Building Custom Disassemblers presented at Blackhat Europe 2011

by Felix ( FX ) Lindner (Recurity Labs),

Tags: Security

Summary : The Reverse Engineer occasionally faces situations where even his most advanced commercial tools do not support the instruction set of an arcane CPU. To overcome this situation, one can develop the missing disassembler. This talk is meant to be a tutorial on how to approach the task, what to focus on first and what surprises one may be in for. The primary focus will be on the transformation of byte code back into mnemonic representation where only the reverse transformation is available (i.e. you have the respective assembler). It also covers how to integrate your new disassembler into your reverse engineering tool chain. This tutorial talk will give:
* An introduction to the problem
* How to obtain byte code
* Recognizing basic properties of the byte code
* Finding Addressing Modes
* Implementing a IDA Pro processor module
* Reading code you are not supposed to