; Opaq_Pred.asm "You worked hard writing code, nothing wrong with making THEM work a little harder."
; Opaque Predicates are false branches. The branch appears to be conditional but is not.
; Because of the way decompilers work, the fact that this is not really a conditional is not known.
;
; In a normal conditional jump, there are 2 ways the code can go. Because of this the decompiler must disassemble
; the code for both conditions. In an opaque predicate, we make the disassembler think that there are 2 ways the code
; can go, even though there is only one way it can go. The technique is to set up one of these unconditional
; jumps and insert junk code into the code path that will never be called and real code in the path that will always
; be called. This will force the decompiler to disassemble both paths even though one of them is junk code.
include \masm32\include\masm32rt.inc
.CONST
.data
WaterMark db "SiegeWorks (c) 2013 ð__ð" ; Alt 240 char
Series db "1a"
%Date db " &@Date " ; Compile date
%time db " &@Time"
%version db " Masm Version &@Version"
.data?
.code
start:
mov eax,2
xor ecx,ecx
;------------------------------------------------------------------
; Insert more non-functional code here to make things more confusing
;------------------------------------------------------------------
cmp eax,3
je Opaque_Predicate
jne gut ; will always jump here
; This is never reached
;
Opaque_Predicate:
false db "now is the time." ; Compiler does it's best here :-)
gut:
; REAL CODE STARTS HERE
;
invoke ExitProcess,0
end start
i like the name :biggrin:
Thanks.
Not sure what you're hoping this will achieve - add a few microseconds to the disassembly time? Insert extra code that will never be stepped through anyway?
If you want to screw up a disassembly, insert false opcode prefixes in the bytes before a jump target (0Fh, ...) - a flat disassembly will eat the next few bytes and the jumps will appear to land in the middle of instructions.
But the disassembly will resync again within the next few instructions; and a smart disassembler will use the targets of jumps to resync anyway.
Not sure what you mean.
Can you give an example ?
Andy
First:
xor ax,ax
mov es,ax
mov esi,eax
xor eax,eax
mov ecx,3
; rep inc eax
;db F3 40h
db 0fh
jmp next
db 66h ; inc AX ??
nop
nop
; -------------------------------------------------------------------------
; FAULT ->00401005 0f6838 punpckhbw mm7,qword ptr [eax] ds:0023:00000001=????????????????
;db 0F3h
; -------------------------------------------------------------------------
;db 40h
next:
;db 0fh ; This causes an access violation
fn MessageBox,0,str$(eax),"Title",MB_OK
Quote from: Tedd on February 23, 2013, 02:23:28 AM
Not sure what you're hoping this will achieve - add a few microseconds to the disassembly time? Insert extra code that will never be stepped through anyway?
If you want to screw up a disassembly, insert false opcode prefixes in the bytes before a jump target (0Fh, ...) - a flat disassembly will eat the next few bytes and the jumps will appear to land in the middle of instructions.
But the disassembly will resync again within the next few instructions; and a smart disassembler will use the targets of jumps to resync anyway.
No reply to my question ??
Popup and criticize and disappear with the wind.
Consider this, what I post is miniscule - very small; "a minuscule kitchen"; "a minuscule amount of rain fell"
You may not be as smart as you think you are, and OTHERS are not as dumb as you think they are.
I still have respect for you and highly value your knowledge.
Best regards,
Drew
Quote from: Magnum on February 23, 2013, 07:01:22 PM
No reply to my question ??
Popup and criticize and disappear with the wind.
Actually, Tedd was the first to ask a question - which you did decide to ignore. But without knowing what you want to achieve, this discussion is somewhat void.
example for using 0F prefix to confuse disassembler:
mov ax,1
cmp ax,2
jnz @F
db 0Fh
@@:
inc ax
Quote from: Magnum on February 23, 2013, 07:01:22 PM
No reply to my question ??
Popup and criticize and disappear with the wind.
You didn't even wait 24 hours for a reply and now you're shooting your mouth off? Wow.
I was going to post an example with a proper explanation and opcodes.. suddenly I have better things to do.
Quote from: japheth on February 24, 2013, 04:03:52 AM
Quote from: Magnum on February 23, 2013, 07:01:22 PM
No reply to my question ??
Popup and criticize and disappear with the wind.
Actually, Tedd was the first to ask a question - which you did decide to ignore. But without knowing what you want to achieve, this discussion is somewhat void.
example for using 0F prefix to confuse disassembler:
mov ax,1
cmp ax,2
jnz @F
db 0Fh
@@:
inc ax
Thanks.
Tedd's question was an open criticism as he has done many times before.
I overreacted, I should have ignored the post.
I don't know, maybe I should accept help even if it's grudgingly given.
I want things peaceful.
Andy
Quote from: Magnum on February 24, 2013, 11:16:51 AM
Tedd's question was an open criticism as he has done many times before.
I overreacted, I should have ignored the post.
I don't know, maybe I should accept help even if it's grudgingly given.
So you do recognize that Tedd's criticism was help.