\hypertarget { classtheo_ 1_ 1obf_ 1_ 1transform_ 1_ 1operation_ _ t} { } \doxysection { theo\+ ::obf\+ ::transform\+ ::operation\+ \_ \+ t Class Reference}
\label { classtheo_ 1_ 1obf_ 1_ 1transform_ 1_ 1operation_ _ t} \index { theo::obf::transform::operation\_ t@{ theo::obf::transform::operation\_ t} }
\mbox { \hyperlink { classtheo_ 1_ 1obf_ 1_ 1transform_ 1_ 1operation_ _ t} { operation\+ \_ \+ t} } is the base class for all types of transformations. classes that inherit this class are singleton and simply call the super constructor (\mbox { \hyperlink { classtheo_ 1_ 1obf_ 1_ 1transform_ 1_ 1operation_ _ t_ a3876ca1c7904aed54940e1519fc9fdf4} { operation\+ \_ \+ t\+ ::operation\+ \_ \+ t} } ).
{ \ttfamily \# include $ < $ operation.\+ hpp$ > $ }
Inheritance diagram for theo\+ ::obf\+ ::transform\+ ::operation\+ \_ \+ t\+ :\begin { figure} [H]
\begin { center}
\leavevmode
\includegraphics [height=1.142857cm] { d7/de2/classtheo_ 1_ 1obf_ 1_ 1transform_ 1_ 1operation_ _ t}
\end { center}
\end { figure}
\doxysubsection * { Public Member Functions}
\begin { DoxyCompactItemize}
\item
\mbox { \hyperlink { classtheo_ 1_ 1obf_ 1_ 1transform_ 1_ 1operation_ _ t_ a3876ca1c7904aed54940e1519fc9fdf4} { operation\+ \_ \+ t} } (\mbox { \hyperlink { namespacetheo_ 1_ 1obf_ 1_ 1transform_ a875984c1ce09aa998fe48cca55270ecc} { transform\+ \_ \+ t} } op, xed\+ \_ \+ iclass\+ \_ \+ enum\+ \_ \+ t \mbox { \hyperlink { classtheo_ 1_ 1obf_ 1_ 1transform_ 1_ 1operation_ _ t_ a8558c2a8e78ef8da59674396bc76157f} { type} } )
\begin { DoxyCompactList} \small \item \em explicit constructor for \mbox { \hyperlink { classtheo_ 1_ 1obf_ 1_ 1transform_ 1_ 1operation_ _ t} { operation\+ \_ \+ t} } \end { DoxyCompactList} \item
std\+ ::vector$ < $ std\+ ::uint8\+ \_ \+ t $ > $ \mbox { \hyperlink { classtheo_ 1_ 1obf_ 1_ 1transform_ 1_ 1operation_ _ t_ a414b1716ec527c26bfcbd5262c21a7a8} { native} } (const xed\+ \_ \+ decoded\+ \_ \+ inst\+ \_ \+ t $ \ast $ inst, std\+ ::uint32\+ \_ \+ t imm)
\begin { DoxyCompactList} \small \item \em generates a native transform instruction given an existing instruction. it works like so\+ : \end { DoxyCompactList} \item
xed\+ \_ \+ iclass\+ \_ \+ enum\+ \_ \+ t \mbox { \hyperlink { classtheo_ 1_ 1obf_ 1_ 1transform_ 1_ 1operation_ _ t_ a91f9b94436d49659aaabb291786b3c7b} { inverse} } ()
\begin { DoxyCompactList} \small \item \em gets the inverse operation of the current operation. \end { DoxyCompactList} \item
\mbox { \hyperlink { namespacetheo_ 1_ 1obf_ 1_ 1transform_ a875984c1ce09aa998fe48cca55270ecc} { transform\+ \_ \+ t} } $ \ast $ \mbox { \hyperlink { classtheo_ 1_ 1obf_ 1_ 1transform_ 1_ 1operation_ _ t_ a307c6d7d48319d28d39d93c1df18680a} { get\+ \_ \+ transform} } ()
\begin { DoxyCompactList} \small \item \em gets a pointer to the lambda function which contains the transform logic. \end { DoxyCompactList} \item
xed\+ \_ \+ iclass\+ \_ \+ enum\+ \_ \+ t \mbox { \hyperlink { classtheo_ 1_ 1obf_ 1_ 1transform_ 1_ 1operation_ _ t_ a8558c2a8e78ef8da59674396bc76157f} { type} } ()
