You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
219 lines
13 KiB
219 lines
13 KiB
\hypertarget{classtheo_1_1obf_1_1transform_1_1operation__t}{}\doxysection{theo\+::obf\+::transform\+::operation\+\_\+t Class Reference}
|
|
\label{classtheo_1_1obf_1_1transform_1_1operation__t}\index{theo::obf::transform::operation\_t@{theo::obf::transform::operation\_t}}
|
|
|
|
|
|
\mbox{\hyperlink{classtheo_1_1obf_1_1transform_1_1operation__t}{operation\+\_\+t}} is the base class for all types of transformations. classes that inherit this class are singleton and simply call the super constructor (\mbox{\hyperlink{classtheo_1_1obf_1_1transform_1_1operation__t_a3876ca1c7904aed54940e1519fc9fdf4}{operation\+\_\+t\+::operation\+\_\+t}}).
|
|
|
|
|
|
|
|
|
|
{\ttfamily \#include $<$operation.\+hpp$>$}
|
|
|
|
Inheritance diagram for theo\+::obf\+::transform\+::operation\+\_\+t\+:\begin{figure}[H]
|
|
\begin{center}
|
|
\leavevmode
|
|
\includegraphics[height=1.142857cm]{d7/de2/classtheo_1_1obf_1_1transform_1_1operation__t}
|
|
\end{center}
|
|
\end{figure}
|
|
\doxysubsection*{Public Member Functions}
|
|
\begin{DoxyCompactItemize}
|
|
\item
|
|
\mbox{\hyperlink{classtheo_1_1obf_1_1transform_1_1operation__t_a3876ca1c7904aed54940e1519fc9fdf4}{operation\+\_\+t}} (\mbox{\hyperlink{namespacetheo_1_1obf_1_1transform_a875984c1ce09aa998fe48cca55270ecc}{transform\+\_\+t}} op, xed\+\_\+iclass\+\_\+enum\+\_\+t \mbox{\hyperlink{classtheo_1_1obf_1_1transform_1_1operation__t_a8558c2a8e78ef8da59674396bc76157f}{type}})
|
|
\begin{DoxyCompactList}\small\item\em explicit constructor for \mbox{\hyperlink{classtheo_1_1obf_1_1transform_1_1operation__t}{operation\+\_\+t}} \end{DoxyCompactList}\item
|
|
std\+::vector$<$ std\+::uint8\+\_\+t $>$ \mbox{\hyperlink{classtheo_1_1obf_1_1transform_1_1operation__t_a414b1716ec527c26bfcbd5262c21a7a8}{native}} (const xed\+\_\+decoded\+\_\+inst\+\_\+t $\ast$inst, std\+::uint32\+\_\+t imm)
|
|
\begin{DoxyCompactList}\small\item\em generates a native transform instruction given an existing instruction. it works like so\+: \end{DoxyCompactList}\item
|
|
xed\+\_\+iclass\+\_\+enum\+\_\+t \mbox{\hyperlink{classtheo_1_1obf_1_1transform_1_1operation__t_a91f9b94436d49659aaabb291786b3c7b}{inverse}} ()
|
|
\begin{DoxyCompactList}\small\item\em gets the inverse operation of the current operation. \end{DoxyCompactList}\item
|
|
\mbox{\hyperlink{namespacetheo_1_1obf_1_1transform_a875984c1ce09aa998fe48cca55270ecc}{transform\+\_\+t}} $\ast$ \mbox{\hyperlink{classtheo_1_1obf_1_1transform_1_1operation__t_a307c6d7d48319d28d39d93c1df18680a}{get\+\_\+transform}} ()
|
|
\begin{DoxyCompactList}\small\item\em gets a pointer to the lambda function which contains the transform logic. \end{DoxyCompactList}\item
|
|
xed\+\_\+iclass\+\_\+enum\+\_\+t \mbox{\hyperlink{classtheo_1_1obf_1_1transform_1_1operation__t_a8558c2a8e78ef8da59674396bc76157f}{type}} ()
|
|
\begin{DoxyCompactList}\small\item\em gets the operation type. such as XED\+\_\+\+ICLASS\+\_\+\+ADD, XED\+\_\+\+ICLASS\+\_\+\+SUB, etc... \end{DoxyCompactList}\end{DoxyCompactItemize}
|
|
\doxysubsection*{Static Public Member Functions}
|
|
\begin{DoxyCompactItemize}
|
|
\item
|
