I have c code that contains string constants, a library import via #pragma comment(lib, "urlmon.lib") and #includes. My task is to obfuscate all strings, imported library names and associated functions so that they cannot easily be seen within a debugger, say OllyDbg etc. I have a clue about the strings, but the obfuscation of library and function names gives me a headache.
Here is the code
#include <stdio.h>
#include <windows.h>
#pragma comment(lib, "urlmon.lib")
int main(void)
{
int op1, op2, n;
HRESULT res;
printf("some string- Version 0xC0DEDBAD\n");
printf("some string:\n");
printf("1) some string\n");
printf("2) some string\n");
printf("3) some string\n");
printf("4) some string \n");
scanf("%d", &n);
switch(n)
{
case 1:
case 2:
printf("enter number:\n");
scanf("%d", &op1);
printf("Bitte geben Sie die zweite Zahl ein:\n");
scanf("%d", &op2);
if(n == 1)
printf("some string\n", op1, op2, op1 + op2);
else
printf("some string", op1, op2, op1 - op2);
break;
case 3:
res = URLDownloadToFile(0, TEXT("url"), TEXT("C:\xyz.exe"), 0, 0);
if(res == S_OK)
printf("some string.\n");
else
printf("some string.\n");
break;
case 4:
break;
}
return 0;
}
In order to obfuscate the used libraries it is useful to load them at runtime. So it cannot directly be seen which libraries are used. Furthermore strings containg library names can be obfuscated to impede the analysis.