\begin { DoxyCompactList} \small \item \em gets the operation type. such as XED\+ \_ \+ \+ ICLASS\+ \_ \+ \+ ADD, XED\+ \_ \+ \+ ICLASS\+ \_ \+ \+ SUB, etc... \end { DoxyCompactList} \end { DoxyCompactItemize}
\doxysubsection * { Static Public Member Functions}
\begin { DoxyCompactItemize}
\item
static std\+ ::size\+ \_ \+ t \mbox { \hyperlink { classtheo_ 1_ 1obf_ 1_ 1transform_ 1_ 1operation_ _ t_ aaa5859bc3c7f95d99d4d726289593488} { random} } (std\+ ::size\+ \_ \+ t lowest, std\+ ::size\+ \_ \+ t largest)
\begin { DoxyCompactList} \small \item \em generate a random number in a range. \end { DoxyCompactList} \end { DoxyCompactItemize}
\doxysubsection { Detailed Description}
\mbox { \hyperlink { classtheo_ 1_ 1obf_ 1_ 1transform_ 1_ 1operation_ _ t} { operation\+ \_ \+ t} } is the base class for all types of transformations. classes that inherit this class are singleton and simply call the super constructor (\mbox { \hyperlink { classtheo_ 1_ 1obf_ 1_ 1transform_ 1_ 1operation_ _ t_ a3876ca1c7904aed54940e1519fc9fdf4} { operation\+ \_ \+ t\+ ::operation\+ \_ \+ t} } ).
\doxysubsection { Constructor \& Destructor Documentation}
\mbox { \Hypertarget { classtheo_ 1_ 1obf_ 1_ 1transform_ 1_ 1operation_ _ t_ a3876ca1c7904aed54940e1519fc9fdf4} \label { classtheo_ 1_ 1obf_ 1_ 1transform_ 1_ 1operation_ _ t_ a3876ca1c7904aed54940e1519fc9fdf4} }
\index { theo::obf::transform::operation\_ t@{ theo::obf::transform::operation\_ t} !operation\_ t@{ operation\_ t} }
\index { operation\_ t@{ operation\_ t} !theo::obf::transform::operation\_ t@{ theo::obf::transform::operation\_ t} }
\doxysubsubsection { \texorpdfstring { operation\_ t()} { operation\_ t()} }
{ \footnotesize \ttfamily theo\+ ::obf\+ ::transform\+ ::operation\+ \_ \+ t\+ ::operation\+ \_ \+ t (\begin { DoxyParamCaption} \item [{\mbox{\hyperlink{namespacetheo_1_1obf_1_1transform_a875984c1ce09aa998fe48cca55270ecc}{transform\+\_\+t}}}] { op, } \item [{xed\+\_\+iclass\+\_\+enum\+\_\+t}] { type } \end { DoxyParamCaption} )\hspace { 0.3cm} { \ttfamily [inline]} , { \ttfamily [explicit]} }
explicit constructor for \mbox { \hyperlink { classtheo_ 1_ 1obf_ 1_ 1transform_ 1_ 1operation_ _ t} { operation\+ \_ \+ t} }
\begin { DoxyParams} { Parameters}
{ \em op} & lambda function when executed applies transformations.\\
\hline
{ \em type} & type of transformation, such as XOR, ADD, SUB, etc...\\
\hline
\end { DoxyParams}
\begin { DoxyCode} { 0}
\DoxyCodeLine { 70 : m\_ transform(op), m\_ type(\mbox { \hyperlink { classtheo_ 1_ 1obf_ 1_ 1transform_ 1_ 1operation_ _ t_ a8558c2a8e78ef8da59674396bc76157f} { type} } ) \{ \} }
\end { DoxyCode}
\doxysubsection { Member Function Documentation}
\mbox { \Hypertarget { classtheo_ 1_ 1obf_ 1_ 1transform_ 1_ 1operation_ _ t_ a307c6d7d48319d28d39d93c1df18680a} \label { classtheo_ 1_ 1obf_ 1_ 1transform_ 1_ 1operation_ _ t_ a307c6d7d48319d28d39d93c1df18680a} }
\index { theo::obf::transform::operation\_ t@{ theo::obf::transform::operation\_ t} !get\_ transform@{ get\_ transform} }