|
static std\+::size\+\_\+t \mbox{\hyperlink{classtheo_1_1obf_1_1transform_1_1operation__t_aaa5859bc3c7f95d99d4d726289593488}{random}} (std\+::size\+\_\+t lowest, std\+::size\+\_\+t largest)
|
|
\begin{DoxyCompactList}\small\item\em generate a random number in a range. \end{DoxyCompactList}\end{DoxyCompactItemize}
|
|
|
|
|
|
\doxysubsection{Detailed Description}
|
|
\mbox{\hyperlink{classtheo_1_1obf_1_1transform_1_1operation__t}{operation\+\_\+t}} is the base class for all types of transformations. classes that inherit this class are singleton and simply call the super constructor (\mbox{\hyperlink{classtheo_1_1obf_1_1transform_1_1operation__t_a3876ca1c7904aed54940e1519fc9fdf4}{operation\+\_\+t\+::operation\+\_\+t}}).
|
|
|
|
|
|
|
|
\doxysubsection{Constructor \& Destructor Documentation}
|
|
\mbox{\Hypertarget{classtheo_1_1obf_1_1transform_1_1operation__t_a3876ca1c7904aed54940e1519fc9fdf4}\label{classtheo_1_1obf_1_1transform_1_1operation__t_a3876ca1c7904aed54940e1519fc9fdf4}}
|
|
\index{theo::obf::transform::operation\_t@{theo::obf::transform::operation\_t}!operation\_t@{operation\_t}}
|
|
\index{operation\_t@{operation\_t}!theo::obf::transform::operation\_t@{theo::obf::transform::operation\_t}}
|
|
\doxysubsubsection{\texorpdfstring{operation\_t()}{operation\_t()}}
|
|
{\footnotesize\ttfamily theo\+::obf\+::transform\+::operation\+\_\+t\+::operation\+\_\+t (\begin{DoxyParamCaption}\item[{\mbox{\hyperlink{namespacetheo_1_1obf_1_1transform_a875984c1ce09aa998fe48cca55270ecc}{transform\+\_\+t}}}]{op, }\item[{xed\+\_\+iclass\+\_\+enum\+\_\+t}]{type }\end{DoxyParamCaption})\hspace{0.3cm}{\ttfamily [inline]}, {\ttfamily [explicit]}}
|
|
|
|
|
|
|
|
explicit constructor for \mbox{\hyperlink{classtheo_1_1obf_1_1transform_1_1operation__t}{operation\+\_\+t}}
|
|
|
|
|
|
\begin{DoxyParams}{Parameters}
|
|
{\em op} & lambda function when executed applies transformations.\\
|
|
\hline
|
|
{\em type} & type of transformation, such as XOR, ADD, SUB, etc...\\
|
|
\hline
|
|
\end{DoxyParams}
|
|
|
|
\begin{DoxyCode}{0}
|
|
\DoxyCodeLine{70 : m\_transform(op), m\_type(\mbox{\hyperlink{classtheo_1_1obf_1_1transform_1_1operation__t_a8558c2a8e78ef8da59674396bc76157f}{type}}) \{\}}
|
|
|
|
\end{DoxyCode}
|
|
|
|
|
|
\doxysubsection{Member Function Documentation}
|
|
\mbox{\Hypertarget{classtheo_1_1obf_1_1transform_1_1operation__t_a307c6d7d48319d28d39d93c1df18680a}\label{classtheo_1_1obf_1_1transform_1_1operation__t_a307c6d7d48319d28d39d93c1df18680a}}
|
|
\index{theo::obf::transform::operation\_t@{theo::obf::transform::operation\_t}!get\_transform@{get\_transform}}
|
|
\index{get\_transform@{get\_transform}!theo::obf::transform::operation\_t@{theo::obf::transform::operation\_t}}
|
|
\doxysubsubsection{\texorpdfstring{get\_transform()}{get\_transform()}}
|
|
{\footnotesize\ttfamily \mbox{\hyperlink{namespacetheo_1_1obf_1_1transform_a875984c1ce09aa998fe48cca55270ecc}{transform\+\_\+t}}$\ast$ theo\+::obf\+::transform\+::operation\+\_\+t\+::get\+\_\+transform (\begin{DoxyParamCaption}{ }\end{DoxyParamCaption})\hspace{0.3cm}{\ttfamily [inline]}}
|
|
|
|
|
|
|
|
gets a pointer to the lambda function which contains the transform logic.
