You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
242 lines
19 KiB
242 lines
19 KiB
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "https://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html xmlns="http://www.w3.org/1999/xhtml">
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
|
|
<meta http-equiv="X-UA-Compatible" content="IE=9"/>
|
|
<meta name="generator" content="Doxygen 1.9.1"/>
|
|
<meta name="viewport" content="width=device-width, initial-scale=1"/>
|
|
<title>Theodosius: theo::obf::jcc_rewrite_pass_t Class Reference</title>
|
|
<link href="../../tabs.css" rel="stylesheet" type="text/css"/>
|
|
<script type="text/javascript" src="../../jquery.js"></script>
|
|
<script type="text/javascript" src="../../dynsections.js"></script>
|
|
<link href="../../search/search.css" rel="stylesheet" type="text/css"/>
|
|
<script type="text/javascript" src="../../search/searchdata.js"></script>
|
|
<script type="text/javascript" src="../../search/search.js"></script>
|
|
<link href="../../doxygen.css" rel="stylesheet" type="text/css" />
|
|
</head>
|
|
<body>
|
|
<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
|
|
<div id="titlearea">
|
|
<table cellspacing="0" cellpadding="0">
|
|
<tbody>
|
|
<tr style="height: 56px;">
|
|
<td id="projectalign" style="padding-left: 0.5em;">
|
|
<div id="projectname">Theodosius
|
|
 <span id="projectnumber">v3.0</span>
|
|
</div>
|
|
<div id="projectbrief">Jit linker, mapper, obfuscator, and mutator</div>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
<!-- end header part -->
|
|
<!-- Generated by Doxygen 1.9.1 -->
|
|
<script type="text/javascript">
|
|
/* @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3&dn=gpl-2.0.txt GPL-v2 */
|
|
var searchBox = new SearchBox("searchBox", "../../search",false,'Search','.html');
|
|
/* @license-end */
|
|
</script>
|
|
<script type="text/javascript" src="../../menudata.js"></script>
|
|
<script type="text/javascript" src="../../menu.js"></script>
|
|
<script type="text/javascript">
|
|
/* @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3&dn=gpl-2.0.txt GPL-v2 */
|
|
$(function() {
|
|
initMenu('../../',true,false,'search.php','Search');
|
|
$(document).ready(function() { init_search(); });
|
|
});
|
|
/* @license-end */</script>
|
|
<div id="main-nav"></div>
|
|
<!-- window showing the filter options -->
|
|
<div id="MSearchSelectWindow"
|
|
onmouseover="return searchBox.OnSearchSelectShow()"
|
|
onmouseout="return searchBox.OnSearchSelectHide()"
|
|
onkeydown="return searchBox.OnSearchSelectKey(event)">
|
|
</div>
|
|
|
|
<!-- iframe showing the search results (closed by default) -->
|
|
<div id="MSearchResultsWindow">
|
|
<iframe src="javascript:void(0)" frameborder="0"
|
|
name="MSearchResults" id="MSearchResults">
|
|
</iframe>
|
|
</div>
|
|
|
|
<div id="nav-path" class="navpath">
|
|
<ul>
|
|
<li class="navelem"><a class="el" href="../../da/de6/namespacetheo.html">theo</a></li><li class="navelem"><a class="el" href="../../d5/da8/namespacetheo_1_1obf.html">obf</a></li><li class="navelem"><a class="el" href="../../d6/dc1/classtheo_1_1obf_1_1jcc__rewrite__pass__t.html">jcc_rewrite_pass_t</a></li> </ul>
|
|
</div>
|
|
</div><!-- top -->
|
|
<div class="header">
|
|
<div class="summary">
|
|
<a href="#pub-methods">Public Member Functions</a> |
|
|
<a href="#pub-static-methods">Static Public Member Functions</a> |
|
|
<a href="../../d7/dbd/classtheo_1_1obf_1_1jcc__rewrite__pass__t-members.html">List of all members</a> </div>
|
|
<div class="headertitle">
|
|
<div class="title">theo::obf::jcc_rewrite_pass_t Class Reference</div> </div>
|
|
</div><!--header-->
|
|
<div class="contents">
|
|
|
|
<p>jcc rewrite pass which rewrites rip relative jcc's so that they are position independent.
