Avoid XREF in Hopper and IDA

This post demonstrates how to avoid XREF in Hopper and IDA.

In other language:
中文(简体), 日本語

This is our tiny example code,

#include <iostream>
int main(int argc, const char * argv[]) {
    const char * cstring = "This is tricky!";
    printf("%s\n",cstring);
    return 0;
}

Disassemblers can easily find out where do we use the cstring. As shown in Figure 1.

Figure 1
Figure 1

Double-click _main+15, and Hopper will bring us to the main function. As shown in Figure 2.

Figure 2
Figure 2

To avoid XREF, we can simply modify our code into this:

#include <iostream>
int main(int argc, const char * argv[]) {
    const char * cstring = "1This is tricky!";
    printf("%s\n",cstring);
    return 0;
}

After compilation, a little more modification is required.

Find this line (as shown in Figure 3) in your disassembler, remember its location. Then open this binary in a hex editor.

Figure 3
Figure 3

Because we add 1 more char in our cstring, so we just replace 50 with 51, then save it.

屏幕快照 2015-05-12 上午12.09.33

Now, drag and drop this binary file into your disassembler, and there is no more XREF to main.

屏幕快照 2015-05-12 上午12.14.03

声明: 本文为0xBBC原创, 转载注明出处喵~

《Avoid XREF in Hopper and IDA》有2个想法

发表评论

电子邮件地址不会被公开。 必填项已用*标注