Andy Malakov software blog

Friday, September 12, 2008

Obfuscated code

Situation: Third-party client API library periodically fails with nasty exception:


Caused by: cli.System.AccessViolationException: Attempted to read or write protected memory.
This is often an indication that other memory is corrupt.
at cli.TalTrade.Toolkit.DataBlock.ReadData(Unknown Source)
at cli.TalTrade.Toolkit.RawData.GetDataAsBlock(Unknown Source)
... 34 more


After verifying that input parameters are legitimate I decided to take a look at the failing code. My trusty Reflector exposed the following:



private unsafe void ReadData(void modopt(IsConstModifier)* pData)
{
// This item is obfuscated and can not be translated.
...
if (*(((int*) (&gtal_handle + 4)))[4] < 6)
goto Label_0038;
ushort num5 = *((ushort*) (((*(((int*) (&gtal_handle + 4))) + *(((int*) (&gtal_handle + 4)))[6]) - 8) + 6));
... 100 more lines like these ...
}



That code is supposed to read data block from memory queue and possibly format it as string. What kind of secret know-how can it be?

Now instead of figuring out the problem by ourselves we are going to send this error to the vendor. What a waste of time on both sides.