Obfuscating asm code

George Georgalis george at galis.org
Wed Oct 12 17:52:28 PDT 2005

On Wed, Oct 12, 2005 at 09:27:58PM +0200, Joerg Sonnenberger wrote:
>On Wed, Oct 12, 2005 at 09:13:26PM +0200, Simon 'corecode' Schubert wrote:
>> Sure is.  Call/ret = it will come here again.  Jmps = it will jump 
>> there.  call *%ebx && there roll back two half stack frames (obviously 
>> you won't use real ebp frames), jump somewhere else, hop back to where 
>> you started just with a changed overflow flag so that the conditional 
>> jump will route differently...  Maybe use irets or even SIGSEGV/SIGBUS 
>> handlers on purpose...  Creativity!
>Even better, don't rollback the stack pointer, but use it create the
>local stack frame :-)

I realize this is an answer to a different question, but may be of interest anyway.

How To Write Unmaintainable Code 

Oh, a special section on obfuscation...

// George

George Georgalis, systems architect, administrator <IXOYE><
http://galis.org/ cell:646-331-2027 mailto:george at xxxxxxxxx

More information about the Users mailing list