added page protections to theo::malloc_t....

demos/DemoImGui/examples/example_win32_directx11/example_win32_directx11.vcxproj

@@ -85,7 +85,6 @@
   </ItemGroup>
   <ItemGroup>
     <None Include="..\..\misc\natvis\imgui.natvis" />
-    <None Include="..\README.txt" />
   </ItemGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
   <ImportGroup Label="ExtensionTargets">

demos/DemoImGui/examples/example_win32_directx11/example_win32_directx11.vcxproj.filters

@@ -55,7 +55,6 @@
     </ClCompile>
   </ItemGroup>
   <ItemGroup>
-    <None Include="..\README.txt" />
     <None Include="..\..\misc\natvis\imgui.natvis">
       <Filter>sources</Filter>
     </None>

demos/Theodosius-Client/client.cpp

@@ -33,7 +33,7 @@ namespace theo
 			{
 				case theo::theo_packet_type::alloc_memory:
 				{
-					packet.alloc.addr = alloc(packet.alloc.alloc_size);
+					packet.alloc.addr = alloc(packet.alloc.alloc_size, packet.alloc.prot);
 					break;
 				}
 				case theo::theo_packet_type::copy_memory:

demos/Theodosius-Client/client.hpp

@@ -45,6 +45,7 @@ namespace theo
 			{
 				void* addr;
 				std::size_t alloc_size;
+				std::uint32_t prot;
 			} alloc;
 
 			struct
@@ -64,7 +65,7 @@ namespace theo
 	} theo_data, * ptheo_data;
 #pragma pack(pop)
 
-	using malloc_t = std::function<decltype(malloc)>;
+	using malloc_t = std::function<void*(std::size_t, std::uint32_t)>;
 	using memcpy_t = std::function<decltype(memcpy)>;
 
 	using resolve_symbol_t = std::function<std::uintptr_t(const char*)>;

demos/Theodosius-Client/main.cpp

@@ -155,15 +155,17 @@ int __cdecl main(int argc, char** argv)
 				return -1;
 			}
 
-			theo::malloc_t _alloc = [&](std::size_t size) -> void*
+			theo::malloc_t _alloc = 
+				[&](std::size_t size, std::uint32_t prot) -> void*
 			{
-				const auto result = VirtualAllocEx
+				const auto result = 
+					VirtualAllocEx
 					(
 						phandle,
 						nullptr,
 						size,
 						MEM_COMMIT | MEM_RESERVE,
-					PAGE_EXECUTE_READWRITE
+						prot
 					);
 
 				if (!result)
@@ -361,7 +363,9 @@ int __cdecl main(int argc, char** argv)
 					};
 
 					vdm::msrexec_ctx msrexec(_write_msr);
-					theo::malloc_t _kalloc = [&](std::size_t size) -> void*
+
+					theo::malloc_t _kalloc = 
+						[&](std::size_t size, std::uint32_t prot) -> void*
 					{
 						void* alloc_base;
 						msrexec.exec
@@ -453,7 +457,9 @@ int __cdecl main(int argc, char** argv)
 
 					// use VDM to syscall into ExAllocatePool...
 					vdm::vdm_ctx vdm(_read_phys, _write_phys);
-					theo::malloc_t _kalloc = [&](std::size_t size) -> void*
+
+					theo::malloc_t _kalloc = 
+						[&](std::size_t size, std::uint32_t prot) -> void*
 					{
 						using ex_alloc_pool_t =
 							void* (*)(std::uint32_t, std::uint32_t);

demos/Theodosius-Kernel/Theodosius-MSREXEC/main.cpp

@@ -86,7 +86,9 @@ int main(int argc, char** argv)
 	};
 
 	vdm::msrexec_ctx msrexec(_write_msr);
-	theo::malloc_t _kalloc = [&](std::size_t size) -> void*
+
+	theo::malloc_t _kalloc = 
+		[&](std::size_t size, std::uint32_t prot) -> void*
 	{
 		void* alloc_base;
 		msrexec.exec

