From 8d5ac32e66f4bb0307dc0d2145bfaa5feaa2014a Mon Sep 17 00:00:00 2001 From: _xeroxz Date: Mon, 8 Mar 2021 06:54:46 +0000 Subject: [PATCH] Update README.md --- README.md | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 24da0b3..240acf4 100644 --- a/README.md +++ b/README.md @@ -17,6 +17,34 @@ The usage of the word obfuscation in this project is use to define any changes m ### Obfuscation - Base Class -The base class, as described in the above section, contains a handful of util routines such as `get_size()`, +The base class, as described in the above section, contains a handful of util routines and a single explicit constructor which is the corner stone of the class. The constructor fixes JCC relative virtual addresses so that if the condition is met, instead of jumping instruction pointer relativitly, it will jump to an addition jmp (`JMP [RIP+0x0]`). LEA, nor CALL are rip relative, even for symbols defined inside of the routine in which the instruction is compiled into. In other words JCC instructions are the only instruction pointer relative instructions that are generated. + +```cpp +reloc_t inline_jmp_reloc +{ + reloc_type::next_instruction_addr, + JMP_RIP_ADDR_IDX +}; + +reloc_t inline_jmp_branch +{ + reloc_type::jcc, + JMP_RIP_ADDR_IDX, + *reinterpret_cast(rva_fix_addr) +}; + +std::printf(" > fixing JCC rva...\n"); +std::printf(" > new rva = 0x%x\n", JMP_RIP_SIZE); +std::printf(" > old rva = 0x%x\n", + *reinterpret_cast(rva_fix_addr)); + +// when you inherit obfuscate please be mindful of JCC rvas... +*reinterpret_cast(rva_fix_addr) = JMP_RIP_SIZE; + +gadget_stack.push_back({ instruction.second, {} }); +gadget_stack.push_back({ jmp_rip, inline_jmp_reloc }); +gadget_stack.push_back({ jmp_rip, inline_jmp_branch }); +``` + +### Mutation - Inherts Obfuscation -### Mutation - Inherts Obfuscation \ No newline at end of file