Theodosius/doxygen/html/dc/d39/classtheo_1_1obf_1_1reloc__transform__pass__t.html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "https://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<meta http-equiv="X-UA-Compatible" content="IE=9"/>
<meta name="generator" content="Doxygen 1.9.1"/>
<meta name="viewport" content="width=device-width, initial-scale=1"/>
<title>Theodosius: theo::obf::reloc_transform_pass_t Class Reference</title>
<link href="../../tabs.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="../../jquery.js"></script>
<script type="text/javascript" src="../../dynsections.js"></script>
<link href="../../search/search.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="../../search/searchdata.js"></script>
<script type="text/javascript" src="../../search/search.js"></script>
<link href="../../doxygen.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
<div id="titlearea">
<table cellspacing="0" cellpadding="0">
 <tbody>
 <tr style="height: 56px;">
  <td id="projectalign" style="padding-left: 0.5em;">
   <div id="projectname">Theodosius
   &#160;<span id="projectnumber">v3.0</span>
   </div>
   <div id="projectbrief">Jit linker, mapper, obfuscator, and mutator</div>
  </td>
 </tr>
 </tbody>
</table>
</div>
<!-- end header part -->
<!-- Generated by Doxygen 1.9.1 -->
<script type="text/javascript">
/* @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3&amp;dn=gpl-2.0.txt GPL-v2 */
var searchBox = new SearchBox("searchBox", "../../search",false,'Search','.html');
/* @license-end */
</script>
<script type="text/javascript" src="../../menudata.js"></script>
<script type="text/javascript" src="../../menu.js"></script>
<script type="text/javascript">
/* @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3&amp;dn=gpl-2.0.txt GPL-v2 */
$(function() {
  initMenu('../../',true,false,'search.php','Search');
  $(document).ready(function() { init_search(); });
});
/* @license-end */</script>
<div id="main-nav"></div>
<!-- window showing the filter options -->
<div id="MSearchSelectWindow"
     onmouseover="return searchBox.OnSearchSelectShow()"
     onmouseout="return searchBox.OnSearchSelectHide()"
     onkeydown="return searchBox.OnSearchSelectKey(event)">
</div>

<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="javascript:void(0)" frameborder="0" 
        name="MSearchResults" id="MSearchResults">
</iframe>
</div>

<div id="nav-path" class="navpath">
  <ul>
<li class="navelem"><a class="el" href="../../da/de6/namespacetheo.html">theo</a></li><li class="navelem"><a class="el" href="../../d5/da8/namespacetheo_1_1obf.html">obf</a></li><li class="navelem"><a class="el" href="../../dc/d39/classtheo_1_1obf_1_1reloc__transform__pass__t.html">reloc_transform_pass_t</a></li>  </ul>
</div>
</div><!-- top -->
<div class="header">
  <div class="summary">
<a href="#pub-methods">Public Member Functions</a> &#124;
<a href="#pub-static-methods">Static Public Member Functions</a> &#124;
<a href="../../d3/dee/classtheo_1_1obf_1_1reloc__transform__pass__t-members.html">List of all members</a>  </div>
  <div class="headertitle">
<div class="title">theo::obf::reloc_transform_pass_t Class Reference</div>  </div>
</div><!--header-->
<div class="contents">

<p>this pass is like the next_inst_pass, however, relocations are encrypted with transformations instead of the address of the next instruction. this pass only runs at the instruction level and appends transformations into the reloc_t object of the instruction symbol.  
 <a href="../../dc/d39/classtheo_1_1obf_1_1reloc__transform__pass__t.html#details">More...</a></p>

