A common programming idiom when writing position independent code (PIC) is to expand a string literal into its individual characters when instantiating a local variable.
void f() {
// Example 1: A normal instantiation with a string literal
char a[]{ "a long string" };
// Example 2: The Pic idiom for instantiating a string
Thank you to SpecterOps for supporting this research and to Duane and Matt for proofreading and editing! Crossposted on the SpecterOps Blog.
TLDR: You may use this header file for reliable compile time string encryption without needing any additional dependencies.
Programmers of DRM software, security products, or other sensitive code bases are commonly required to minimize the amount of human readable strings in binary output files. The goal of the minimization is to hinder others from reverse engineering their proprietary technology.
Common approaches that are taken to meet this requirement often add an additional maintenance burden to the developer and are prone to error. These approaches will be presented along with t
C++11 introduced the constexpr keyword for defining a constant expression.
A constant expression is a variable or function that may be evaluated at compile time. This has many uses, including extending a switch statement to support full strings.
C++ only supports using an integer as the condition in a switch statement and an integer that is known at compile time in a case statement.
You can define a hash function and use it to convert a string to an integer to use in a switch statement.
If you define that hash function as a constexpr you can use it to convert a string literal to an integer to use in a case statement as well.
| # Cross toolchain configuration for using clang-cl. | |
| set(CMAKE_SYSTEM_NAME Windows) | |
| set(CMAKE_SYSTEM_VERSION 10.0) | |
| set(CMAKE_SYSTEM_PROCESSOR AMD64) | |
| set(CMAKE_C_COMPILER "/usr/bin/clang-cl-9") | |
| set(CMAKE_CXX_COMPILER "/usr/bin/clang-cl-9") | |
| set(CMAKE_LINKER "/usr/bin/lld-link-9") |
| #ifndef PATCHLESS_AMSI_H | |
| #define PATCHLESS_AMSI_H | |
| #include <windows.h> | |
| static const int AMSI_RESULT_CLEAN = 0; | |
| PVOID g_amsiScanBufferPtr = nullptr; | |
| unsigned long long setBits(unsigned long long dw, int lowBit, int bits, unsigned long long newValue) { |
I previously wrote about how to use macro metaprogramming to simplify using string literals in position independent code (PIC). The results are summarized in the below code snippet and the article can be read on GitHub.
void f() {
// Example 1: The Pic idiom for instantiating a string
char picString1[]{ 'a', 'b', 'c' };
| // Copyright (C) 2022 Evan McBroom | |
| // If you are using Visual Studio, you will need to disable the "Edit and Continue" feature. | |
| // Prng based off of Parker Miller's | |
| // "Multiplicative Linear Congruential Generator" | |
| // https://en.wikipedia.org/wiki/Lehmer_random_number_generator | |
| namespace mlcg { | |
| constexpr uint32_t modulus() { | |
| return 0x7fffffff; | |
| } |
| BOOL TransportSend( LPVOID Data, SIZE_T Size, PVOID* RecvData, PSIZE_T RecvSize ) | |
| { | |
| #ifdef TRANSPORT_HTTP | |
| HANDLE hConnect = NULL; | |
| HANDLE hSession = NULL; | |
| HANDLE hRequest = NULL; | |
| DWORD HttpFlags = 0; | |
| LPVOID RespBuffer = NULL; |
| #include <Windows.h> | |
| #include <winternl.h> | |
| #include <stdio.h> | |
| /* Define the overloaded hashing function you want to use */ | |
| #define HASHALGO HashStringDjb2 | |
| // https://github.com/vxunderground/VX-API/blob/main/VX-API/MalwareStrings.h | |
| #pragma region HashStringDjb2 | |
| constexpr DWORD HashStringDjb2(const char* String) |
| //===============================================================================================// | |
| // This is a stub for the actuall functionality of the DLL. | |
| //===============================================================================================// | |
| #include "ReflectiveLoader.h" | |
| #include <stdio.h> | |
| // Note: REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR and REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN are | |
| // defined in the project properties (Properties->C++->Preprocessor) so as we can specify our own | |
| // DllMain and use the LoadRemoteLibraryR() API to inject this DLL. |