From 798c110961542ea8e96c40f30805895eae243300 Mon Sep 17 00:00:00 2001 From: _xeroxz Date: Mon, 8 Mar 2021 18:35:11 +0000 Subject: [PATCH] Update README.md --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 0cda303..e549387 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,7 @@ Since Theo is a jit linker, unexported symbols can be jit linked. Resolving such * Usermode Example * License -# Linking - Dynamic And Static +## Linking - Dynamic And Static #### What Is A Linker @@ -304,7 +304,7 @@ CreateRemoteThread ); ``` -# RIP Relative Addressing +## RIP Relative Addressing In order to allow for a routine to be scattered throughout a 64bit address space, RIP relative addressing must not be used. In order to facilitate this, a very special version of clang-cl is used which can use `mcmodel=large`. This will generate instructions which do not use RIP relative addressing when referencing symbols outside of the routine in which the @@ -408,7 +408,7 @@ ffff998b`c5369e74 ff2500000000 jmp qword ptr [ffff998b`c5369e7a] The linker is able to get the address of the branching code by taking the rip relative virtual address of the branching operation, which is a signed number, and adding it to the current byte offset into the current routine, plus the size of the branching instruction. For example `LoopDemo@17` + size of the branching instruction, which is six bytes, then adding the signed relative virtual address (0x2A). The result of this simple calculation gives us `LoopDemo@65`, which is correct, the branch goes to `add rsp, 28h` in the above example. -# Obfuscation +## Obfuscation The usage of the word obfuscation in this project is use to define any changes made to code, this includes code flow. `obfuscation::obfuscate`, a base class, which is inherited and expanded upon by `obfuscation::mutation`, obfuscates code flow by inserting `JMP [RIP+0x0]` instructions after every single instruction. This allows for a routine to be broken up into unique allocations of memory and thus provides more canvas room for creative ideas.