Rolf Rolles (@RolfRolles) / X

Rolf Rolles

2,268 posts

Rolf Rolles

@RolfRolles

Static reverse engineering, deobfuscation, program analysis and formal verification, training, mathematics, compilers, functional programming, etc.

Berkeley, California

msreverseengineering.com

Joined July 2009

Rolf Rolles
@RolfRolles
Jan 2, 2021
Today I discovered Hex-Rays "Maximum commas" option, and I'm glad I did!
Rolf Rolles
@RolfRolles
Feb 2, 2022
Today I discovered my best C++ RE automation technique yet, which is alarmingly simple. Every name and type in this screenshot was applied automatically, no manual work. Details eventually when I finish my research binge.
Rolf Rolles
@RolfRolles
Sep 1, 2020
New blog entry: An Exhaustively-Analyzed IDB for ComRAT V4. This is one of the most thorough analyses I've ever done; certainly the largest. msreverseengineering.com/blog/2020/8/31…
Rolf Rolles
@RolfRolles
Aug 6, 2019
Here are the slides for my RECON and BlackHat presentation, "Automation Techniques in C++ Reverse Engineering":
msreverseengineering.com
Automation Techniques in C++ Reverse Engineering — Möbius Strip Reverse Engineering
Here are the slides for my recent presentation at RECON, entitled "Automation Techniques in C++ Reverse Engineering". As usual, my slides use in-frame animations, so in brief, navigate them using...
Rolf Rolles
@RolfRolles
Sep 21, 2021
New blog entry: Automation in Reverse Engineering C++ STL/Template Code msreverseengineering.com/blog/2021/9/21…
Rolf Rolles
@RolfRolles
Mar 2, 2021
New blog entry: An Exhaustively Analyzed IDB for FlawedGrace. This is part two in my C++ static reverse engineering series, after ComRAT v4. msreverseengineering.com/blog/2021/3/2/…
Rolf Rolles
@RolfRolles
Jan 24, 2021
Today I learned that disabling Hex-Rays "fast structural analysis" can clean up some common patterns where it generates suboptimal control flow structure.
Rolf Rolles
@RolfRolles
Mar 9, 2019
1250 lines of Java later, I ported one of my abstract interpretation-based deobfuscation tools (msreverseengineering.com/blog/2014/6/23…) to Ghidra:
Rolf Rolles
@RolfRolles
Apr 18, 2019
New blog entry: An Abstract Interpretation-Based Deobfuscation Plugin for Ghidra
msreverseengineering.com
An Abstract Interpretation-Based Deobfuscation Plugin for Ghidra — Möbius Strip Reverse Engineering
This blog entry announces the release of an abstract interpretation-based Ghidra plugin for deobfuscation. The code can be found here (see the ‘Releases’ tab for a binary release). In view of the...
Rolf Rolles
@RolfRolles
Mar 20, 2019
Ghidra's extensibility is jaw-dropping. Today I needed the pcode to model the x86 parity flag, which it doesn't do by default. 30 minutes and a 35-line patch to ia.sinc later, I can proceed. No other tool even comes close to how easy that was. (diff: github.com/RolfRolles/Ghi… …)
Rolf Rolles
@RolfRolles
Oct 4, 2019
Video for my RECON 2019 talk, "Automation Techniques in C++ Reverse Engineering", is now available: recon.cx/media-archive/…
Rolf Rolles
@RolfRolles
Jul 3, 2023
It kind of sucks, but I finally implemented something I've wanted for a while, MSVC/x64 exception support in Hex-Rays.
49K
Rolf Rolles
@RolfRolles
Aug 22, 2024
New blog entry: C++ Unwind Metadata: A Hidden Reverse Engineering Bonanza msreverseengineering.com/blog/2024/8/20…
30K
Rolf Rolles
@RolfRolles
Jun 3, 2025
I haven't been publishing much lately, but not because I haven't been doing research -- in fact, I've done more than ever in the past five years. My ~200KLOC backlog will soon begin trickling out into the IDA/Hex-Rays ecosystem.
Hex-Rays SA
@HexRaysSA
Jun 3, 2025
👋 Please join us in welcoming @RolfRolles as Hex-Rays’ new Chief Scientist! Rolf brings decades of RE expertise, with standout work in obfuscation, decompilation, and software protection. At Hex-Rays, he’ll lead research into next-gen decompilation and automated program
33K