Is there any known C/C++ compiler generating obfuscated/noised code? Or maybe any patch for open-source C/C++ compiler like GCC?
是否有任何已知的C/ c++编译器生成模糊/节点代码?或者是像GCC这样的开源C/ c++编译器的补丁?
4 个解决方案
#1
3
If you're interested in commercial tools, you might want to look at Morpher (disclaimer: I work on this project). It is essentially a version of llvm-gcc with additional obfuscation passes - you're supposed to use Morpher as a drop-in replacement for gcc. Obfuscation passes include constant protection, cloning of basic blocks and functions, CFG arches meshing and others; they are described in the documentation section with examples of assembly. Officially supported languages are C/C++/Objective-C/Objective-C++, though we may adapt it for anything that can be compiled to LLVM IR per your request.
如果你对商业工具感兴趣,你可能想看看变形器(免责声明:我在这个项目上工作)。它本质上是llvm-gcc的一个版本,附加了额外的模糊处理——你应该使用变形器作为gcc的替代。模糊处理包括常数保护、基本块和函数的克隆、CFG拱网格等;它们在文档部分中以程序集的例子来描述。官方支持的语言是C/ c++ /Objective-C/ objective - c++,尽管我们可以根据您的请求将它改编成任何可以编译成LLVM IR的内容。
#2
3
You can obfuscate assembler with http://www.pelock.com/products/obfuscator . You can probably compile to assembler (in this case MASM style) and then obfuscate it.
您可以使用http://www.pelock.com/products/obfuscator来混淆汇编程序。您可能会编译成汇编程序(在这种情况下是MASM风格),然后混淆它。
Edit: Using many virtual functions/indirection and/or an interpreter (i.e. create your own mini-bytecode for certain steps of your processing) as part of your code results, in my experience, in quite unreverseable code.
编辑:在我的经验中,使用许多虚拟函数/间接和/或解释器(例如,创建您自己的小型字节码,以实现您的处理的某些步骤),这是在我的经验中,在相当不受影响的代码中。
#3
1
Any compiler thats able to generate a pseudo random-esque numbers(via __COUNTER__) and can inject bytes into an inline assembly stream (via __emit) can perform inline code obfuscation, its nothing like what external packers and obfuscaters do, which can be an advantageous. The 'strenght' relies mostly on how much metaprogramming you put into it, but obviously you'd never be able to say encrypt IAT's etc.
任何编译器都能够生成一个伪随机数字(通过__COUNTER__),并且可以将字节注入到内联汇编流中(通过__emit),可以执行内联代码混淆,这与外部包装器和obfuscaters所做的完全不同,这是一种优势。“力量”主要依赖于你投入了多少元编程,但很明显你永远都不能说加密IAT等。
#4
-1
Another approach may be to run the executable inside a protected VM environment. ZProtect -- a product I have have neither used nor endorse, but rather found with an "I'm feeling luck Google" -- claims to provide multiple levels of code protection (VM, encryption, obfuscation, etc).
另一种方法可能是在受保护的VM环境中运行可执行文件。ZProtect——一种我既没有使用过也不支持的产品,而是一种“我觉得幸运谷歌”的产品——声称提供了多种级别的代码保护(VM、加密、混淆等等)。
If someone really, really wants to know how you did something, they'll find out -- if it's IP theft, then hire a good lawyer. If it's crypto, then use a proven industry approach. And if it's something DRM, well, that's a fight moving to hardware (and root kits) anyway.
如果有人真的想知道你是怎么做的,他们会发现——如果是知识产权盗窃,那就雇一个好律师。如果是crypto,那么就使用经过验证的行业方法。如果它是DRM,那么,这是一场移动到硬件(和根包)的战斗。
#1
3
If you're interested in commercial tools, you might want to look at Morpher (disclaimer: I work on this project). It is essentially a version of llvm-gcc with additional obfuscation passes - you're supposed to use Morpher as a drop-in replacement for gcc. Obfuscation passes include constant protection, cloning of basic blocks and functions, CFG arches meshing and others; they are described in the documentation section with examples of assembly. Officially supported languages are C/C++/Objective-C/Objective-C++, though we may adapt it for anything that can be compiled to LLVM IR per your request.
如果你对商业工具感兴趣,你可能想看看变形器(免责声明:我在这个项目上工作)。它本质上是llvm-gcc的一个版本,附加了额外的模糊处理——你应该使用变形器作为gcc的替代。模糊处理包括常数保护、基本块和函数的克隆、CFG拱网格等;它们在文档部分中以程序集的例子来描述。官方支持的语言是C/ c++ /Objective-C/ objective - c++,尽管我们可以根据您的请求将它改编成任何可以编译成LLVM IR的内容。
#2
3
You can obfuscate assembler with http://www.pelock.com/products/obfuscator . You can probably compile to assembler (in this case MASM style) and then obfuscate it.
您可以使用http://www.pelock.com/products/obfuscator来混淆汇编程序。您可能会编译成汇编程序(在这种情况下是MASM风格),然后混淆它。
Edit: Using many virtual functions/indirection and/or an interpreter (i.e. create your own mini-bytecode for certain steps of your processing) as part of your code results, in my experience, in quite unreverseable code.
编辑:在我的经验中,使用许多虚拟函数/间接和/或解释器(例如,创建您自己的小型字节码,以实现您的处理的某些步骤),这是在我的经验中,在相当不受影响的代码中。
#3
1
Any compiler thats able to generate a pseudo random-esque numbers(via __COUNTER__) and can inject bytes into an inline assembly stream (via __emit) can perform inline code obfuscation, its nothing like what external packers and obfuscaters do, which can be an advantageous. The 'strenght' relies mostly on how much metaprogramming you put into it, but obviously you'd never be able to say encrypt IAT's etc.
任何编译器都能够生成一个伪随机数字(通过__COUNTER__),并且可以将字节注入到内联汇编流中(通过__emit),可以执行内联代码混淆,这与外部包装器和obfuscaters所做的完全不同,这是一种优势。“力量”主要依赖于你投入了多少元编程,但很明显你永远都不能说加密IAT等。
#4
-1
Another approach may be to run the executable inside a protected VM environment. ZProtect -- a product I have have neither used nor endorse, but rather found with an "I'm feeling luck Google" -- claims to provide multiple levels of code protection (VM, encryption, obfuscation, etc).
另一种方法可能是在受保护的VM环境中运行可执行文件。ZProtect——一种我既没有使用过也不支持的产品,而是一种“我觉得幸运谷歌”的产品——声称提供了多种级别的代码保护(VM、加密、混淆等等)。
If someone really, really wants to know how you did something, they'll find out -- if it's IP theft, then hire a good lawyer. If it's crypto, then use a proven industry approach. And if it's something DRM, well, that's a fight moving to hardware (and root kits) anyway.
如果有人真的想知道你是怎么做的,他们会发现——如果是知识产权盗窃,那就雇一个好律师。如果是crypto,那么就使用经过验证的行业方法。如果它是DRM,那么,这是一场移动到硬件(和根包)的战斗。