|
|
|
#ifndef __RIP_XOR_INST_H
|
|
|
|
#define __RIP_XOR_INST_H
|
|
|
|
|
|
|
|
#include "Windas.h"
|
|
|
|
#include "XedWrap.h"
|
|
|
|
#include "NativeCode.h"
|
|
|
|
|
|
|
|
#define DWORD_XOR_INST_LENGTH 10
|
|
|
|
#define DWORD_XOR_INST_RIP_OFFSET 2
|
|
|
|
#define DWORD_XOR_INST_XOR_OFFSET 6
|
|
|
|
|
|
|
|
#define WORD_XOR_INST_LENGTH 9
|
|
|
|
#define WORD_XOR_INST_RIP_OFFSET 3
|
|
|
|
#define WORD_XOR_INST_XOR_OFFSET 7
|
|
|
|
|
|
|
|
#define BYTE_XOR_INST_LENGTH 7
|
|
|
|
#define BYTE_XOR_INST_RIP_OFFSET 2
|
|
|
|
#define BYTE_XOR_INST_XOR_OFFSET 6
|
|
|
|
|
|
|
|
|
|
|
|
typedef struct _XOR_INST_DATA
|
|
|
|
{
|
|
|
|
ULONG Data[5];
|
|
|
|
}XOR_INST_DATA, *PXOR_INST_DATA;
|
|
|
|
|
|
|
|
BOOL ObfEmitPushfqInst(PNATIVE_CODE_BLOCK Block);
|
|
|
|
|
|
|
|
BOOL ObfEmitPopfqInst(PNATIVE_CODE_BLOCK Block);
|
|
|
|
|
|
|
|
BOOL ObfEmitRipRelativeXorD(PNATIVE_CODE_BLOCK Block, INT32 RipDelta, ULONG Value);
|
|
|
|
|
|
|
|
BOOL ObfEmitRipRelativeXorW(PNATIVE_CODE_BLOCK Block, INT32 RipDelta, ULONG Value);
|
|
|
|
|
|
|
|
BOOL ObfEmitRipRelativeXorB(PNATIVE_CODE_BLOCK Block, INT32 RipDelta, ULONG Value);
|
|
|
|
|
|
|
|
VOID ObfXorInstBytes(PNATIVE_CODE_LINK Link, PXOR_INST_DATA XorData);
|
|
|
|
|
|
|
|
//Used to see if the PreXor needs to save the flags.
|
|
|
|
//If all flags are written to by the XORs are also written to by the target inst theres no point in saving flags
|
|
|
|
BOOL ObfDoesInstWriteToAllXorFlags(PNATIVE_CODE_LINK Link);
|
|
|
|
|
|
|
|
BOOL ObfAreXorFlagsClobberedBeforeUse(PNATIVE_CODE_LINK Link);
|
|
|
|
|
|
|
|
PNATIVE_CODE_BLOCK ObfEmitPreXorForInst(PNATIVE_CODE_LINK Link, PXOR_INST_DATA XorData, BOOL SaveFlags, INT32 DeltaToInst = 0);
|
|
|
|
|
|
|
|
PNATIVE_CODE_BLOCK ObfEmitPostXorForInst(PNATIVE_CODE_LINK Link, PXOR_INST_DATA XorData, BOOL SaveFlags, INT32 DeltaToInst = 0);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#endif
|