|
|
|
|
\begin{DoxyReturn}{Returns}
|
|
a pointer to the lambda function which contains the transform logic.
|
|
\end{DoxyReturn}
|
|
|
|
\begin{DoxyCode}{0}
|
|
\DoxyCodeLine{133 \{ \textcolor{keywordflow}{return} \&m\_transform; \}}
|
|
|
|
\end{DoxyCode}
|
|
\mbox{\Hypertarget{classtheo_1_1obf_1_1transform_1_1operation__t_a91f9b94436d49659aaabb291786b3c7b}\label{classtheo_1_1obf_1_1transform_1_1operation__t_a91f9b94436d49659aaabb291786b3c7b}}
|
|
\index{theo::obf::transform::operation\_t@{theo::obf::transform::operation\_t}!inverse@{inverse}}
|
|
\index{inverse@{inverse}!theo::obf::transform::operation\_t@{theo::obf::transform::operation\_t}}
|
|
\doxysubsubsection{\texorpdfstring{inverse()}{inverse()}}
|
|
{\footnotesize\ttfamily xed\+\_\+iclass\+\_\+enum\+\_\+t theo\+::obf\+::transform\+::operation\+\_\+t\+::inverse (\begin{DoxyParamCaption}{ }\end{DoxyParamCaption})\hspace{0.3cm}{\ttfamily [inline]}}
|
|
|
|
|
|
|
|
gets the inverse operation of the current operation.
|
|
|
|
\begin{DoxyReturn}{Returns}
|
|
the inverse operation of the current operation.
|
|
\end{DoxyReturn}
|
|
|
|
\begin{DoxyCode}{0}
|
|
\DoxyCodeLine{126 \{ \textcolor{keywordflow}{return} m\_inverse\_op[m\_type]; \}}
|
|
|
|
\end{DoxyCode}
|
|
\mbox{\Hypertarget{classtheo_1_1obf_1_1transform_1_1operation__t_a414b1716ec527c26bfcbd5262c21a7a8}\label{classtheo_1_1obf_1_1transform_1_1operation__t_a414b1716ec527c26bfcbd5262c21a7a8}}
|
|
\index{theo::obf::transform::operation\_t@{theo::obf::transform::operation\_t}!native@{native}}
|
|
\index{native@{native}!theo::obf::transform::operation\_t@{theo::obf::transform::operation\_t}}
|
|
\doxysubsubsection{\texorpdfstring{native()}{native()}}
|
|
{\footnotesize\ttfamily std\+::vector$<$std\+::uint8\+\_\+t$>$ theo\+::obf\+::transform\+::operation\+\_\+t\+::native (\begin{DoxyParamCaption}\item[{const xed\+\_\+decoded\+\_\+inst\+\_\+t $\ast$}]{inst, }\item[{std\+::uint32\+\_\+t}]{imm }\end{DoxyParamCaption})\hspace{0.3cm}{\ttfamily [inline]}}
|
|
|
|
|
|
|
|
generates a native transform instruction given an existing instruction. it works like so\+:
|
|
|
|
mov rax, \&Message\+BoxA ; original instruction with relocation
|
|
|
|
; this function takes the first operand and out of the original ; instruction and uses it to generate a transformation.
