12.9 Using Function Pointers

12.9.1 Problem

By knowing which functions are called either directly or indirectly a programmer can understand the operation of a compiled program without resorting to runtime analysis.

12.9.2 Solution

The address of a function will always be visible in memory before it is called; however, by storing an obfuscated version of the function pointer, disassemblers and cross-reference analysis tools will fail to recognize the stored pointer as a code address. Note that this technique will not work with function pointers that require relocation, such as the addresses of functions in shared libraries.

12.9.3 Discussion

Function pointers can be handled like other variables. Because they are essentially compile-time constants, it is best to use a technique that obfuscates them at compile time. It is important that the functions created using the SET_FN_PTR macro presented below be inlined by the compiler so that they do not appear in the resulting executable's symbol table; otherwise, they will be obvious tip-offs to a cracker that something is not as it should be.

#define SET_FN_PTR(func, num)                  \         static inline void *get_##func(void) { \           int  i, j = num / 4;                 \           long ptr = (long)func + num;         \           for (i = 0;  i < 2;  i++) ptr -= j;  \           return (void *)(ptr - (j * 2));      \         } #define GET_FN_PTR(func) get_##func(  )

With the SET_FN_PTR macro, the pointer to a function is returned by a routine that stores the function pointer modified by a programmer-supplied value. The GET_FN_PTR macro calls this routine, which performs a mathematical transformation on the stored pointer and returns the real function address. The following example demonstrates the usage of the macros:

#include <stdio.h> void my_func(void) {   printf("my_func(  ) called!\n"); }     SET_FN_PTR(my_func, 0x01301100); /* 0x01301100 is some arbitrary value */     int main(int argc, char *argv[  ]) {   void (*ptr)(void);       ptr = GET_FN_PTR(my_func);     /* get the real address of the function */   (*ptr)(  );                      /* make the function call */ return 0; }


Secure Programming Cookbook for C and C++
Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More
ISBN: 0596003943
EAN: 2147483647
Year: 2005
Pages: 266

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net