Comment by dataflow

11 hours ago

Sounds dubious, do you have a citation? The disassembly looks very straightforward for a lot of Windows code.

4 comments

dataflow

Reply
sedatk  10 hours ago

They're not encoded, but the code blocks are shuffled. That's why disassembly does look straightforward, but it used to thwart BinDiff at the time.

  • j16sdiz  7 hours ago

    If I understand correctly, that is just randomness comes from parallel compiling and linking.

    If you saying there is a whole step just scrambling blobs, i will be very surprised.

  • dataflow  9 hours ago

    What made you believe this is the case? any examples/links/etc.?

    • sedatk  9 hours ago

      It was a part of our Windows build process when I was at Microsoft. I only assumed that they would keep doing it, but they might have as well dropped the practice.