Theodosius
v3.0
Jit linker, mapper, obfuscator, and mutator
|
Ctheo::decomp::decomp_t | the main decomposition class which is responsible for breaking down lib file into coff files, and extracted used symbols from the coff files |
Ctheo::obf::engine_t | singleton obfuscation engine class. this class is responsible for keeping track of the registered passes and the order in which to execute them |
▼Ctheo::obf::transform::operation_t | operation_t is the base class for all types of transformations. classes that inherit this class are singleton and simply call the super constructor (operation_t::operation_t) |
Ctheo::obf::transform::add_op_t | |
Ctheo::obf::transform::rol_op_t | |
Ctheo::obf::transform::ror_op_t | |
Ctheo::obf::transform::sub_op_t | |
Ctheo::obf::transform::xor_op_t | |
▼Ctheo::obf::pass_t | the pass_t class is a base clase for all passes made. you must override the pass_t::run virtual function and declare the logic of your pass there |
Ctheo::obf::jcc_rewrite_pass_t | jcc rewrite pass which rewrites rip relative jcc's so that they are position independent |
Ctheo::obf::next_inst_pass_t | This pass is used to generate transformations and jmp code to change RIP to the next instruction |
Ctheo::obf::reloc_transform_pass_t | this pass is like the next_inst_pass, however, relocations are encrypted with transformations instead of the address of the next instruction. this pass only runs at the instruction level and appends transformations into the reloc_t object of the instruction symbol |
Ctheo::recomp::recomp_t | the main class responsible for recomposition |
Ctheo::recomp::reloc_t | meta data about a relocation for a symbol |
Ctheo::decomp::routine_t | the routine class which is responsible for creating symbols for routines. if the routine is located inside a section with the name ".split" it will break functions into instruction symbols |
Ctheo::decomp::symbol_t | symbol_t is an abstraction upon the coff symbol. this allows for easier manipulation of the symbol. symbols can be different things, sections, functions, and even instructions (when functions are broken down) |
Ctheo::recomp::symbol_table_t | this class is a high level wrapper for a hashmap that contains decomp::symbol_t values. the symbol values are references by a hashcode |
Ctheo::theo_t | the main class which encapsulates a symbol table, decomp, and recomp objects. This class is a bridge that connects all three: decomp, obf, recomp |