The Long Journey to a Multi-Architecture Disassembler

Explore the intricacies of developing a multi-architecture disassembler in this 47-minute conference talk from NorthSec 2019. Join Joan Calvet, a developer and reverse-engineer working on the JEB decompiler, as he shares insights from his journey in creating a versatile disassembler. Delve into topics such as intuitive strategies, non-returning calls and APIs, type libraries, basic block visual definitions and skeletons, branch delay slots, and the challenges of distinguishing code from data. Learn about instruction sets, the importance of comprehensive code analysis, and techniques for identifying library routines. Gain valuable knowledge applicable to reverse engineering and malware analysis from Calvet's experience at ESET and his presentations at renowned conferences like REcon, Hack.lu, and Virus Bulletin.

Introduction
Disassembler
Agenda
Toy Example
Intuitive Strategy
Instructions
NonReturning Calls
NonReturning APIs
Type Libraries
Basic Block Visual Definition
Basic Block Skeletons
Branch Delay Slot
JAB
Code vs Data
Instruction Set
All code matters
Identifying library routines
Conclusion