12-19-2015 - Assembly_is_Too_High-Level_-_Self_Modifying_Code_with_Basic_Arithmetic
Use simple math instructions to modify other instructions for some fun self modifying code.
Use simple math instructions to modify other instructions for some fun self modifying code.
There were some questions to my methods for the original post on Vm0wd2Qy, so this is a follow-up to explain everything.
Encoding of the JMP instruction can have reduncancies, here we explore using less common encodings.
SUB and CMP are already similar enough in x86, but in Propeller, they are even encoded super similar, to where you can do some stupid assembly syntax to convert one into the other.
This is by far my favorite x86 encoding thing; you can unlock way more functionality with this instruction that requires machine encoding beyond just basic assembly.
Pretty much any insctruction can be a NOP, due to a 'never' condition. ARM is very similar in this way.
Using the FIST instruction as an obfuscation technique, because fisting.
Taking a look at some blank spots in the Intel manuals opcode map.
Intel tries to abuse the ModR/M table for variable byte NOPs, read on to see how we can do some better abuse for multibyte NOPs that are also still sledable.
