[LLVMdev] Obfuscation Transformations Clobbered by Unkown Optimizations

Reid Spencer rspencer at reidspencer.com
Thu Dec 13 17:26:32 PST 2007


The LLVMCore library provides constant folding automatically. So, when
your obfuscated module is read in and the assembler re-creates your
constants, the arithmetic is done automatically and the constants are
folded. To see where this is done, see lib/VMCore/ConstantFold.cpp


On Thu, 2007-12-13 at 02:22 -0600, Matt Fredrikson wrote:
> Hello all,
> I am implementing some simple obfuscation transformations in LLVM. One
> of the obfuscations involves searching for particular constants, and
> "unrolling" them throughout a procedure using arithmetic. In effect,
> certain constants are broken up into smaller constants and recombined
> as needed using the appropriate operators. I perform this on
> intermediate LLVM instructions.
> After I run opt on an un-obfuscated bitcode file to produce an
> obfuscated bitcode file, I verify that my transformations were placed
> in the file using llvm-dis. At this point, the changes appear to have
> been made. However, if I run the obfuscated bitcode file through llc
> to produce x86 assembly, the obfuscations vanish. I manually disabled
> all of the suspicious transformation passes run by llc, and nothing
> changes. The same things happens if I run llvm-ld -native
> -disable-opt.
> Does anybody know what pass is clobbering my obfuscations?
> Thanks,
> Matt Fredrikson
> _______________________________________________
> LLVM Developers mailing list
> LLVMdev at cs.uiuc.edu         http://llvm.cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev

More information about the llvm-dev mailing list