什么是混淆的图书馆?

时间:2017-06-09 12:22:27

标签: obfuscation term

我正在阅读一些有关计算机安全和恶意软件的文章。我跳转到与# of potentially malicious applications# of antiviruses相关的图表。图表的标题说Applications utilizing obfuscated libraries。正如预期的那样,防病毒程度越高,恶意应用程序的可能性就越小。

SO中的标签“混淆”说:

  

混淆是代码被更改的过程,因此开发人员发现很难清楚地理解预期程序的功能或运行方式。程序越大,混淆程度越大,因为代码在整个程序中交织不同的部分。

这只是一个语法问题,故意让程序员更难理解代码吗?我想obfuscated libraries属于同一件事?

1 个答案:

答案 0 :(得分:2)

To my mind there are two types of obfuscaton

A. "Manual Obfuscation": Where the programmer purposefully obfuscates the code, either to prevent it being understood, or for some other reason such as attempting to make the compiled binary smaller, like this amazing piece of C code that is a working chess program 

B,i,y,u,b,I[411],*G=I,x=10,z=15,M=1e4;X(w,c,h,e,S,s){int t,o,L,E,d,O=e,N=-M*M,K
=78-h<<x,p,*g,n,*m,A,q,r,C,J,a=y?-x:x;y^=8;G++;d=w||s&&s>=h&&v 0,0)>M;do{_ o=I[
p=O]){q=o&z^y _ q<7){A=q--&2?8:4;C=o-9&z?q["& .$  "]:42;do{r=I[p+=C[l]-64]_!w|p
==w){g=q|p+a-S?0:I+S _!r&(q|A<3||g)||(r+1&z^y)>9&&q|A>2){_ m=!(r-2&7))P G[1]=O,
K;J=n=o&z;E=I[p-a]&z;t=q|E-7?n:(n+=2,6^y);Z n<=t){L=r?l[r&7]*9-189-h-q:0 _ s)L
+=(1-q?l[p/x+5]-l[O/x+5]+l[p%x+6]*-~!q-l[O%x+6]+o/16*8:!!m*9)+(q?0:!(I[p-1]^n)+
!(I[p+1]^n)+l[n&7]*9-386+!!g*99+(A<2))+!(E^y^9)_ s>h||1<s&s==h&&L>z|d){p[I]=n,O
[I]=m?*g=*m,*m=0:g?*g=0:0;L-=X(s>h|d?0:p,L-N,h+1,G[1],J=q|A>1?0:p,s)_!(h||s-1|B
-O|i-n|p-b|L<-M))P y^=8,u=J;J=q-1|A<7||m||!s|d|r|o<z||v 0,0)>M;O[I]=o;p[I]=r;m?
*m=*g,*g=0:g?*g=9^y:0;}_ L>N){*G=O _ s>1){_ h&&c-L<0)P L _!h)i=n,B=O,b=p;}N=L;}
n+=J||(g=I+p,m=p<O?g-3:g+2,*m<z|m[O-p]||I[p+=p-O]);}}}}Z!r&q>2||(p=O,q|A>2|o>z&
!r&&++C*--A));}}}Z++O>98?O=20:e-O);P N+M*M&&N>-K+1924|d?N:0;}main(){Z++B<121)*G
++=B/x%x<2|B%x<2?7:B/x&4?0:*l++&31;Z B=19){Z B++<99)putchar(B%x?l[B[I]|16]:x)_
x-(B=F)){i=I[B+=(x-F)*x]&z;b=F;b+=(x-F)*x;Z x-(*G=F))i=*G^8^y;}else v u,5);v u,
1);}}

called Toledo Nanochess developed by Mexican Oscar Toledo Gutiérrez, a five-time winner of the International Obfuscated C Code Contest (IOCCC).

B. "Automated Obfuscation": This is where code which compiles using just-in-time compilation, code that can be decompiled exactly, undergoes an automatized process of "complexifying" and obfuscating the code without affecting the codes performance at runtime.

I hope this helps.

相关问题
最新问题