this pass is like the next_inst_pass, however, relocations are encrypted with transformations instead of the address of the next instruction. this pass only runs at the instruction level and appends transformations into the reloc_t object of the instruction symbol. More...
#include <reloc_transform_pass.hpp>
Public Member Functions | |
| void | run (decomp::symbol_t *sym) |
| virtual method which must be implimented by the pass that inherits this class. More... | |
 Public Member Functions inherited from theo::obf::pass_t | |
| pass_t (decomp::sym_type_t sym_type) | |
| the explicit constructor of the pass_t base class. More... | |
| decomp::sym_type_t | sym_type () |
| gets the passes symbol type. More... | |
Static Public Member Functions | |
| static reloc_transform_pass_t * | get () |
Detailed Description
this pass is like the next_inst_pass, however, relocations are encrypted with transformations instead of the address of the next instruction. this pass only runs at the instruction level and appends transformations into the reloc_t object of the instruction symbol.
given the following code:
mov rax, &MessageBoxA
this pass will generate a random number of transformations to encrypt the address of "MessageBoxA". These transformations will then be applied by theodosius internally when resolving relocations.
mov rax, enc_MessageBoxA xor rax, 0x389284324 add rax, 0x345332567 ror rax, 0x5353
Member Function Documentation
◆ get()
|
static |
◆ run()
|
virtual |
virtual method which must be implimented by the pass that inherits this class.
- Parameters
-
sym a symbol of the same type of m_sym_type.
Implements theo::obf::pass_t.
The documentation for this class was generated from the following files:
- include/obf/passes/reloc_transform_pass.hpp
- src/obf/passes/reloc_transform_pass.cpp
