Windows C++ / Obscuring Control Flow Using Pointers
| Author | Unprotect |
| Platform | Windows |
| Language | C++ |
| Technique | Obscuring Control Flow Using Pointers |
Description:
This code ncludes a real function, my_function, which is called by the original and obfuscated instructions. This allows the code to demonstrate the intended behavior of the original instructions, which is to declare and initialize the variable x, declare and initialize the pointer ptr, and use the pointer ptr to dereference and modify the value of x.
However, the obfuscated instructions use pointers in a more complex way, by declaring and initializing two additional pointers, ptr1 and ptr2. This makes it more difficult for the disassembler to accurately interpret the instructions and generate correct disassembly output.
Code
#include <iostream>
int my_function() {
std::cout << "Hello, world!" << std::endl;
return 0;
}
int main() {
// Original instructions
int x = 0x12345678;
int *ptr = &x;
*ptr = 0x87654321;
// Obfuscated instructions using pointers
int y = 0x12345678;
int *ptr1 = &y;
int *ptr2 = ptr1;
*ptr2 = 0x87654321;
return 0;
}Created
December 6, 2022
Last Revised
April 22, 2024