C++ / Call Trick - Unprotect Project

Windows C++ / Call Trick

Author	Unprotect
Platform	Windows
Language	C++
Technique	Call Trick

Description:

This code modifies the default function's return address to point to a different location, in this case 0x123456. It also inserts some "garbage" instructions (in this case, four no-op instructions) to break disassemblers that use recursive traversal or linear sweep. This makes it more difficult for disassemblers to accurately interpret the next instruction after the call, making them susceptible to other anti-disassembly techniques.

Code

#include <stdio.h>

int main() {
    // Store the current value of the return address
    void *return_address = __builtin_return_address(0);

    // Modify the return address to point to a different location
    __builtin_return_address(0) = (void *)0x123456;

    // Insert garbage bytes to break disassemblers
    __asm__("nop\n"
            "nop\n"
            "nop\n"
            "nop\n");

    // Use the modified return address
    return 0;
}

Download Raw

Created

December 6, 2022

Last Revised

April 22, 2024