Comment by sedatk
12 hours ago
They're not encoded, but the code blocks are shuffled. That's why disassembly does look straightforward, but it used to thwart BinDiff at the time.
12 hours ago
They're not encoded, but the code blocks are shuffled. That's why disassembly does look straightforward, but it used to thwart BinDiff at the time.
That sounds a lot like US9116712, but I don't think its ever been publicly said that Windows does this.
If I understand correctly, that is just randomness comes from parallel compiling and linking.
If you saying there is a whole step just scrambling blobs, i will be very surprised.
What made you believe this is the case? any examples/links/etc.?
It was a part of our Windows build process when I was at Microsoft. I only assumed that they would keep doing it, but they might have as well dropped the practice.
I don't see how that can be useful when Microsoft publishes debug symbols for almost everything.