Update README.md

2.0
_xeroxz 4 years ago
parent f08ad5636f
commit a3e8ba3c40

@ -17,6 +17,15 @@
* `theo::malloc_t` - allocate executable memory * `theo::malloc_t` - allocate executable memory
* `theo::resolve_symbol_t` - resolve external symbol * `theo::resolve_symbol_t` - resolve external symbol
* Creating Instance * Creating Instance
* Calling Entry
* MSREXEC - Call Entry Example
* VDM - Call Entry Example
* WinAPI - Call Entry Example
* RIP Relative Addressing
* JCC - RIP Relative
* Obfuscation
* Obfuscate - Base Class
* Mutation - Inherts Obfuscation
# Theodosius - Jit linker, Mapper, Mutator, and Obfuscator # Theodosius - Jit linker, Mapper, Mutator, and Obfuscator
@ -275,7 +284,7 @@ const auto entry_result =
reinterpret_cast<void*>(drv_entry)); reinterpret_cast<void*>(drv_entry));
``` ```
#### WinAPI - CreateRemoteThread #### WinAPI - Call Entry Example
Another example, this one using WinAPI's, can be seen below. Another example, this one using WinAPI's, can be seen below.
@ -345,6 +354,8 @@ As you can see from the code above, (sorry for the terrible syntax highlighting)
Each of these instructions can be anywhere in virtual memory and it would not effect code execution one bit. However this is not the case with routines which have conditional branches. Take the following c++ code for example. Each of these instructions can be anywhere in virtual memory and it would not effect code execution one bit. However this is not the case with routines which have conditional branches. Take the following c++ code for example.
## JCC - RIP Relative
```cpp ```cpp
ObfuscateRoutine ObfuscateRoutine
void LoopDemo() void LoopDemo()

Loading…
Cancel
Save