[LLVMdev] Re: Hide visible string in variable

Chris Lattner sabre at nondot.org
Sat Oct 9 20:44:27 PDT 2004 

On Sat, 9 Oct 2004, Zhang Qiuyu wrote:
> > Yes, there is.  At the C level, what transformation do you want to do?
> > The LLVM code is a pretty straight-forward translation from the C code in
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > this case.
>
> sorry, I still don't understand the way you mentioned. Would you mind giving me a example?
> What I have tried is that  I used the following code
>
> for(Module::ginterator gI=M->gbegin(), gE=M->gbegin; gI!=gE;++gI){
>     std::cout<<  *gI<< gI->getName()<<gI->getInitializer();
> }
>
> With *gI, I could get all string
> With gI->getName, I could get the global variable name.
> With gI->getInitializer(), I could get the init value for the GV.
>
> Next, what I want to do is to modify the value of the GV, and I tried to use setInitializer(), but I don't know to do it. setInitializer() need contant parameter. I tried several ways, but I failed.
>
> As you said, I can do it like in C level. For C, if I can get the address of the GV, I can read the value and do XOR and then write it back. But for this case, I don't know how to do that. Maybe I am not familar with STL. I really need your help. Sorry again.

Here are some observations:

> for C level,
>
> char a[]="global string test";
> for(i=0;i<strlen(a);i++){
>    a[i]=  a[i]^RANDMON;
> }

If you compile this C code, "global string test" will occur in the program
binary, so you have not obfuscated anything.  You can construct exactly
what you have above in LLVM (just write it as C, compile it to LLVM and
you'll see what you need to generate), but I don't think this is what you
want.  What you really want is:

char a[]="GLOBAL STRING TEST";

and when the program starts up (perhaps in main), you want to insert this:

for (i=0...)
  A[i] = tolower(a[i]);

Note that you can use whatever function you wanted, obviously uppercasing
the string isn't much obfuscation.

To do this on LLVM, you have to do these things:

1. Read the string data as a constant (It's an instance of ConstantArray,
   which you get form the Globalvaraible with getInitializer() as you are
   doing.
2. Construct a new ConstantArray with all of the elements of the original
   string, but modified according to the function you want (exclusive or
   is a reasonable start).
3. Change the initializer of the global variable to the new constant with
   setInitializer().
4. Clear the "constant" flag on the string, because the program will be
   dynamically hacking on the string: GV->setConstant(false);
5. Insert the for loop that translates the string when main runs.

For #5, write the for loop you want, compile it with llvmgcc, then figure
out how to generate it at compile time.  Alternatively, you could put the
'decryption' routine in a library and just insert a call to the library.

-Chris

-- 
http://llvm.org/
http://nondot.org/sabre/

More information about the llvm-dev mailing list