DragonFly users List (threaded) for 2005-10
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]

Re: Obfuscating asm code

From:	"George Georgalis" <george@xxxxxxxxx>
Date:	Wed, 12 Oct 2005 20:47:50 -0400
Mail-followup-to:	users@crater.dragonflybsd.org

On Wed, Oct 12, 2005 at 09:27:58PM +0200, Joerg Sonnenberger wrote:
>On Wed, Oct 12, 2005 at 09:13:26PM +0200, Simon 'corecode' Schubert wrote:
>> Sure is.  Call/ret = it will come here again.  Jmps = it will jump 
>> there.  call *%ebx && there roll back two half stack frames (obviously 
>> you won't use real ebp frames), jump somewhere else, hop back to where 
>> you started just with a changed overflow flag so that the conditional 
>> jump will route differently...  Maybe use irets or even SIGSEGV/SIGBUS 
>> handlers on purpose...  Creativity!
>
>Even better, don't rollback the stack pointer, but use it create the
>local stack frame :-)

I realize this is an answer to a different question, but may be of interest anyway.

http://mindprod.com/jgloss/unmain.html
How To Write Unmaintainable Code 

http://mindprod.com/jgloss/unmainobfuscation.html
Oh, a special section on obfuscation...

// George


-- 
George Georgalis, systems architect, administrator <IXOYE><
http://galis.org/ cell:646-331-2027 mailto:george@xxxxxxxxx

References:
- Obfuscating asm code
  - From: Jonathon McKitrick
- Re: Obfuscating asm code
  - From: Simon 'corecode' Schubert
- Re: Obfuscating asm code
  - From: Jonathon McKitrick
- Re: Obfuscating asm code
  - From: Simon 'corecode' Schubert
- Re: Obfuscating asm code
  - From: Joerg Sonnenberger

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]