Code_Virtualizer/CodeVirtualizer/Obfuscator.cpp

#include "Obfuscator.h"


VOID ObfObfuscate1(POBFUSCATOR Obf, PNATIVE_CODE_BLOCK Block, ULONG Depth)
{
	if (Depth > Obf->MaxDepth)
		return;

	ULONG InstructionCount = NcCountInstructions(Block, FALSE);
	printf("Depth: %u, InstCount: %u\n", Depth, InstructionCount);
	if (InstructionCount <= Obf->MinSizeForOpaqueBranch)
	{
		for (PNATIVE_CODE_LINK T = Block->Start; T && T != Block->End->Next;)
		{
			if ((T->Flags & CODE_FLAG_IS_LABEL) || (T->Flags & CODE_FLAG_DO_NOT_DIVIDE) || (T->Flags & CODE_FLAG_IS_REL_JMP))
			{
				T = T->Next;
				continue;
			}

			PNATIVE_CODE_LINK RealNext = T->Next;

			if ((rand() % 100) <= Obf->InstructionMutateChance)
			{
				PNATIVE_CODE_BLOCK PreOp = JitEmitPreRipMov(T);
				PNATIVE_CODE_BLOCK PostOp = JitEmitPostRipMov(T);

				if (T->Prev)
					T->Prev->Next = PreOp->Start;
				PreOp->End->Next = T;
				

				NcInsertBlockBefore(T, PreOp, FALSE);
				NcInsertBlockAfter(T, PostOp, FALSE);

				if (Block->Start == T)
					Block->Start = PreOp->Start;
				if (Block->End == T)
					Block->End = PostOp->End;

				delete PreOp;
				delete PostOp;

				//for (ULONG i = 0; i < T->RawDataSize; i++)
				//	T->RawData[i] = (UCHAR)(rand() % 255);

				T->Flags |= CODE_FLAG_DO_NOT_DIVIDE;

			}

			T = RealNext;
		}
	}
	else
	{
		//ULONG TargetCount = max(Obf->MinSizeForOpaqueBranch, InstructionCount / ((Obf->Flags & OBF_ATTRIBUTE_RANDOMIZE_DIVISOR) ? (rand() % Obf->BlockDivisionFactor) : Obf->BlockDivisionFactor)); // max(Obf->MinBlockSize, InstructionCount / Obf->BlockDivisionFactor);
		ULONG TargetCount = (InstructionCount / ((Obf->Flags & OBF_ATTRIBUTE_RANDOMIZE_DIVISOR) ? (rand() % Obf->BlockDivisionFactor) : Obf->BlockDivisionFactor)); // max(Obf->MinBlockSize, InstructionCount / Obf->BlockDivisionFactor);
		ULONG CurrentCount = 0;
		PNATIVE_CODE_LINK NewBlockStart = Block->Start;
		for (PNATIVE_CODE_LINK T = Block->Start; T && T != Block->End->Next;)
		{
			if (T->Flags & CODE_FLAG_IS_LABEL)
			{
				T = T->Next;
				continue;
			}

			++CurrentCount;

			if (T->Flags & CODE_FLAG_DO_NOT_DIVIDE)
			{
				T = T->Next;
				continue;
			}

			if (CurrentCount >= TargetCount)
			{
				if (Depth >= Obf->MinDepthForRandomOpaqueBranch && (rand() % 100) <= Obf->OpaqueBranchChance && CurrentCount <= Obf->MinSizeForOpaqueBranch)
				{
					NATIVE_CODE_BLOCK NotTaken, Taken;
					ObfCreateOpaqueBranches(NewBlockStart, T, &NotTaken, &Taken);
					ObfObfuscate1(Obf, &NotTaken, Depth + 1);
					ObfObfuscate1(Obf, &Taken, Depth + 1);
					ObfCombineOpaqueBranches(&NotTaken, &Taken, NcGenUnusedLabelId(Obf->GlobalBlock), NcGenUnusedLabelId(Obf->GlobalBlock));
					ObfInsertOpaqueBranchBlock(NewBlockStart, T, &NotTaken);
					T = NotTaken.End;
				}
				else
				{
					NATIVE_CODE_BLOCK TempBlock;
					if (NcDeepCopyPartialBlock(NewBlockStart, T, &TempBlock))
					{
						ObfObfuscate1(Obf, &TempBlock, Depth + 1);
						ObfInsertOpaqueBranchBlock(NewBlockStart, T, &TempBlock);
					}
					T = TempBlock.End;
				}
				NewBlockStart = T->Next;
				CurrentCount = 0;
			}
			T = T->Next;
		}
		/*if (NewBlockStart && CurrentCount >= Obf->MinSizeForOpaqueBranch)
		{
			if (Depth >= Obf->MinDepthForRandomOpaqueBranch && (rand() % 100) <= Obf->OpaqueBranchChance && CurrentCount <= Obf->MinSizeForOpaqueBranch)
			{
				NATIVE_CODE_BLOCK NotTaken, Taken;
				ObfCreateOpaqueBranches(NewBlockStart, Block->End, &NotTaken, &Taken);
				ObfObfuscate1(Obf, &NotTaken, Depth + 1);
				ObfObfuscate1(Obf, &Taken, Depth + 1);
				ObfCombineOpaqueBranches(&NotTaken, &Taken, NcGenUnusedLabelId(Obf->GlobalBlock), NcGenUnusedLabelId(Obf->GlobalBlock));
				ObfInsertOpaqueBranchBlock(NewBlockStart, Block->End, &NotTaken);
			}
			else
			{
				NATIVE_CODE_BLOCK TempBlock;
				if (NcDeepCopyPartialBlock(NewBlockStart, Block->End, &TempBlock))
				{
					ObfObfuscate1(Obf, &TempBlock, Depth + 1);
					ObfInsertOpaqueBranchBlock(NewBlockStart, Block->End, &TempBlock);
				}
			}
		}*/
	}


}
more busywork 3 years ago			`#include "Obfuscator.h"`




finishing obfuscator 3 years ago			`VOID ObfObfuscate1(POBFUSCATOR Obf, PNATIVE_CODE_BLOCK Block, ULONG Depth)`
opaque branching done 3 years ago			`{`
fix 3 years ago			`if (Depth > Obf->MaxDepth)`
			`return;`

			`ULONG InstructionCount = NcCountInstructions(Block, FALSE);`
			`printf("Depth: %u, InstCount: %u\n", Depth, InstructionCount);`
finishing obfuscator 3 years ago			`if (InstructionCount <= Obf->MinSizeForOpaqueBranch)`
opaque branching done 3 years ago			`{`
finishing obfuscator 3 years ago			`for (PNATIVE_CODE_LINK T = Block->Start; T && T != Block->End->Next;)`
			`{`
			`if ((T->Flags & CODE_FLAG_IS_LABEL) \|\| (T->Flags & CODE_FLAG_DO_NOT_DIVIDE) \|\| (T->Flags & CODE_FLAG_IS_REL_JMP))`
			`{`
			`T = T->Next;`
			`continue;`
			`}`

			`PNATIVE_CODE_LINK RealNext = T->Next;`

			`if ((rand() % 100) <= Obf->InstructionMutateChance)`
			`{`
			`PNATIVE_CODE_BLOCK PreOp = JitEmitPreRipMov(T);`
			`PNATIVE_CODE_BLOCK PostOp = JitEmitPostRipMov(T);`

fix 3 years ago			`if (T->Prev)`
			`T->Prev->Next = PreOp->Start;`
			`PreOp->End->Next = T;`




finishing obfuscator 3 years ago			`NcInsertBlockBefore(T, PreOp, FALSE);`
			`NcInsertBlockAfter(T, PostOp, FALSE);`

			`if (Block->Start == T)`
			`Block->Start = PreOp->Start;`
			`if (Block->End == T)`
			`Block->End = PostOp->End;`

fix 3 years ago			`delete PreOp;`
			`delete PostOp;`

finishing obfuscator 3 years ago			`//for (ULONG i = 0; i < T->RawDataSize; i++)`
			`// T->RawData[i] = (UCHAR)(rand() % 255);`
more busywork 3 years ago
finishing obfuscator 3 years ago			`T->Flags \|= CODE_FLAG_DO_NOT_DIVIDE;`

