(C++) Call Trick by Unprotect

Created the Tuesday 06 December 2022. Updated 1 month, 3 weeks ago.

Description:

This code modifies the default function's return address to point to a different location, in this case 0x123456. It also inserts some "garbage" instructions (in this case, four no-op instructions) to break disassemblers that use recursive traversal or linear sweep. This makes it more difficult for disassemblers to accurately interpret the next instruction after the call, making them susceptible to other anti-disassembly techniques.

Code

            #include <stdio.h>

int main() {
    // Store the current value of the return address
    void *return_address = __builtin_return_address(0);

    // Modify the return address to point to a different location
    __builtin_return_address(0) = (void *)0x123456;

    // Insert garbage bytes to break disassemblers
    __asm__("nop\n"
            "nop\n"
            "nop\n"
            "nop\n");

    // Use the modified return address
    return 0;
}