ARTEAM EZINE ISSUE IV
In this example, the function end was set to a correct address, but IDA split the chunk into two pieces. This is because the function sub_804C3D0 is marked as ‘doesn’t return. This could be fixed by unchecking the ‘function doesn’t return’ checkbox in the function properties dialogbox.
IDA analyzes the function as ‘does not return’ because it contains an _exit() function. After unchecking the option, the chunk will now be in one piece now. Okay, before this tutorial turns into a ‘How to use IDA’ tutorial, I’ll stop talking about IDA and start focusing on the binary itself. Understanding everything explained so far, and with a decent knowledge of using IDA, you will be able to successfully construct a full set of functions out of all those broken/shuffled basic blocks. I know it’s quite a boring task to do all that work by hand, but like I said, feel free to update the code to a fully automized version. And hey, at least it’s better than nothing. :D
Reversing binary 500 by Externalist
28