\index { get\_ transform@{ get\_ transform} !theo::obf::transform::operation\_ t@{ theo::obf::transform::operation\_ t} }
\doxysubsubsection { \texorpdfstring { get\_ transform()} { get\_ transform()} }
{ \footnotesize \ttfamily \mbox { \hyperlink { namespacetheo_ 1_ 1obf_ 1_ 1transform_ a875984c1ce09aa998fe48cca55270ecc} { transform\+ \_ \+ t} } $ \ast $ theo\+ ::obf\+ ::transform\+ ::operation\+ \_ \+ t\+ ::get\+ \_ \+ transform (\begin { DoxyParamCaption} { } \end { DoxyParamCaption} )\hspace { 0.3cm} { \ttfamily [inline]} }
gets a pointer to the lambda function which contains the transform logic.
\begin { DoxyReturn} { Returns}
a pointer to the lambda function which contains the transform logic.
\end { DoxyReturn}
\begin { DoxyCode} { 0}
\DoxyCodeLine { 133 \{ \textcolor { keywordflow} { return} \& m\_ transform; \} }
\end { DoxyCode}
\mbox { \Hypertarget { classtheo_ 1_ 1obf_ 1_ 1transform_ 1_ 1operation_ _ t_ a91f9b94436d49659aaabb291786b3c7b} \label { classtheo_ 1_ 1obf_ 1_ 1transform_ 1_ 1operation_ _ t_ a91f9b94436d49659aaabb291786b3c7b} }
\index { theo::obf::transform::operation\_ t@{ theo::obf::transform::operation\_ t} !inverse@{ inverse} }
\index { inverse@{ inverse} !theo::obf::transform::operation\_ t@{ theo::obf::transform::operation\_ t} }
\doxysubsubsection { \texorpdfstring { inverse()} { inverse()} }
{ \footnotesize \ttfamily xed\+ \_ \+ iclass\+ \_ \+ enum\+ \_ \+ t theo\+ ::obf\+ ::transform\+ ::operation\+ \_ \+ t\+ ::inverse (\begin { DoxyParamCaption} { } \end { DoxyParamCaption} )\hspace { 0.3cm} { \ttfamily [inline]} }
gets the inverse operation of the current operation.
\begin { DoxyReturn} { Returns}
the inverse operation of the current operation.
\end { DoxyReturn}
\begin { DoxyCode} { 0}
\DoxyCodeLine { 126 \{ \textcolor { keywordflow} { return} m\_ inverse\_ op[m\_ type]; \} }
\end { DoxyCode}
\mbox { \Hypertarget { classtheo_ 1_ 1obf_ 1_ 1transform_ 1_ 1operation_ _ t_ a414b1716ec527c26bfcbd5262c21a7a8} \label { classtheo_ 1_ 1obf_ 1_ 1transform_ 1_ 1operation_ _ t_ a414b1716ec527c26bfcbd5262c21a7a8} }
\index { theo::obf::transform::operation\_ t@{ theo::obf::transform::operation\_ t} !native@{ native} }
\index { native@{ native} !theo::obf::transform::operation\_ t@{ theo::obf::transform::operation\_ t} }
\doxysubsubsection { \texorpdfstring { native()} { native()} }
{ \footnotesize \ttfamily std\+ ::vector$ < $ std\+ ::uint8\+ \_ \+ t$ > $ theo\+ ::obf\+ ::transform\+ ::operation\+ \_ \+ t\+ ::native (\begin { DoxyParamCaption} \item [{const xed\+\_\+decoded\+\_\+inst\+\_\+t $\ast$}] { inst, } \item [{std\+::uint32\+\_\+t}] { imm } \end { DoxyParamCaption} )\hspace { 0.3cm} { \ttfamily [inline]} }
generates a native transform instruction given an existing instruction. it works like so\+ :
mov rax, \& Message\+ BoxA ; original instruction with relocation
; this function takes the first operand and out of the original ; instruction and uses it to generate a transformation.
