I am attempting to implement an anti-analysis technique where some key functions are encrypted and only decrypted before usage and then encrypted again. So my implementation involves having an array which will hold the function addresses and length which the external crypter will use to identify and encrypt said functions.
My problem is the compiler keeps using the values in the array as constants instead of accessing the which makes the crypter unable to located the functions and so on, I've tried several compiler options but none does what I am looking for. I am looking for the way to make it so the function array to have a single copy and not be inlined because currently.
Edit: Compiler is VS2019 Edit 2: Clarifying the problem
The array needs to be exported from the binary, i.e. it needs to be a public symbol in the executable's symbol table.
On Windows, that would be:
using Function = ...;
__declspec(dllexport) const Function encrypted_functions[] = { f1, f2, ... };
On Non-Windows platforms, you need to use the gold linker and ensure the symbol is visible:
#ifdef __cplusplus
extern "C" {
#endif
__attribute__((visibility ("default")) const Functions encrypted_functions[] = ...;
#ifdef __cplusplus
}
#endif
And then use the gold linker's --export-dynamic-symbol=encrypted_functions option to add the symbol to the export table (or equivalent in the LLVM linker). The name may be mangled even though it's a C symbol, so you'd need to use objdump to examine the object file to see what's the real symbol name of that array.
But it's all a bit silly, since the encryption program should be a part of the build process and should interact with the object files directly. The best way would be using libObject bundled with the LLVM project. See the source files, the headers, and some documentation.