|
|
<a href="../../d6/dc1/classtheo_1_1obf_1_1jcc__rewrite__pass__t.html#details">More...</a></p>
|
|
|
|
<p><code>#include <<a class="el" href="../../">jcc_rewrite_pass.hpp</a>></code></p>
|
|
<div class="dynheader">
|
|
Inheritance diagram for theo::obf::jcc_rewrite_pass_t:</div>
|
|
<div class="dyncontent">
|
|
<div class="center">
|
|
<img src="../../d6/dc1/classtheo_1_1obf_1_1jcc__rewrite__pass__t.png" usemap="#theo::obf::jcc_5Frewrite_5Fpass_5Ft_map" alt=""/>
|
|
<map id="theo::obf::jcc_5Frewrite_5Fpass_5Ft_map" name="theo::obf::jcc_5Frewrite_5Fpass_5Ft_map">
|
|
<area href="../../d4/dad/classtheo_1_1obf_1_1pass__t.html" title="the pass_t class is a base clase for all passes made. you must override the pass_t::run virtual funct..." alt="theo::obf::pass_t" shape="rect" coords="0,0,172,24"/>
|
|
</map>
|
|
</div></div>
|
|
<table class="memberdecls">
|
|
<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="pub-methods"></a>
|
|
Public Member Functions</h2></td></tr>
|
|
<tr class="memitem:a5a93eb0945025ef3caefed8c63b65b23"><td class="memItemLeft" align="right" valign="top">void </td><td class="memItemRight" valign="bottom"><a class="el" href="../../d6/dc1/classtheo_1_1obf_1_1jcc__rewrite__pass__t.html#a5a93eb0945025ef3caefed8c63b65b23">run</a> (<a class="el" href="../../d9/dd5/classtheo_1_1decomp_1_1symbol__t.html">decomp::symbol_t</a> *sym)</td></tr>
|
|
<tr class="memdesc:a5a93eb0945025ef3caefed8c63b65b23"><td class="mdescLeft"> </td><td class="mdescRight">virtual method which must be implimented by the pass that inherits this class. <a href="../../d6/dc1/classtheo_1_1obf_1_1jcc__rewrite__pass__t.html#a5a93eb0945025ef3caefed8c63b65b23">More...</a><br /></td></tr>
|
|
<tr class="separator:a5a93eb0945025ef3caefed8c63b65b23"><td class="memSeparator" colspan="2"> </td></tr>
|
|
<tr class="inherit_header pub_methods_classtheo_1_1obf_1_1pass__t"><td colspan="2" onclick="javascript:toggleInherit('pub_methods_classtheo_1_1obf_1_1pass__t')"><img src="../../closed.png" alt="-"/> Public Member Functions inherited from <a class="el" href="../../d4/dad/classtheo_1_1obf_1_1pass__t.html">theo::obf::pass_t</a></td></tr>
|
|
<tr class="memitem:abd4ab22cc2822b968267be7f8397d611 inherit pub_methods_classtheo_1_1obf_1_1pass__t"><td class="memItemLeft" align="right" valign="top"> </td><td class="memItemRight" valign="bottom"><a class="el" href="../../d4/dad/classtheo_1_1obf_1_1pass__t.html#abd4ab22cc2822b968267be7f8397d611">pass_t</a> (<a class="el" href="../../d9/dbd/namespacetheo_1_1decomp.html#af96177687d0ad683c5897d8fa01135f9">decomp::sym_type_t</a> <a class="el" href="../../d4/dad/classtheo_1_1obf_1_1pass__t.html#a46608a6c2dfb8ff657e44be9b50e0dfb">sym_type</a>)</td></tr>
|
|
<tr class="memdesc:abd4ab22cc2822b968267be7f8397d611 inherit pub_methods_classtheo_1_1obf_1_1pass__t"><td class="mdescLeft"> </td><td class="mdescRight">the explicit constructor of the <a class="el" href="../../d4/dad/classtheo_1_1obf_1_1pass__t.html" title="the pass_t class is a base clase for all passes made. you must override the pass_t::run virtual funct...">pass_t</a> base class. <a href="../../d4/dad/classtheo_1_1obf_1_1pass__t.html#abd4ab22cc2822b968267be7f8397d611">More...</a><br /></td></tr>
|
|
<tr class="separator:abd4ab22cc2822b968267be7f8397d611 inherit pub_methods_classtheo_1_1obf_1_1pass__t"><td class="memSeparator" colspan="2"> </td></tr>
|
|
<tr class="memitem:a46608a6c2dfb8ff657e44be9b50e0dfb inherit pub_methods_classtheo_1_1obf_1_1pass__t"><td class="memItemLeft" align="right" valign="top"><a class="el" href="../../d9/dbd/namespacetheo_1_1decomp.html#af96177687d0ad683c5897d8fa01135f9">decomp::sym_type_t</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="../../d4/dad/classtheo_1_1obf_1_1pass__t.html#a46608a6c2dfb8ff657e44be9b50e0dfb">sym_type</a> ()</td></tr>
|
|
<tr class="memdesc:a46608a6c2dfb8ff657e44be9b50e0dfb inherit pub_methods_classtheo_1_1obf_1_1pass__t"><td class="mdescLeft"> </td><td class="mdescRight">gets the passes symbol type. <a href="../../d4/dad/classtheo_1_1obf_1_1pass__t.html#a46608a6c2dfb8ff657e44be9b50e0dfb">More...</a><br /></td></tr>
|
|
<tr class="separator:a46608a6c2dfb8ff657e44be9b50e0dfb inherit pub_methods_classtheo_1_1obf_1_1pass__t"><td class="memSeparator" colspan="2"> </td></tr>
|
|
</table><table class="memberdecls">
|
|
<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="pub-static-methods"></a>
|
|
Static Public Member Functions</h2></td></tr>
|
|
<tr class="memitem:afc17278f751fe3f5868c988faffb3c92"><td class="memItemLeft" align="right" valign="top">static <a class="el" href="../../d6/dc1/classtheo_1_1obf_1_1jcc__rewrite__pass__t.html">jcc_rewrite_pass_t</a> * </td><td class="memItemRight" valign="bottom"><a class="el" href="../../d6/dc1/classtheo_1_1obf_1_1jcc__rewrite__pass__t.html#afc17278f751fe3f5868c988faffb3c92">get</a> ()</td></tr>
|
|
<tr class="separator:afc17278f751fe3f5868c988faffb3c92"><td class="memSeparator" colspan="2"> </td></tr>
|
|
</table>
|
|
<a name="details" id="details"></a><h2 class="groupheader">Detailed Description</h2>
|
|
<div class="textblock"><p>jcc rewrite pass which rewrites rip relative jcc's so that they are position independent. </p>
|
|
<p>given the following code: </p><pre class="fragment">jnz label1
|
|
; other code goes here
|
|
</pre><p> label1: ; more code here</p>
|
|
<p>the jnz instruction will be rewritten so that the following code is generated: </p><pre class="fragment">jnz br2
|
|
</pre><p> br1: jmp [rip] ; address after this instruction contains the address ; of the instruction after the jcc. br2: jmp [rip] ; address after this instruction contains the address of where ; branch 2 is located.</p>
|
|
<p>its important to note that other passes will encrypt (transform) the address of the next instruction. There is actually no jmp [rip] either, push/ret is used.</p>
|
|
</div><h2 class="groupheader">Member Function Documentation</h2>
|
|
<a id="afc17278f751fe3f5868c988faffb3c92"></a>
|
|
<h2 class="memtitle"><span class="permalink"><a href="#afc17278f751fe3f5868c988faffb3c92">◆ </a></span>get()</h2>
|
|
|
|
<div class="memitem">
|
|
<div class="memproto">
|
|
<table class="mlabels">
|
|
<tr>
|
|
<td class="mlabels-left">
|
|
<table class="memname">
|
|
<tr>
|
|
<td class="memname"><a class="el" href="../../d6/dc1/classtheo_1_1obf_1_1jcc__rewrite__pass__t.html">jcc_rewrite_pass_t</a> * theo::obf::jcc_rewrite_pass_t::get </td>
