[HN Gopher] M/o/Vfuscator: A single instruction C compiler
___________________________________________________________________
M/o/Vfuscator: A single instruction C compiler
Author : thunderbong
Score : 22 points
Date : 2023-11-05 12:33 UTC (2 days ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| folmar wrote:
| Previous discussion: May 19, 2021 -
| https://news.ycombinator.com/item?id=27202801 (40 comments)
| nielsbot wrote:
| Branching with only MOV? How does that work?
|
| Is there no actual flow control but instead conditional
| manipulation (MOVs) of values?
| vlovich123 wrote:
| It depends on x86 addressing modes, but tldr lookup tables:
|
| > mov eax, [base + eax*4]
|
| You load 1 address if eax is 0 and a different on if it's 1.
| There's also a jump instruction so you can implement a
| conditional jump through mov.
|
| This is based on the Stephen Dolan paper:
| https://harrisonwl.github.io/assets/courses/malware/spring20...
| acegopher wrote:
| There can be control flow. MOV an address into the right spot
| in the interrupt vector table then do a MOV that causes a fault
| that calls the right interrupt (such as a page fault).
| edgyquant wrote:
| As with the last time, the side by side comparison with GCC,
| especially the control flow, is hilarious.
| colatkinson wrote:
| For anyone else who immediately thought, "I've gotta try that!"
| and hit compilation errors: there appears to be a more maintained
| fork at [0].
|
| And if you're on a 64-bit system, you'll want to make sure it
| finds the 32-bit libc and libm binaries (see [1]). On Arch, the
| following worked for me: ./build/movcc
| -L/usr/lib32 test.c
|
| [0]: https://github.com/xoreaxeaxeax/movfuscator
|
| [1]: https://github.com/xoreaxeaxeax/movfuscator/issues/39
___________________________________________________________________
(page generated 2023-11-07 23:00 UTC)