Reverse Engineering Asked on March 14, 2021
bool isLaunched = CreateProcessW(
L"C:WindowsSystem32Notepad.exe", // Should be shown in any string viewer or decompiler.
0x0,
0x0,
0x0,
TRUE,
0,
0x0,
0x0,
&info,
&processInfo
);
The application is shown in plaintext in IDA, how would I make this not as simple / easy to see to where a noob can’t just load into IDA and see it.
You can write a simple string encoder that rotates around some characters, something like the Caesar cipher.
Just bear in mind that this "encryption" can of course be identified in the disassembly. Since disassemblers search for ASCII characters and nullterminated strings, it could be more difficult to identify the encrypted strings if your encryption generates invalid/unprintable characters or creates an array that is not nullterminated.
You will need to encrypt the string before compilation and decrypt at runtime.
Answered by tly on March 14, 2021
One way to kind of easily "obfuscate" strings is to store them on the stack.
Example: instead of declaring strings like char string[9] = "MyString"
you can store them on the stack by declaring them like char string[9] = {0x4d, 0x79, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x0}
. This way the string will be stored in the .text
section insted of the .data
section. Which will hide it from the strings view of a smart disassembler or the string dumping tools.
Answered by rustam Shirinov on March 14, 2021
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP