easier as it was a stand-alone paper
> tape program with no operating system underneath to muddy the
> water.
>

Most architectures seem to be simpler than x86 with its mix of random
instruction lengths. Start at almost any byte and a disassembler would
probably be able to find a run of “instructions” that don’t make any
sense
when examined by a human. Disassemblers I have worked with allow for human
input to mark constants, for example, and allow them to be skipped.

--
Pete

--- SoupGate-Win32 v1.05