DragonFly users List (threaded) for 2005-10
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[
Date Index][
Thread Index]
Re: Obfuscating asm code
On Wed, Oct 12, 2005 at 09:13:26PM +0200, Simon 'corecode' Schubert wrote:
> Sure is. Call/ret = it will come here again. Jmps = it will jump
> there. call *%ebx && there roll back two half stack frames (obviously
> you won't use real ebp frames), jump somewhere else, hop back to where
> you started just with a changed overflow flag so that the conditional
> jump will route differently... Maybe use irets or even SIGSEGV/SIGBUS
> handlers on purpose... Creativity!
Even better, don't rollback the stack pointer, but use it create the
local stack frame :-)
Joerg
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[
Date Index][
Thread Index]