creating a linker flag to not merge ANY sections.

[CR3Swapper]

Overview

instead of writing shellcode by hand i want to compile a single C file into a dll and then disassemble/lift this DLL into an already existing symbol table.

Obfuscation passes can then use the functions/data added from these tiny little dlls. Additionally I can apply llvm obfuscation to these functions.

The issue

The linker shoves like-permission symbols into the same section. This will cause bloat, for example the import directory, export directory, debug directory, etc etc all get shoved into rdata with my strings and other data! As you may know, determining the size of data in compiled binary is not really possible (besides for strings~~). Id like to seperate the PE information into individual sections so that i can include the entire rdata/data section + lifted functions into the symbol table of an already lifted binary.

rdata/data section before i add my changes to llvm-msvc

• export data
• import data
• exception data..? (sometimes)
• debug information
• load config information
• my codes rdata like strings and shit

rdata/data section after I add my changes to llvm-msvc

• my codes rdata like strings and shit

Solution

add a simple little commandline flag to LLD. -dont-merge-sections.