C/C + + Function Corruption

What is the C/C + + Function Corruption?

The antispy C/C + + Function Corruption is an advanced anti-analysis technique.

With a normal C/C + + function, the source code is compiled into native code instructions. This creates a program. These code instructions can be restored with a disassembler to a humanly readable form assembler, pseudo-C. Both help you analyze your software.

The antispy C/C + + Function Corruption ensures that the source code is compiled into encrypted code instructions. A disassembler does not understand this. Consequently, the attempt at static analysis fails.

These encrypted code instructions are converted to the original code instructions at runtime and encrypted again after use. Basic

Implementierung

ally, the Function Corruption can be implemented very easily after the project has been set up.

#include<antispy bfuscation.hpp=""></antispy>

int main (int argc, const char * * argv)
{   
    result int = 0;
    ANTI _ SPY _ CORRUPT _ CALL (reinterpret _ cast<uint64_t>(& result), argc)</uint64_t>
    result return;
}

By using the ANTI _ SPY _ CORRUPT _ CALL macros, assignments and calls of functions can be compiled into encrypted code. It follows that all disassemblers fail in the analysis of the code. At runtime, the code is decrypted when used.