[prev in list] [next in list] [prev in thread] [next in thread]
List: binutils
Subject: Re: develop a 'customized ld'
From: "sean yang" <seanatpurdue () hotmail ! com>
Date: 2005-09-30 17:02:15
Message-ID: BAY105-F150DE7551A5925E8864C96C08F0 () phx ! gbl
[Download RAW message or body]
>From: Nick Clifton <nickc@redhat.com>
>To: sean yang <seanatpurdue@hotmail.com>
>CC: ramaseshan.ravi@gmail.com, binutils@sourceware.org
>Subject: Re: develop a 'customized ld'
>Date: Fri, 30 Sep 2005 12:02:45 +0100
>
>Hi Sean,
>
>>>>I would like to collect the information of call to some libc functions.
>
>Why not use the "--wrap <func-name>" linker command line switch ? That way
>you can intercept calls to specific libc functions, add your own wrapper
>code to collect the information you require and then call the normal libc
>version.
>
>>I want to have the code obfuscated at link time also, say, insert some
>>junk(nop) to prevent others understanding it easily.
>
>This is a separate issue. As a general principle I would argue against
>obfuscation, it should never really be needed. If you must do it, then
>just inserting junk instructions is not really going to help. They can
>easily be detected and ignored by a determined examiner. Your best bet
>would be to encrypt the binary and hope that you can keep your keys safe so
>that an unauthorized viewer cannot decode the executable.
~~~~~~~~~~~~~~~~~~~~~
I totally agree with you that obfuscation can never prevent a determinated
reverse engineer. But
my goal was to deter an automatic binary analyzer(please see my previous
post for the example how objdump fails in some cases).
>
>Getting back to your original question:
>
>>Could someone give me some hint where should I start? Can any expert
> > assess the difficulty of achieving such functionality?
>
>Conceptually intercepting certain instructions and modifying them is very
>similar to relaxation, so I would suggest that you look at the linker's
>support for this feature. Have a look at the various *_relax_section()
>functions in the bfd/ directory for examples of this.
>
>As for difficulty - well this is not really something I would ask a
>binutils newbie to do. You have the potential to corrupt the binaries you
>are producing in quite nasty and/or subtle ways. Good luck though!
>
>Cheers
> Nick
>
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic