On Wed, Oct 17, 2018 at 04:58 PM, Harvey White wrote:
You used which disassembler to do this?
Harvey,
I used IDA (Interactive DisAssembler created by Ilfak Guilfanov. There is a Wiki page), you can see the section of photos in this thread for the screen capture. it's a semi-automated disassembler. You see the bytevector in front of you at the beginning and you manupulate it by instructing it to convert the byte vector to code/data/table of immediate data or vectors. The tool then will try to start from this, go and disassemble the rest. When it's blocked again you go, explore, instruct comment and give the tool a go. So it's an itterative work. It has a long list of features for signature searching in code, text, etc. I use IDA from the end of 90s. It's by far the only tool to re-create the source quality disassembly.
