You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
I followed the paper presented at Pass The Salt 2022 (The Poor Man's Obfuscator) to add arbitrary addresses as exported functions (Section 3.3 Export Addresses in the talk). However, I only managed to get one arbitrary address inserted as an exported function in the binary.
To Reproduce
Execute the code to iterate through the application's functions and attempt to add a random address each time as an exported function.
app = lief.parse("./binary")
for function in app.functions:
address = function.address
address += random.randint(16, 32)
address -= address % 4
app.add_exported_function(address,"_fake")
Expected behavior
Depending on the number of functions iterated, we should see the same number of exported functions added at the various random address locations as well. In Ghidra, I only saw two new "_fake" functions added to the binary as listed under Ghidra's Symbol Tree > Functions. However, I do see the correct number of "_fake" labels under Ghidra's Symbol Tree > Labels. However only two of the labels points to somewhere in the code. I cannot navigate to the rest of the "_fake" labels as they are not in memory (as reported by Ghidra).
Environment (please complete the following information):
System and Version : Mac OS 14.1 (ARM64)
Target format: Mach-O (ARM64)
LIEF commit version: 0.14.1-bae887e0
Additional context
NOTICE
If the issue does not contain enough information to be reproduced,
it will be flagged as incomplete
and closed.
/NOTICE
The text was updated successfully, but these errors were encountered:
Describe the bug
I followed the paper presented at Pass The Salt 2022 (The Poor Man's Obfuscator) to add arbitrary addresses as exported functions (Section 3.3 Export Addresses in the talk). However, I only managed to get one arbitrary address inserted as an exported function in the binary.
To Reproduce
Execute the code to iterate through the application's functions and attempt to add a random address each time as an exported function.
Expected behavior
Depending on the number of functions iterated, we should see the same number of exported functions added at the various random address locations as well. In Ghidra, I only saw two new "_fake" functions added to the binary as listed under Ghidra's Symbol Tree > Functions. However, I do see the correct number of "_fake" labels under Ghidra's Symbol Tree > Labels. However only two of the labels points to somewhere in the code. I cannot navigate to the rest of the "_fake" labels as they are not in memory (as reported by Ghidra).
Environment (please complete the following information):
Additional context
NOTICE
If the issue does not contain enough information to be reproduced,
it will be flagged as incomplete
and closed.
/NOTICE
The text was updated successfully, but these errors were encountered: