this namespace encompasses the code for transforming relocations. More...

Classes
class	add_op_t

class	operation_t
	operation_t is the base class for all types of transformations. classes that inherit this class are singleton and simply call the super constructor (operation_t::operation_t). More...

class	rol_op_t

class	ror_op_t

class	sub_op_t

class	xor_op_t

Typedefs
using	transform_t = std::function< std::size_t(std::size_t, std::uint32_t)>
	lambda function which takes in a 64bit value (relocation address) and a 32bit value (random value used in transformation). More...

Functions
std::vector< std::uint8_t >	generate (xed_decoded_inst_t inst, recomp::reloc_t reloc, std::uint8_t low, std::uint8_t high)
	generate a sequence of transformations given an instruction that has a relocation in it. More...

Variables
std::map< xed_iclass_enum_t, operation_t * >	operations
	map of all of the operations and their type. More...

Detailed Description

this namespace encompasses the code for transforming relocations.

Typedef Documentation

◆ transform_t

using theo::obf::transform::transform_t = typedef std::function<std::size_t(std::size_t, std::uint32_t)>

lambda function which takes in a 64bit value (relocation address) and a 32bit value (random value used in transformation).

Function Documentation

◆ generate()

std::vector<std::uint8_t> theo::obf::transform::generate	(	xed_decoded_inst_t *	inst,
		recomp::reloc_t *	reloc,
		std::uint8_t	low,
		std::uint8_t	high
	)

inline

generate a sequence of transformations given an instruction that has a relocation in it.

Parameters

inst	instruction that has a relocation in it.
reloc	meta data relocation object for the instruction.
low	lowest number of transformations to generate.
high	highest number of transformations to generate.

Returns

                                                            {
   auto num_transforms = transform::operation_t::random(low, high);
   auto num_ops = transform::operations.size();
   std::vector<std::uint8_t> new_inst_bytes;
  
   std::uint32_t inst_len = {};
   std::uint8_t inst_buff[XED_MAX_INSTRUCTION_BYTES];
   xed_encoder_request_t req;
  
   xed_state_t istate{XED_MACHINE_MODE_LONG_64, XED_ADDRESS_WIDTH_64b};
   xed_encoder_request_zero_set_mode(&req, &istate);
   xed_encoder_request_set_effective_operand_width(&req, 64);
   xed_encoder_request_set_iclass(&req, XED_ICLASS_PUSHFQ);
   xed_encode(&req, inst_buff, sizeof(inst_buff), &inst_len);
   new_inst_bytes.insert(new_inst_bytes.end(), inst_buff, inst_buff + inst_len);
  
   for (auto cnt = 0u; cnt < num_transforms; ++cnt) {
     std::uint32_t imm = transform::operation_t::random(
         0, std::numeric_limits<std::int32_t>::max());
  
     auto itr = transform::operations.begin();
     std::advance(itr, transform::operation_t::random(0, num_ops - 1));
     auto transform_bytes = itr->second->native(inst, imm);
     new_inst_bytes.insert(new_inst_bytes.end(), transform_bytes.begin(),
                           transform_bytes.end());
  
     reloc->add_transform(
         {transform::operations[itr->second->inverse()]->get_transform(), imm});
   }
  
   xed_encoder_request_zero_set_mode(&req, &istate);
   xed_encoder_request_set_effective_operand_width(&req, 64);
   xed_encoder_request_set_iclass(&req, XED_ICLASS_POPFQ);
   xed_encode(&req, inst_buff, sizeof(inst_buff), &inst_len);
   new_inst_bytes.insert(new_inst_bytes.end(), inst_buff, inst_buff + inst_len);
  
   // inverse the order in which the transformations are executed...
   //
   std::reverse(reloc->get_transforms().begin(), reloc->get_transforms().end());
   return new_inst_bytes;
 }

Variable Documentation

◆ operations

std::map<xed_iclass_enum_t, operation_t*> theo::obf::transform::operations

inline

Initial value:

= {
    {XED_ICLASS_ADD, add_op_t::get()},
    {XED_ICLASS_SUB, sub_op_t::get()},
    {XED_ICLASS_ROL, rol_op_t::get()},
    {XED_ICLASS_ROR, ror_op_t::get()},
    {XED_ICLASS_XOR, xor_op_t::get()}}

map of all of the operations and their type.

Classes

Typedefs

Functions