|
|
|
|
xor rax, 0x39280928 ; this would be an example output for the xor ;operation.
|
|
|
|
|
|
\begin{DoxyParams}{Parameters}
|
|
{\em inst} & instruction with a relocation to generate a transformation for.\\
|
|
\hline
|
|
{\em imm} & random 32bit number used in the generate transform.\\
|
|
\hline
|
|
\end{DoxyParams}
|
|
\begin{DoxyReturn}{Returns}
|
|
returns the bytes of the native instruction that was encoded.
|
|
\end{DoxyReturn}
|
|
|
|
\begin{DoxyCode}{0}
|
|
\DoxyCodeLine{90 \{}
|
|
\DoxyCodeLine{91 std::uint32\_t inst\_len = \{\};}
|
|
\DoxyCodeLine{92 std::uint8\_t inst\_buff[XED\_MAX\_INSTRUCTION\_BYTES];}
|
|
\DoxyCodeLine{93 }
|
|
\DoxyCodeLine{94 xed\_error\_enum\_t err;}
|
|
\DoxyCodeLine{95 xed\_encoder\_request\_init\_from\_decode((xed\_decoded\_inst\_s*)inst);}
|
|
\DoxyCodeLine{96 xed\_encoder\_request\_t* req = (xed\_encoder\_request\_t*)inst;}
|
|
\DoxyCodeLine{97 }
|
|
\DoxyCodeLine{98 \textcolor{keywordflow}{switch} (m\_type) \{}
|
|
\DoxyCodeLine{99 \textcolor{keywordflow}{case} XED\_ICLASS\_ROR:}
|
|
\DoxyCodeLine{100 \textcolor{keywordflow}{case} XED\_ICLASS\_ROL:}
|
|
\DoxyCodeLine{101 xed\_encoder\_request\_set\_uimm0(req, imm, 1);}
|
|
\DoxyCodeLine{102 \textcolor{keywordflow}{break};}
|
|
\DoxyCodeLine{103 \textcolor{keywordflow}{default}:}
|
|
\DoxyCodeLine{104 xed\_encoder\_request\_set\_uimm0(req, imm, 4);}
|
|
\DoxyCodeLine{105 \textcolor{keywordflow}{break};}
|
|
\DoxyCodeLine{106 \}}
|
|
\DoxyCodeLine{107 }
|
|
\DoxyCodeLine{108 xed\_encoder\_request\_set\_iclass(req, m\_type);}
|
|
\DoxyCodeLine{109 xed\_encoder\_request\_set\_operand\_order(req, 1, XED\_OPERAND\_IMM0);}
|
|
\DoxyCodeLine{110 }
|
|
\DoxyCodeLine{111 \textcolor{keywordflow}{if} ((err = xed\_encode(req, inst\_buff, \textcolor{keyword}{sizeof}(inst\_buff), \&inst\_len)) !=}
|
|
\DoxyCodeLine{112 XED\_ERROR\_NONE) \{}
|
|
\DoxyCodeLine{113 spdlog::error(\textcolor{stringliteral}{"{}failed to encode instruction... reason: \{\}"{}},}
|
|
\DoxyCodeLine{114 xed\_error\_enum\_t2str(err));}
|
|
\DoxyCodeLine{115 }
|
|
\DoxyCodeLine{116 assert(err == XED\_ERROR\_NONE);}
|
|
\DoxyCodeLine{117 \}}
|
|
\DoxyCodeLine{118 }
|
|
\DoxyCodeLine{119 \textcolor{keywordflow}{return} std::vector<std::uint8\_t>(inst\_buff, inst\_buff + inst\_len);}
|
|
\DoxyCodeLine{120 \}}
|
|
|
|
\end{DoxyCode}
|
|
\mbox{\Hypertarget{classtheo_1_1obf_1_1transform_1_1operation__t_aaa5859bc3c7f95d99d4d726289593488}\label{classtheo_1_1obf_1_1transform_1_1operation__t_aaa5859bc3c7f95d99d4d726289593488}}
|
|
\index{theo::obf::transform::operation\_t@{theo::obf::transform::operation\_t}!random@{random}}
|
|
\index{random@{random}!theo::obf::transform::operation\_t@{theo::obf::transform::operation\_t}}
|
|
\doxysubsubsection{\texorpdfstring{random()}{random()}}
|
|
{\footnotesize\ttfamily static std\+::size\+\_\+t theo\+::obf\+::transform\+::operation\+\_\+t\+::random (\begin{DoxyParamCaption}\item[{std\+::size\+\_\+t}]{lowest, }\item[{std\+::size\+\_\+t}]{largest }\end{DoxyParamCaption})\hspace{0.3cm}{\ttfamily [inline]}, {\ttfamily [static]}}
|
|
|
|
|
|
|
|
generate a random number in a range.
