29 Jun
2006
29 Jun
'06
11:39 p.m.
Chuck Guzis wrote:
And just *hope* that this fixup code doesn't decode to
"SELLS USED CARS" or some other perjorative... :>
> Lots of
clever ideas to prevent/discourage that sort of thing ;-)
I knew a fellow who liked to "brand" his code by executing his name.
Actually, it's pretty easy on x86 platforms; most uppercase alphas are
simple 1-byte register ops. For example, "DERMOUSE" would translate to:
INC SP
INC BP
PUSH DX
DEC BP
DEC DI
PUSH BP
PUSH BX
INC BP
The simple way to code this would be to follow this with a bit of "fixup"
code:
DEC BP
ADD SP,5
INC DI But code of a bit more devious bent would actually set
registers up with
known values before the name and then check their values to make sure that
the "name" code has been executed.
I once remember hacking some game that did just this. Drove me nuts when
the execution path veered off into what I thought was data.
If you use a batch disassembler, you'll also get screwed by
cases of inlined data. E.g., I often do things like:
CALL SOMETHING
DB <parameters_for_something>
LABEL: <do_something_else>
If the <parameters_for_something> don't map into an integral
number of instructions, then the disassembler's PC won't
line up with LABEL: and some number of instructions in that
vicinity will get improperly decoded (until the disassembler
syncs up "by chance" with the instruction stream)