|
"how will a polymorphic engine fail the disassembler?"
A polymorphic engine, used in software protection, (polymorphism, in the meaning of object oriented languages, is a completely different thing) usually features code obfuscation. A "brainless" software disassembler will take the first companionate set of bytes as the instruction and miss many places in the log (you can try it in any debugger... take PeLock, as example, and perform single step tracing of decryption code - you will understand what I mean).
"the code will be different but doesnt it still consist of x86 instructions?"
This time it is not only about different code but obfuscation used in polymorph engines. These tricks will fool usual software disassembler.
Last edited by dyn!o; 04-10-2005 at 01:43.
|