|
|
|
|
|
|
\begin{DoxyParams}{Parameters}
|
|
{\em lowest} & lowest value of the range.\\
|
|
\hline
|
|
{\em largest} & highest value of the range.\\
|
|
\hline
|
|
\end{DoxyParams}
|
|
\begin{DoxyReturn}{Returns}
|
|
a random value in a range.
|
|
\end{DoxyReturn}
|
|
|
|
\begin{DoxyCode}{0}
|
|
\DoxyCodeLine{148 \{}
|
|
\DoxyCodeLine{149 std::random\_device rd;}
|
|
\DoxyCodeLine{150 std::mt19937 gen(rd());}
|
|
\DoxyCodeLine{151 std::uniform\_int\_distribution<std::size\_t> distr(lowest, largest);}
|
|
\DoxyCodeLine{152 \textcolor{keywordflow}{return} distr(gen);}
|
|
\DoxyCodeLine{153 \}}
|
|
|
|
\end{DoxyCode}
|
|
\mbox{\Hypertarget{classtheo_1_1obf_1_1transform_1_1operation__t_a8558c2a8e78ef8da59674396bc76157f}\label{classtheo_1_1obf_1_1transform_1_1operation__t_a8558c2a8e78ef8da59674396bc76157f}}
|
|
\index{theo::obf::transform::operation\_t@{theo::obf::transform::operation\_t}!type@{type}}
|
|
\index{type@{type}!theo::obf::transform::operation\_t@{theo::obf::transform::operation\_t}}
|
|
\doxysubsubsection{\texorpdfstring{type()}{type()}}
|
|
{\footnotesize\ttfamily xed\+\_\+iclass\+\_\+enum\+\_\+t theo\+::obf\+::transform\+::operation\+\_\+t\+::type (\begin{DoxyParamCaption}{ }\end{DoxyParamCaption})\hspace{0.3cm}{\ttfamily [inline]}}
|
|
|
|
|
|
|
|
gets the operation type. such as XED\+\_\+\+ICLASS\+\_\+\+ADD, XED\+\_\+\+ICLASS\+\_\+\+SUB, etc...
|
|
|
|
\begin{DoxyReturn}{Returns}
|
|
the operation type. such as XED\+\_\+\+ICLASS\+\_\+\+ADD, XED\+\_\+\+ICLASS\+\_\+\+SUB, etc...
|
|
\end{DoxyReturn}
|
|
|
|
\begin{DoxyCode}{0}
|
|
\DoxyCodeLine{140 \{ \textcolor{keywordflow}{return} m\_type; \}}
|
|
|
|
\end{DoxyCode}
|
|
|
|
|
|
The documentation for this class was generated from the following file\+:\begin{DoxyCompactItemize}
|
|
\item
|
|
include/obf/transform/\mbox{\hyperlink{operation_8hpp}{operation.\+hpp}}\end{DoxyCompactItemize}
|