Update README.md

2.0
_xeroxz 4 years ago
parent 3ff9d4f3fd
commit 8d5ac32e66

@ -17,6 +17,34 @@ The usage of the word obfuscation in this project is use to define any changes m
### Obfuscation - Base Class
The base class, as described in the above section, contains a handful of util routines such as `get_size()`,
The base class, as described in the above section, contains a handful of util routines and a single explicit constructor which is the corner stone of the class. The constructor fixes JCC relative virtual addresses so that if the condition is met, instead of jumping instruction pointer relativitly, it will jump to an addition jmp (`JMP [RIP+0x0]`). LEA, nor CALL are rip relative, even for symbols defined inside of the routine in which the instruction is compiled into. In other words JCC instructions are the only instruction pointer relative instructions that are generated.
```cpp
reloc_t inline_jmp_reloc
{
reloc_type::next_instruction_addr,
JMP_RIP_ADDR_IDX
};
reloc_t inline_jmp_branch
{
reloc_type::jcc,
JMP_RIP_ADDR_IDX,
*reinterpret_cast<std::int32_t*>(rva_fix_addr)
};
std::printf(" > fixing JCC rva...\n");
std::printf(" > new rva = 0x%x\n", JMP_RIP_SIZE);
std::printf(" > old rva = 0x%x\n",
*reinterpret_cast<std::int32_t*>(rva_fix_addr));
// when you inherit obfuscate please be mindful of JCC rvas...
*reinterpret_cast<std::int32_t*>(rva_fix_addr) = JMP_RIP_SIZE;
gadget_stack.push_back({ instruction.second, {} });
gadget_stack.push_back({ jmp_rip, inline_jmp_reloc });
gadget_stack.push_back({ jmp_rip, inline_jmp_branch });
```
### Mutation - Inherts Obfuscation

Loading…
Cancel
Save