You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

59 lines
1.3 KiB

#include <Zydis/Zydis.h>
#include <asmjit/x86.h>
#include <cstdint>
#include <vector>
#include <stack>
#include <time.h>
#include <random>
#include <map>
#define JMP_RIP_SIZE 14
#define JMP_RIP_ADDR_IDX 6
namespace obfuscation
{
inline const std::vector<std::uint8_t> jmp_rip =
{
0xFF, 0x25, 0x00, 0x00, 0x00, 0x00, // jmp [rip+0x0]
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 // address...
};
enum class reloc_type
{
none = -1,
jcc = 1,
next_instruction_addr = 2
};
struct reloc_t
{
reloc_type type;
std::uint32_t offset;
std::int32_t rva;
};
using instruction_info_t = std::pair<ZydisDecodedInstruction, std::vector<std::uint8_t>>;
using gadget_stack_t = std::vector<std::pair<std::vector<std::uint8_t>, reloc_t>>;
class obfuscate
{
public:
explicit obfuscate(instruction_info_t info);
auto get_size() const -> std::uint32_t;
auto get_gadget() const -> gadget_stack_t;
auto get_instruc() const -> ZydisDecodedInstruction;
instruction_info_t instruction;
gadget_stack_t gadget_stack;
};
// you can inherit "obfuscate" and add
// whatever code you want to each gadget...
//
// this is just an example of dynamic push/pop palandromes...
class mutation : public obfuscate
{
public:
explicit mutation(instruction_info_t info);
};
}