Program Hides Secret Messages in Executables

Program Hides Secret Messages in Executables
Kevin Poulsen, SecurityFocus 2003-02-24

Expand all | Post comment

Program Hides Secret Messages in Executables 2003-02-24
Anonymous (1 replies)

Program Hides Secret Messages in Executables 2003-02-25
anonymous (1 replies)

In-place Tripwire 2003-03-06
Jens N.

Virus programs should freak... 2003-02-24
Snowdog

Program Hides Secret Messages in Executables 2003-02-28
Anonymous (1 replies)

Program Hides Secret Messages in Executables 2003-02-28
Anonymous

Re: Program Hides Secret Messages in Executables 2003-03-02
Paul Hsieh

The following two instructions:

Add REG, CONST

Sub REG, -CONST

are *NOT* equivalent! They set the carry flag in opposite directions. I think this guy is just getting lucky in that most programs don't check the carry flag. However, source that looks like this:

A -= 3;

if (A > 0) ...

which *could* crop up, can test the carry flag if you are using a good optimizing compiler. The guy has a good idea (there are *OTHER* redundancies in the x86 instruction set) but replacing ADD with SUB is just completely broken.

--

http://bstring.sourceforge.net/

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/2623/18523#18523

Program Hides Secret Messages in Executables 2003-03-02
Anonymous (1 replies)

Program Hides Secret Messages in Executables 2003-03-06
Anonymous