Andrei Homescu
Andrei Homescu
On x64 Windows, object files are stored in COFF format by default, but that puts a limit on the number of sections in the file (`NumberOfSections` is a 16-bit `WORD`...
We do not preserve the function alignments specified in the object files. Function shuffling on Win64 can put a function at any address inside `.text`, including odd ones. We do...
Currently, selfrando stores all strings as `char*` NULL-terminated strings. Windows uses Unicode strings instead, which are stored using `wchar_t*`. The main uses of strings in selfrando are module names and...
On Windows programs with Control Flow Guard enabled, we may start seeing crashes due to CFG violations after shuffling functions. We should fix this by marking the new function locations...
Due to a variety of restrictions on function pointers (COPY relocations, C function pointer equality), we currently add export trampolines to all functions in a binary. This has both a...
On Win64, the linker aligns functions to 16 bytes. Our randomization currently ignores this, at some (yet unknown) performance cost. However, if we started adding any padding before the functions,...
MSVC on Windows prepends padding instructions to functions for alignment (it currently uses the `CC` opcode for this and a 16-byte alignment for all functions by default). We currently preserve...
As pointer out by @Sjlver, if `m_in_place == false`, i.e., we randomize to a secondary memory region and leave the new code there, then the original copy of `.text` remains...
I wrote my questions on the PDG builder algorithm in the form of comments. It might be useful to answer (some of) these and leave them in as comments, for...