Constant protection
Description
With this pass the constants (e.g. string literals) are encrypted in the binary and only decrypted immediately before the use. If Morpher can prove that the called function won't capture the passed pointer, the string will be encrypted back after use.
Original Code
#include <stdio.h>
void InputArray(double Matrix[5][10], size_t rows, size_t cols);
void ProcessingArray(double Matrix[5][10], double *out, size_t rows, size_t cols);
void PrintArray(double *out, size_t N);
int main(size_t argc, char **argv) {
size_t rows, cols;
double Matrix[5][10];
double out[10];
printf("rows: N = ");
scanf("%d", &rows);
if (rows > 5)
printf("\nNumber of rows must be 5 or less");
printf("cols: N = ");
scanf("%d", &cols);
if (cols > 10)
printf("\nNumber of columns must be 10 or less");
printf("\n");
InputArray(Matrix, rows, cols);
ProcessingArray(Matrix, out, rows, cols);
PrintArray(out, cols);
printf("sizeof(void*) = %d\n", sizeof(void*));
return 0;
}
Transformed Code
public main
.align 16
main proc near
push EBP
mov EBP, ESP
push EBX
push EDI
push ESI
sub ESP, 44
mov AL, BYTE PTR [.L_2E_str4+1]
xor AL, BYTE PTR [.L_2E_str4]
cmp AL, 65
mov DWORD PTR [EBP - 20], 1105426291
je .LBB4_4
.LBB4_1: ; %bb.i20
mov EAX, 1105426291
lea EAX, DWORD PTR [EAX - 1105426213]
mov DWORD PTR [EBP - 16], EAX
xor EAX, EAX
mov EDX, EAX
.align 16
.LBB4_2: ; %bb41.i38
mov CL, DL
mov EBX, 1105426291
shr EBX, CL
xor BYTE PTR [EAX + .L_2E_str4], BL
add EDX, 8
and DWORD PTR [EBP - 16], 8
inc EAX
mov ECX, 3
cmp EAX, ECX
jne .LBB4_2
.LBB4_3: ; %bb41.i38.singleXor.exit39_crit_edge
mov EAX, DWORD PTR [EBP - 16]
mov DWORD PTR [EBP - 20], EAX
.LBB4_4: ; %singleXor.exit39
lea EAX, DWORD PTR [ESP - 8]
mov DWORD PTR [EBP - 16], EAX
mov ESP, EAX
lea EAX, DWORD PTR [ESP - 8]
mov DWORD PTR [EBP - 40], EAX
mov ESP, EAX
lea EAX, DWORD PTR [ESP - 8]
mov DWORD PTR [EBP - 44], EAX
mov ESP, EAX
lea EAX, DWORD PTR [ESP - 8]
mov DWORD PTR [EBP - 20], EAX
mov ESP, EAX
lea EAX, DWORD PTR [ESP - 8]
mov DWORD PTR [EBP - 24], EAX
mov ESP, EAX
lea EAX, DWORD PTR [ESP - 8]
mov DWORD PTR [EBP - 48], EAX
mov ESP, EAX
lea EAX, DWORD PTR [ESP - 8]
mov DWORD PTR [EBP - 52], EAX
mov ESP, EAX
lea EAX, DWORD PTR [ESP - 8]
mov DWORD PTR [EBP - 28], EAX
mov ESP, EAX
