| re: Hiding ascii text in memcpy?
Dave wrote:[color=blue]
> After the program is compiled, the assign valued of a string object
> still can be viewed by some binary decoder eg. a strings program in Unix.
>
> I m wondering if I can avoid the value of a string be seen by this kind
> of tool if I use memcpy.[/color]
There's nothing special about memcpy, it just copies bytes from A to B.
You can always break your string up into several little pieces and then
reassemble it by hand...
For example, with the following:
#include <iostream>
using namespace std;
int main(){
cout << "Hi!" << endl;
}
I can see "Hi!" lurking in the binary;
00000940 55 89 e5 53 e8 00 00 00 00 5b 81 c3 ff 11 00 00
|U..S.....[......|
00000950 50 e8 de fc ff ff 59 5b c9 c3 00 00 03 00 00 00
|P.....Y[........|
00000960 01 00 02 00 48 69 21 00 01 1b 03 3b 30 00 00 00
|....Hi!....;0...|
00000970 05 00 00 00 2c fd ff ff 50 00 00 00 28 fe ff ff
|....,...P...(...|
00000980 6c 00 00 00 86 fe ff ff 8c 00 00 00 c4 fe ff ff
|l...............|
But with the following, (which gives exactly the same output), I don't:
#include <iostream>
using namespace std;
int main(){
char H = 0x10;
H<<=2;
H|=0x08;
char i = 0x60;
i|=0x08;
++i;
cout << H << i << "!" << endl;
}
Of course, this requires some assumptions about the character set you're
using. I know my machine's on ISO-8859-1, so I can use the character
codes for 'H' and 'i' to create the right glyphs.
If the string ever appears as a literal then it'll show up in the
binary. (Unless you're using a deathstation 9000, maybe.) The only way
to get around this is to avoid using nice complete literals like that.
Happy obfuscating,
Jacques.
| 
