From 3ff9d4f3fd92ddb970c99b5fba09c4f0be32c3d9 Mon Sep 17 00:00:00 2001 From: _xeroxz Date: Mon, 8 Mar 2021 06:50:55 +0000 Subject: [PATCH] Update README.md --- README.md | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index af2aa69..24da0b3 100644 --- a/README.md +++ b/README.md @@ -7,6 +7,16 @@ # Theodosius - Jit linker, Mapper, Mutator, and Obfuscator Theodosius (Theo for short) is a jit linker created entirely for obfuscation and mutation of both code, and code flow. The project is extremely modular in design and supports -both kernel and usermode projects. Since Theo inherits HMDM (highly modular driver mapper), any vulnerable driver that exposes arbitrary MSR writes, or physical memory read/write can be used with this framework. This is possible since HMDM inherits VDM (vulnerable driver manipulation), and MSREXEC (elevation of arbitrary MSR writes to kernel execution). +both kernel and usermode projects. Since Theo inherits HMDM (highly modular driver mapper), any vulnerable driver that exposes arbitrary MSR writes, or physical memory read/write can be used with this framework to map unsigned code into the kernel. This is possible since HMDM inherits VDM (vulnerable driver manipulation), and MSREXEC (elevation of arbitrary MSR writes to kernel execution). -Since Theo is a jit linker, unexported symbols from PE files can be jit linked. Resolving such symbols is open ended and allows the user of this framework to handle how they want to resolve symbols. More on this later (check out example projects). \ No newline at end of file +Since Theo is a jit linker, unexported symbols can be jit linked. Resolving such symbols is open ended and allows the programmer of this framework to handle how they want to resolve symbols. More on this later (check out example projects). + +# Obfuscation + +The usage of the word obfuscation in this project is use to define any changes made to code, this includes code flow. `obfuscation::obfuscate`, a base class, which is inherited and expanded upon by `obfuscation::mutation`, obfuscates code flow by inserting `JMP [RIP+0x0]` instructions after every single instruction. This allows for a routine to be broken up into unique allocations of memory and thus provides more canvas room for creative ideas. + +### Obfuscation - Base Class + +The base class, as described in the above section, contains a handful of util routines such as `get_size()`, + +### Mutation - Inherts Obfuscation \ No newline at end of file