OSPFv3
Reputation: 43
How can i Lifting x86_64 assembly code to LLVM-IR?
I'm researching of virus and I'm faced with the task of deobfuscating its virtual machine. I chose to do this through LLVM and I had a question, where can I see a simple example of lifting instructions to the LLVM-IR level? For example, where can I look at code that just translate one pop rsp instruction to LLVM-IR? Since I didn't find anything like that.
Maybe someone has articles where this is described or can someone suggest with an example?
Upvotes: 2
Views: 1701
Answers (1)
西风逍遥游
Reputation: 94
Here is a list of similar tools you could try:
- MeSema relies on IDA Pro to disassemble a binary file and produce a control flow graph. Then it can convert the control flow graph into LLVM IR.
- llvm-mctoll is easy to use, but SIMD instructions such as SSE, AVX, and Neon cannot be raised.
- retdec is a retargetable machine-code decompiler
- reopt is a general purpose decompilation and recompilation tool, support x86-64 Linux programs.
Upvotes: 2
Related Questions
- ASP.Net Core makes too many cookies for my app to handle
- Asp.net core cookie authentication too many requests
- Asp.Net Core 3.1 Cookie Authentication loop to login page
- Cookies and ASP.NET Core
- .NET Core 2.2 Shared Cookie causes Bad Request error when logging in
- Avoid session cookies in Asp.NET Core 2.2 + IdentityServer
- Asp.Net Core 2.1 Request exlusing client side cookies
- ASP.NET Core MVC Session Auth cookies
- Cookies in ASP.NET Core rc2
- ASP.NET 5 Session doesn't last?