'Re: develop a 'customized ld''

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       binutils
Subject:    Re: develop a 'customized ld'
From:       "sean yang" <seanatpurdue () hotmail ! com>
Date:       2005-09-30 17:02:15
Message-ID: BAY105-F150DE7551A5925E8864C96C08F0 () phx ! gbl
[Download RAW message or body]




>From: Nick Clifton <nickc@redhat.com>
>To: sean yang <seanatpurdue@hotmail.com>
>CC: ramaseshan.ravi@gmail.com, binutils@sourceware.org
>Subject: Re: develop a 'customized ld'
>Date: Fri, 30 Sep 2005 12:02:45 +0100
>
>Hi Sean,
>
>>>>I would like to collect the information of call to some libc functions.
>
>Why not use the "--wrap <func-name>" linker command line switch ?  That way 
>you can intercept calls to specific libc functions, add your own wrapper 
>code to collect the information you require and then call the normal libc 
>version.
>
>>I want to have the code obfuscated at link time also, say, insert some 
>>junk(nop) to prevent others understanding it easily.
>
>This is a separate issue.  As a general principle I would argue against 
>obfuscation, it should never really be needed.  If you must do it, then 
>just inserting junk instructions is not really going to help.  They can 
>easily be detected and ignored by a determined examiner.  Your best bet 
>would be to encrypt the binary and hope that you can keep your keys safe so 
>that an unauthorized viewer cannot decode the executable.
~~~~~~~~~~~~~~~~~~~~~
I totally agree with you that obfuscation can never prevent a determinated 
reverse engineer. But
my goal was to deter an automatic binary analyzer(please see my previous 
post for the example how objdump fails in some cases).


>
>Getting back to your original question:
>
>>Could someone give me some hint where should I start? Can any expert
> > assess the difficulty of achieving such functionality?
>
>Conceptually intercepting certain instructions and modifying them is very 
>similar to relaxation, so I would suggest that you look at the linker's 
>support for this feature.  Have a look at the various *_relax_section() 
>functions in the bfd/ directory for examples of this.
>
>As for difficulty - well this is not really something I would ask a 
>binutils newbie to do.  You have the potential to corrupt the binaries you 
>are producing in quite nasty and/or subtle ways.  Good luck though!
>
>Cheers
>   Nick
>

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic