'MBA' Obfuscation: Any Plans To Allow Integer Constants Passed As Parameters t

[realoriginal]

Good Afternoon!

I have a particular use case that oddly MBAObfuscation doesn't fit - I'm working on seeing if I can add it myself, but figured I'd ask here for some insight in case its something I'm missing:

In cases where function calls accept integer parameters that are constant, like say the following function definition:

UINT32 Function( _In_ UINT32 Value, _In_ UINT32 ConstantValue )

With a callee say executing

Function( Variable, 0x41424344 );

One would expect that either the variable substituion or MBA obfuscation would inherently obfuscate the 0x41424344 value - However, even with the isa<CallInst>(I) enabled - IT oddly still misses it. Is there any particular reason for this?

[bluesadi]

Thanks! That's a good question.

Maybe that's because the type of the first operand of CallInst is not Interger, making it can't pass the check at MBAObfuscation.cpp#L48.

I disabled obfuscation to CallInst because I found there were some problems with it. I simply excluded CallInst to make the pass work well. I agree that constant parameters of function calls need to be obfuscated as well. I will try to work it out.

[realoriginal]

I appreciate it !

If I figure it out, I will let you know.