theo::obf::transform::operation_t Class Reference

operation_t is the base class for all types of transformations. classes that inherit this class are singleton and simply call the super constructor (operation_t::operation_t). More...

#include <operation.hpp>

Inheritance diagram for theo::obf::transform::operation_t:

Public Member Functions
	operation_t (transform_t op, xed_iclass_enum_t type)
	explicit constructor for operation_t More...
std::vector< std::uint8_t >	native (const xed_decoded_inst_t *inst, std::uint32_t imm)
	generates a native transform instruction given an existing instruction. it works like so: More...
xed_iclass_enum_t	inverse ()
	gets the inverse operation of the current operation. More...
transform_t *	get_transform ()
	gets a pointer to the lambda function which contains the transform logic. More...
xed_iclass_enum_t	type ()
	gets the operation type. such as XED_ICLASS_ADD, XED_ICLASS_SUB, etc... More...

Static Public Member Functions
static std::size_t	random (std::size_t lowest, std::size_t largest)
	generate a random number in a range. More...

Detailed Description

operation_t is the base class for all types of transformations. classes that inherit this class are singleton and simply call the super constructor (operation_t::operation_t).

Constructor & Destructor Documentation

operation_t()

theo::obf::transform::operation_t::operation_t ( transform_t  op, xed_iclass_enum_t  type  )

inlineexplicit

explicit constructor for operation_t

Parameters

op	lambda function when executed applies transformations.
type	type of transformation, such as XOR, ADD, SUB, etc...

      : m_transform(op), m_type(type) {}

Member Function Documentation

get_transform()

transform_t* theo::obf::transform::operation_t::get_transform ( )

inline

gets a pointer to the lambda function which contains the transform logic.

Returns

a pointer to the lambda function which contains the transform logic.

{ return &m_transform; }

inverse()

xed_iclass_enum_t theo::obf::transform::operation_t::inverse ( )

inline

gets the inverse operation of the current operation.

Returns

the inverse operation of the current operation.

{ return m_inverse_op[m_type]; }

native()

std::vector<std::uint8_t> theo::obf::transform::operation_t::native ( const xed_decoded_inst_t *  inst, std::uint32_t  imm  )

inline

generates a native transform instruction given an existing instruction. it works like so:

mov rax, &MessageBoxA ; original instruction with relocation

; this function takes the first operand and out of the original ; instruction and uses it to generate a transformation.

xor rax, 0x39280928 ; this would be an example output for the xor ;operation.

Parameters

inst	instruction with a relocation to generate a transformation for.
imm	random 32bit number used in the generate transform.

Returns

returns the bytes of the native instruction that was encoded.

                                                    {
    std::uint32_t inst_len = {};
    std::uint8_t inst_buff[XED_MAX_INSTRUCTION_BYTES];
 
    xed_error_enum_t err;
    xed_encoder_request_init_from_decode((xed_decoded_inst_s*)inst);
    xed_encoder_request_t* req = (xed_encoder_request_t*)inst;
 
    switch (m_type) {
      case XED_ICLASS_ROR:
      case XED_ICLASS_ROL:
        xed_encoder_request_set_uimm0(req, imm, 1);
        break;
      default:
        xed_encoder_request_set_uimm0(req, imm, 4);
        break;
    }
 
    xed_encoder_request_set_iclass(req, m_type);
    xed_encoder_request_set_operand_order(req, 1, XED_OPERAND_IMM0);
 
    if ((err = xed_encode(req, inst_buff, sizeof(inst_buff), &inst_len)) !=
        XED_ERROR_NONE) {
      spdlog::error("failed to encode instruction... reason: {}",
                    xed_error_enum_t2str(err));
 
      assert(err == XED_ERROR_NONE);
    }
 
    return std::vector<std::uint8_t>(inst_buff, inst_buff + inst_len);
  }

random()

static std::size_t theo::obf::transform::operation_t::random ( std::size_t  lowest, std::size_t  largest  )

inlinestatic

generate a random number in a range.

Parameters

lowest	lowest value of the range.
largest	highest value of the range.

Returns

a random value in a range.

                                                               {
    std::random_device rd;
    std::mt19937 gen(rd());
    std::uniform_int_distribution<std::size_t> distr(lowest, largest);
    return distr(gen);
  }

type()

xed_iclass_enum_t theo::obf::transform::operation_t::type ( )

inline

gets the operation type. such as XED_ICLASS_ADD, XED_ICLASS_SUB, etc...

Returns

the operation type. such as XED_ICLASS_ADD, XED_ICLASS_SUB, etc...

{ return m_type; }

---

The documentation for this class was generated from the following file:

• include/obf/transform/operation.hpp