Theodosius/Examples/Theodosius-Usermode/theo.h

#pragma once
#include "utils.hpp"
#include "linker/linker.hpp"
#include "obfuscation/obfuscation.hpp"

#include <Zycore/Zycore.h>
#include <Zydis/Decoder.h>
#include <Zydis/Formatter.h>

#include <winternl.h>
#include <type_traits>
#include <dbghelp.h>
#include <mutex>
#include <string>

#pragma comment(lib, "Dbghelp.lib")
namespace theo
{
	using malloc_t = std::function<decltype(malloc)>;
	using memcpy_t = std::function<decltype(memcpy)>;
	using kmemset_t = std::function<decltype(memset)>;
	using resolve_symbol_t = std::function<std::uintptr_t(const char*)>;

	using image_entry_t = std::uintptr_t;
	using mapper_routines_t = std::tuple<malloc_t, memcpy_t, resolve_symbol_t>;
	
	class hmm_ctx
	{
	public:
		explicit hmm_ctx(const mapper_routines_t& routines);
		auto map_objs(std::vector<lnk::obj_buffer_t>& objs) -> image_entry_t;

		malloc_t kalloc;
		memcpy_t kmemcpy;
		resolve_symbol_t resolve_symbol;
	private:
		bool map_symbols(std::vector<lnk::obj_buffer_t>& objs);
		bool map_obfuscated_symbols(std::vector<lnk::obj_buffer_t>& objs);

		bool resolve_relocs(std::vector<lnk::obj_buffer_t>& objs);
		bool alloc_obfuscated_symbol_space(std::vector<lnk::obj_buffer_t>& objs);
		bool alloc_symbol_space(std::vector<lnk::obj_buffer_t>& objs);

		std::map<std::string, std::uintptr_t> mapped_symbols;
		std::map<std::uintptr_t, std::shared_ptr<obfuscation::obfuscate>> obfuscated_gadgets;
	};
}
init commit 4 years ago			`#pragma once`
			`#include "utils.hpp"`
			`#include "linker/linker.hpp"`
recoded how "gadgets" are allocated... much more modular now 4 years ago			`#include "obfuscation/obfuscation.hpp"`
init commit 4 years ago
			`#include <Zycore/Zycore.h>`
			`#include <Zydis/Decoder.h>`
			`#include <Zydis/Formatter.h>`

			`#include <winternl.h>`
			`#include <type_traits>`
			`#include <dbghelp.h>`
recoded how "gadgets" are allocated... much more modular now 4 years ago			`#include <mutex>`
everything works... still need to add JCC/JMP support... 4 years ago			`#include <string>`

init commit 4 years ago			`#pragma comment(lib, "Dbghelp.lib")`
added asmjit and mutation example 4 years ago			`namespace theo`
init commit 4 years ago			`{`
finished external symbol resolver demo... 4 years ago			`using malloc_t = std::function<decltype(malloc)>;`
			`using memcpy_t = std::function<decltype(memcpy)>;`
init commit 4 years ago			`using kmemset_t = std::function<decltype(memset)>;`
recoded how "gadgets" are allocated... much more modular now 4 years ago			`using resolve_symbol_t = std::function<std::uintptr_t(const char*)>;`
init commit 4 years ago
			`using image_entry_t = std::uintptr_t;`
finished external symbol resolver demo... 4 years ago			`using mapper_routines_t = std::tuple<malloc_t, memcpy_t, resolve_symbol_t>;`
everything works... still need to add JCC/JMP support... 4 years ago
added asmjit and mutation example 4 years ago			`class hmm_ctx`
init commit 4 years ago			`{`
			`public:`
added asmjit and mutation example 4 years ago			`explicit hmm_ctx(const mapper_routines_t& routines);`
init commit 4 years ago			`auto map_objs(std::vector<lnk::obj_buffer_t>& objs) -> image_entry_t;`

finished external symbol resolver demo... 4 years ago			`malloc_t kalloc;`
			`memcpy_t kmemcpy;`
recoded how "gadgets" are allocated... much more modular now 4 years ago			`resolve_symbol_t resolve_symbol;`
init commit 4 years ago			`private:`
everything works... still need to add JCC/JMP support... 4 years ago			`bool map_symbols(std::vector<lnk::obj_buffer_t>& objs);`
			`bool map_obfuscated_symbols(std::vector<lnk::obj_buffer_t>& objs);`

			`bool resolve_relocs(std::vector<lnk::obj_buffer_t>& objs);`
			`bool alloc_obfuscated_symbol_space(std::vector<lnk::obj_buffer_t>& objs);`
			`bool alloc_symbol_space(std::vector<lnk::obj_buffer_t>& objs);`
recoded how "gadgets" are allocated... much more modular now 4 years ago
everything works... still need to add JCC/JMP support... 4 years ago			`std::map<std::string, std::uintptr_t> mapped_symbols;`
recoded how "gadgets" are allocated... much more modular now 4 years ago			`std::map<std::uintptr_t, std::shared_ptr<obfuscation::obfuscate>> obfuscated_gadgets;`
init commit 4 years ago			`};`
			`}`