You know how IDA can show all the code in a flow-chart? Well this is really useful because you have a way to get your head around what the code is doing, and where it's going.

But... it would be better if you could click stuff on the flow charts, and set BPs...etc

So what I propose is to do away with the flat 'deadlist' display of the disassembly, and to make the whole thing based off a flow-chart. If the flow-chart was fully interactive, and it displayed all the addresses...etc, then you wouldn't need the traditional flat 'deadlisting' of the code.

So just integrate all functionality into the flow-chart, and you will have the ultimate disassembler.

until you see anti-flowchart tricks being used. Obfuscation must be pretty good on that already, but I can imagine what it would be like when pushed to the extreme.

The flowchart is a nice util, particularly for finding High level language code patterns, but by no means a complete solution by itself.

I don't get it.

Why aren't flow-charts 'perfect'?

Simply because you can fill code with useless code which is never executed BUT which is parsed by the flow-charter, making the flow-chart enormous and useless. You shold FIRST unobfuscate source code, and then use flowcharts.

I seriously have never gotten benefit from reading a flowchart..they are just too big to make sense of in most modern software..

Or maybe i just need to use it more

-nt20

Well, flow-charts are a great way for n00bs to get their heads around the concepts.

It doesn't matter that the charts are 'huge' ... fine let them be huge, they are still easy to navigate. If they were also interactive then they would be even easier to navigate.

slightly O-T

I strongly believe that you should go through the pain of properly learning things if you want to be good at it.

There are some things that you can't avoid if you want to reverse-engineer. Let's just say that knowing assembly is a strong requirement

Reverse-engineering is complex and newbies often find that they have too much to learn to do XYZ, and try to cut corners. They ask questions without searching, they don't read documentation, ...

I see flow charts as a great tool to figure out complex branching patterns. You could easily do your analysis without them, but I don't think a proper analysis can be done exclusively with them.

The way I see it, instead of hunting for "jz or jnz", your average flowchart newbie will be looking for the proper branch pattern. He might get discouraged when he sees that if he printed his serial check proc flowchart, it would fill an entire room whereas a regular dissassembly would be 15 pages.
(Note: I tried the IDA flowchart thing.. printed it on 6*5 pages, it's barely readable.. the disassembly is 10 pages)

Why would you print it out? lol

I don't see how using flow-charts limits you. Example?

Also, your opinion is based on IDA's flow chart, which is pretty basic, and is not what I am proposing.

Yes, using flow-charts takes away the '1337' factor of swimming through code, but so what?

Aquatic:

You are very passionate about your idea, obviously, and that is commendable. I think it has quite a bit of potential.
I doubt anybody but you would develop it, so it is up to you to take it to fruition. . .

Let us start from the beginging: What would be your starting material? a linear disassemble produced by IDA? my gut feeling is that it would deflate the very spirit of what you are trying to construct, so an IDA like, run through all the possible branching points kind of analysis would be more productive.

And what would be the product?
An interactive, flow schematics of the code in two dimensions, in which every branching point is connected and followed. It has to be reproducible, thorough and systematic.


Ambitious but not impossible. Should you talk to Ilfak???

I was thinking of making the flow-chart a transparent 3D sphere that you can fly around in.

The code would start at the north pole, and then branch down.

When a BP is hit, then you can see that box glow yellow, and then you can fly up to it.

You are missing the point I am trying to make. All these tools sound very nice, but it doesn't take away the fact that you still have to learn the basics - otherwise you won't understand the information that is presented to you.

I find the flowchart limits me the same way I find that windows limits me when I need to go through half a dozen sub-menus to do what I want. Not to mention that any simple obfuscation targeted at your tool will destroy it, which brings us back to the current utils we have, minus the huge investment.

I don't want to take away your dreams, and take no offense in the following comment, but you have posted a few things about the ultimate disassembler, the ultimate live debugger, amazing computers ... are you living in wonderland


Have you seen swordfish?
http://www.woodmann.net/forum/showthread.php?t=5931&p=37223

Do you want a 3D game or a tool to get real work done?

Well, I'm just having fun.

One day this could be real.

I don't mean physically fly around. I mean with your mouse, lol.

Aquatic, I support your imagination! Being creative never hurts I myself have had some ideas on tools that would be more powerful, all it takes is some time and some initiative and perhaps I will get around to trying out a few ideas as well.

-nt20

And when you get an exception you lose one life, luckily, you can get extra lives by rescuing the princesses from the code caves by nulling out the evil random bytes that surround them. When you finally make the last patch needed to complete the crack, you win (and if you do it by clicking the special combo of Softice hotkeys fast enough, you perform a special killer move, and a keygen is automatically generated for you as a bonus), and then you get a 30 minute long 3D ending scene, sometimes even with famous actors in it. But if you fall asleep or give up before making the crack, and instead post a crack request on the RCE board or start dreaming about four-dimensional flow charts that will crack any application before it is even downloaded to your computer, it's game over, and the last thing you see on the screen before your harddisk is formatted is an animation of Alexey running away with all the princesses, and Chad unleashing his evil army of nanomites upon the defenseless glowing flowchart box population, who can do nothing but knock themselves silly flying into the walls of the transparent spheres while trying to escape in wild panic.


Sorry, couldn't help myself. Keep up the dreaming, it might just result in something good one day.

My 0.02. Compuware/Numega DevPartner has similar-ish functionality to this in it's debugging system. It presents COM object ref counts as a graph, which you can click on to jump to the call that inc/dec'd the refcount. It also shows function coverage and calls in a design similar-but-different to a flow chart. Only works for C++ & MSVC AFAIK.

There's also a product called "Understand", they do Delphi, Java, C# and C++ versions, doubt they do an asm one. It is meant to present source code in a relative & easy to understand manner. Never used it, been told it's good.

All these products are great when it's your code that you're analyzing. When it's reversed code, they don't really cut it that much (although it can be helpful to see a visual pattern of some code, such as lots of jumps etc).

And to really take the P. Diddy, there is a guy who rewrote parts of Doom so that he could manage his systems with it. Yep, really. All the demons have processes numbers, kill the demon you kill the process. Doors open apps, etc. Pretty funny. http://www.cs.unm.edu/~dlchao/flake/doom/