<p><code>#include &lt;<a class="el" href="../../">reloc_transform_pass.hpp</a>&gt;</code></p>
<div class="dynheader">
Inheritance diagram for theo::obf::reloc_transform_pass_t:</div>
<div class="dyncontent">
 <div class="center">
  <img src="../../dc/d39/classtheo_1_1obf_1_1reloc__transform__pass__t.png" usemap="#theo::obf::reloc_5Ftransform_5Fpass_5Ft_map" alt=""/>
  <map id="theo::obf::reloc_5Ftransform_5Fpass_5Ft_map" name="theo::obf::reloc_5Ftransform_5Fpass_5Ft_map">
<area href="../../d4/dad/classtheo_1_1obf_1_1pass__t.html" title="the pass_t class is a base clase for all passes made. you must override the pass_t::run virtual funct..." alt="theo::obf::pass_t" shape="rect" coords="0,0,198,24"/>
  </map>
</div></div>
<table class="memberdecls">
<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="pub-methods"></a>
Public Member Functions</h2></td></tr>
<tr class="memitem:a24e122f6be18a88ea1809252ab3ec0b9"><td class="memItemLeft" align="right" valign="top">void&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="../../dc/d39/classtheo_1_1obf_1_1reloc__transform__pass__t.html#a24e122f6be18a88ea1809252ab3ec0b9">run</a> (<a class="el" href="../../d9/dd5/classtheo_1_1decomp_1_1symbol__t.html">decomp::symbol_t</a> *sym)</td></tr>
<tr class="memdesc:a24e122f6be18a88ea1809252ab3ec0b9"><td class="mdescLeft">&#160;</td><td class="mdescRight">virtual method which must be implimented by the pass that inherits this class.  <a href="../../dc/d39/classtheo_1_1obf_1_1reloc__transform__pass__t.html#a24e122f6be18a88ea1809252ab3ec0b9">More...</a><br /></td></tr>
<tr class="separator:a24e122f6be18a88ea1809252ab3ec0b9"><td class="memSeparator" colspan="2">&#160;</td></tr>
<tr class="inherit_header pub_methods_classtheo_1_1obf_1_1pass__t"><td colspan="2" onclick="javascript:toggleInherit('pub_methods_classtheo_1_1obf_1_1pass__t')"><img src="../../closed.png" alt="-"/>&#160;Public Member Functions inherited from <a class="el" href="../../d4/dad/classtheo_1_1obf_1_1pass__t.html">theo::obf::pass_t</a></td></tr>
<tr class="memitem:abd4ab22cc2822b968267be7f8397d611 inherit pub_methods_classtheo_1_1obf_1_1pass__t"><td class="memItemLeft" align="right" valign="top">&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="../../d4/dad/classtheo_1_1obf_1_1pass__t.html#abd4ab22cc2822b968267be7f8397d611">pass_t</a> (<a class="el" href="../../d9/dbd/namespacetheo_1_1decomp.html#af96177687d0ad683c5897d8fa01135f9">decomp::sym_type_t</a> <a class="el" href="../../d4/dad/classtheo_1_1obf_1_1pass__t.html#a46608a6c2dfb8ff657e44be9b50e0dfb">sym_type</a>)</td></tr>
<tr class="memdesc:abd4ab22cc2822b968267be7f8397d611 inherit pub_methods_classtheo_1_1obf_1_1pass__t"><td class="mdescLeft">&#160;</td><td class="mdescRight">the explicit constructor of the <a class="el" href="../../d4/dad/classtheo_1_1obf_1_1pass__t.html" title="the pass_t class is a base clase for all passes made. you must override the pass_t::run virtual funct...">pass_t</a> base class.  <a href="../../d4/dad/classtheo_1_1obf_1_1pass__t.html#abd4ab22cc2822b968267be7f8397d611">More...</a><br /></td></tr>
<tr class="separator:abd4ab22cc2822b968267be7f8397d611 inherit pub_methods_classtheo_1_1obf_1_1pass__t"><td class="memSeparator" colspan="2">&#160;</td></tr>
<tr class="memitem:a46608a6c2dfb8ff657e44be9b50e0dfb inherit pub_methods_classtheo_1_1obf_1_1pass__t"><td class="memItemLeft" align="right" valign="top"><a class="el" href="../../d9/dbd/namespacetheo_1_1decomp.html#af96177687d0ad683c5897d8fa01135f9">decomp::sym_type_t</a>&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="../../d4/dad/classtheo_1_1obf_1_1pass__t.html#a46608a6c2dfb8ff657e44be9b50e0dfb">sym_type</a> ()</td></tr>
<tr class="memdesc:a46608a6c2dfb8ff657e44be9b50e0dfb inherit pub_methods_classtheo_1_1obf_1_1pass__t"><td class="mdescLeft">&#160;</td><td class="mdescRight">gets the passes symbol type.  <a href="../../d4/dad/classtheo_1_1obf_1_1pass__t.html#a46608a6c2dfb8ff657e44be9b50e0dfb">More...</a><br /></td></tr>
<tr class="separator:a46608a6c2dfb8ff657e44be9b50e0dfb inherit pub_methods_classtheo_1_1obf_1_1pass__t"><td class="memSeparator" colspan="2">&#160;</td></tr>
</table><table class="memberdecls">
<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="pub-static-methods"></a>
Static Public Member Functions</h2></td></tr>
<tr class="memitem:a89aa46da5f721057cd8cf5189207d464"><td class="memItemLeft" align="right" valign="top">static <a class="el" href="../../dc/d39/classtheo_1_1obf_1_1reloc__transform__pass__t.html">reloc_transform_pass_t</a> *&#160;</td><td class="memItemRight" valign="bottom"><a class="el" href="../../dc/d39/classtheo_1_1obf_1_1reloc__transform__pass__t.html#a89aa46da5f721057cd8cf5189207d464">get</a> ()</td></tr>
<tr class="separator:a89aa46da5f721057cd8cf5189207d464"><td class="memSeparator" colspan="2">&#160;</td></tr>
</table>
<a name="details" id="details"></a><h2 class="groupheader">Detailed Description</h2>
<div class="textblock"><p>this pass is like the next_inst_pass, however, relocations are encrypted with transformations instead of the address of the next instruction. this pass only runs at the instruction level and appends transformations into the reloc_t object of the instruction symbol. </p>
<p>given the following code: </p><pre class="fragment">mov rax, &amp;MessageBoxA
</pre><p> this pass will generate a random number of transformations to encrypt the address of "MessageBoxA". These transformations will then be applied by theodosius internally when resolving relocations. </p><pre class="fragment">mov rax, enc_MessageBoxA
xor rax, 0x389284324
add rax, 0x345332567
ror rax, 0x5353
</pre></div><h2 class="groupheader">Member Function Documentation</h2>
<a id="a89aa46da5f721057cd8cf5189207d464"></a>
<h2 class="memtitle"><span class="permalink"><a href="#a89aa46da5f721057cd8cf5189207d464">&#9670;&nbsp;</a></span>get()</h2>

