\hypertarget { classtheo_ 1_ 1obf_ 1_ 1jcc_ _ rewrite_ _ pass_ _ t} { } \doxysection { theo\+ ::obf\+ ::jcc\+ \_ \+ rewrite\+ \_ \+ pass\+ \_ \+ t Class Reference}
\label { classtheo_ 1_ 1obf_ 1_ 1jcc_ _ rewrite_ _ pass_ _ t} \index { theo::obf::jcc\_ rewrite\_ pass\_ t@{ theo::obf::jcc\_ rewrite\_ pass\_ t} }
jcc rewrite pass which rewrites rip relative jcc\textquotesingle { } s so that they are position independent.
{ \ttfamily \# include \char `\" { } jcc\+ \_ \+ rewrite\+ \_ \+ pass.\+ hpp\char `\" { } }
Inheritance diagram for theo\+ ::obf\+ ::jcc\+ \_ \+ rewrite\+ \_ \+ pass\+ \_ \+ t\+ :\begin { figure} [H]
\begin { center}
\leavevmode
\includegraphics [height=2.000000cm] { d6/dc1/classtheo_ 1_ 1obf_ 1_ 1jcc_ _ rewrite_ _ pass_ _ t}
\end { center}
\end { figure}
\doxysubsection * { Public Member Functions}
\begin { DoxyCompactItemize}
\item
void \mbox { \hyperlink { classtheo_ 1_ 1obf_ 1_ 1jcc_ _ rewrite_ _ pass_ _ t_ a5a93eb0945025ef3caefed8c63b65b23} { run} } (\mbox { \hyperlink { classtheo_ 1_ 1decomp_ 1_ 1symbol_ _ t} { decomp\+ ::symbol\+ \_ \+ t} } $ \ast $ sym)
\begin { DoxyCompactList} \small \item \em virtual method which must be implimented by the pass that inherits this class. \end { DoxyCompactList} \end { DoxyCompactItemize}
\doxysubsection * { Static Public Member Functions}
\begin { DoxyCompactItemize}
\item
static \mbox { \hyperlink { classtheo_ 1_ 1obf_ 1_ 1jcc_ _ rewrite_ _ pass_ _ t} { jcc\+ \_ \+ rewrite\+ \_ \+ pass\+ \_ \+ t} } $ \ast $ \mbox { \hyperlink { classtheo_ 1_ 1obf_ 1_ 1jcc_ _ rewrite_ _ pass_ _ t_ afc17278f751fe3f5868c988faffb3c92} { get} } ()
\end { DoxyCompactItemize}
\doxysubsection { Detailed Description}
jcc rewrite pass which rewrites rip relative jcc\textquotesingle { } s so that they are position independent.
given the following code\+ : \begin { DoxyVerb} jnz label1
; other code goes here
\end { DoxyVerb}
label1\+ : ; more code here
the jnz instruction will be rewritten so that the following code is generated\+ : \begin { DoxyVerb} jnz br2
\end { DoxyVerb}
br1\+ : jmp \mbox { [} rip\mbox { ]} ; address after this instruction contains the address ; of the instruction after the jcc. br2\+ : jmp \mbox { [} rip\mbox { ]} ; address after this instruction contains the address of where ; branch 2 is located.
its important to note that other passes will encrypt (transform) the address of the next instruction. There is actually no jmp \mbox { [} rip\mbox { ]} either, push/ret is used.
Definition at line \mbox { \hyperlink { jcc_ _ rewrite_ _ pass_ 8hpp_ source_ l00061} { 61} } of file \mbox { \hyperlink { jcc_ _ rewrite_ _ pass_ 8hpp_ source} { jcc\+ \_ \+ rewrite\+ \_ \+ pass.\+ hpp} } .
\doxysubsection { Member Function Documentation}
\mbox { \Hypertarget { classtheo_ 1_ 1obf_ 1_ 1jcc_ _ rewrite_ _ pass_ _ t_ afc17278f751fe3f5868c988faffb3c92} \label { classtheo_ 1_ 1obf_ 1_ 1jcc_ _ rewrite_ _ pass_ _ t_ afc17278f751fe3f5868c988faffb3c92} }
\index { theo::obf::jcc\_ rewrite\_ pass\_ t@{ theo::obf::jcc\_ rewrite\_ pass\_ t} !get@{ get} }
\index { get@{ get} !theo::obf::jcc\_ rewrite\_ pass\_ t@{ theo::obf::jcc\_ rewrite\_ pass\_ t} }
\doxysubsubsection { \texorpdfstring { get()} { get()} }
{ \footnotesize \ttfamily \mbox { \hyperlink { classtheo_ 1_ 1obf_ 1_ 1jcc_ _ rewrite_ _ pass_ _ t} { jcc\+ \_ \+ rewrite\+ \_ \+ pass\+ \_ \+ t} } $ \ast $ theo\+ ::obf\+ ::jcc\+ \_ \+ rewrite\+ \_ \+ pass\+ \_ \+ t\+ ::get (\begin { DoxyParamCaption} { } \end { DoxyParamCaption} )\hspace { 0.3cm} { \ttfamily [static]} }
Definition at line \mbox { \hyperlink { jcc_ _ rewrite_ _ pass_ 8cpp_ source_ l00035} { 35} } of file \mbox { \hyperlink { jcc_ _ rewrite_ _ pass_ 8cpp_ source} { jcc\+ \_ \+ rewrite\+ \_ \+ pass.\+ cpp} } .
