Matt Fredrikson
2007-Dec-13 08:22 UTC
[LLVMdev] Obfuscation Transformations Clobbered by Unkown Optimizations
Hello all, I am implementing some simple obfuscation transformations in LLVM. One of the obfuscations involves searching for particular constants, and "unrolling" them throughout a procedure using arithmetic. In effect, certain constants are broken up into smaller constants and recombined as needed using the appropriate operators. I perform this on intermediate LLVM instructions. After I run opt on an un-obfuscated bitcode file to produce an obfuscated bitcode file, I verify that my transformations were placed in the file using llvm-dis. At this point, the changes appear to have been made. However, if I run the obfuscated bitcode file through llc to produce x86 assembly, the obfuscations vanish. I manually disabled all of the suspicious transformation passes run by llc, and nothing changes. The same things happens if I run llvm-ld -native -disable-opt. Does anybody know what pass is clobbering my obfuscations? Thanks, Matt Fredrikson
Reid Spencer
2007-Dec-14 01:26 UTC
[LLVMdev] Obfuscation Transformations Clobbered by Unkown Optimizations
Matt, The LLVMCore library provides constant folding automatically. So, when your obfuscated module is read in and the assembler re-creates your constants, the arithmetic is done automatically and the constants are folded. To see where this is done, see lib/VMCore/ConstantFold.cpp Reid. On Thu, 2007-12-13 at 02:22 -0600, Matt Fredrikson wrote:> Hello all, > > I am implementing some simple obfuscation transformations in LLVM. One > of the obfuscations involves searching for particular constants, and > "unrolling" them throughout a procedure using arithmetic. In effect, > certain constants are broken up into smaller constants and recombined > as needed using the appropriate operators. I perform this on > intermediate LLVM instructions. > > After I run opt on an un-obfuscated bitcode file to produce an > obfuscated bitcode file, I verify that my transformations were placed > in the file using llvm-dis. At this point, the changes appear to have > been made. However, if I run the obfuscated bitcode file through llc > to produce x86 assembly, the obfuscations vanish. I manually disabled > all of the suspicious transformation passes run by llc, and nothing > changes. The same things happens if I run llvm-ld -native > -disable-opt. > > Does anybody know what pass is clobbering my obfuscations? > > Thanks, > > Matt Fredrikson > _______________________________________________ > LLVM Developers mailing list > LLVMdev at cs.uiuc.edu http://llvm.cs.uiuc.edu > http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev
Chris Lattner
2007-Dec-14 01:56 UTC
[LLVMdev] Obfuscation Transformations Clobbered by Unkown Optimizations
On Thu, 13 Dec 2007, Reid Spencer wrote:> The LLVMCore library provides constant folding automatically. So, when > your obfuscated module is read in and the assembler re-creates your > constants, the arithmetic is done automatically and the constants are > folded. To see where this is done, see lib/VMCore/ConstantFold.cppThis only happens for constant exprs. If llvm-dis produces a .ll file, llvm-as will produce ir that corresponds directly to it. -Chris> On Thu, 2007-12-13 at 02:22 -0600, Matt Fredrikson wrote: >> Hello all, >> >> I am implementing some simple obfuscation transformations in LLVM. One >> of the obfuscations involves searching for particular constants, and >> "unrolling" them throughout a procedure using arithmetic. In effect, >> certain constants are broken up into smaller constants and recombined >> as needed using the appropriate operators. I perform this on >> intermediate LLVM instructions. >> >> After I run opt on an un-obfuscated bitcode file to produce an >> obfuscated bitcode file, I verify that my transformations were placed >> in the file using llvm-dis. At this point, the changes appear to have >> been made. However, if I run the obfuscated bitcode file through llc >> to produce x86 assembly, the obfuscations vanish. I manually disabled >> all of the suspicious transformation passes run by llc, and nothing >> changes. The same things happens if I run llvm-ld -native >> -disable-opt. >> >> Does anybody know what pass is clobbering my obfuscations? >> >> Thanks, >> >> Matt Fredrikson >> _______________________________________________ >> LLVM Developers mailing list >> LLVMdev at cs.uiuc.edu http://llvm.cs.uiuc.edu >> http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev > > _______________________________________________ > LLVM Developers mailing list > LLVMdev at cs.uiuc.edu http://llvm.cs.uiuc.edu > http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev >-Chris -- http://nondot.org/sabre/ http://llvm.org/
Chris Lattner
2007-Dec-14 02:01 UTC
[LLVMdev] Obfuscation Transformations Clobbered by Unkown Optimizations
On Thu, 13 Dec 2007, Matt Fredrikson wrote:> After I run opt on an un-obfuscated bitcode file to produce an > obfuscated bitcode file, I verify that my transformations were placedok> in the file using llvm-dis. At this point, the changes appear to have > been made. However, if I run the obfuscated bitcode file through llc > to produce x86 assembly, the obfuscations vanish. I manually disabledllc does a lot of transformations implicitly, including constant folding, as anton says. There is no way to disable some of these, pieces of the code generator work under the assumption that it can generate "foldable" constants and that they will get folded.> all of the suspicious transformation passes run by llc, and nothing > changes. The same things happens if I run llvm-ld -native > -disable-opt. > Does anybody know what pass is clobbering my obfuscations?If you really want to guarantee that they won't go away, the best thing to do is to make an alloca (stack memory) and use volatile load/store instructions to access it. -Chris -- http://nondot.org/sabre/ http://llvm.org/
Matt Fredrikson
2007-Dec-14 02:51 UTC
[LLVMdev] Obfuscation Transformations Clobbered by Unkown Optimizations
Excellent. Thanks, everyone, for the helpful advice. -Matt On Dec 13, 2007 8:01 PM, Chris Lattner <sabre at nondot.org> wrote:> On Thu, 13 Dec 2007, Matt Fredrikson wrote: > > After I run opt on an un-obfuscated bitcode file to produce an > > obfuscated bitcode file, I verify that my transformations were placed > > ok > > > in the file using llvm-dis. At this point, the changes appear to have > > been made. However, if I run the obfuscated bitcode file through llc > > to produce x86 assembly, the obfuscations vanish. I manually disabled > > llc does a lot of transformations implicitly, including constant folding, > as anton says. There is no way to disable some of these, pieces of the > code generator work under the assumption that it can generate "foldable" > constants and that they will get folded. > > > all of the suspicious transformation passes run by llc, and nothing > > changes. The same things happens if I run llvm-ld -native > > -disable-opt. > > Does anybody know what pass is clobbering my obfuscations? > > If you really want to guarantee that they won't go away, the best thing to > do is to make an alloca (stack memory) and use volatile load/store > instructions to access it. > > > -Chris > > -- > http://nondot.org/sabre/ > http://llvm.org/ > _______________________________________________ > LLVM Developers mailing list > LLVMdev at cs.uiuc.edu http://llvm.cs.uiuc.edu > http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev >