theo::obf::reloc_transform_pass_t Class Reference

this pass is like the next_inst_pass, however, relocations are encrypted with transformations instead of the address of the next instruction. this pass only runs at the instruction level and appends transformations into the reloc_t object of the instruction symbol. More...

#include "reloc_transform_pass.hpp"

Inheritance diagram for theo::obf::reloc_transform_pass_t:

Public Member Functions
void	run (decomp::symbol_t *sym)
	virtual method which must be implimented by the pass that inherits this class. More...
Public Member Functions inherited from theo::obf::pass_t
	pass_t (decomp::sym_type_t sym_type)
	the explicit constructor of the pass_t base class. More...
virtual void	run (decomp::symbol_t *sym)=0
	virtual method which must be implimented by the pass that inherits this class. More...
decomp::sym_type_t	sym_type ()
	gets the passes symbol type. More...

Static Public Member Functions
static reloc_transform_pass_t *	get ()

Detailed Description

this pass is like the next_inst_pass, however, relocations are encrypted with transformations instead of the address of the next instruction. this pass only runs at the instruction level and appends transformations into the reloc_t object of the instruction symbol.

given the following code:

mov rax, &MessageBoxA

this pass will generate a random number of transformations to encrypt the address of "MessageBoxA". These transformations will then be applied by theodosius internally when resolving relocations.

mov rax, enc_MessageBoxA
xor rax, 0x389284324
add rax, 0x345332567
ror rax, 0x5353

Definition at line 56 of file reloc_transform_pass.hpp.

Member Function Documentation

get()

reloc_transform_pass_t * theo::obf::reloc_transform_pass_t::get ( )

static

Definition at line 34 of file reloc_transform_pass.cpp.

                                                    {
  static reloc_transform_pass_t obj;
  return &obj;
}

Referenced by main().

run()

void theo::obf::reloc_transform_pass_t::run ( decomp::symbol_t *  sym )

virtual

virtual method which must be implimented by the pass that inherits this class.

Parameters

sym	a symbol of the same type of m_sym_type.

Implements theo::obf::pass_t.

Definition at line 39 of file reloc_transform_pass.cpp.

                                                    {
  std::optional<recomp::reloc_t*> reloc;
  if (!(reloc = has_legit_reloc(sym)).has_value())
    return;
 
  spdlog::info("adding transformations to relocation in symbol: {}",
               sym->name());
 
  xed_error_enum_t err;
  xed_decoded_inst_t inst;
  xed_state_t istate{XED_MACHINE_MODE_LONG_64, XED_ADDRESS_WIDTH_64b};
  xed_decoded_inst_zero_set_mode(&inst, &istate);
 
  if ((err = xed_decode(&inst, sym->data().data(), sym->data().size())) !=
      XED_ERROR_NONE) {
    spdlog::error("failed to decode instruction, reason: {} in symbol: {}",
                  xed_error_enum_t2str(err), sym->name());
 
    assert(err == XED_ERROR_NONE);
  }
 
  auto transforms_bytes = transform::generate(&inst, reloc.value(), 3, 6);
  sym->data().insert(sym->data().end(), transforms_bytes.begin(),
                     transforms_bytes.end());
};

References theo::decomp::symbol_t::data(), theo::obf::transform::generate(), and theo::decomp::symbol_t::name().

---

The documentation for this class was generated from the following files:

• include/obf/passes/reloc_transform_pass.hpp
• src/obf/passes/reloc_transform_pass.cpp