lea EAX, DWORD PTR [ESP - 8]
mov DWORD PTR [EBP - 32], EAX
mov ESP, EAX
lea EAX, DWORD PTR [ESP - 8]
mov DWORD PTR [EBP - 36], EAX
mov ESP, EAX
lea EAX, DWORD PTR [ESP - 8]
mov ESP, EAX
mov ECX, 502747040
shr ECX, 24
mov DL, BYTE PTR [.L_2E_str3+1]
xor DL, BYTE PTR [.L_2E_str3]
movzx EDX, DL
cmp EDX, ECX
mov ESI, 169
je .LBB4_10
.LBB4_5: ; %bb.i2
mov ECX, DWORD PTR [EBP - 28]
mov DWORD PTR [ECX], OFFSET .L_2E_str3
mov ECX, DWORD PTR [EBP - 52]
mov DWORD PTR [ECX], 2
mov EDX, DWORD PTR [EBP - 48]
mov BYTE PTR [EDX], 0
mov EDI, DWORD PTR [EBP - 36]
mov DWORD PTR [EDI], OFFSET .L_2E_str3
mov DL, BYTE PTR [EDX]
test DL, DL
mov EDX, 1
cmove EDX, DWORD PTR [ECX]
mov ECX, DWORD PTR [EBP - 24]
mov DWORD PTR [ECX], EDX
mov DWORD PTR [EAX], 0
add ESI, 4294967178
.align 16
.LBB4_6: ; %bb19.i
mov ECX, DWORD PTR [EBP - 24]
mov ECX, DWORD PTR [ECX]
mov EDX, DWORD PTR [EAX]
mov EDI, DWORD PTR [EBP - 28]
mov EDI, DWORD PTR [EDI]
mov EBX, 502747040
xor DWORD PTR [EDI + 4*EDX], EBX
mov EBX, ESI
and EBX, 35
mov ESI, EBX
or ESI, 68
inc EDX
cmp EDX, ECX
mov DWORD PTR [EAX], EDX
lea ECX, DWORD PTR [EDI + 4*EDX]
mov EDX, DWORD PTR [EBP - 36]
mov DWORD PTR [EDX], ECX
jne .LBB4_6
.LBB4_7: ; %bb36.i
mov ESI, EDX
mov ESI, DWORD PTR [ESI]
mov EAX, DWORD PTR [EBP - 20]
mov DWORD PTR [EAX], ESI
mov ESI, DWORD PTR [EBP - 44]
mov DWORD PTR [ESI], 3
mov EAX, DWORD PTR [EBP - 40]
mov BYTE PTR [EAX], 0
mov ESI, DWORD PTR [ESI]
mov EAX, DWORD PTR [EBP - 16]
mov DWORD PTR [EAX], ESI
mov ESI, DWORD PTR [EBP - 32]
mov DWORD PTR [ESI], 0
add EBX, 152
.align 16
.LBB4_8: ; %bb41.i
mov ESI, DWORD PTR [EBP - 32]
mov EAX, DWORD PTR [ESI]
lea ECX, DWORD PTR [8*EAX]
mov EDX, 502747040
shr EDX, CL
mov ECX, DWORD PTR [EBP - 16]
mov ECX, DWORD PTR [ECX]
mov EDI, DWORD PTR [EBP - 20]
mov EDI, DWORD PTR [EDI]
xor BYTE PTR [EDI + EAX], DL
and EBX, 48
inc EAX
cmp EAX, ECX
mov DWORD PTR [ESI], EAX
jne .LBB4_8
.LBB4_9: ; %bb41.i.singleXor.exit_crit_edge
mov ESI, EBX
.LBB4_10: ; %singleXor.exit
lea EAX, DWORD PTR [ESP - 8]
mov DWORD PTR [EBP - 28], EAX
mov ESP, EAX
lea EAX, DWORD PTR [ESP - 8]
mov DWORD PTR [EBP - 20], EAX
mov ESP, EAX
lea EAX, DWORD PTR [ESP - 80]
mov DWORD PTR [EBP - 32], EAX
mov ESP, EAX
lea EAX, DWORD PTR [ESP - 400]
mov DWORD PTR [EBP - 40], EAX
mov ESP, EAX
lea EAX, DWORD PTR [ESP - 8]