<div class="memitem">
<div class="memproto">
<table class="mlabels">
  <tr>
  <td class="mlabels-left">
      <table class="memname">
        <tr>
          <td class="memname"><a class="el" href="../../dc/d39/classtheo_1_1obf_1_1reloc__transform__pass__t.html">reloc_transform_pass_t</a> * theo::obf::reloc_transform_pass_t::get </td>
          <td>(</td>
          <td class="paramname"></td><td>)</td>
          <td></td>
        </tr>
      </table>
  </td>
  <td class="mlabels-right">
<span class="mlabels"><span class="mlabel">static</span></span>  </td>
  </tr>
</table>
</div><div class="memdoc">

</div>
</div>
<a id="a24e122f6be18a88ea1809252ab3ec0b9"></a>
<h2 class="memtitle"><span class="permalink"><a href="#a24e122f6be18a88ea1809252ab3ec0b9">&#9670;&nbsp;</a></span>run()</h2>

<div class="memitem">
<div class="memproto">
<table class="mlabels">
  <tr>
  <td class="mlabels-left">
      <table class="memname">
        <tr>
          <td class="memname">void theo::obf::reloc_transform_pass_t::run </td>
          <td>(</td>
          <td class="paramtype"><a class="el" href="../../d9/dd5/classtheo_1_1decomp_1_1symbol__t.html">decomp::symbol_t</a> *&#160;</td>
          <td class="paramname"><em>sym</em></td><td>)</td>
          <td></td>
        </tr>
      </table>
  </td>
  <td class="mlabels-right">
<span class="mlabels"><span class="mlabel">virtual</span></span>  </td>
  </tr>
</table>
</div><div class="memdoc">

<p>virtual method which must be implimented by the pass that inherits this class. </p>
<dl class="params"><dt>Parameters</dt><dd>
  <table class="params">
    <tr><td class="paramname">sym</td><td>a symbol of the same type of m_sym_type.</td></tr>
  </table>
  </dd>
</dl>

<p>Implements <a class="el" href="../../d4/dad/classtheo_1_1obf_1_1pass__t.html#acfadc013ff0754d66a18baffdb1a61d1">theo::obf::pass_t</a>.</p>

</div>
</div>
<hr/>The documentation for this class was generated from the following files:<ul>
<li>include/obf/passes/<a class="el" href="../../">reloc_transform_pass.hpp</a></li>
<li>src/obf/passes/<a class="el" href="../../">reloc_transform_pass.cpp</a></li>
</ul>
</div><!-- contents -->
<!-- start footer part -->
<hr class="footer"/><address class="footer"><small>
Generated by&#160;<a href="https://www.doxygen.org/index.html"><img class="footer" src="../../doxygen.svg" width="104" height="31" alt="doxygen"/></a> 1.9.1
</small></address>
</body>
</html>