theo::obf::transform Namespace Reference

this namespace encompasses the code for transforming relocations. More...

Data Structures
class	add_op_t
class	operation_t
	operation_t is the base class for all types of transformations. classes that inherit this class are singleton and simply call the super constructor (operation_t::operation_t). More...
class	rol_op_t
class	ror_op_t
class	sub_op_t
class	xor_op_t

Typedefs
using	transform_t = std::function< std::size_t(std::size_t, std::uint32_t)>
	lambda function which takes in a 64bit value (relocation address) and a 32bit value (random value used in transformation). More...

Functions
std::vector< std::uint8_t >	generate (xed_decoded_inst_t *inst, recomp::reloc_t *reloc, std::uint8_t low, std::uint8_t high)
	generate a sequence of transformations given an instruction that has a relocation in it. More...

Variables
std::map< xed_iclass_enum_t, operation_t * >	operations
	map of all of the operations and their type. More...

Detailed Description

this namespace encompasses the code for transforming relocations.

Typedef Documentation

transform_t

using theo::obf::transform::transform_t = typedef std::function<std::size_t(std::size_t, std::uint32_t)>

lambda function which takes in a 64bit value (relocation address) and a 32bit value (random value used in transformation).

Definition at line 54 of file operation.hpp.

Function Documentation

generate()

std::vector< std::uint8_t > theo::obf::transform::generate ( xed_decoded_inst_t *  inst, recomp::reloc_t *  reloc, std::uint8_t  low, std::uint8_t  high  )

inline

generate a sequence of transformations given an instruction that has a relocation in it.

Parameters

inst	instruction that has a relocation in it.
reloc	meta data relocation object for the instruction.
low	lowest number of transformations to generate.
high	highest number of transformations to generate.

Returns

Definition at line 45 of file gen.hpp.

                                                           {
  auto num_transforms = transform::operation_t::random(low, high);
  auto num_ops = transform::operations.size();
  std::vector<std::uint8_t> new_inst_bytes;
 
  std::uint32_t inst_len = {};
  std::uint8_t inst_buff[XED_MAX_INSTRUCTION_BYTES];
  xed_encoder_request_t req;
 
  xed_state_t istate{XED_MACHINE_MODE_LONG_64, XED_ADDRESS_WIDTH_64b};
  xed_encoder_request_zero_set_mode(&req, &istate);
  xed_encoder_request_set_effective_operand_width(&req, 64);
  xed_encoder_request_set_iclass(&req, XED_ICLASS_PUSHFQ);
  xed_encode(&req, inst_buff, sizeof(inst_buff), &inst_len);
  new_inst_bytes.insert(new_inst_bytes.end(), inst_buff, inst_buff + inst_len);
 
  for (auto cnt = 0u; cnt < num_transforms; ++cnt) {
    std::uint32_t imm = transform::operation_t::random(
        0, std::numeric_limits<std::int32_t>::max());
 
    auto itr = transform::operations.begin();
    std::advance(itr, transform::operation_t::random(0, num_ops - 1));
    auto transform_bytes = itr->second->native(inst, imm);
    new_inst_bytes.insert(new_inst_bytes.end(), transform_bytes.begin(),
                          transform_bytes.end());
 
    reloc->add_transform(
        {transform::operations[itr->second->inverse()]->get_transform(), imm});
  }
 
  xed_encoder_request_zero_set_mode(&req, &istate);
  xed_encoder_request_set_effective_operand_width(&req, 64);
  xed_encoder_request_set_iclass(&req, XED_ICLASS_POPFQ);
  xed_encode(&req, inst_buff, sizeof(inst_buff), &inst_len);
  new_inst_bytes.insert(new_inst_bytes.end(), inst_buff, inst_buff + inst_len);
 
  // inverse the order in which the transformations are executed...
  //
  std::reverse(reloc->get_transforms().begin(), reloc->get_transforms().end());
  return new_inst_bytes;
}

References theo::recomp::reloc_t::add_transform(), theo::recomp::reloc_t::get_transforms(), operations, and theo::obf::transform::operation_t::random().

Referenced by theo::obf::next_inst_pass_t::run(), and theo::obf::reloc_transform_pass_t::run().

Variable Documentation

operations

std::map<xed_iclass_enum_t, operation_t*> theo::obf::transform::operations

inline

Initial value:

= {
    {XED_ICLASS_ADD, add_op_t::get()},
    {XED_ICLASS_SUB, sub_op_t::get()},
    {XED_ICLASS_ROL, rol_op_t::get()},
    {XED_ICLASS_ROR, ror_op_t::get()},
    {XED_ICLASS_XOR, xor_op_t::get()}}

map of all of the operations and their type.

Definition at line 42 of file transform.hpp.

Referenced by generate().