Name: Anonymous 2010-09-05 17:39
Hi there. I have a licensing function that I am trying to protect (I'm working with Windows). Basically, I want to use self-modifying code.
I plan to encode all of the function's instructions until the ret, and I will replace the first byte of the function to 0xCC (int 3). When the function is called, my vectored exception handler will be triggered, and I will decode the entire function.
I've run into a small obstacle though. The byte for a ret, 0xC3, might occur before the function's end (for example, 0xC3 might be a byte in the opcode for a call).
Does anyone know a RELIABLE way of finding the size of a function?
I plan to encode all of the function's instructions until the ret, and I will replace the first byte of the function to 0xCC (int 3). When the function is called, my vectored exception handler will be triggered, and I will decode the entire function.
I've run into a small obstacle though. The byte for a ret, 0xC3, might occur before the function's end (for example, 0xC3 might be a byte in the opcode for a call).
Does anyone know a RELIABLE way of finding the size of a function?