Conversation

This Tweet is unavailable. Learn more

namazso

@namazso

·

Feb 15, 2022

I still don't understand what's the point of these "releases". If you want to execute code without allocating executable memory just implement an interpreter. It's simpler, better, faster, less suspicious, and everyone is already doing it.

2

6

Bill Demirkapi

@BillDemirkapi

·

Feb 15, 2022

You believe packaging an entire interpreter in your application is more stealthy than abusing existing instructions through SEH? I am having trouble seeing how an interpreter would be "simpler" or "less suspicious". Got any public examples?

2

1

namazso

@namazso

·

Feb 15, 2022

I implemented a tiny Pawn (https://compuphase.com/pawn/pawn.htm ) interpreter as a one day project: https://github.com/namazso/PawnPP - as for less suspicious: how do you think a software would be able to prove something is Turing complete? scanning or looking for exception handlers on the other hand..

2

1

2

namazso

@namazso

·

Feb 15, 2022

you can also use some more popular bytecode like webassembly with an interpreter like wasm3. both just needs some generic bindings for calling arbitrary OS functionality.

1

5

namazso

@namazso

it is also significantly easier to write code for a proper interpreter. look at the code below and compare it to as if you had to puzzle it together from instructions around a binary.

7:45 PM · Feb 15, 2022