Theodosius v3.0
Jit linker, symbol mapper, and obfuscator
|
jcc rewrite pass which rewrites rip relative jcc's so that they are position independent. More...
#include "jcc_rewrite_pass.hpp"
Public Member Functions | |
void | run (decomp::symbol_t *sym) |
virtual method which must be implimented by the pass that inherits this class. More... | |
Public Member Functions inherited from theo::obf::pass_t | |
pass_t (decomp::sym_type_t sym_type) | |
the explicit constructor of the pass_t base class. More... | |
virtual void | run (decomp::symbol_t *sym)=0 |
virtual method which must be implimented by the pass that inherits this class. More... | |
decomp::sym_type_t | sym_type () |
gets the passes symbol type. More... | |
Static Public Member Functions | |
static jcc_rewrite_pass_t * | get () |
jcc rewrite pass which rewrites rip relative jcc's so that they are position independent.
given the following code:
jnz label1 ; other code goes here
label1: ; more code here
the jnz instruction will be rewritten so that the following code is generated:
jnz br2
br1: jmp [rip] ; address after this instruction contains the address ; of the instruction after the jcc. br2: jmp [rip] ; address after this instruction contains the address of where ; branch 2 is located.
its important to note that other passes will encrypt (transform) the address of the next instruction. There is actually no jmp [rip] either, push/ret is used.
Definition at line 61 of file jcc_rewrite_pass.hpp.
|
static |
Definition at line 35 of file jcc_rewrite_pass.cpp.
Referenced by main().
|
virtual |
virtual method which must be implimented by the pass that inherits this class.
sym | a symbol of the same type of m_sym_type. |
Implements theo::obf::pass_t.
Definition at line 40 of file jcc_rewrite_pass.cpp.
References theo::decomp::symbol_t::data(), theo::obf::next_inst_pass_t::get(), theo::decomp::symbol_t::hash(), theo::decomp::symbol_t::img(), theo::decomp::symbol_t::offset(), theo::decomp::symbol_t::relocs(), theo::obf::next_inst_pass_t::run(), and theo::decomp::symbol_t::sym().