LLVM Switch Statement Obfuscation Technique
This code snippet is part of a function that performs obfuscation on a switch statement in LLVM IR code. The function takes a SwitchInst object (sw) and a vector of BasicBlock pointers (origBB) as input, and modifies the switch statement to make it harder to understand.
The code first creates a ConstantInt object (startVal) to set the entry value for the switch statement. It then creates a new StoreInst object to store this value in the switch variable, using the terminator of the new entry block as the insertion point.
The code then iterates through each block in origBB, skipping the new entry block. For each block, it checks whether the terminator is a BranchInst. If it is, it checks how many successors the block has.
If the block has only one successor, it finds the case number (caseNum) for that successor using the 'findCaseDest()' function of the SwitchInst object. If the case number is not found, it generates a unique number and creates a new ConstantInt object for it. It then calculates a fixed number (fixNum) by XORing the case number with a key value (key_map[block]) that is mapped to the current block.
It then erases the old terminator of the block and creates a new StoreInst object to store the result of XORing the loaded key value with the fixed number in the switch variable. Finally, it creates a new BranchInst object to jump to the loop end block.
If the block has two successors, the code follows a similar process. It finds the case numbers for both successors (numTrue and numFalse) using the 'findCaseDest()' function of the SwitchInst object. If either case number is not found, it generates a unique number and creates a new ConstantInt object for it. It then calculates fixed numbers (fixNumTrue and fixNumFalse) by XORing the case numbers with the key value mapped to the current block.
It then creates a new SelectInst object to choose between the two fixed numbers based on the condition of the old BranchInst object. It erases the old terminator of the block and creates a new StoreInst object to store the result of XORing the loaded key value with the selected fixed number in the switch variable. Finally, it creates a new BranchInst object to jump to the loop end block.
The function does not return anything, but modifies the input SwitchInst object and BasicBlock pointers directly.
原文地址: https://www.cveoy.top/t/topic/nmK0 著作权归作者所有。请勿转载和采集!