mov DWORD PTR [EBP - 36], EAX
mov ESP, EAX
mov EDI, ESP
lea EBX, DWORD PTR [EDI - 8]
mov DWORD PTR [EBP - 44], EBX
mov ESP, EBX
sub ESP, 8
mov DWORD PTR [ESP], OFFSET .L_2E_str3
call printf
add ESP, 8
sub ESP, 8
mov DWORD PTR [ESP + 4], EBX
mov DWORD PTR [ESP], OFFSET .L_2E_str4
call scanf
add ESP, 8
or ESI, 212
and ESI, 244
cmp DWORD PTR [EDI - 8], 5
jle .LBB4_18
.LBB4_11: ; %bb
lea EAX, DWORD PTR [ESI + 1152202764]
mov DWORD PTR [EBP - 16], EAX
shr EAX, 24
mov CL, BYTE PTR [.L_2E_str5+1]
xor CL, BYTE PTR [.L_2E_str5]
movzx ECX, CL
cmp ECX, EAX
je .LBB4_17
.LBB4_12: ; %bb.i57
add ESI, 4294967248
xor EAX, EAX
mov ECX, 8
.align 16
.LBB4_13: ; %bb19.i70
mov EDX, DWORD PTR [EBP - 16]
xor DWORD PTR [4*EAX + .L_2E_str5], EDX
and ESI, 196
inc EAX
cmp EAX, ECX
jne .LBB4_13
.LBB4_14: ; %bb36.i73
xor ESI, 233
xor EAX, EAX
mov EDX, EAX
.align 16
.LBB4_15: ; %bb41.i88
mov CL, DL
mov EBX, DWORD PTR [EBP - 16]
shr EBX, CL
xor BYTE PTR [EAX + .L_2E_str5+32], BL
add EDX, 8
or ESI, 208
and ESI, 216
inc EAX
mov ECX, 2
cmp EAX, ECX
jne .LBB4_15
.LBB4_16: ; %bb41.i88.singleXor.exit89_crit_edge
mov DWORD PTR [EBP - 16], ESI
.LBB4_17: ; %singleXor.exit89
sub ESP, 8
mov DWORD PTR [ESP], OFFSET .L_2E_str5
call printf
add ESP, 8
and ESI, 208
add ESI, 4294967161
.LBB4_18: ; %bb1
and ESI, 64
mov EDI, ESI
or EDI, 208475443
mov AL, BYTE PTR [.L_2E_str6+1]
xor AL, BYTE PTR [.L_2E_str6]
cmp AL, 12
je .LBB4_24
.LBB4_19: ; %bb.i107
lea EAX, DWORD PTR [ESI + ESI + 108]
add ESI, 108
xor EAX, 190
xor ECX, ECX
mov EDX, 2
.align 16
.LBB4_20: ; %bb19.i120
xor DWORD PTR [4*ECX + .L_2E_str6], EDI
and EAX, 16
mov DWORD PTR [EBP - 16], EAX
or EAX, 41
inc ECX
cmp ECX, EDX
mov ESI, EAX
jne .LBB4_20
.LBB4_21: ; %bb36.i123
add DWORD PTR [EBP - 16], 239
xor EAX, EAX
mov DWORD PTR [EBP - 24], EAX
.align 16
.LBB4_22: ; %bb41.i138
mov EDX, DWORD PTR [EBP - 24]
mov CL, DL
mov EBX, EDI
shr EBX, CL
xor BYTE PTR [EAX + .L_2E_str6+8], BL
add EDX, 8
mov DWORD PTR [EBP - 24], EDX
and DWORD PTR [EBP - 16], 206
inc EAX
mov ECX, 3
cmp EAX, ECX
jne .LBB4_22
.LBB4_23: ; %bb41.i138.singleXor.exit139_crit_edge
mov EDI, DWORD PTR [EBP - 16]
.LBB4_24: ; %singleXor.exit139
sub ESP, 8
mov DWORD PTR [ESP], OFFSET .L_2E_str6
call printf
add ESP, 8
sub ESP, 8
mov ESI, DWORD PTR [EBP - 36]