|
|
<td>(</td>
|
|
<td class="paramname"></td><td>)</td>
|
|
<td></td>
|
|
</tr>
|
|
</table>
|
|
</td>
|
|
<td class="mlabels-right">
|
|
<span class="mlabels"><span class="mlabel">static</span></span> </td>
|
|
</tr>
|
|
</table>
|
|
</div><div class="memdoc">
|
|
<div class="fragment"><div class="line"><a name="l00035"></a><span class="lineno"> 35</span>  {</div>
|
|
<div class="line"><a name="l00036"></a><span class="lineno"> 36</span>  <span class="keyword">static</span> jcc_rewrite_pass_t obj;</div>
|
|
<div class="line"><a name="l00037"></a><span class="lineno"> 37</span>  <span class="keywordflow">return</span> &obj;</div>
|
|
<div class="line"><a name="l00038"></a><span class="lineno"> 38</span> }</div>
|
|
</div><!-- fragment -->
|
|
</div>
|
|
</div>
|
|
<a id="a5a93eb0945025ef3caefed8c63b65b23"></a>
|
|
<h2 class="memtitle"><span class="permalink"><a href="#a5a93eb0945025ef3caefed8c63b65b23">◆ </a></span>run()</h2>
|
|
|
|
<div class="memitem">
|
|
<div class="memproto">
|
|
<table class="mlabels">
|
|
<tr>
|
|
<td class="mlabels-left">
|
|
<table class="memname">
|
|
<tr>
|
|
<td class="memname">void theo::obf::jcc_rewrite_pass_t::run </td>
|
|
<td>(</td>
|
|
<td class="paramtype"><a class="el" href="../../d9/dd5/classtheo_1_1decomp_1_1symbol__t.html">decomp::symbol_t</a> * </td>
|
|
<td class="paramname"><em>sym</em></td><td>)</td>
|
|
<td></td>
|
|
</tr>
|
|
</table>
|
|
</td>
|
|
<td class="mlabels-right">
|
|
<span class="mlabels"><span class="mlabel">virtual</span></span> </td>
|
|
</tr>
|
|
</table>
|
|
</div><div class="memdoc">
|
|
|
|
<p>virtual method which must be implimented by the pass that inherits this class. </p>
|
|
<dl class="params"><dt>Parameters</dt><dd>
|
|
<table class="params">
|
|
<tr><td class="paramname">sym</td><td>a symbol of the same type of m_sym_type.</td></tr>
|
|
</table>
|
|
</dd>
|
|
</dl>
|
|
|
|
<p>Implements <a class="el" href="../../d4/dad/classtheo_1_1obf_1_1pass__t.html#acfadc013ff0754d66a18baffdb1a61d1">theo::obf::pass_t</a>.</p>
|
|
<div class="fragment"><div class="line"><a name="l00040"></a><span class="lineno"> 40</span>  {</div>
|
|
<div class="line"><a name="l00041"></a><span class="lineno"> 41</span>  std::int32_t disp = {};</div>
|
|
<div class="line"><a name="l00042"></a><span class="lineno"> 42</span>  xed_decoded_inst_t inst;</div>
|
|
<div class="line"><a name="l00043"></a><span class="lineno"> 43</span>  xed_state_t istate{XED_MACHINE_MODE_LONG_64, XED_ADDRESS_WIDTH_64b};</div>
|
|
<div class="line"><a name="l00044"></a><span class="lineno"> 44</span>  xed_decoded_inst_zero_set_mode(&inst, &istate);</div>
|
|
<div class="line"><a name="l00045"></a><span class="lineno"> 45</span>  xed_decode(&inst, sym->data().data(), XED_MAX_INSTRUCTION_BYTES);</div>
|
|
<div class="line"><a name="l00046"></a><span class="lineno"> 46</span>  </div>
|
|
<div class="line"><a name="l00047"></a><span class="lineno"> 47</span>  <span class="comment">// if the instruction is branching...</span></div>
|
|
<div class="line"><a name="l00048"></a><span class="lineno"> 48</span>  <span class="keywordflow">if</span> ((disp = xed_decoded_inst_get_branch_displacement(&inst))) {</div>