demos/Theodosius-Kernel/Theodosius-MSREXEC/theo.h

@@ -2,6 +2,7 @@
 #include <Windows.h>
 #include <string>
 #include <vector>
+#include <functional>
 #include <map>
 
 namespace obfuscation{ class obfuscate; }
@@ -9,7 +10,7 @@ namespace lnk { using obj_buffer_t = std::vector<std::uint8_t>; }
 
 namespace theo
 {
-	using malloc_t = std::function<decltype(malloc)>;
+	using malloc_t = std::function<void*(std::size_t bytes, std::uint32_t prot)>;
 	using memcpy_t = std::function<decltype(memcpy)>;
 
 	using resolve_symbol_t = std::function<std::uintptr_t(const char*)>;
@@ -22,8 +23,8 @@ namespace theo
 		auto map_objs(std::vector<lnk::obj_buffer_t>& objs) -> bool;
 		auto get_symbol(std::string symbol_name) -> std::uintptr_t;
 
-		malloc_t kalloc;
-		memcpy_t kmemcpy;
+		malloc_t alloc;
+		memcpy_t mcopy;
 		resolve_symbol_t resolve_symbol;
 	private:
 		bool map_symbols(std::vector<lnk::obj_buffer_t>& objs);

demos/Theodosius-Kernel/Theodosius-VDM/main.cpp

@@ -95,7 +95,8 @@ int main(int argc, char** argv)
 
 	// use VDM to syscall into ExAllocatePool...
 	vdm::vdm_ctx vdm(_read_phys, _write_phys);
-	theo::malloc_t _kalloc = [&](std::size_t size) -> void*
+	theo::malloc_t _kalloc = 
+		[&](std::size_t size, std::uint32_t prot) -> void*
 	{
 		using ex_alloc_pool_t =
 			void* (*)(std::uint32_t, std::uint32_t);

demos/Theodosius-Kernel/Theodosius-VDM/theo.h

@@ -10,7 +10,7 @@ namespace lnk { using obj_buffer_t = std::vector<std::uint8_t>; }
 
 namespace theo
 {
-	using malloc_t = std::function<decltype(malloc)>;
+	using malloc_t = std::function<void*(std::size_t bytes, std::uint32_t prot)>;
 	using memcpy_t = std::function<decltype(memcpy)>;
 
 	using resolve_symbol_t = std::function<std::uintptr_t(const char*)>;

demos/Theodosius-Server/client.cpp

@@ -63,13 +63,14 @@ namespace theo
 		return dest;
 	}
 
-	void* client::wrapper_alloc(std::size_t size) const
+	void* client::wrapper_alloc(std::size_t size, std::uint32_t prot) const
 	{
 		theo_data* packet = new theo_data;
 		memset(packet, NULL, sizeof theo_data);
 
 		packet->type = theo_packet_type::alloc_memory;
 		packet->alloc.alloc_size = size;
+		packet->alloc.prot = prot;
 
 		if (send(client_socket, reinterpret_cast<char*>(packet), 
 			sizeof theo_data, NULL) == SOCKET_ERROR)
@@ -147,8 +148,8 @@ namespace theo
 			{
 				case theo_packet_type::init:
 				{
-					theo::malloc_t alloc = [&](std::size_t size) -> void*
-					{ return this->wrapper_alloc(size); };
+					theo::malloc_t alloc = [&](std::size_t size, std::uint32_t prot) -> void*
+					{ return this->wrapper_alloc(size, prot); };
 
 					theo::memcpy_t mcopy = 
 						[&](void* dest, const void* src, std::size_t size) -> void*

demos/Theodosius-Server/client.hpp

@@ -44,6 +44,7 @@ namespace theo
 			{
 				void* addr;
 				std::size_t alloc_size;
+				std::uint32_t prot;
 			} alloc;
 
 			struct
@@ -72,7 +73,7 @@ namespace theo
 	private:
 		void handler() const;
 		void* wrapper_memcpy(void* dest, const void* src, std::size_t size) const;
-		void* wrapper_alloc(std::size_t size) const;
+		void* wrapper_alloc(std::size_t size, std::uint32_t prot) const;
 		std::uintptr_t wrapper_resolve_symbol(const char* symbol_name) const;
 
 		const SOCKET client_socket;

demos/Theodosius-Server/main.cpp

@@ -95,6 +95,7 @@ int __cdecl main(int argc, char** argv)
 
 		sockaddr socket_info;
 		int socket_info_len = sizeof socket_info;
+
 		const auto psocket_info = 
 			reinterpret_cast<sockaddr_in*>(&socket_info);
 

demos/Theodosius-Server/theo.h

@@ -10,7 +10,7 @@ namespace lnk { using obj_buffer_t = std::vector<std::uint8_t>; }
 
 namespace theo
 {
-	using malloc_t = std::function<decltype(malloc)>;
+	using malloc_t = std::function<void*(std::size_t bytes, std::uint32_t prot)>;
 	using memcpy_t = std::function<decltype(memcpy)>;
 
 	using resolve_symbol_t = std::function<std::uintptr_t(const char*)>;
@@ -23,8 +23,8 @@ namespace theo
 		auto map_objs(std::vector<lnk::obj_buffer_t>& objs) -> bool;
 		auto get_symbol(std::string symbol_name) -> std::uintptr_t;
 
-		malloc_t kalloc;
-		memcpy_t kmemcpy;
+		malloc_t alloc;
+		memcpy_t mcopy;
 		resolve_symbol_t resolve_symbol;
 	private:
 		bool map_symbols(std::vector<lnk::obj_buffer_t>& objs);

demos/Theodosius-Usermode/main.cpp

@@ -92,15 +92,16 @@ int main(int argc, char** argv)
 		return -1;
 	}
 
-	theo::malloc_t _alloc = [&](std::size_t size) -> void*
+	theo::malloc_t _alloc = [&](std::size_t size, std::uint32_t prot) -> void*
 	{
-		const auto result = VirtualAllocEx
+		const auto result = 
+			VirtualAllocEx
 			(
 				phandle, 
 				nullptr, 
 				size, 
 				MEM_COMMIT | MEM_RESERVE, 
-			PAGE_EXECUTE_READWRITE
+				prot
 			);
 
 		if (!result)

demos/Theodosius-Usermode/theo.h

@@ -5,12 +5,12 @@
 #include <functional>
 #include <map>
 
-namespace obfuscation { class obfuscate; }
+namespace obfuscation{ class obfuscate; }
 namespace lnk { using obj_buffer_t = std::vector<std::uint8_t>; }
 
 namespace theo
 {
-	using malloc_t = std::function<decltype(malloc)>;
+	using malloc_t = std::function<void*(std::size_t bytes, std::uint32_t prot)>;
 	using memcpy_t = std::function<decltype(memcpy)>;
 
 	using resolve_symbol_t = std::function<std::uintptr_t(const char*)>;
@@ -21,10 +21,10 @@ namespace theo
 	public:
 		explicit hmm_ctx(const mapper_routines_t& routines);
 		auto map_objs(std::vector<lnk::obj_buffer_t>& objs) -> bool;
-		auto get_symbol(std::string symbol_name)->std::uintptr_t;
+		auto get_symbol(std::string symbol_name) -> std::uintptr_t;
 
-		malloc_t kalloc;
-		memcpy_t kmemcpy;
+		malloc_t alloc;
+		memcpy_t mcopy;
 		resolve_symbol_t resolve_symbol;
 	private:
 		bool map_symbols(std::vector<lnk::obj_buffer_t>& objs);

include/theo.h

@@ -10,7 +10,7 @@ namespace lnk { using obj_buffer_t = std::vector<std::uint8_t>; }
 
 namespace theo
 {
-	using malloc_t = std::function<decltype(malloc)>;
+	using malloc_t = std::function<void*(std::size_t bytes, std::uint32_t prot)>;
 	using memcpy_t = std::function<decltype(memcpy)>;
 
