DragonFly users List (threaded) for 2005-10
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]

Re: Obfuscating asm code

From:	Joerg Sonnenberger <joerg@xxxxxxxxxxxxxxxxx>
Date:	Wed, 12 Oct 2005 21:27:58 +0200
Mail-followup-to:	users@crater.dragonflybsd.org

On Wed, Oct 12, 2005 at 09:13:26PM +0200, Simon 'corecode' Schubert wrote:
> Sure is.  Call/ret = it will come here again.  Jmps = it will jump 
> there.  call *%ebx && there roll back two half stack frames (obviously 
> you won't use real ebp frames), jump somewhere else, hop back to where 
> you started just with a changed overflow flag so that the conditional 
> jump will route differently...  Maybe use irets or even SIGSEGV/SIGBUS 
> handlers on purpose...  Creativity!

Even better, don't rollback the stack pointer, but use it create the
local stack frame :-)

Joerg

Follow-Ups:
- Re: Obfuscating asm code
  - From: George Georgalis

References:
- Obfuscating asm code
  - From: Jonathon McKitrick
- Re: Obfuscating asm code
  - From: Simon 'corecode' Schubert
- Re: Obfuscating asm code
  - From: Jonathon McKitrick
- Re: Obfuscating asm code
  - From: Simon 'corecode' Schubert

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]