0

I'm writing a C program that containes some anti-disassembly techniques, in particular I'm implementing this one:

https://unprotect.it/technique/dynamically-computed-target-address/

This is my attempt at implementing it:

__asm { 
        mov eax, [%0]
        call eax
        :: r (target) : eax
    }

The problem is that when I try to compile it in Visual Studio 2022 I receive the errors:

C2400: syntax error of the inline assembler in 'second operand'. Found 'MOD'.
C2400: syntax error of the inline assembler in 'opcode'. Found ':'.

Do you know how can I solve it? Thank you in advance.

Peter Cordes
  • 328,167
  • 45
  • 605
  • 847
Luca
  • 95
  • 1
  • 2
  • 11
  • 4
    This looks like a mix of the GNU inline asm and Visual C syntax. Take a look at this [comparison](https://www.cs.uaf.edu/2010/fall/cs301/lecture/11_01_inline_asm.html) – Eugene Sh. Mar 13 '23 at 16:34
  • 2
    MSVC doesn't support GNU C inline asm, or the weird hybrid you invented. `__asm { mov eax, target` / `call eax` / `}` in MSVC. – Peter Cordes Mar 13 '23 at 16:45
  • 1
    BTW, that obfuscation example looks very brittle. It depends on it being safe to re-enter `main` 4 instruction bytes later, without breaking its stack setup, access to local variables, or anything else. Also, it assumes memory from `malloc` will be executable! What could work is GNU C labels-as-values to get the address of a C `goto` label, like `dengo:`. https://gcc.gnu.org/onlinedocs/gcc/Labels-as-Values.html. Take the address of that and have something jump back to that address? Except that'll still push a return address. – Peter Cordes Mar 13 '23 at 16:59
  • MSVC 2022 64-bit doesn't support inline assembler at all. – Weather Vane Mar 13 '23 at 17:15
  • @WeatherVane Looks like the error messages do not object to the inline assembly itself. – Eugene Sh. Mar 13 '23 at 17:23
  • @EugeneSh. yes that's true, so I presume it's 32-bit compiler. My 2015 one does, but not my 2022 64-bit. Microsoft [says](https://learn.microsoft.com/en-us/cpp/assembler/inline/inline-assembler?view=msvc-170) "Inline assembly is not supported on the ARM and x64 processors. The following topics explain how to use the Visual C/C++ inline assembler with x86 processors". – Weather Vane Mar 13 '23 at 17:29

0 Answers0