 	using resolve_symbol_t = std::function<std::uintptr_t(const char*)>;

src/Theodosius/theo.cpp

@@ -213,8 +213,9 @@ namespace theo
 				// these symbols are generated by llvm-obfuscator as "x" and "y"... 
 				else if (reloc.raw_symbol.StorageClass == IMAGE_SYM_CLASS_EXTERNAL && reloc.raw_symbol.Value)
 				{
-					const auto zero_me = alloc(reloc.raw_symbol.Value);
+					const auto zero_me = alloc(reloc.raw_symbol.Value, PAGE_READWRITE);
 					const auto zero_size = malloc(reloc.raw_symbol.Value);
+
 					memset(zero_size, NULL, reloc.raw_symbol.Value);
 					mcopy(zero_me, zero_size, reloc.raw_symbol.Value);
 					free(zero_size);
@@ -383,7 +384,7 @@ namespace theo
 										// these symbols are generated by llvm-obfuscator as "x" and "y"... 
 										else if (reloc.raw_symbol.StorageClass == IMAGE_SYM_CLASS_EXTERNAL && reloc.raw_symbol.Value)
 										{
-											const auto zero_me = alloc(reloc.raw_symbol.Value);
+											const auto zero_me = alloc(reloc.raw_symbol.Value, PAGE_READWRITE);
 											const auto zero_size = malloc(reloc.raw_symbol.Value);
 											memset(zero_size, NULL, reloc.raw_symbol.Value);
 											mcopy(zero_me, zero_size, reloc.raw_symbol.Value);
@@ -527,7 +528,7 @@ namespace theo
 
 					mapped_symbols[new_symbol] =
 						reinterpret_cast<std::uintptr_t>(
-							alloc(new_gadget->get_size()));
+							alloc(new_gadget->get_size(), PAGE_EXECUTE_READWRITE));
 
 					obfuscated_gadgets[mapped_symbols[new_symbol]] = new_gadget;
 					DBG_PRINT("\t\t> %s allocated = 0x%p, size = %d\n", new_symbol.c_str(),
@@ -565,7 +566,7 @@ namespace theo
 				if (symbol.type == IMAGE_SYM_FUNCTION)
 				{
 					mapped_symbols[symbol.symbol_name] =
-						reinterpret_cast<std::uintptr_t>(alloc(symbol.size));
+						reinterpret_cast<std::uintptr_t>(alloc(symbol.size, PAGE_EXECUTE_READWRITE));
 
 					DBG_PRINT("\t> %s allocated at = 0x%p, size = %d\n",
 						symbol.symbol_name.c_str(), mapped_symbols[symbol.symbol_name], symbol.size);
@@ -584,7 +585,7 @@ namespace theo
 					{
 						mapped_symbols[data_section_sym] =
 							reinterpret_cast<std::uintptr_t>(alloc(
-								section_headers[symbol.section_number - 1].SizeOfRawData));
+								section_headers[symbol.section_number - 1].SizeOfRawData, PAGE_READWRITE));
 
 						DBG_PRINT("\t> section %s allocated at = 0x%p, size = %d\n",
 							data_section_sym.c_str(),
@@ -638,7 +639,7 @@ namespace theo
 				{
 					mapped_symbols[data_section_sym] =
 						reinterpret_cast<std::uintptr_t>(alloc(
-							section_headers[idx].SizeOfRawData));
+							section_headers[idx].SizeOfRawData, PAGE_READWRITE));
 
 					DBG_PRINT("\t> section %s allocated at = 0x%p, size = %d\n",
 						data_section_sym.c_str(),

src/Theodosius/theo.h

@@ -16,7 +16,7 @@
 #pragma comment(lib, "Dbghelp.lib")
 namespace theo
 {
-	using malloc_t = std::function<decltype(malloc)>;
+	using malloc_t = std::function<void*(std::size_t bytes, std::uint32_t prot)>;
 	using memcpy_t = std::function<decltype(memcpy)>;
 
 	using resolve_symbol_t = std::function<std::uintptr_t(const char*)>;