Articles by Serge Guelton

Two engineers from QuarksLab had talks accepted at CppCon this year: two tools presentation, Easy::jit, and Frozen; and a general introduction to the ELF format. It's hard to cope with the 9 hours of jet-lag, but it is definitively worth the effort, so here is our conf report!

A new version of Frozen, an open source, header-only library that provides fast, immutable, constexpr-compatible implementation of std::search, std::set, std::map, std::unordered_map and std::unordered_set to C++14 users. That's a follow up to the previous post !

What happens if one builds up on the Spectre vulnerability to implement a convoluted version of memcpy? From an obfuscator point-of-view, it unleashes a wide range of opportunities, which turn a definite bug into a fun[nk]y feature.

Some experiments to mistreat the Triton concolic execution framework through simple forged C programs.

An open source, header-only library that provides fast, immutable, constexpr-compatible implementation of std::set, std::map, std::unordered_map and std::unordered_set to C++14 users. It can be used as an alternative to gperf.

While building an LLVM-based obfuscator, we explore some unexpected code areas. For instance, what happens when you try to optimize a single function that holds millions of instructions? Some LLVM passes start to suffer, including an unexpected one: Global Dead Code Elimination. Let's investigate!

Quarkslab was present at CppCon 2016, presenting general thoughts on the C++ optimization process and how much the so-called zero-cost abstraction relied on the compiler implementation, and not on the standard. Now comes a humble report from this great event!

HOW-TO: Implementing a custom directive processor in clang to drive the compilation process of our LLVM-base code obfuscator, while maintaining backward-compatibility if another compiler is used. What a good opportunity for a journey in the first compiler stages!

Open sourcing binmap, a tool to scan filesystem and gather intel on which binaries are there, what are their dependencies, which symbols they are using and more. This yields a global view of a system, providing the basic block for building other tools!

While improving the documentation (d'oh!) of our home grew obfuscator based on LLVM, we wrote a cheat sheet on clang's hardening features, and some of ld ones. It turns out existing hardening guides generally focus on GCC, while Clang also has an interesting set of hardening features. So let's share it in this blog post!