|
|
|
|
|
|
by 3eed
2190 days ago
|
|
|
All these are great programs, but none of them can understand that level of obfuscation so far. As stated in the post, both Ghidra and IDA interpret the very first block in any of the obfuscated functions, which ends with an indirect branch, as a complete function in and of its own. Because this is the usual case, indirect branches AKA tail calls terminate a function to start another, all with the same stack frame. EDIT: also keep in mind the CFG isn't flattened here. |
|
|