You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Theodosius/include/obf/transform/operation.hpp

137 lines
4.5 KiB

#pragma once
#include <spdlog/spdlog.h>
#include <bit>
#include <bitset>
#include <functional>
#include <map>
#include <random>
#define XED_ENCODER
extern "C" {
#include <xed-decode.h>
#include <xed-interface.h>
}
/// <summary>
/// this namespace encompasses the code for transforming relocations.
/// </summary>
namespace theo::obf::transform {
/// <summary>
/// lambda function which takes in a 64bit value (relocation address) and a
/// 32bit value (random value used in transformation).
/// </summary>
using transform_t = std::function<std::size_t(std::size_t, std::uint32_t)>;
/// <summary>
/// operation_t is the base class for all types of transformations. classes that
/// inherit this class are singleton and simply call the super constructor
/// (operation_t::operation_t).
/// </summary>
class operation_t {
public:
/// <summary>
/// explicit constructor for operation_t
/// </summary>
/// <param name="op">lambda function when executed applies
/// transformations.</param> <param name="type">type of transformation, such
/// as XOR, ADD, SUB, etc...</param>
explicit operation_t(transform_t op, xed_iclass_enum_t type)
: m_transform(op), m_type(type) {}
/// <summary>
/// generates a native transform instruction given an existing instruction. it
/// works like so:
///
/// mov rax, &MessageBoxA ; original instruction with relocation
///
/// ; this function takes the first operand and out of the original
/// ; instruction and uses it to generate a transformation.
///
/// xor rax, 0x39280928 ; this would be an example output for the xor
/// ;operation.
///
/// </summary>
/// <param name="inst">instruction with a relocation to generate a
/// transformation for.</param> <param name="imm">random 32bit number used in
/// the generate transform.</param> <returns>returns the bytes of the native
/// instruction that was encoded.</returns>
std::vector<std::uint8_t> native(const xed_decoded_inst_t* inst,
std::uint32_t imm) {
std::uint32_t inst_len = {};
std::uint8_t inst_buff[XED_MAX_INSTRUCTION_BYTES];
xed_error_enum_t err;
xed_encoder_request_init_from_decode((xed_decoded_inst_s*)inst);
xed_encoder_request_t* req = (xed_encoder_request_t*)inst;
switch (m_type) {
case XED_ICLASS_ROR:
case XED_ICLASS_ROL:
xed_encoder_request_set_uimm0(req, imm, 1);
break;
default:
xed_encoder_request_set_uimm0(req, imm, 4);
break;
}
xed_encoder_request_set_iclass(req, m_type);
xed_encoder_request_set_operand_order(req, 1, XED_OPERAND_IMM0);
if ((err = xed_encode(req, inst_buff, sizeof(inst_buff), &inst_len)) !=
XED_ERROR_NONE) {
spdlog::error("failed to encode instruction... reason: {}",
xed_error_enum_t2str(err));
assert(err == XED_ERROR_NONE);
}
return std::vector<std::uint8_t>(inst_buff, inst_buff + inst_len);
}
/// <summary>
/// gets the inverse operation of the current operation.
/// </summary>
/// <returns>the inverse operation of the current operation.</returns>
xed_iclass_enum_t inverse() { return m_inverse_op[m_type]; }
/// <summary>
/// gets a pointer to the lambda function which contains the transform logic.
/// </summary>
/// <returns>a pointer to the lambda function which contains the transform
/// logic.</returns>
transform_t* get_transform() { return &m_transform; }
/// <summary>
/// gets the operation type. such as XED_ICLASS_ADD, XED_ICLASS_SUB, etc...
/// </summary>
/// <returns>the operation type. such as XED_ICLASS_ADD, XED_ICLASS_SUB,
/// etc...</returns>
xed_iclass_enum_t type() { return m_type; }
/// <summary>
/// generate a random number in a range.
/// </summary>
/// <param name="lowest">lowest value of the range.</param>
/// <param name="largest">highest value of the range.</param>
/// <returns>a random value in a range.</returns>
static std::size_t random(std::size_t lowest, std::size_t largest) {
std::random_device rd;
std::mt19937 gen(rd());
std::uniform_int_distribution<std::size_t> distr(lowest, largest);
return distr(gen);
}
private:
transform_t m_transform;
xed_iclass_enum_t m_type;
std::map<xed_iclass_enum_t, xed_iclass_enum_t> m_inverse_op = {
{XED_ICLASS_ADD, XED_ICLASS_SUB},
{XED_ICLASS_SUB, XED_ICLASS_ADD},
{XED_ICLASS_ROL, XED_ICLASS_ROR},
{XED_ICLASS_ROR, XED_ICLASS_ROL},
{XED_ICLASS_XOR, XED_ICLASS_XOR}};
};
} // namespace theo::obf::transform