|
|
<div class="line"><a name="l00049"></a><span class="lineno"> 49</span>  disp += xed_decoded_inst_get_length(&inst);</div>
|
|
<div class="line"><a name="l00050"></a><span class="lineno"> 50</span>  </div>
|
|
<div class="line"><a name="l00051"></a><span class="lineno"> 51</span>  <span class="comment">// update displacement...</span></div>
|
|
<div class="line"><a name="l00052"></a><span class="lineno"> 52</span>  xed_decoded_inst_set_branch_displacement(</div>
|
|
<div class="line"><a name="l00053"></a><span class="lineno"> 53</span>  &inst, sym->data().size() - xed_decoded_inst_get_length(&inst),</div>
|
|
<div class="line"><a name="l00054"></a><span class="lineno"> 54</span>  xed_decoded_inst_get_branch_displacement_width(&inst));</div>
|
|
<div class="line"><a name="l00055"></a><span class="lineno"> 55</span>  </div>
|
|
<div class="line"><a name="l00056"></a><span class="lineno"> 56</span>  xed_encoder_request_init_from_decode(&inst);</div>
|
|
<div class="line"><a name="l00057"></a><span class="lineno"> 57</span>  xed_encoder_request_t* req = &inst;</div>
|
|
<div class="line"><a name="l00058"></a><span class="lineno"> 58</span>  </div>
|
|
<div class="line"><a name="l00059"></a><span class="lineno"> 59</span>  <span class="comment">// update jcc in the buffer...</span></div>
|
|
<div class="line"><a name="l00060"></a><span class="lineno"> 60</span>  std::uint32_t len = {};</div>
|
|
<div class="line"><a name="l00061"></a><span class="lineno"> 61</span>  xed_encode(req, sym->data().data(), xed_decoded_inst_get_length(&inst),</div>
|
|
<div class="line"><a name="l00062"></a><span class="lineno"> 62</span>  &len);</div>
|
|
<div class="line"><a name="l00063"></a><span class="lineno"> 63</span>  </div>
|
|
<div class="line"><a name="l00064"></a><span class="lineno"> 64</span>  <span class="comment">// create a relocation to the instruction the branch would normally go</span></div>
|
|
<div class="line"><a name="l00065"></a><span class="lineno"> 65</span>  <span class="comment">// too...</span></div>
|
|
<div class="line"><a name="l00066"></a><span class="lineno"> 66</span>  <span class="keyword">auto</span> offset = disp < 0 ? sym->offset() - std::abs(disp)</div>
|
|
<div class="line"><a name="l00067"></a><span class="lineno"> 67</span>  : sym->offset() + std::abs(disp);</div>
|
|
<div class="line"><a name="l00068"></a><span class="lineno"> 68</span>  </div>
|
|
<div class="line"><a name="l00069"></a><span class="lineno"> 69</span>  <span class="keyword">auto</span> sym_name =</div>
|
|
<div class="line"><a name="l00070"></a><span class="lineno"> 70</span>  std::string(</div>
|
|
<div class="line"><a name="l00071"></a><span class="lineno"> 71</span>  sym->sym()->name.to_string(sym->img()->get_strings()).data())</div>
|
|
<div class="line"><a name="l00072"></a><span class="lineno"> 72</span>  .append(<span class="stringliteral">"@"</span>)</div>
|
|
<div class="line"><a name="l00073"></a><span class="lineno"> 73</span>  .append(std::to_string(offset));</div>
|
|
<div class="line"><a name="l00074"></a><span class="lineno"> 74</span>  </div>
|
|
<div class="line"><a name="l00075"></a><span class="lineno"> 75</span>  sym->relocs().push_back(</div>