\begin { DoxyCode} { 0}
\DoxyCodeLine { 00035 \{ }
\DoxyCodeLine { 00036 \textcolor { keyword} { static} jcc\_ rewrite\_ pass\_ t obj;}
\DoxyCodeLine { 00037 \textcolor { keywordflow} { return} \& obj;}
\DoxyCodeLine { 00038 \} }
\end { DoxyCode}
Referenced by \mbox { \hyperlink { main_ 8cpp_ source_ l00057} { main()} } .
\mbox { \Hypertarget { classtheo_ 1_ 1obf_ 1_ 1jcc_ _ rewrite_ _ pass_ _ t_ a5a93eb0945025ef3caefed8c63b65b23} \label { classtheo_ 1_ 1obf_ 1_ 1jcc_ _ rewrite_ _ pass_ _ t_ a5a93eb0945025ef3caefed8c63b65b23} }
\index { theo::obf::jcc\_ rewrite\_ pass\_ t@{ theo::obf::jcc\_ rewrite\_ pass\_ t} !run@{ run} }
\index { run@{ run} !theo::obf::jcc\_ rewrite\_ pass\_ t@{ theo::obf::jcc\_ rewrite\_ pass\_ t} }
\doxysubsubsection { \texorpdfstring { run()} { run()} }
{ \footnotesize \ttfamily void theo\+ ::obf\+ ::jcc\+ \_ \+ rewrite\+ \_ \+ pass\+ \_ \+ t\+ ::run (\begin { DoxyParamCaption} \item [{\mbox{\hyperlink{classtheo_1_1decomp_1_1symbol__t}{decomp\+::symbol\+\_\+t}} $\ast$}] { sym } \end { DoxyParamCaption} )\hspace { 0.3cm} { \ttfamily [virtual]} }
virtual method which must be implimented by the pass that inherits this class.
\begin { DoxyParams} { Parameters}
{ \em sym} & a symbol of the same type of m\+ \_ \+ sym\+ \_ \+ type.\\
\hline
\end { DoxyParams}
Implements \mbox { \hyperlink { classtheo_ 1_ 1obf_ 1_ 1pass_ _ t_ acfadc013ff0754d66a18baffdb1a61d1} { theo\+ ::obf\+ ::pass\+ \_ \+ t} } .
Definition at line \mbox { \hyperlink { jcc_ _ rewrite_ _ pass_ 8cpp_ source_ l00040} { 40} } of file \mbox { \hyperlink { jcc_ _ rewrite_ _ pass_ 8cpp_ source} { jcc\+ \_ \+ rewrite\+ \_ \+ pass.\+ cpp} } .
\begin { DoxyCode} { 0}
\DoxyCodeLine { 00040 \{ }
\DoxyCodeLine { 00041 std::int32\_ t disp = \{ \} ;}
\DoxyCodeLine { 00042 xed\_ decoded\_ inst\_ t inst;}
\DoxyCodeLine { 00043 xed\_ state\_ t istate\{ XED\_ MACHINE\_ MODE\_ LONG\_ 64, XED\_ ADDRESS\_ WIDTH\_ 64b\} ;}
\DoxyCodeLine { 00044 xed\_ decoded\_ inst\_ zero\_ set\_ mode(\& inst, \& istate);}
\DoxyCodeLine { 00045 xed\_ decode(\& inst, sym-\/ >data().data(), XED\_ MAX\_ INSTRUCTION\_ BYTES);}
\DoxyCodeLine { 00046 }
\DoxyCodeLine { 00047 \textcolor { comment} { // if the instruction is branching...} }
\DoxyCodeLine { 00048 \textcolor { keywordflow} { if} ((disp = xed\_ decoded\_ inst\_ get\_ branch\_ displacement(\& inst))) \{ }
\DoxyCodeLine { 00049 disp += xed\_ decoded\_ inst\_ get\_ length(\& inst);}
\DoxyCodeLine { 00050 }
\DoxyCodeLine { 00051 \textcolor { comment} { // update displacement...} }
\DoxyCodeLine { 00052 xed\_ decoded\_ inst\_ set\_ branch\_ displacement(}
\DoxyCodeLine { 00053 \& inst, sym-\/ >data().size() -\/ xed\_ decoded\_ inst\_ get\_ length(\& inst),}
\DoxyCodeLine { 00054 xed\_ decoded\_ inst\_ get\_ branch\_ displacement\_ width(\& inst));}
\DoxyCodeLine { 00055 }
\DoxyCodeLine { 00056 xed\_ encoder\_ request\_ init\_ from\_ decode(\& inst);}
\DoxyCodeLine { 00057 xed\_ encoder\_ request\_ t* req = \& inst;}
\DoxyCodeLine { 00058 }
\DoxyCodeLine { 00059 \textcolor { comment} { // update jcc in the buffer...} }
\DoxyCodeLine { 00060 std::uint32\_ t len = \{ \} ;}
