Opcode Obfuscation

Created the Monday 18 March 2019. Updated 5 months, 4 weeks ago.

Opcode obfuscation is an anti-disassembling technique that involves modifying the opcodes of a program's machine language instructions in order to make it more difficult for a disassembler to accurately reconstruct the original instructions. This can be done in a variety of ways, such as by using equivalent but different opcodes for the same operation, by adding additional instructions or data to the program, or by rearranging the program's instructions in a non-standard order.

Opcode obfuscation is a common technique used by malware authors and other attackers to make it more difficult for analysts to disassemble and understand their programs. It can be used in conjunction with other anti-disassembling techniques, such as the call trick or the insertion of garbage bytes, to create even more effective and powerful exploits.

Technique Identifier

U0209

Technique Tags

Opcode obfuscation Anti-disassembling Disassembler Machine language Opcode Equivalent opcodes Disassembly output Disassembly accuracy

Contributors

Additional Resources

External Links

The resources provided below are associated links that will give you even more detailed information and research on current evasion technique. It is important to note that, while these resources may be helpful, it is important to exercise caution when following external links. As always, be careful when clicking on links from unknown sources, as they may lead to malicious content.

x86 Disassembly/Code Obfuscation - Wikibooks, open books for an open world