Windows C++ / Control Flow Graph Flattening
| Author | Unprotect |
| Platform | Windows |
| Language | C++ |
| Technique | Control Flow Graph Flattening |
Description:
This code contains the original instructions, which declare and initialize the variables x and y, and use an if statement to compare their values. The obfuscated instructions use control flow flattling to make it more difficult for the disassembler to accurately interpret the instructions and generate correct disassembly output.
The while loop in the obfuscated instructions contains a large switch statement, which has multiple cases that hide the original if statements. This creates a complex and unstructured control flow that is difficult for the disassembler to follow.
Code
#include <iostream>
int main() {
// Original instructions
int x = 0x12345678;
int y = 0x87654321;
if (x == y) {
x = 0x11111111;
y = 0x22222222;
} else {
x = 0x33333333;
y = 0x44444444;
}
// Obfuscated instructions using control flow flattening
int i = 0;
while (true) {
switch (i) {
case 0:
if (x == y) {
x = 0x55555555;
y = 0x66666666;
}
break;
case 1:
if (x != y) {
x = 0x77777777;
y = 0x88888888;
}
break;
// ...
default:
break;
}
i++;
if (i > 10) {
break;
}
}
return 0;
}Created
December 6, 2022
Last Revised
April 22, 2024