设计一个指令序列,以便它的东西,如果去codeD与其他偏移 [英] Designing an instruction sequence so that it does something else if decoded with an offset
问题描述
这问题是一个后续这个问题
要设置这个问题的背景下,考虑无空编程。这是伪装的指令序列(壳code)以字符串的技术。在C程序设计语言中,字节0标记的字符串的结束,所以指令序列必须被设计成不包含任何这样的字节,否则会由字符串处理功能被截断被滥用。
To set the context of this question, consider Null-free programming. This is a technique to masquerade a sequence of instructions (shellcode) as a string. In the C programming language, the byte 0 marks the end of a string, so the instruction sequence must be designed not to contain any such byte, otherwise it would be truncated by the string-manipulation function being abused.
在IA32和x86-64指令集,没有特别对准其变长指令,允许任务B说明是去codeD以指令现有流中的偏移量做任务A.这技术已使用准时初期为了节省空间,个人计算机(1980)。
The IA32 and x86-64 instruction sets, with their variable-length instructions of no particular alignment, allow instructions for task B to be decoded at an offset within an existing stream of instructions for doing task A. This technique has been used punctually in the early days of personal computing (1980s) in order to save space.
有嵌入code内code,开始以第一个指令中的偏移量,已经用过的,比方说,以骗过防病毒检测的一种方法的技术?它有名字吗?如果它是有用的,并已被使用,什么是一个例子?如果攻击者编写code下手,这是足以让一个任务在一个表面无害的方式,这可以留出足够的回旋余地,做任何事情,人们可以希望为任务B什么都不做。
Has the technique of embedding code within code, starting at an offset within the first instruction, already been used, say, as one way to fool anti-virus detection? Does it have a name? If it is useful and has already been used, what is an example? If the attacker is writing the code to start with, it is enough for task A to do nothing in an ostensibly harmless way, which may leave enough leeway to do anything that one could want as task B.
推荐答案
是的,这肯定已经被用于任何情况下混淆code将是有益的。不仅为病毒程序,但如软件保护和逆向工程prevention。
Yes, this has surely been used for any situation where obfuscating code would be useful. Not only for virus programming, but for example software protection and reverse engineering prevention.
我自己用了几次的大小编码竞赛和见过几个例子在其他国家人民的条目。
I have used it myself a few times for size coding competitions, and seen several examples in other peoples entries.
此技术自然被发明并重新发明了许多次不同的处理器,所以你自然会找到它的几个不同的名字。我发现的名称,如重叠指令和指令断裂。
This technique naturally has been invented and re-invented many times for different processors, so you will naturally find several different names for it. I found names like "overlapping instructions" and "instruction scission".
一些资源:
跳进指令的中间 - 在IA-32 结果
<一href=\"http://reverseengineering.stackexchange.com/questions/1531/what-is-overlapping-instructions-obfuscation\">What是重叠的说明加密?结果
<一href=\"http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=6707878&url=http%3A%2F%2Fieeexplore.ieee.org%2Fiel7%2F6695814%2F6707869%2F06707878.pdf%3Farnumber%3D6707878\"相对=nofollow>防拆卸和x86二进制的模糊处理新的指令重叠技术
这篇关于设计一个指令序列,以便它的东西,如果去codeD与其他偏移的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
