Theodosius/include/obf/transform/operation.hpp

#pragma once
#include <spdlog/spdlog.h>
#include <functional>
#include <map>
#include <random>

#define XED_ENCODER
extern "C" {
#include <xed-decode.h>
#include <xed-interface.h>
}

namespace theo::obf::transform {
using transform_t = std::function<std::size_t(std::size_t, std::uint32_t)>;

class operation_t {
 public:
  explicit operation_t(transform_t op, xed_iclass_enum_t type)
      : m_transform(op), m_type(type) {}

  std::vector<std::uint8_t> native(const xed_decoded_inst_t* inst,
                                   std::size_t imm) {
    std::uint32_t inst_len = {};
    std::uint8_t inst_buff[XED_MAX_INSTRUCTION_BYTES];

    xed_error_enum_t err;
    xed_encoder_request_init_from_decode((xed_decoded_inst_s*)inst);
    xed_encoder_request_t* req = (xed_encoder_request_t*)inst;
    xed_state_t istate{XED_MACHINE_MODE_LONG_64, XED_ADDRESS_WIDTH_64b};

    switch (m_type) {
      case XED_ICLASS_ROR:
      case XED_ICLASS_ROL:
        xed_encoder_request_set_uimm0(req, imm, 1);
        break;
      default:
        xed_encoder_request_set_uimm0(req, imm, 4);
        break;
    }

    xed_encoder_request_set_iclass(req, m_type);
    xed_encoder_request_set_operand_order(req, 1, XED_OPERAND_IMM0);

    if ((err = xed_encode(req, inst_buff, sizeof(inst_buff), &inst_len)) !=
        XED_ERROR_NONE) {
      spdlog::error("failed to encode instruction... reason: {}",
                    xed_error_enum_t2str(err));

      assert(err == XED_ERROR_NONE);
    }

    return std::vector<std::uint8_t>(inst_buff, inst_buff + inst_len);
  }

  xed_iclass_enum_t inverse() { return m_inverse_op[m_type]; }
  transform_t* get_transform() { return &m_transform; }

  static std::size_t random(std::size_t lowest, std::size_t largest) {
    std::random_device rd;
    std::mt19937 gen(rd());
    std::uniform_int_distribution<std::size_t> distr(lowest, largest);
    return distr(gen);
  }

 private:
  transform_t m_transform;
  xed_iclass_enum_t m_type;

  std::map<xed_iclass_enum_t, xed_iclass_enum_t> m_inverse_op = {
      {XED_ICLASS_ADD, XED_ICLASS_SUB}, {XED_ICLASS_SUB, XED_ICLASS_ADD},
      {XED_ICLASS_AND, XED_ICLASS_OR},  {XED_ICLASS_OR, XED_ICLASS_AND},
      {XED_ICLASS_ROL, XED_ICLASS_ROR}, {XED_ICLASS_ROR, XED_ICLASS_ROL},
      {XED_ICLASS_XOR, XED_ICLASS_XOR}};
};

}  // namespace theo::obf::transform
created a pass system... starting to code transformation system for relocations... 2 years ago			`#pragma once`
about half way done with transformations... imm's cant be 8 bytes, only 4... 2 years ago			`#include <spdlog/spdlog.h>`
created a pass system... starting to code transformation system for relocations... 2 years ago			`#include <functional>`
			`#include <map>`
about half way done with transformations... imm's cant be 8 bytes, only 4... 2 years ago			`#include <random>`
created a pass system... starting to code transformation system for relocations... 2 years ago
			`#define XED_ENCODER`
			`extern "C" {`
			`#include <xed-decode.h>`
			`#include <xed-interface.h>`
			`}`

refactored the code so that there are 3 main namespaces: decomp, obf, and recomp... 2 years ago			`namespace theo::obf::transform {`
finished relocation transformation pass... todo write other passes and also move the code that checks to see if the section is .obf to outside of routine_t so that you can re-use routine_t to decompose entire functions after running them through obfuscation passes.... 2 years ago			`using transform_t = std::function<std::size_t(std::size_t, std::uint32_t)>;`
created a pass system... starting to code transformation system for relocations... 2 years ago
			`class operation_t {`
			`public:`
about half way done with transformations... imm's cant be 8 bytes, only 4... 2 years ago			`explicit operation_t(transform_t op, xed_iclass_enum_t type)`
created a pass system... starting to code transformation system for relocations... 2 years ago			`: m_transform(op), m_type(type) {}`

