|
|
|
|
|
|
by archgoon
658 days ago
|
|
|
Based on what it seems that you're asking, it is not, and cannot be, a foolproof process. consider int getSpecialArrayElement(char *array, uint64 key) {
i = computeOffset(key);
return array[i];
}
Compute offset can be arbitrarily complex (and probably deliberately hard to analyze if obfuscation is desired). There's nothing that prevents this function from accessing arbitrary locations in memory. You don't know if this will be accessing symbols that are already defined in memory by the linker short of exhaustively trying all possible inputs (and computeOffset may have turing traps for that). |
|
|
Assuming it doesn't reference any other global data and only contains relative jumps and branches, computeOffset() won't have any mandatory relocation spots [1] and therefore can be put into an object file as-is. Similarly, getSpecialArrayElement() would only have a relocation for the address of computeOffset() because array is supplied as a parameter, not as a global variable. Furthermore, any data allocated on the heap is transparent during delinking.
From my experience, "normal" everyday programs written in high-level languages typically don't contain nasty surprises while trying to delink them. That is not to say that obfuscated programs won't cause problems, but I haven't attempted delinking one so far [2].
[1] PC-relative relocations can be trimmed if the source and target are part of the same continuous address range being exported, because in that case the value won't change.
[2] I do have a pet peeve against developers who cast raw integer constants as pointers on MIPS, because the code sequence may be different than what the HI16/LO16 relocation pattern can tolerate and it requires binary patching to fix up (LUI/ADDIU versus LUI/ORI). If the integer was a multiple of 65536, is passed directly as a parameter to a function call and the compiler elided the second instruction then it can't be fixed in place and must be worked around some way, if the original value can't be kept (like the address for the scratchpad on the PlayStation for example, as long as you stay on that platform or can map memory there).