\DoxyCodeLine { 00061 xed\_ encode(req, sym-\/ >data().data(), xed\_ decoded\_ inst\_ get\_ length(\& inst),}
\DoxyCodeLine { 00062 \& len);}
\DoxyCodeLine { 00063 }
\DoxyCodeLine { 00064 \textcolor { comment} { // create a relocation to the instruction the branch would normally go} }
\DoxyCodeLine { 00065 \textcolor { comment} { // too...} }
\DoxyCodeLine { 00066 \textcolor { keyword} { auto} offset = disp < 0 ? sym-\/ >offset() -\/ std::abs(disp)}
\DoxyCodeLine { 00067 : sym-\/ >offset() + std::abs(disp);}
\DoxyCodeLine { 00068 }
\DoxyCodeLine { 00069 \textcolor { keyword} { auto} sym\_ name =}
\DoxyCodeLine { 00070 std::string(}
\DoxyCodeLine { 00071 sym-\/ >sym()-\/ >name.to\_ string(sym-\/ >img()-\/ >get\_ strings()).data())}
\DoxyCodeLine { 00072 .append(\textcolor { stringliteral} { "{ } @"{ } } )}
\DoxyCodeLine { 00073 .append(std::to\_ string(offset));}
\DoxyCodeLine { 00074 }
\DoxyCodeLine { 00075 sym-\/ >relocs().push\_ back(}
\DoxyCodeLine { 00076 recomp::reloc\_ t(0, \mbox { \hyperlink { classtheo_ 1_ 1decomp_ 1_ 1symbol_ _ t_ a8695d75670cc4d61d275464e9109ff06} { decomp::symbol\_ t::hash} } (sym\_ name), sym\_ name.data()));}
\DoxyCodeLine { 00077 }
\DoxyCodeLine { 00078 \textcolor { comment} { // run next\_ inst\_ pass on this symbol to generate the transformations for the} }
\DoxyCodeLine { 00079 \textcolor { comment} { // relocation to the jcc branch dest instruction...} }
\DoxyCodeLine { 00080 \mbox { \hyperlink { classtheo_ 1_ 1obf_ 1_ 1next_ _ inst_ _ pass_ _ t_ a964e6f5291ccba0442519f2563b3a2e9} { next\_ inst\_ pass\_ t::get} } ()-\/ >\mbox { \hyperlink { classtheo_ 1_ 1obf_ 1_ 1next_ _ inst_ _ pass_ _ t_ ae4cbba78b14c2b9da794386e4d92f40f} { run} } (sym);}
\DoxyCodeLine { 00081 \} }
\DoxyCodeLine { 00082 \} ;}
\end { DoxyCode}
References \mbox { \hyperlink { symbol_ 8cpp_ source_ l00076} { theo\+ ::decomp\+ ::symbol\+ \_ \+ t\+ ::data()} } , \mbox { \hyperlink { next_ _ inst_ _ pass_ 8cpp_ source_ l00034} { theo\+ ::obf\+ ::next\+ \_ \+ inst\+ \_ \+ pass\+ \_ \+ t\+ ::get()} } , \mbox { \hyperlink { symbol_ 8cpp_ source_ l00088} { theo\+ ::decomp\+ ::symbol\+ \_ \+ t\+ ::hash()} } , \mbox { \hyperlink { symbol_ 8cpp_ source_ l00068} { theo\+ ::decomp\+ ::symbol\+ \_ \+ t\+ ::img()} } , \mbox { \hyperlink { symbol_ 8cpp_ source_ l00056} { theo\+ ::decomp\+ ::symbol\+ \_ \+ t\+ ::offset()} } , \mbox { \hyperlink { symbol_ 8cpp_ source_ l00096} { theo\+ ::decomp\+ ::symbol\+ \_ \+ t\+ ::relocs()} } , \mbox { \hyperlink { next_ _ inst_ _ pass_ 8cpp_ source_ l00038} { theo\+ ::obf\+ ::next\+ \_ \+ inst\+ \_ \+ pass\+ \_ \+ t\+ ::run()} } , and \mbox { \hyperlink { symbol_ 8cpp_ source_ l00092} { theo\+ ::decomp\+ ::symbol\+ \_ \+ t\+ ::sym()} } .
The documentation for this class was generated from the following files\+ :\begin { DoxyCompactItemize}
\item
include/obf/passes/\mbox { \hyperlink { jcc_ _ rewrite_ _ pass_ 8hpp} { jcc\+ \_ \+ rewrite\+ \_ \+ pass.\+ hpp} } \item
src/obf/passes/\mbox { \hyperlink { jcc_ _ rewrite_ _ pass_ 8cpp} { jcc\+ \_ \+ rewrite\+ \_ \+ pass.\+ cpp} } \end { DoxyCompactItemize}