-
Notifications
You must be signed in to change notification settings - Fork 550
FunctionCallObfuscate
FCO uses a json configuration to resolve symbols.
For example {"AAAA":"BBBB"}
means the pass should replace a call to function AAAA
with a call to the result of void* handle=dlopen(NULL,FLAGS);dlsym(handle,"BBBB")
By default configuration is loaded from ~/Hikari/SymbolConfig.json
-
-fcoconfig=PATH
Override the path used to loadSymbolConfig.json
-
-fco_flag=VALUE
Override the value ofRTLD_GLOBAL|RTLD_NOW
on your platform. If you are targeting Darwin/Android then the correct value is automatically applied
__DARWIN_ALIAS_C
mess up symbols in LLVM IR.
For example open
might has symbol name \0x01_open$UNIX2003
.In which case corresponding json config would be {"\0x01_open$UNIX2003":"open"}
You should dump IR with -S -emit-llvm
and build fcoconfig
accordingly
You need to provide your own implementation of dlsym
and dlopen
by either statically embedding them in your code or linked as a separate library. Note that the return value of dlopen
is not actually used outside of dlsym
so you can pass any value as a placeholder.