DragonFly BSD
DragonFly users List (threaded) for 2005-10
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: Obfuscating asm code


From: Joerg Sonnenberger <joerg@xxxxxxxxxxxxxxxxx>
Date: Wed, 12 Oct 2005 21:27:58 +0200
Mail-followup-to: users@crater.dragonflybsd.org

On Wed, Oct 12, 2005 at 09:13:26PM +0200, Simon 'corecode' Schubert wrote:
> Sure is.  Call/ret = it will come here again.  Jmps = it will jump 
> there.  call *%ebx && there roll back two half stack frames (obviously 
> you won't use real ebp frames), jump somewhere else, hop back to where 
> you started just with a changed overflow flag so that the conditional 
> jump will route differently...  Maybe use irets or even SIGSEGV/SIGBUS 
> handlers on purpose...  Creativity!

Even better, don't rollback the stack pointer, but use it create the
local stack frame :-)

Joerg



[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]