xor rax, 0x39280928 ; this would be an example output for the xor ;operation.
\begin { DoxyParams} { Parameters}
{ \em inst} & instruction with a relocation to generate a transformation for.\\
\hline
{ \em imm} & random 32bit number used in the generate transform.\\
\hline
\end { DoxyParams}
\begin { DoxyReturn} { Returns}
returns the bytes of the native instruction that was encoded.
\end { DoxyReturn}
\begin { DoxyCode} { 0}
\DoxyCodeLine { 90 \{ }
\DoxyCodeLine { 91 std::uint32\_ t inst\_ len = \{ \} ;}
\DoxyCodeLine { 92 std::uint8\_ t inst\_ buff[XED\_ MAX\_ INSTRUCTION\_ BYTES];}
\DoxyCodeLine { 93 }
\DoxyCodeLine { 94 xed\_ error\_ enum\_ t err;}
\DoxyCodeLine { 95 xed\_ encoder\_ request\_ init\_ from\_ decode((xed\_ decoded\_ inst\_ s*)inst);}
\DoxyCodeLine { 96 xed\_ encoder\_ request\_ t* req = (xed\_ encoder\_ request\_ t*)inst;}
\DoxyCodeLine { 97 }
\DoxyCodeLine { 98 \textcolor { keywordflow} { switch} (m\_ type) \{ }
\DoxyCodeLine { 99 \textcolor { keywordflow} { case} XED\_ ICLASS\_ ROR:}
\DoxyCodeLine { 100 \textcolor { keywordflow} { case} XED\_ ICLASS\_ ROL:}
\DoxyCodeLine { 101 xed\_ encoder\_ request\_ set\_ uimm0(req, imm, 1);}
\DoxyCodeLine { 102 \textcolor { keywordflow} { break} ;}
\DoxyCodeLine { 103 \textcolor { keywordflow} { default} :}
\DoxyCodeLine { 104 xed\_ encoder\_ request\_ set\_ uimm0(req, imm, 4);}
\DoxyCodeLine { 105 \textcolor { keywordflow} { break} ;}
\DoxyCodeLine { 106 \} }
\DoxyCodeLine { 107 }
\DoxyCodeLine { 108 xed\_ encoder\_ request\_ set\_ iclass(req, m\_ type);}
\DoxyCodeLine { 109 xed\_ encoder\_ request\_ set\_ operand\_ order(req, 1, XED\_ OPERAND\_ IMM0);}
\DoxyCodeLine { 110 }
\DoxyCodeLine { 111 \textcolor { keywordflow} { if} ((err = xed\_ encode(req, inst\_ buff, \textcolor { keyword} { sizeof} (inst\_ buff), \& inst\_ len)) !=}
\DoxyCodeLine { 112 XED\_ ERROR\_ NONE) \{ }
\DoxyCodeLine { 113 spdlog::error(\textcolor { stringliteral} { "{ } failed to encode instruction... reason: \{ \} "{ } } ,}
\DoxyCodeLine { 114 xed\_ error\_ enum\_ t2str(err));}
\DoxyCodeLine { 115 }
\DoxyCodeLine { 116 assert(err == XED\_ ERROR\_ NONE);}
\DoxyCodeLine { 117 \} }
\DoxyCodeLine { 118 }
\DoxyCodeLine { 119 \textcolor { keywordflow} { return} std::vector<std::uint8\_ t>(inst\_ buff, inst\_ buff + inst\_ len);}
\DoxyCodeLine { 120 \} }
\end { DoxyCode}
\mbox { \Hypertarget { classtheo_ 1_ 1obf_ 1_ 1transform_ 1_ 1operation_ _ t_ aaa5859bc3c7f95d99d4d726289593488} \label { classtheo_ 1_ 1obf_ 1_ 1transform_ 1_ 1operation_ _ t_ aaa5859bc3c7f95d99d4d726289593488} }
