Assembly obfusscation

[redbull]

You hit the nail on the head.

The only way to effectively dis-assm this stuff is to use a virtual machine kinda enviroment

or dump while debugging ...

Now as for junk macros ... any opcode which is more than 1 byte can be turned into a junk opcode.... obviously the most effective at the really long ones like Far calls and Far jmps but obscure 2-3 byte instructions work jsut as well...

I still think self-modifying code is the most effective way to beat dis-assming is to write a full code generator

like this psuedo code

<--code-->
Data = array (0a,85,de,09,87, 45, 34, 12)

@1:
Load data element
xor it by key
push onto stack
loop @1

jmp to stack
<--code-->

so dis-asming this will just result in understanding the loading routine and not the XOR of the actual code stored in DATA array.

So basically all your program is is a loader of stuff into areas of memory with jmps to that memory.... (ie using calls to allocmem() )

That would represent the best anti - dis-asm routines... unfortunately high level languages dont compile code like this ... so you have two options

1. Write a compiler which does this.
2. Write / use an exe protection tool.

Now 1 is hard but the best bet in the long run
and 2 is a fuck up cause you know that no matter how obscure the exe protector, somebody somewhere will always unpack it.....