GET /api/techniques/83/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, DELETE, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept
{
"id": 83,
"key": "impossible-disassembly",
"unprotect_id": "U0211",
"name": "Impossible Disassembly",
"description": "Impossible disassembly is an anti-disassembling technique that involves inserting data bytes after a conditional jump instruction in order to prevent the real instruction that follows from being disassembled. This technique takes advantage of a basic assumption in disassembly, which states that one byte is only interpreted in the context of one instruction. By inserting a byte that is the opcode for a multibyte instruction, the disassembler will be unable to correctly interpret the next instruction, and will therefore generate incorrect disassembly output.",
"windows": "",
"linux": "",
"macos": "",
"resources": "https://www.slideshare.net/SamBowne/practical-malware-analysis-ch-15-antidisassembly\r\nhttps://medium.com/swlh/assembly-wrapping-a-new-technique-for-anti-disassembly-c144eb90e036\r\nhttps://gelven4sec.github.io/posts/rogue_byte/",
"creation_date": "2019-03-18T13:54:40Z",
"tags": "Impossible disassembly,\r\nAnti-disassembling,\r\nDisassembler,\r\nConditional jump,\r\nData byte,\r\nDisassembly output,\r\nDisassembly accuracy,",
"modification_date": "2024-11-21T13:22:00.769914Z",
"category": [
5
],
"rules": [
163
],
"attachments": [],
"featured_api": [],
"contributors": []
}