\index { theo::obf::transform::operation\_ t@{ theo::obf::transform::operation\_ t} !random@{ random} }
\index { random@{ random} !theo::obf::transform::operation\_ t@{ theo::obf::transform::operation\_ t} }
\doxysubsubsection { \texorpdfstring { random()} { random()} }
{ \footnotesize \ttfamily static std\+ ::size\+ \_ \+ t theo\+ ::obf\+ ::transform\+ ::operation\+ \_ \+ t\+ ::random (\begin { DoxyParamCaption} \item [{std\+::size\+\_\+t}] { lowest, } \item [{std\+::size\+\_\+t}] { largest } \end { DoxyParamCaption} )\hspace { 0.3cm} { \ttfamily [inline]} , { \ttfamily [static]} }
generate a random number in a range.
\begin { DoxyParams} { Parameters}
{ \em lowest} & lowest value of the range.\\
\hline
{ \em largest} & highest value of the range.\\
\hline
\end { DoxyParams}
\begin { DoxyReturn} { Returns}
a random value in a range.
\end { DoxyReturn}
\begin { DoxyCode} { 0}
\DoxyCodeLine { 148 \{ }
\DoxyCodeLine { 149 std::random\_ device rd;}
\DoxyCodeLine { 150 std::mt19937 gen(rd());}
\DoxyCodeLine { 151 std::uniform\_ int\_ distribution<std::size\_ t> distr(lowest, largest);}
\DoxyCodeLine { 152 \textcolor { keywordflow} { return} distr(gen);}
\DoxyCodeLine { 153 \} }
\end { DoxyCode}
\mbox { \Hypertarget { classtheo_ 1_ 1obf_ 1_ 1transform_ 1_ 1operation_ _ t_ a8558c2a8e78ef8da59674396bc76157f} \label { classtheo_ 1_ 1obf_ 1_ 1transform_ 1_ 1operation_ _ t_ a8558c2a8e78ef8da59674396bc76157f} }
\index { theo::obf::transform::operation\_ t@{ theo::obf::transform::operation\_ t} !type@{ type} }
\index { type@{ type} !theo::obf::transform::operation\_ t@{ theo::obf::transform::operation\_ t} }
\doxysubsubsection { \texorpdfstring { type()} { type()} }
{ \footnotesize \ttfamily xed\+ \_ \+ iclass\+ \_ \+ enum\+ \_ \+ t theo\+ ::obf\+ ::transform\+ ::operation\+ \_ \+ t\+ ::type (\begin { DoxyParamCaption} { } \end { DoxyParamCaption} )\hspace { 0.3cm} { \ttfamily [inline]} }
gets the operation type. such as XED\+ \_ \+ \+ ICLASS\+ \_ \+ \+ ADD, XED\+ \_ \+ \+ ICLASS\+ \_ \+ \+ SUB, etc...
\begin { DoxyReturn} { Returns}
the operation type. such as XED\+ \_ \+ \+ ICLASS\+ \_ \+ \+ ADD, XED\+ \_ \+ \+ ICLASS\+ \_ \+ \+ SUB, etc...
\end { DoxyReturn}
\begin { DoxyCode} { 0}
\DoxyCodeLine { 140 \{ \textcolor { keywordflow} { return} m\_ type; \} }
\end { DoxyCode}
The documentation for this class was generated from the following file\+ :\begin { DoxyCompactItemize}
\item
include/obf/transform/\mbox { \hyperlink { operation_ 8hpp} { operation.\+ hpp} } \end { DoxyCompactItemize}