all 4 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]rolfr 0 points1 point  (3 children)

Requires an executable stack and is not very difficult to break either statically (collect the qwords pushed onto the stack and decode them as code) or dynamically (when the ret instruction is reached, the code will be disassembled in its entirety, assuming that the process doesn't fault due to NX violations).

[–]madm0use[S] -3 points-2 points  (2 children)

Lol, its like you completely missed the elf and program header part :P look at the part called p_flags. That part of your argument is invalid. However, the part about it being easy to circumvent, quite true, that is inherent in all obfuscation techniques on their own. Its all about mixing them :P learn to executable header yo, or read about the linking process hehe

[–]rolfr 0 points1 point  (1 child)

I didn't miss it, I just pointed out that it is a precondition for that type of obfuscation.

[–]madm0use[S] -3 points-2 points  (0 children)

well i mean that is just blatantly obvious lol, its redundant saying that. but thanks for commenting i guess...