DragonFly BSD
DragonFly users List (threaded) for 2005-10
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: Obfuscating asm code

From: "George Georgalis" <george@xxxxxxxxx>
Date: Wed, 12 Oct 2005 20:47:50 -0400
Mail-followup-to: users@crater.dragonflybsd.org

On Wed, Oct 12, 2005 at 09:27:58PM +0200, Joerg Sonnenberger wrote:
>On Wed, Oct 12, 2005 at 09:13:26PM +0200, Simon 'corecode' Schubert wrote:
>> Sure is.  Call/ret = it will come here again.  Jmps = it will jump 
>> there.  call *%ebx && there roll back two half stack frames (obviously 
>> you won't use real ebp frames), jump somewhere else, hop back to where 
>> you started just with a changed overflow flag so that the conditional 
>> jump will route differently...  Maybe use irets or even SIGSEGV/SIGBUS 
>> handlers on purpose...  Creativity!
>Even better, don't rollback the stack pointer, but use it create the
>local stack frame :-)

I realize this is an answer to a different question, but may be of interest anyway.

How To Write Unmaintainable Code 

Oh, a special section on obfuscation...

// George

George Georgalis, systems architect, administrator <IXOYE><
http://galis.org/ cell:646-331-2027 mailto:george@xxxxxxxxx

[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]