\hypertarget{main_8cpp}{}\doxysection{examples/demo/main.cpp File Reference} \label{main_8cpp}\index{examples/demo/main.cpp@{examples/demo/main.cpp}} {\ttfamily \#include $<$Windows.\+h$>$}\newline {\ttfamily \#include $<$psapi.\+h$>$}\newline {\ttfamily \#include $<$filesystem$>$}\newline {\ttfamily \#include $<$fstream$>$}\newline {\ttfamily \#include $<$iostream$>$}\newline {\ttfamily \#include $<$spdlog/spdlog.\+h$>$}\newline {\ttfamily \#include $<$theo.\+hpp$>$}\newline {\ttfamily \#include $<$obf/engine.\+hpp$>$}\newline {\ttfamily \#include $<$obf/passes/jcc\+\_\+rewrite\+\_\+pass.\+hpp$>$}\newline {\ttfamily \#include $<$obf/passes/next\+\_\+inst\+\_\+pass.\+hpp$>$}\newline {\ttfamily \#include $<$obf/passes/reloc\+\_\+transform\+\_\+pass.\+hpp$>$}\newline {\ttfamily \#include \char`\"{}hello\+\_\+world\+\_\+pass.\+hpp\char`\"{}}\newline \doxysubsection*{Functions} \begin{DoxyCompactItemize} \item int \mbox{\hyperlink{main_8cpp_a0ddf1224851353fc92bfbff6f499fa97}{main}} (int argc, char $\ast$argv\mbox{[}$\,$\mbox{]}) \begin{DoxyCompactList}\small\item\em example usage of how to interface with theo. please refer to the source code of this function for details. \end{DoxyCompactList}\end{DoxyCompactItemize} \doxysubsection{Function Documentation} \mbox{\Hypertarget{main_8cpp_a0ddf1224851353fc92bfbff6f499fa97}\label{main_8cpp_a0ddf1224851353fc92bfbff6f499fa97}} \index{main.cpp@{main.cpp}!main@{main}} \index{main@{main}!main.cpp@{main.cpp}} \doxysubsubsection{\texorpdfstring{main()}{main()}} {\footnotesize\ttfamily int main (\begin{DoxyParamCaption}\item[{int}]{argc, }\item[{char $\ast$}]{argv\mbox{[}$\,$\mbox{]} }\end{DoxyParamCaption})} example usage of how to interface with theo. please refer to the source code of this function for details. \begin{DoxyParams}{Parameters} {\em argc} & \\ \hline {\em argv} & \\ \hline \end{DoxyParams} \begin{DoxyReturn}{Returns} \end{DoxyReturn} Definition at line \mbox{\hyperlink{main_8cpp_source_l00057}{57}} of file \mbox{\hyperlink{main_8cpp_source}{main.\+cpp}}. \begin{DoxyCode}{0} \DoxyCodeLine{00057 \{} \DoxyCodeLine{00058 \textcolor{keywordflow}{if} (argc < 2)} \DoxyCodeLine{00059 \textcolor{keywordflow}{return} -\/1;} \DoxyCodeLine{00060 } \DoxyCodeLine{00061 \textcolor{comment}{// read in lib file...}} \DoxyCodeLine{00062 std::ifstream f(argv[1], std::ios::binary);} \DoxyCodeLine{00063 \textcolor{keyword}{auto} fsize = fs::file\_size(fs::path(argv[1]));} \DoxyCodeLine{00064 std::vector fdata;} \DoxyCodeLine{00065 fdata.resize(fsize);} \DoxyCodeLine{00066 f.read((\textcolor{keywordtype}{char}*)fdata.data(), fsize);} \DoxyCodeLine{00067 } \DoxyCodeLine{00068 LoadLibraryA(\textcolor{stringliteral}{"{}user32.dll"{}});} \DoxyCodeLine{00069 LoadLibraryA(\textcolor{stringliteral}{"{}win32u.dll"{}});} \DoxyCodeLine{00070 } \DoxyCodeLine{00071 \textcolor{comment}{// declare your allocator, resolver, and copier lambda functions.}} \DoxyCodeLine{00072 \textcolor{comment}{//}} \DoxyCodeLine{00073 } \DoxyCodeLine{00074 \mbox{\hyperlink{namespacetheo_1_1recomp_a96995cb0c5291dce945760c3d8f55241}{theo::recomp::allocator\_t}} allocator =} \DoxyCodeLine{00075 [\&](std::uint32\_t size,} \DoxyCodeLine{00076 coff::section\_characteristics\_t section\_type) -\/> std::uintptr\_t \{} \DoxyCodeLine{00077 \textcolor{keywordflow}{return} \textcolor{keyword}{reinterpret\_cast<}std::uintptr\_t\textcolor{keyword}{>}(VirtualAlloc(} \DoxyCodeLine{00078 NULL, size, MEM\_COMMIT | MEM\_RESERVE,} \DoxyCodeLine{00079 section\_type.mem\_execute ? PAGE\_EXECUTE\_READWRITE : PAGE\_READWRITE));} \DoxyCodeLine{00080 \};} \DoxyCodeLine{00081 } \DoxyCodeLine{00082 \mbox{\hyperlink{namespacetheo_1_1recomp_a604e81450773453df676c3b573651adc}{theo::recomp::copier\_t}} copier = [\&](std::uintptr\_t ptr, \textcolor{keywordtype}{void}* buff,} \DoxyCodeLine{00083 std::uint32\_t size) \{} \DoxyCodeLine{00084 std::memcpy((\textcolor{keywordtype}{void}*)ptr, buff, size);} \DoxyCodeLine{00085 \};} \DoxyCodeLine{00086 } \DoxyCodeLine{00087 \mbox{\hyperlink{namespacetheo_1_1recomp_a7364f8c94855a2a871a9d6e1057989f3}{theo::recomp::resolver\_t}} resolver = [\&](std::string sym) -\/> std::uintptr\_t \{} \DoxyCodeLine{00088 \textcolor{keyword}{auto} loaded\_modules = std::make\_unique(64);} \DoxyCodeLine{00089 std::uintptr\_t result = 0u, loaded\_module\_sz = 0u;} \DoxyCodeLine{00090 \textcolor{keywordflow}{if} (!EnumProcessModules(GetCurrentProcess(), loaded\_modules.get(), 512,} \DoxyCodeLine{00091 (PDWORD)\&loaded\_module\_sz))} \DoxyCodeLine{00092 \textcolor{keywordflow}{return} \{\};} \DoxyCodeLine{00093 } \DoxyCodeLine{00094 \textcolor{keywordflow}{for} (\textcolor{keyword}{auto} i = 0u; i < loaded\_module\_sz / 8u; i++) \{} \DoxyCodeLine{00095 \textcolor{keywordtype}{wchar\_t} file\_name[MAX\_PATH] = L\textcolor{stringliteral}{"{}"{}};} \DoxyCodeLine{00096 \textcolor{keywordflow}{if} (!GetModuleFileNameExW(GetCurrentProcess(), loaded\_modules.get()[i],} \DoxyCodeLine{00097 file\_name, \_countof(file\_name)))} \DoxyCodeLine{00098 \textcolor{keywordflow}{continue};} \DoxyCodeLine{00099 } \DoxyCodeLine{00100 \textcolor{keywordflow}{if} ((result = \textcolor{keyword}{reinterpret\_cast<}std::uintptr\_t\textcolor{keyword}{>}(} \DoxyCodeLine{00101 GetProcAddress(LoadLibraryW(file\_name), sym.c\_str()))))} \DoxyCodeLine{00102 \textcolor{keywordflow}{break};} \DoxyCodeLine{00103 \}} \DoxyCodeLine{00104 \textcolor{keywordflow}{return} result;} \DoxyCodeLine{00105 \};} \DoxyCodeLine{00106 } \DoxyCodeLine{00107 \textcolor{comment}{// init enc/dec tables only once... important that this is done before adding}} \DoxyCodeLine{00108 \textcolor{comment}{// obfuscation passes to the engine...}} \DoxyCodeLine{00109 \textcolor{comment}{//}} \DoxyCodeLine{00110 xed\_tables\_init();} \DoxyCodeLine{00111 } \DoxyCodeLine{00112 \textcolor{comment}{// order matters, the order in which the pass is added is the order they}} \DoxyCodeLine{00113 \textcolor{comment}{// will be executed!}} \DoxyCodeLine{00114 \textcolor{comment}{//}} \DoxyCodeLine{00115 \textcolor{keyword}{auto} engine = \mbox{\hyperlink{classtheo_1_1obf_1_1engine__t_a58715f5c3ade824a65e602aba570040e}{theo::obf::engine\_t::get}}();} \DoxyCodeLine{00116 } \DoxyCodeLine{00117 \textcolor{comment}{// add in our hello world pass here}} \DoxyCodeLine{00118 \textcolor{comment}{//}} \DoxyCodeLine{00119 engine-\/>add\_pass(\mbox{\hyperlink{classtheo_1_1obf_1_1hello__world__pass__t_aa556436f48335fe485d96ebc44ac2293}{theo::obf::hello\_world\_pass\_t::get}}());} \DoxyCodeLine{00120 } \DoxyCodeLine{00121 \textcolor{comment}{// add the rest of the passes in this order. this order is important.