mov DWORD PTR [ESP + 4], ESI
mov DWORD PTR [ESP], OFFSET .L_2E_str4
call scanf
add ESP, 8
and EDI, 66
add EDI, 4294967251
cmp DWORD PTR [ESI], 10
jle .LBB4_32
.LBB4_25: ; %bb2
lea ESI, DWORD PTR [EDI + 1146397173]
mov EAX, ESI
shr EAX, 24
mov CL, BYTE PTR [.L_2E_str7+1]
xor CL, BYTE PTR [.L_2E_str7]
movzx ECX, CL
cmp ECX, EAX
je .LBB4_31
.LBB4_26: ; %bb.i157
mov EAX, EDI
xor EAX, 110
sub EAX, EDI
add EAX, 4294967194
xor EDI, EDI
mov ECX, 9
.align 16
.LBB4_27: ; %bb19.i170
xor DWORD PTR [4*EDI + .L_2E_str7], ESI
inc EDI
xor EDX, EDX
cmp EDI, ECX
mov EAX, 3
jne .LBB4_27
.LBB4_28: ; %bb36.i173
xor EDI, EDI
mov EAX, 2
mov EBX, EDI
lea ECX, DWORD PTR [EDX + 167]
.align 16
.LBB4_29: ; %bb41.i188
mov CL, BL
mov EDX, ESI
shr EDX, CL
xor BYTE PTR [EDI + .L_2E_str7+36], DL
add EBX, 8
inc EDI
cmp EDI, EAX
mov EDX, 140
mov ECX, EDX
jne .LBB4_29
.LBB4_30: ; %bb41.i188.singleXor.exit189_crit_edge
mov ESI, EDX
.LBB4_31: ; %singleXor.exit189
sub ESP, 8
mov DWORD PTR [ESP], OFFSET .L_2E_str7
call printf
add ESP, 8
or ESI, 51
and ESI, 59
mov EDI, ESI
.LBB4_32: ; %bb3
sub ESP, 8
mov DWORD PTR [ESP], 10
call putchar
add ESP, 8
mov ESI, DWORD PTR [EBP - 44]
mov EAX, DWORD PTR [ESI]
mov ECX, DWORD PTR [EBP - 36]
mov EDX, DWORD PTR [ECX]
sub ESP, 16
mov DWORD PTR [ESP + 8], EDX
mov DWORD PTR [ESP + 4], EAX
mov EAX, DWORD PTR [EBP - 40]
mov DWORD PTR [ESP], EAX
call _Z10InputArrayPA10_dii
add ESP, 16
mov EDX, DWORD PTR [ESI]
mov ECX, DWORD PTR [EBP - 36]
mov ESI, DWORD PTR [ECX]
sub ESP, 16
mov DWORD PTR [ESP + 12], ESI
mov DWORD PTR [ESP + 8], EDX
mov EDX, DWORD PTR [EBP - 32]
mov DWORD PTR [ESP + 4], EDX
mov EAX, DWORD PTR [EBP - 40]
mov DWORD PTR [ESP], EAX
call _Z15ProcessingArrayPA10_dPdii
add ESP, 16
mov ECX, DWORD PTR [EBP - 36]
mov EAX, DWORD PTR [ECX]
mov ECX, DWORD PTR [EBP - 28]
mov DWORD PTR [ECX], EAX
mov ECX, DWORD PTR [EBP - 20]
mov DWORD PTR [ECX], 0
and EDI, 17
test EAX, EAX
jle .LBB4_39
.LBB4_33: ; %bb.i
mov AL, BYTE PTR [.L_2E_str+1]
xor AL, BYTE PTR [.L_2E_str]
movzx EAX, AL
and EDI, 17
lea ECX, DWORD PTR [EDI + 445276830]
mov DWORD PTR [EBP - 16], ECX
shr ECX, 24
cmp EAX, ECX
je .LBB4_38
.LBB4_34: ; %bb.i207
mov EDI, DWORD PTR [EBP - 16]
lea EAX, DWORD PTR [EDI - 445276761]
xor ECX, ECX
mov EDX, EDI
.align 16
.LBB4_35: ; %bb19.i220
