On Wed, Oct 12, 2005 at 09:27:58PM +0200, Joerg Sonnenberger wrote: >On Wed, Oct 12, 2005 at 09:13:26PM +0200, Simon 'corecode' Schubert wrote: >> Sure is. Call/ret = it will come here again. Jmps = it will jump >> there. call *%ebx && there roll back two half stack frames (obviously >> you won't use real ebp frames), jump somewhere else, hop back to where >> you started just with a changed overflow flag so that the conditional >> jump will route differently... Maybe use irets or even SIGSEGV/SIGBUS >> handlers on purpose... Creativity! > >Even better, don't rollback the stack pointer, but use it create the >local stack frame :-)
I realize this is an answer to a different question, but may be of interest anyway. http://mindprod.com/jgloss/unmain.html How To Write Unmaintainable Code http://mindprod.com/jgloss/unmainobfuscation.html Oh, a special section on obfuscation... // George -- George Georgalis, systems architect, administrator <IXOYE>< http://galis.org/ cell:646-331-2027 mailto:[EMAIL PROTECTED]
