Can we scramble the declaration order in C or C++?

Question

Is there a method/plugin/addon in place to ignore the following clause (for some c/c++ compiler)? To reorder the declaration of members in a struct during the same stage as the preprocessor or similar? Perhaps by adding a keyword like volatile or something similar to the front of the struct declaration.

I was thinking: a compiler option, a built-in keyword, or a programming method.

C99 §6.7.2.1 clause 13 states:

Within a structure object, the non-bit-field members and the units in which bit-fields reside have addresses that increase in the order in which they are declared.

C++ seems to have a similar clause, and I am interested in that as well. The clauses both specify a reasonable feature to have in terms of later declarations have greater memory offsets. But, I often do not need to know the declaration order of my struct for interface purposes or some other. It would be nice to write some code like:

scrambled struct foo {
    int a;
    int bar;
};

or, suppose order doesn't really matter with this struct.

scrambled struct foo {
    int bar;
    int a;
};

And so, have the declaration of a and b swapped randomly each time I compile. I believe that this also applies to setting aside stack memory.

main() {
    scrambled int a;
    scrambled int foo;
    scrambled int bar;
    ..

---

Why do I ask?

I was curious to see how program bots were created. I watched some people analyzing memory offsets for changes while running the program to which a hack will be created.

It seems the process is: watch the memory offsets and take note of the purpose for the given offsets. Later, hack programs will inject desired values into memory at those offsets.

Now suppose those memory offsets changed every single time the program is compiled. Maybe it would hinder or dissuade individuals from taking the time to understand something you would rather they not know.

Answer 1

Run-time foxing is the best way, then you only have to release a single version. Where a struct has several fields of the same type, you can use an array instead. Step 1. Instead of a structure with three int fields use an array

#define foo 0
#define bar 1
#define zee 2

struct abc {
    int scramble [3];
};

...
value = abc.scramble[bar];

Step 2, now use an indexing array which is randomised every time the program is run.

int abcindex [3];               // index lookup 
int abcpool  [3];               // index pool for randomise

for (i=0; i<3; i++)             // initialise index pool
    abcpool[i] = i;

srand (time(NULL));
for (i=0; i<3; i++) {           // initialise lookup array
    j = rand()%(3-i);
    abcindex[i] = abcpool[j];   // allocate random index from pool
    abcpool[j] = abcpool[2-i];  // remove index from pool
    }

value = abc.scramble[abcindex[bar]];

Another way to try to fox a hacker is to include subterfuge variables that behave as if they have something to do with it but make the program exit if tampered with. Lastly you can keep some kind of checksum or encrypted copy of key variables, to check if they have been tampered with.

Answer 2

Your intention is good, but the solution isn't (sorry). Usually you can't recompile your program before each run. The attacker will hack the inspected program. However, there's a solution, called ASLR. The operating system could change the load address for you, thus making "return oriented programming" and "return to libc like hacks harder".