call_corruption.hHeader

Provides utilities for obfuscating function calls to enhance software security. More...

Defines

TypeName
ANTISPY_BREAK_OBFUSCATED_BLOCK

Detailed Description

This header file is a core component of the antispy SDK library, offering mechanisms for obfuscating function calls to prevent unauthorized analysis, reverse engineering, and tampering with the software. The utilities provided in this file are specifically designed to introduce complexity and unpredictability in the execution flow, making it significantly harder for attackers to understand or alter the behavior of protected functions.

Key Components:

  • Obfuscation Data Generation : The file defines macros and functions that generate obfuscated data, which is used to alter the control flow of a program dynamically. This is crucial in thwarting reverse engineering efforts by making the code execution path difficult to predict.

  • Call Obfuscation Class : A templated class, call_obfuscation , is provided to manage the obfuscation of function calls. This class wraps sensitive function calls with additional layers of security, ensuring that even if an attacker can reach the code, understanding it or altering it remains challenging.

  • Memory and Function Manipulation : The file also includes utilities that compute memory offsets and manipulate function pointers in obfuscated ways. These utilities further protect the code by randomizing memory accesses and function calls based on compile-time constants, ensuring that the execution path is not straightforward.

  • Anti-Debugging Mechanisms : The provided macros and functions can also detect if a debugger is attached to the process. When a debugger is detected, the code execution path may be altered or corrupted, making it difficult for the attacker to obtain useful information through debugging.

Intended Usage:

The utilities in this file are intended for use in environments where the protection of intellectual property and sensitive data is paramount. They are particularly useful in software products where preventing reverse engineering, piracy, or unauthorized modification is critical. Developers can use these utilities to wrap key functions in their applications, ensuring that these functions are executed securely and that any attempts to analyze or tamper with them are detected and mitigated.

Example Usage:

#include <antispy/libantispy.h>

int secure_function(int a, int b) {
   return a + b;
}

int main() {
   int arg1 = 40;
   int arg2 = 2;

   // Obfuscating a function call
   int result = libantispy::corrupt_call<42>(secure_function, arg1, arg2);
}

This example shows how a function call can be wrapped in obfuscation logic using the provided corrupt_call template function. This ensures that the function is executed with added security, making reverse engineering and tampering significantly more difficult.

Note:

The mechanisms introduced in this file may have performance implications due to the additional complexity introduced in the code execution path. Developers should carefully consider the performance impact when deciding where and how extensively to apply these obfuscation techniques in their software.

Defines

ANTISPY_BREAK_OBFUSCATED_BLOCK

Macro to execute a block of code with obfuscation and anti-debugger checks.

Detailed Description

This macro is designed to obfuscate the execution of a block of code, adding layers of security by introducing checks for the presence of a debugger and scrambling the code execution using a variety of techniques. If a debugger is detected, the macro modifies the code execution flow by manipulating memory addresses and function calls to make reverse engineering difficult.

Parameters

  • __VA_ARGS__: The block of code to be executed if the anti-debugging checks pass.

The macro works as follows:

  • It initializes two random data arrays ( gap_0 and gap_1 ) using the ANTISPY_CONST_DATA_RANDOMIZER .

  • It then checks if a debugger is present using the debugger_present() function.

  • If a debugger is detected, it iteratively corrupts the memory pointed to by check_result and calculates various offsets in the code to further obfuscate the flow.

  • The obfuscation is achieved by generating random offsets and thrashing memory at those calculated offsets.

  • If the check_result remains zero after all the checks and modifications, the provided block of code ( __VA_ARGS__ ) is executed. Otherwise, the execution is altered as per the obfuscation logic.

Example usage:

#include <antispy/libantispy.h>
#include <iostream>

void secure_function_call() {
   std::cout << "Called function\n";
}

int main() {
   ANTISPY_BREAK_OBFUSCATED_BLOCK({
      // Your secure code here
      secure_function_call();
   });
}

This macro should be used in performance-sensitive areas where security against reverse engineering and debugging is critical. However, it may introduce overhead due to the additional checks and memory operations.