			`}`

			`T = RealNext;`
			`}`
opaque branching done 3 years ago			`}`
			`else`
			`{`
fix 3 years ago			`//ULONG TargetCount = max(Obf->MinSizeForOpaqueBranch, InstructionCount / ((Obf->Flags & OBF_ATTRIBUTE_RANDOMIZE_DIVISOR) ? (rand() % Obf->BlockDivisionFactor) : Obf->BlockDivisionFactor)); // max(Obf->MinBlockSize, InstructionCount / Obf->BlockDivisionFactor);`
			`ULONG TargetCount = (InstructionCount / ((Obf->Flags & OBF_ATTRIBUTE_RANDOMIZE_DIVISOR) ? (rand() % Obf->BlockDivisionFactor) : Obf->BlockDivisionFactor)); // max(Obf->MinBlockSize, InstructionCount / Obf->BlockDivisionFactor);`
opaque branching done 3 years ago			`ULONG CurrentCount = 0;`
			`PNATIVE_CODE_LINK NewBlockStart = Block->Start;`
finished opauq branches wfwd 3 years ago			`for (PNATIVE_CODE_LINK T = Block->Start; T && T != Block->End->Next;)`
opaque branching done 3 years ago			`{`
			`if (T->Flags & CODE_FLAG_IS_LABEL)`
			`{`
			`T = T->Next;`
			`continue;`
			`}`

			`++CurrentCount;`
massive bug in generating jccs 3 years ago
finishing obfuscator 3 years ago			`if (T->Flags & CODE_FLAG_DO_NOT_DIVIDE)`
			`{`
			`T = T->Next;`
			`continue;`
			`}`

fix 3 years ago			`if (CurrentCount >= TargetCount)`
opaque branching done 3 years ago			`{`
fix 3 years ago			`if (Depth >= Obf->MinDepthForRandomOpaqueBranch && (rand() % 100) <= Obf->OpaqueBranchChance && CurrentCount <= Obf->MinSizeForOpaqueBranch)`
finishing obfuscator 3 years ago			`{`
			`NATIVE_CODE_BLOCK NotTaken, Taken;`
			`ObfCreateOpaqueBranches(NewBlockStart, T, &NotTaken, &Taken);`
			`ObfObfuscate1(Obf, &NotTaken, Depth + 1);`
			`ObfObfuscate1(Obf, &Taken, Depth + 1);`
			`ObfCombineOpaqueBranches(&NotTaken, &Taken, NcGenUnusedLabelId(Obf->GlobalBlock), NcGenUnusedLabelId(Obf->GlobalBlock));`
			`ObfInsertOpaqueBranchBlock(NewBlockStart, T, &NotTaken);`
			`T = NotTaken.End;`
			`}`
			`else`
			`{`
			`NATIVE_CODE_BLOCK TempBlock;`
			`if (NcDeepCopyPartialBlock(NewBlockStart, T, &TempBlock))`
			`{`
			`ObfObfuscate1(Obf, &TempBlock, Depth + 1);`
			`ObfInsertOpaqueBranchBlock(NewBlockStart, T, &TempBlock);`
			`}`
			`T = TempBlock.End;`
			`}`
opaque branching done 3 years ago			`NewBlockStart = T->Next;`
			`CurrentCount = 0;`
			`}`
			`T = T->Next;`
			`}`
fix 3 years ago			`/*if (NewBlockStart && CurrentCount >= Obf->MinSizeForOpaqueBranch)`
opaque branching done 3 years ago			`{`
fix 3 years ago			`if (Depth >= Obf->MinDepthForRandomOpaqueBranch && (rand() % 100) <= Obf->OpaqueBranchChance && CurrentCount <= Obf->MinSizeForOpaqueBranch)`
			`{`
			`NATIVE_CODE_BLOCK NotTaken, Taken;`
			`ObfCreateOpaqueBranches(NewBlockStart, Block->End, &NotTaken, &Taken);`
			`ObfObfuscate1(Obf, &NotTaken, Depth + 1);`
			`ObfObfuscate1(Obf, &Taken, Depth + 1);`
			`ObfCombineOpaqueBranches(&NotTaken, &Taken, NcGenUnusedLabelId(Obf->GlobalBlock), NcGenUnusedLabelId(Obf->GlobalBlock));`
			`ObfInsertOpaqueBranchBlock(NewBlockStart, Block->End, &NotTaken);`
			`}`
			`else`
			`{`
			`NATIVE_CODE_BLOCK TempBlock;`
			`if (NcDeepCopyPartialBlock(NewBlockStart, Block->End, &TempBlock))`
			`{`
			`ObfObfuscate1(Obf, &TempBlock, Depth + 1);`
			`ObfInsertOpaqueBranchBlock(NewBlockStart, Block->End, &TempBlock);`
			`}`
			`}`
			`}*/`
opaque branching done 3 years ago			`}`

finishing obfuscator 3 years ago



opaque branching done 3 years ago			`}`
more busywork 3 years ago