I stumbled across polymorphic engines and I don\'t know anything about them. How
ID: 658902 • Letter: I
Question
I stumbled across polymorphic engines and I don't know anything about them. However, I am curious about how they are written. Every example that I've looked up writes them in assembly, my assembly is not good at all; I know just a few instructions here and there but not that well. On the other hand, I am good in C and C++.
I am familiar with the concept of polymorphism in C++ but after reading about polymorphic engines, I am assuming that they are different from the polymorphism in C++.
I'm just looking for simple code that shows encryption/decryption and/or obfuscation of code using C and/or C++
How can techniques such as using virtual keyword in C++ be used to obfuscate or encrypt the code in an application?
NOTE: I was told to transfer this question from stackoverflow.com to this place.
Explanation / Answer
I am familiar with the concept of polymorphism in C++ but after reading about polymorphic engines, I am assuming that they are different from the polymorphism in C++.
How can techniques such as using virtual keyword in C++ be used to obfuscate or encrypt the code in an application?
Your assumption is correct. They are different things.
Typically, neither C nor C++ make use of run-time code generation, nor do they use any self-modifying code.
C and C++ allows function pointers, as well as unchecked type casts between pretty much anything. These two features allow one to make a CPU jump (execution transfer) into any address.
A programmer can write C or C++ code that concatenates byte fragments consisting of meaningful machine code into a byte buffer, and then emit a call to the start of this machine code fragment. Typically, the machine code fragment contains one or more return statements that will return control to the calling C/C++ code.
However, because most C and C++ programs do not make arbitrary jumps, when these programs are executed under an Operating System (OS), the OS may use a CPU feature known as "Execution Disable bit" (NX) to prevent jumps into addresses that were not part of the C/C++ compiler's binary output.
Typically, the "function pointer" feature is used by C programmers to implement a Virtual method table.
C++ provides a more human-understandable mechanism for creating inheritable class objects, which is achieved in part by the virtual method table mechanism.
The difference between the C and C++ approach to virtual method table is that,
In C, the programmer has to take care of all manipulations needed to maintain the virtual method table;
In C, the programmer is allowed to make all kinds of manipulations to the virtual method table, at any time (even in the middle of a method's execution)
Typically, polymorphic engines (code obfuscation) do not make use of virtual method table. This is because a hard-coded virtual method table is highly visible when the machine code is analyzed at run-time (with a debugger attached), because they consist of consecutive pointers into a memory address range consisting of executable code.
Just for learning purpose, though, it might be useful for one to implement an engine using C/C++ function pointers.
I'm just looking for simple code that shows encryption/decryption and/or obfuscation of code using C and/or C++