For enhanced security, code execution can be obfuscated to mask the specific memory locations to which the code flow jumps. In such cases, the traditional approach is to obfuscate the corresponding instructions using writeable-executable memory and deobfuscate them at the time of execution. However, writable-executable memory can allow execution of arbitrary code, thus posing a security risk. Therefore, many application environments forbid the use of writable-executable memory, thus hampering code obfuscation via the traditional mechanism. This disclosure describes techniques to perform obfuscation of connections between instructions within executable code without the use of writable-executable memory.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Vaage, Aaron, "Obfuscating and Deobfuscating Code Jump Addresses via Readable Memory", Technical Disclosure Commons, (February 11, 2020)