}} \DoxyCodeLine{00122 \textcolor{comment}{//}} \DoxyCodeLine{00123 engine-\/>add\_pass(\mbox{\hyperlink{classtheo_1_1obf_1_1reloc__transform__pass__t_a89aa46da5f721057cd8cf5189207d464}{theo::obf::reloc\_transform\_pass\_t::get}}());} \DoxyCodeLine{00124 engine-\/>add\_pass(\mbox{\hyperlink{classtheo_1_1obf_1_1next__inst__pass__t_a964e6f5291ccba0442519f2563b3a2e9}{theo::obf::next\_inst\_pass\_t::get}}());} \DoxyCodeLine{00125 engine-\/>add\_pass(\mbox{\hyperlink{classtheo_1_1obf_1_1jcc__rewrite__pass__t_afc17278f751fe3f5868c988faffb3c92}{theo::obf::jcc\_rewrite\_pass\_t::get}}());} \DoxyCodeLine{00126 } \DoxyCodeLine{00127 std::string entry\_name;} \DoxyCodeLine{00128 std::cout << \textcolor{stringliteral}{"{}enter the name of the entry point: "{}};} \DoxyCodeLine{00129 std::cin >> entry\_name;} \DoxyCodeLine{00130 } \DoxyCodeLine{00131 \textcolor{comment}{// create a theo object and pass in the lib, your allocator, copier, and}} \DoxyCodeLine{00132 \textcolor{comment}{// resolver functions, as well as the entry point symbol name.}} \DoxyCodeLine{00133 \textcolor{comment}{//}} \DoxyCodeLine{00134 \mbox{\hyperlink{classtheo_1_1theo__t}{theo::theo\_t}} t(fdata, \{allocator, copier, resolver\}, entry\_name.data());} \DoxyCodeLine{00135 } \DoxyCodeLine{00136 \textcolor{comment}{// call the decompose method to decompose the lib into coff files and extract}} \DoxyCodeLine{00137 \textcolor{comment}{// the symbols that are used. the result of this call will be an optional}} \DoxyCodeLine{00138 \textcolor{comment}{// value containing the number of symbols extracted.}} \DoxyCodeLine{00139 \textcolor{comment}{//}} \DoxyCodeLine{00140 \textcolor{keyword}{auto} res = t.decompose();} \DoxyCodeLine{00141 } \DoxyCodeLine{00142 \textcolor{keywordflow}{if} (!res.has\_value()) \{} \DoxyCodeLine{00143 spdlog::error(\textcolor{stringliteral}{"{}decomposition failed...\(\backslash\)n"{}});} \DoxyCodeLine{00144 \textcolor{keywordflow}{return} -\/1;} \DoxyCodeLine{00145 \}} \DoxyCodeLine{00146 } \DoxyCodeLine{00147 spdlog::info(\textcolor{stringliteral}{"{}decomposed \{\} symbols..."{}}, res.value());} \DoxyCodeLine{00148 \textcolor{keyword}{auto} entry\_pnt = t.compose();} \DoxyCodeLine{00149 spdlog::info(\textcolor{stringliteral}{"{}entry point address: \{:X\}"{}}, entry\_pnt);} \DoxyCodeLine{00150 \textcolor{keyword}{reinterpret\_cast<}\textcolor{keywordtype}{void} (*)()\textcolor{keyword}{>}(entry\_pnt)();} \DoxyCodeLine{00151 \}} \end{DoxyCode} References \mbox{\hyperlink{theo_8cpp_source_l00056}{theo\+::theo\+\_\+t\+::compose()}}, \mbox{\hyperlink{theo_8cpp_source_l00045}{theo\+::theo\+\_\+t\+::decompose()}}, \mbox{\hyperlink{hello__world__pass_8hpp_source_l00045}{theo\+::obf\+::hello\+\_\+world\+\_\+pass\+\_\+t\+::get()}}, \mbox{\hyperlink{engine_8cpp_source_l00034}{theo\+::obf\+::engine\+\_\+t\+::get()}}, \mbox{\hyperlink{jcc__rewrite__pass_8cpp_source_l00035}{theo\+::obf\+::jcc\+\_\+rewrite\+\_\+pass\+\_\+t\+::get()}}, \mbox{\hyperlink{next__inst__pass_8cpp_source_l00034}{theo\+::obf\+::next\+\_\+inst\+\_\+pass\+\_\+t\+::get()}}, and \mbox{\hyperlink{reloc__transform__pass_8cpp_source_l00034}{theo\+::obf\+::reloc\+\_\+transform\+\_\+pass\+\_\+t\+::get()}}.