about half way done with transformations... imm's cant be 8 bytes, only 4... 2 years ago			`std::vector<std::uint8_t> native(const xed_decoded_inst_t* inst,`
			`std::size_t imm) {`
finished relocation transformation pass... todo write other passes and also move the code that checks to see if the section is .obf to outside of routine_t so that you can re-use routine_t to decompose entire functions after running them through obfuscation passes.... 2 years ago			`std::uint32_t inst_len = {};`
			`std::uint8_t inst_buff[XED_MAX_INSTRUCTION_BYTES];`

about half way done with transformations... imm's cant be 8 bytes, only 4... 2 years ago			`xed_error_enum_t err;`
finished relocation transformation pass... todo write other passes and also move the code that checks to see if the section is .obf to outside of routine_t so that you can re-use routine_t to decompose entire functions after running them through obfuscation passes.... 2 years ago			`xed_encoder_request_init_from_decode((xed_decoded_inst_s*)inst);`
			`xed_encoder_request_t* req = (xed_encoder_request_t*)inst;`
about half way done with transformations... imm's cant be 8 bytes, only 4... 2 years ago			`xed_state_t istate{XED_MACHINE_MODE_LONG_64, XED_ADDRESS_WIDTH_64b};`

finished relocation transformation pass... todo write other passes and also move the code that checks to see if the section is .obf to outside of routine_t so that you can re-use routine_t to decompose entire functions after running them through obfuscation passes.... 2 years ago			`switch (m_type) {`
			`case XED_ICLASS_ROR:`
			`case XED_ICLASS_ROL:`
			`xed_encoder_request_set_uimm0(req, imm, 1);`
			`break;`
			`default:`
			`xed_encoder_request_set_uimm0(req, imm, 4);`
			`break;`
			`}`
about half way done with transformations... imm's cant be 8 bytes, only 4... 2 years ago
finished relocation transformation pass... todo write other passes and also move the code that checks to see if the section is .obf to outside of routine_t so that you can re-use routine_t to decompose entire functions after running them through obfuscation passes.... 2 years ago			`xed_encoder_request_set_iclass(req, m_type);`
			`xed_encoder_request_set_operand_order(req, 1, XED_OPERAND_IMM0);`
about half way done with transformations... imm's cant be 8 bytes, only 4... 2 years ago
finished relocation transformation pass... todo write other passes and also move the code that checks to see if the section is .obf to outside of routine_t so that you can re-use routine_t to decompose entire functions after running them through obfuscation passes.... 2 years ago			`if ((err = xed_encode(req, inst_buff, sizeof(inst_buff), &inst_len)) !=`
about half way done with transformations... imm's cant be 8 bytes, only 4... 2 years ago			`XED_ERROR_NONE) {`
			`spdlog::error("failed to encode instruction... reason: {}",`
			`xed_error_enum_t2str(err));`

			`assert(err == XED_ERROR_NONE);`
			`}`

			`return std::vector<std::uint8_t>(inst_buff, inst_buff + inst_len);`
			`}`

			`xed_iclass_enum_t inverse() { return m_inverse_op[m_type]; }`
			`transform_t* get_transform() { return &m_transform; }`
created a pass system... starting to code transformation system for relocations... 2 years ago
about half way done with transformations... imm's cant be 8 bytes, only 4... 2 years ago			`static std::size_t random(std::size_t lowest, std::size_t largest) {`
			`std::random_device rd;`
			`std::mt19937 gen(rd());`
			`std::uniform_int_distribution<std::size_t> distr(lowest, largest);`
			`return distr(gen);`
			`}`
created a pass system... starting to code transformation system for relocations... 2 years ago
			`private:`
			`transform_t m_transform;`
about half way done with transformations... imm's cant be 8 bytes, only 4... 2 years ago			`xed_iclass_enum_t m_type;`
created a pass system... starting to code transformation system for relocations... 2 years ago
about half way done with transformations... imm's cant be 8 bytes, only 4... 2 years ago			`std::map<xed_iclass_enum_t, xed_iclass_enum_t> m_inverse_op = {`
			`{XED_ICLASS_ADD, XED_ICLASS_SUB}, {XED_ICLASS_SUB, XED_ICLASS_ADD},`
			`{XED_ICLASS_AND, XED_ICLASS_OR}, {XED_ICLASS_OR, XED_ICLASS_AND},`
			`{XED_ICLASS_ROL, XED_ICLASS_ROR}, {XED_ICLASS_ROR, XED_ICLASS_ROL},`
			`{XED_ICLASS_XOR, XED_ICLASS_XOR}};`
created a pass system... starting to code transformation system for relocations... 2 years ago			`};`

refactored the code so that there are 3 main namespaces: decomp, obf, and recomp... 2 years ago			`} // namespace theo::obf::transform`