mov EDI, DWORD PTR [EBP - 16]
xor DWORD PTR [4*ECX + .L_2E_str], EDI
and EDX, 170
mov EDI, EAX
and EDI, 18
add EDX, EDI
xor EDX, 6
inc ECX
mov EAX, 3
cmp ECX, EAX
mov EAX, EDX
jne .LBB4_35
.LBB4_36: ; %bb36.i223
add EDI, 81
xor EAX, EAX
mov EDX, EAX
.align 16
.LBB4_37: ; %bb41.i238
mov CL, DL
mov EBX, DWORD PTR [EBP - 16]
shr EBX, CL
xor BYTE PTR [EAX + .L_2E_str+12], BL
add EDX, 8
or EDI, 28
and EDI, 95
inc EAX
mov ECX, 3
cmp EAX, ECX
jne .LBB4_37
.LBB4_38: ; %singleXor.exit239
mov EAX, DWORD PTR [EBP - 20]
mov ESI, DWORD PTR [EAX]
mov ECX, DWORD PTR [EBP - 32]
movsd XMM0, QWORD PTR [ECX + 8*ESI]
mov ECX, DWORD PTR [EBP - 28]
mov EBX, DWORD PTR [ECX]
sub ESP, 16
movsd QWORD PTR [ESP + 8], XMM0
mov DWORD PTR [ESP + 4], ESI
mov DWORD PTR [ESP], OFFSET .L_2E_str
call printf
add ESP, 16
or EDI, 98
and EDI, 115
inc ESI
cmp ESI, EBX
mov EAX, DWORD PTR [EBP - 20]
mov DWORD PTR [EAX], ESI
jne .LBB4_33
.LBB4_39: ; %_Z8OutArrayPdi.exit
mov AL, BYTE PTR [.L_2E_str8+1]
xor AL, BYTE PTR [.L_2E_str8]
movzx EAX, AL
and EDI, 17
lea ECX, DWORD PTR [EDI + 436517133]
mov EDX, ECX
shr EDX, 24
cmp EAX, EDX
je .LBB4_43
.LBB4_40: ; %bb.i257
xor EAX, EAX
mov EDX, 5
mov ESI, EAX
.align 16
.LBB4_41: ; %bb19.i270
xor DWORD PTR [4*ESI + .L_2E_str8], ECX
inc EAX
mov EBX, EDI
and EBX, 16
mov EDI, EBX
or EDI, 8
inc ESI
cmp ESI, EDX
jne .LBB4_41
.LBB4_42: ; %bb36.i273
xor EBX, 241
mov ECX, EBX
.LBB4_43: ; %singleXor.exit274
sub ESP, 8
mov DWORD PTR [ESP + 4], 4
mov DWORD PTR [ESP], OFFSET .L_2E_str8
call printf
add ESP, 8
xor EAX, EAX
lea ESP, DWORD PTR [EBP - 12]
pop ESI
pop EDI
pop EBX
pop EBP
ret
main endp
.L_2E_str:; .str
db 192,23,254,'A',138,6,215,':',146,'B',175,'v',200,'h',138
.L_2E_str1:; .str1
db 2,142,220,'^&',151,243,9,'+',195,136,9,'+',178,136,17,'o',239
.L_2E_str2:; .str2
db 232,'k',161,'I'
.L_2E_str3:; .str3
db 210,' ',128,'n',154,'o',185,'=',157,'o',247
.L_2E_str4:; .str4
db 'V',19,227
.L_2E_str5:; .str5
db 10,'w',216,')b\',223,'do_',141,'6oN',222,'dmL',222,'0 [',200,'d5',25,194,'6 U',200
db '7s9'
.L_2E_str6:; .str6
db 16,'z',1,'?I5#,N5m'
.L_2E_str7:; .str7
db 0,236,'?)h',199,'&de',196,'t''e',206,'?)d',209,'t)?',209,' dh',199,'tu:',130,';6*',206
db '17y',162
.L_2E_str8:; .str8
db 'm',208,'~?q',223,',lq',208,'`07',153,'9:;',221,14,26