Interleaving Code
Code interleaving is a reasonably effective obfuscation technique that is highly
potent, yet can be quite costly in terms of execution speed and code size. The
basic concept is quite simple: You take two or more functions and interleave
their implementations so that they become exceedingly difficult to read.Function1()
{
Function1_Segment1;
Function1_Segment2;
Function1_Segment3;
}Function2()
{
Function2_Segment1;
Function2_Segment2;
Function2_Segment3;
}Function3()
{
Function3_Segment1;
Function3_Segment2;
Function3_Segment3;
}Here is what these three functions would look like in memory after they are
interleaved.Function1_Segment3;
End of Function1
Function1_Segment1; (This is the Function1 entry-point)
Opaque Predicate -> Always jumps to Function1_Segment2
Function3_Segment2;
Opaque Predicate -> Always jumps to Segment3
Function3_Segment1; (This is the Function3 entry-point)
Opaque Predicate -> Always jumps to Function3_Segment2
Function2_Segment2;
Opaque Predicate -> Always jumps to Function2_Segment3
Function1_Segment2;
Opaque Predicate -> Always jumps to Function1_Segment3
Function2_Segment3;
End of Function2
Function3_Segment3;
End of Function3
Function2_Segment1; (This is the Function2 entry-point)
Opaque Predicate -> Always jumps to Function2_Segment2354 Chapter 10