search

google-code-export / asdec

Automatically exported from code.google.com/p/asdec
1 stars 0 forks source link

Unreachable opcode delete #30

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
Hi, it would be nice to add the optional ability to delete unreachable opcodes. 
For example, many obfuscators add code like that to corrupt the control flow:

    .....
    jump                L15

    //// HERE BEGIN JUNK OPCODES ////
    bitnot
    setlocal3

    lessequals
    greaterequals
    newactivation
    pop
    lshift
    lessthan
    setlocal3

L15:
    some opcodes
    .......

So, if remove opcodes between jump and label(L15:) it would be clean control 
flow.

Original issue reported on code.google.com by 0xC001A...@gmail.com on 26 Jan 2013 at 9:28

GoogleCodeExporter commented 9 years ago 
Hi,
most of the obfuscators do also the trick with
pushtrue
setlocal x
pushfalse
setlocal y

and then use these local variables to change flow with
pushtrue
getlocal x
ifeq

and then they can insert junk opcode almost everywhere...

unreachable opcodes can be deleted, but this is not very useful because all of 
the other tricks obfuscators do...

Original comment by jindra.p...@gmail.com on 26 Jan 2013 at 10:34

GoogleCodeExporter commented 9 years ago 
Well, yeah, about tricks with local bool vars I know too. But they can be 
easily replaced by jump and then just remove it. Usual are local Boolean 
variables don’t change the value, they just announced at the beginning of 
methods.

Original comment by 0xC001A...@gmail.com on 26 Jan 2013 at 3:07

GoogleCodeExporter commented 9 years ago 
Hi,
please try new version - FFDec 1.3.0
it has new Deobfuscation menu which can remove deadcode.)

Original comment by jindra.p...@gmail.com on 17 Feb 2013 at 6:48