You are supposed to annotate what every part of the file is and how you want to ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		HelloNurse on March 29, 2023 \| parent \| context \| favorite \| on: NSA Ghidra software reverse engineering framework You are supposed to annotate what every part of the file is and how you want to display it. It's usually easy to distinguish reasonable assembler code from nonsense instructions interspersed with undecodable islands. Disassembling all sections just in case they contain code is a common conservative policy for disassemblers: even without malicious payload hiding tricks even definitely never executed sections could contain embedded executable code.

youngtaff on March 31, 2023 [–]

Thanks, I'll try that approach

It's been a while since I've looked at asm in anger so it's taking me a while to get back into it (plus this is a side project ATM)

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact