You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
142 lines
8.9 KiB
142 lines
8.9 KiB
3 years ago
|
\hypertarget{main_8cpp}{}\doxysection{examples/demo/main.cpp File Reference}
|
||
|
\label{main_8cpp}\index{examples/demo/main.cpp@{examples/demo/main.cpp}}
|
||
|
{\ttfamily \#include $<$Windows.\+h$>$}\newline
|
||
|
{\ttfamily \#include $<$psapi.\+h$>$}\newline
|
||
|
{\ttfamily \#include $<$filesystem$>$}\newline
|
||
|
{\ttfamily \#include $<$fstream$>$}\newline
|
||
|
{\ttfamily \#include $<$iostream$>$}\newline
|
||
|
{\ttfamily \#include $<$spdlog/spdlog.\+h$>$}\newline
|
||
|
{\ttfamily \#include $<$theo.\+hpp$>$}\newline
|
||
|
{\ttfamily \#include $<$obf/engine.\+hpp$>$}\newline
|
||
|
{\ttfamily \#include $<$obf/passes/jcc\+\_\+rewrite\+\_\+pass.\+hpp$>$}\newline
|
||
|
{\ttfamily \#include $<$obf/passes/next\+\_\+inst\+\_\+pass.\+hpp$>$}\newline
|
||
|
{\ttfamily \#include $<$obf/passes/reloc\+\_\+transform\+\_\+pass.\+hpp$>$}\newline
|
||
|
{\ttfamily \#include \char`\"{}hello\+\_\+world\+\_\+pass.\+hpp\char`\"{}}\newline
|
||
|
\doxysubsection*{Functions}
|
||
|
\begin{DoxyCompactItemize}
|
||
|
\item
|
||
|
int \mbox{\hyperlink{main_8cpp_a0ddf1224851353fc92bfbff6f499fa97}{main}} (int argc, char $\ast$argv\mbox{[}$\,$\mbox{]})
|
||
|
\begin{DoxyCompactList}\small\item\em example usage of how to interface with theo. please refer to the source code of this function for details. \end{DoxyCompactList}\end{DoxyCompactItemize}
|
||
|
|
||
|
|
||
|
\doxysubsection{Function Documentation}
|
||
|
\mbox{\Hypertarget{main_8cpp_a0ddf1224851353fc92bfbff6f499fa97}\label{main_8cpp_a0ddf1224851353fc92bfbff6f499fa97}}
|
||
|
\index{main.cpp@{main.cpp}!main@{main}}
|
||
|
\index{main@{main}!main.cpp@{main.cpp}}
|
||
|
\doxysubsubsection{\texorpdfstring{main()}{main()}}
|
||
|
{\footnotesize\ttfamily int main (\begin{DoxyParamCaption}\item[{int}]{argc, }\item[{char $\ast$}]{argv\mbox{[}$\,$\mbox{]} }\end{DoxyParamCaption})}
|
||
|
|
||
|
|
||
|
|
||
|
example usage of how to interface with theo. please refer to the source code of this function for details.
|
||
|
|
||
|
|
||
|
\begin{DoxyParams}{Parameters}
|
||
|
{\em argc} & \\
|
||
|
\hline
|
||
|
{\em argv} & \\
|
||
|
\hline
|
||
|
\end{DoxyParams}
|
||
|
\begin{DoxyReturn}{Returns}
|
||
|
|
||
|
\end{DoxyReturn}
|
||
|
|
||
|
\begin{DoxyCode}{0}
|
||
|
\DoxyCodeLine{57 \{}
|
||
|
\DoxyCodeLine{58 \textcolor{keywordflow}{if} (argc < 2)}
|
||
|
\DoxyCodeLine{59 \textcolor{keywordflow}{return} -\/1;}
|
||
|
\DoxyCodeLine{60 }
|
||
|
\DoxyCodeLine{61 \textcolor{comment}{// read in lib file...}}
|
||
|
\DoxyCodeLine{62 std::ifstream f(argv[1], std::ios::binary);}
|
||
|
\DoxyCodeLine{63 \textcolor{keyword}{auto} fsize = fs::file\_size(fs::path(argv[1]));}
|
||
|
\DoxyCodeLine{64 std::vector<std::uint8\_t> fdata;}
|
||
|
\DoxyCodeLine{65 fdata.resize(fsize);}
|
||
|
\DoxyCodeLine{66 f.read((\textcolor{keywordtype}{char}*)fdata.data(), fsize);}
|
||
|
\DoxyCodeLine{67 }
|
||
|
\DoxyCodeLine{68 LoadLibraryA(\textcolor{stringliteral}{"{}user32.dll"{}});}
|
||
|
\DoxyCodeLine{69 LoadLibraryA(\textcolor{stringliteral}{"{}win32u.dll"{}});}
|
||
|
\DoxyCodeLine{70 }
|
||
|
\DoxyCodeLine{71 \textcolor{comment}{// declare your allocator, resolver, and copier lambda functions.}}
|
||
|
\DoxyCodeLine{72 \textcolor{comment}{//}}
|
||
|
\DoxyCodeLine{73 }
|
||
|
\DoxyCodeLine{74 \mbox{\hyperlink{namespacetheo_1_1recomp_a96995cb0c5291dce945760c3d8f55241}{theo::recomp::allocator\_t}} allocator =}
|
||
|
\DoxyCodeLine{75 [\&](std::uint32\_t size,}
|
||
|
\DoxyCodeLine{76 coff::section\_characteristics\_t section\_type) -\/> std::uintptr\_t \{}
|
||
|
\DoxyCodeLine{77 \textcolor{keywordflow}{return} \textcolor{keyword}{reinterpret\_cast<}std::uintptr\_t\textcolor{keyword}{>}(VirtualAlloc(}
|
||
|
\DoxyCodeLine{78 NULL, size, MEM\_COMMIT | MEM\_RESERVE,}
|
||
|
\DoxyCodeLine{79 section\_type.mem\_execute ? PAGE\_EXECUTE\_READWRITE : PAGE\_READWRITE));}
|
||
|
\DoxyCodeLine{80 \};}
|
||
|
\DoxyCodeLine{81 }
|
||
|
\DoxyCodeLine{82 \mbox{\hyperlink{namespacetheo_1_1recomp_a604e81450773453df676c3b573651adc}{theo::recomp::copier\_t}} copier = [\&](std::uintptr\_t ptr, \textcolor{keywordtype}{void}* buff,}
|
||
|
\DoxyCodeLine{83 std::uint32\_t size) \{}
|
||
|
\DoxyCodeLine{84 std::memcpy((\textcolor{keywordtype}{void}*)ptr, buff, size);}
|
||
|
\DoxyCodeLine{85 \};}
|
||
|
\DoxyCodeLine{86 }
|
||
|
\DoxyCodeLine{87 \mbox{\hyperlink{namespacetheo_1_1recomp_a7364f8c94855a2a871a9d6e1057989f3}{theo::recomp::resolver\_t}} resolver = [\&](std::string sym) -\/> std::uintptr\_t \{}
|
||
|
\DoxyCodeLine{88 \textcolor{keyword}{auto} loaded\_modules = std::make\_unique<HMODULE[]>(64);}
|
||
|
\DoxyCodeLine{89 std::uintptr\_t result = 0u, loaded\_module\_sz = 0u;}
|
||
|
\DoxyCodeLine{90 \textcolor{keywordflow}{if} (!EnumProcessModules(GetCurrentProcess(), loaded\_modules.get(), 512,}
|
||
|
\DoxyCodeLine{91 (PDWORD)\&loaded\_module\_sz))}
|
||
|
\DoxyCodeLine{92 \textcolor{keywordflow}{return} \{\};}
|
||
|
\DoxyCodeLine{93 }
|
||
|
\DoxyCodeLine{94 \textcolor{keywordflow}{for} (\textcolor{keyword}{auto} i = 0u; i < loaded\_module\_sz / 8u; i++) \{}
|
||
|
\DoxyCodeLine{95 \textcolor{keywordtype}{wchar\_t} file\_name[MAX\_PATH] = L\textcolor{stringliteral}{"{}"{}};}
|
||
|
\DoxyCodeLine{96 \textcolor{keywordflow}{if} (!GetModuleFileNameExW(GetCurrentProcess(), loaded\_modules.get()[i],}
|
||
|
\DoxyCodeLine{97 file\_name, \_countof(file\_name)))}
|
||
|
\DoxyCodeLine{98 \textcolor{keywordflow}{continue};}
|
||
|
\DoxyCodeLine{99 }
|
||
|
\DoxyCodeLine{100 \textcolor{keywordflow}{if} ((result = \textcolor{keyword}{reinterpret\_cast<}std::uintptr\_t\textcolor{keyword}{>}(}
|
||
|
\DoxyCodeLine{101 GetProcAddress(LoadLibraryW(file\_name), sym.c\_str()))))}
|
||
|
\DoxyCodeLine{102 \textcolor{keywordflow}{break};}
|
||
|
\DoxyCodeLine{103 \}}
|
||
|
\DoxyCodeLine{104 \textcolor{keywordflow}{return} result;}
|
||
|
\DoxyCodeLine{105 \};}
|
||
|
\DoxyCodeLine{106 }
|
||
|
\DoxyCodeLine{107 \textcolor{comment}{// init enc/dec tables only once... important that this is done before adding}}
|
||
|
\DoxyCodeLine{108 \textcolor{comment}{// obfuscation passes to the engine...}}
|
||
|
\DoxyCodeLine{109 \textcolor{comment}{//}}
|
||
|
\DoxyCodeLine{110 xed\_tables\_init();}
|
||
|
\DoxyCodeLine{111 }
|
||
|
\DoxyCodeLine{112 \textcolor{comment}{// order matters, the order in which the pass is added is the order they}}
|
||
|
\DoxyCodeLine{113 \textcolor{comment}{// will be executed!}}
|
||
|
\DoxyCodeLine{114 \textcolor{comment}{//}}
|
||
|
\DoxyCodeLine{115 \textcolor{keyword}{auto} engine = \mbox{\hyperlink{classtheo_1_1obf_1_1engine__t_a58715f5c3ade824a65e602aba570040e}{theo::obf::engine\_t::get}}();}
|
||
|
\DoxyCodeLine{116 }
|
||
|
\DoxyCodeLine{117 \textcolor{comment}{// add in our hello world pass here}}
|
||
|
\DoxyCodeLine{118 \textcolor{comment}{//}}
|
||
|
\DoxyCodeLine{119 engine-\/>add\_pass(\mbox{\hyperlink{classtheo_1_1obf_1_1hello__world__pass__t_a103eae9aa0f69f8d51e5106a08b77a5b}{theo::obf::hello\_world\_pass\_t::get}}());}
|
||
|
\DoxyCodeLine{120 }
|
||
|
\DoxyCodeLine{121 \textcolor{comment}{// add the rest of the passes in this order. this order is important.}}
|
||
|
\DoxyCodeLine{122 \textcolor{comment}{//}}
|
||
|
\DoxyCodeLine{123 engine-\/>add\_pass(\mbox{\hyperlink{classtheo_1_1obf_1_1reloc__transform__pass__t_a89aa46da5f721057cd8cf5189207d464}{theo::obf::reloc\_transform\_pass\_t::get}}());}
|
||
|
\DoxyCodeLine{124 engine-\/>add\_pass(\mbox{\hyperlink{classtheo_1_1obf_1_1next__inst__pass__t_a964e6f5291ccba0442519f2563b3a2e9}{theo::obf::next\_inst\_pass\_t::get}}());}
|
||
|
\DoxyCodeLine{125 engine-\/>add\_pass(\mbox{\hyperlink{classtheo_1_1obf_1_1jcc__rewrite__pass__t_afc17278f751fe3f5868c988faffb3c92}{theo::obf::jcc\_rewrite\_pass\_t::get}}());}
|
||
|
\DoxyCodeLine{126 }
|
||
|
\DoxyCodeLine{127 std::string entry\_name;}
|
||
|
\DoxyCodeLine{128 std::cout << \textcolor{stringliteral}{"{}enter the name of the entry point: "{}};}
|
||
|
\DoxyCodeLine{129 std::cin >> entry\_name;}
|
||
|
\DoxyCodeLine{130 }
|
||
|
\DoxyCodeLine{131 \textcolor{comment}{// create a theo object and pass in the lib, your allocator, copier, and}}
|
||
|
\DoxyCodeLine{132 \textcolor{comment}{// resolver functions, as well as the entry point symbol name.}}
|
||
|
\DoxyCodeLine{133 \textcolor{comment}{//}}
|
||
|
\DoxyCodeLine{134 \mbox{\hyperlink{classtheo_1_1theo__t}{theo::theo\_t}} t(fdata, \{allocator, copier, resolver\}, entry\_name.data());}
|
||
|
\DoxyCodeLine{135 }
|
||
|
\DoxyCodeLine{136 \textcolor{comment}{// call the decompose method to decompose the lib into coff files and extract}}
|
||
|
\DoxyCodeLine{137 \textcolor{comment}{// the symbols that are used. the result of this call will be an optional}}
|
||
|
\DoxyCodeLine{138 \textcolor{comment}{// value containing the number of symbols extracted.}}
|
||
|
\DoxyCodeLine{139 \textcolor{comment}{//}}
|
||
|
\DoxyCodeLine{140 \textcolor{keyword}{auto} res = t.decompose();}
|
||
|
\DoxyCodeLine{141 }
|
||
|
\DoxyCodeLine{142 \textcolor{keywordflow}{if} (!res.has\_value()) \{}
|
||
|
\DoxyCodeLine{143 spdlog::error(\textcolor{stringliteral}{"{}decomposition failed...\(\backslash\)n"{}});}
|
||
|
\DoxyCodeLine{144 \textcolor{keywordflow}{return} -\/1;}
|
||
|
\DoxyCodeLine{145 \}}
|
||
|
\DoxyCodeLine{146 }
|
||
|
\DoxyCodeLine{147 spdlog::info(\textcolor{stringliteral}{"{}decomposed \{\} symbols..."{}}, res.value());}
|
||
|
\DoxyCodeLine{148 \textcolor{keyword}{auto} entry\_pnt = t.compose();}
|
||
|
\DoxyCodeLine{149 spdlog::info(\textcolor{stringliteral}{"{}entry point address: \{:X\}"{}}, entry\_pnt);}
|
||
|
\DoxyCodeLine{150 \textcolor{keyword}{reinterpret\_cast<}\textcolor{keywordtype}{void} (*)()\textcolor{keyword}{>}(entry\_pnt)();}
|
||
|
\DoxyCodeLine{151 \}}
|
||
|
|
||
|
\end{DoxyCode}
|