|
|
<div class="line"><a name="l00076"></a><span class="lineno"> 76</span>  recomp::reloc_t(0, <a class="code" href="../../d9/dd5/classtheo_1_1decomp_1_1symbol__t.html#a8695d75670cc4d61d275464e9109ff06">decomp::symbol_t::hash</a>(sym_name), sym_name.data()));</div>
|
|
<div class="line"><a name="l00077"></a><span class="lineno"> 77</span>  </div>
|
|
<div class="line"><a name="l00078"></a><span class="lineno"> 78</span>  <span class="comment">// run next_inst_pass on this symbol to generate the transformations for the</span></div>
|
|
<div class="line"><a name="l00079"></a><span class="lineno"> 79</span>  <span class="comment">// relocation to the jcc branch dest instruction...</span></div>
|
|
<div class="line"><a name="l00080"></a><span class="lineno"> 80</span>  <a class="code" href="../../d5/d08/classtheo_1_1obf_1_1next__inst__pass__t.html#a964e6f5291ccba0442519f2563b3a2e9">next_inst_pass_t::get</a>()-><a class="code" href="../../d5/d08/classtheo_1_1obf_1_1next__inst__pass__t.html#ae4cbba78b14c2b9da794386e4d92f40f">run</a>(sym);</div>
|
|
<div class="line"><a name="l00081"></a><span class="lineno"> 81</span>  }</div>
|
|
<div class="line"><a name="l00082"></a><span class="lineno"> 82</span> };</div>
|
|
<div class="ttc" id="aclasstheo_1_1decomp_1_1symbol__t_html_a8695d75670cc4d61d275464e9109ff06"><div class="ttname"><a href="../../d9/dd5/classtheo_1_1decomp_1_1symbol__t.html#a8695d75670cc4d61d275464e9109ff06">theo::decomp::symbol_t::hash</a></div><div class="ttdeci">std::size_t hash()</div><div class="ttdoc">gets the hash of the symbol name.</div><div class="ttdef"><b>Definition:</b> symbol.cpp:88</div></div>
|
|
<div class="ttc" id="aclasstheo_1_1obf_1_1next__inst__pass__t_html_a964e6f5291ccba0442519f2563b3a2e9"><div class="ttname"><a href="../../d5/d08/classtheo_1_1obf_1_1next__inst__pass__t.html#a964e6f5291ccba0442519f2563b3a2e9">theo::obf::next_inst_pass_t::get</a></div><div class="ttdeci">static next_inst_pass_t * get()</div><div class="ttdef"><b>Definition:</b> next_inst_pass.cpp:34</div></div>
|
|
<div class="ttc" id="aclasstheo_1_1obf_1_1next__inst__pass__t_html_ae4cbba78b14c2b9da794386e4d92f40f"><div class="ttname"><a href="../../d5/d08/classtheo_1_1obf_1_1next__inst__pass__t.html#ae4cbba78b14c2b9da794386e4d92f40f">theo::obf::next_inst_pass_t::run</a></div><div class="ttdeci">void run(decomp::symbol_t *sym)</div><div class="ttdoc">virtual method which must be implimented by the pass that inherits this class.</div><div class="ttdef"><b>Definition:</b> next_inst_pass.cpp:38</div></div>
|
|
</div><!-- fragment -->
|
|
</div>
|
|
</div>
|
|
<hr/>The documentation for this class was generated from the following files:<ul>
|
|
<li>include/obf/passes/<a class="el" href="../../">jcc_rewrite_pass.hpp</a></li>
|
|
<li>src/obf/passes/<a class="el" href="../../">jcc_rewrite_pass.cpp</a></li>
|
|
</ul>
|
|
</div><!-- contents -->
|
|
<!-- start footer part -->
|
|
<hr class="footer"/><address class="footer"><small>
|
|
Generated by <a href="https://www.doxygen.org/index.html"><img class="footer" src="../../doxygen.svg" width="104" height="31" alt="doxygen"/></a> 1.9.1
|
|
</small></address>
|
|
</body>
|
|
</html>
|