Code_Virtualizer/CodeVirtualizer/Main.cpp


#include <Windows.h>
#include <stdio.h>


#include "NativeCode.h"
#include "RipXorInst.h"
#include "RipMovInst.h"
#include "OpaqueBranching.h"
#include "Jit.h"


PVOID MakeExecutableBuffer(PVOID Buffer, ULONG BufferSize)
{
	PVOID ExecBuffer = VirtualAlloc(nullptr, BufferSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
	if (!ExecBuffer)
		return NULL;
	RtlCopyMemory(ExecBuffer, Buffer, BufferSize);
}

UCHAR TestBuffer[] = {
	0x48, 0x33, 0xC0,
	0x48, 0x33, 0xC0,
	0xEB, 0x0E,
	0x48, 0x33, 0xC0,
	0x48, 0x33, 0xC0,
	0x7E, 0x06,
	0x48, 0x33, 0xC0,
	0x48, 0x33, 0xC0,
	0x48, 0x33, 0xC0,
	0x48, 0x33, 0xC0,
	0xEB, 0xF8,
	0x50,
	0x48, 0xB8, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x0F,
	0x48, 0x87, 0x04, 0x24,
	0xC3,
};
ULONG TestBufferSize = sizeof(TestBuffer);

UCHAR meme1[] = { 0xb8, 0xde, 0xc0, 0xac, 0x0e };
UCHAR meme2[] = { 0xc3 };

int main()
{
	XedTablesInit();
	srand(time(NULL));


	NATIVE_CODE_BLOCK Block;
	NcDisassemble(&Block, TestBuffer, TestBufferSize);
	NATIVE_CODE_BLOCK NotTaken;
	NATIVE_CODE_BLOCK Taken;
	printf("\n\nOriginal\n");
	NcDebugPrint(&Block);
	ObfCreateOpaqueBranches(Block.Start->Next, Block.Start->Next->Next->Next->Next, &NotTaken, &Taken);
	//printf("\n\nNotTaken\n");
	//NcDebugPrint(&NotTaken);
	//printf("\n\nTaken\n");
	//NcDebugPrint(&Taken);
	//printf("\n\nCombined\n");
	ObfCombineOpaqueBranches(&NotTaken, &Taken, NcGenUnusedLabelId(&Block), NcGenUnusedLabelId(&Block));
	ObfInsertOpaqueBranchBlock(Block.Start->Next, Block.Start->Next->Next->Next->Next, &NotTaken);
	printf("\n\nNew\n");
	NcDebugPrint(&Block);


	//PNATIVE_CODE_LINK Return1776 = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, meme1, sizeof(meme1));
	//PNATIVE_CODE_LINK RetInst = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, meme2, sizeof(meme2));
	//PNATIVE_CODE_BLOCK Pre1 = JitEmitPreRipMov(Return1776);
	//PNATIVE_CODE_BLOCK Post1 = JitEmitPostRipMov(Return1776);
	//PNATIVE_CODE_BLOCK Pre2 = JitEmitPreRipMov(RetInst);
	//PNATIVE_CODE_BLOCK Post2 = JitEmitPostRipMov(RetInst);

	//NcAppendToBlock(Pre1, Return1776);
	//NcInsertBlockAfter(Pre1->End, Post1, 0);
	//Pre1->End = Post1->End;
	//NcInsertBlockAfter(Pre1->End, Pre2, 0);
	//Pre1->End = Pre2->End;
	//NcAppendToBlock(Pre1, RetInst);
	//NcInsertBlockAfter(Pre1->End, Post2, 0);
	//Pre1->End = Post2->End;

	///*Pre->Start = Return1776;
	//Pre->End = Return1776;*/

	//for (ULONG i = 0; i < Return1776->RawDataSize; i++)
	//	Return1776->RawData[i] = (UCHAR)rand();
	//for (ULONG i = 0; i < RetInst->RawDataSize; i++)
	//	RetInst->RawData[i] = (UCHAR)rand();


	//ULONG AsmLen;
	//PVOID Asm = NcAssemble(Pre1, &AsmLen);
	//PUCHAR Tb = (PUCHAR)Asm;
	//for (uint32_t i = 0; i < AsmLen; i++)
	//{
	//	std::cout << std::hex << std::setw(2) << std::setfill('0') << (int)Tb[i] << ' ';
	//}

	//system("pause");

	//typedef ULONG64(*FnGet1776)();
	//FnGet1776 ExecBuffer = (FnGet1776)MakeExecutableBuffer(Asm, AsmLen);
	//if (ExecBuffer)
	//{
	//	printf("The numba was: %X\n", ExecBuffer());
	//	printf("The numba was: %X\n", ExecBuffer());

	//	printf("The numba was: %X\n", ExecBuffer());

	//	printf("The numba was: %X\n", ExecBuffer());

	//}


	//NcDebugPrint(Post);


	/*NATIVE_CODE_BLOCK Block;
	NcDisassemble(&Block, TestBuffer, TestBufferSize);
	PNATIVE_CODE_LINK NewLink = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, meme1, sizeof(meme1));

	NcInsertLinkBefore(Block.End->Prev->Prev->Prev->Prev, NewLink);
	ULONG AssembledSize;
	PVOID AssembledBlock = NcAssemble(&Block, &AssembledSize);
	if (!AssembledBlock || !AssembledSize)
	{
		printf("Something failed nicka.\n");
		system("pause");
		return -1;
	}
	PUCHAR Tb = (PUCHAR)AssembledBlock;
	for (uint32_t i = 0; i < AssembledSize; i++)
	{
		std::cout << std::hex << std::setw(2) << std::setfill('0') << (int)Tb[i] << ' ';
	}
	*/


	//PNATIVE_CODE_BLOCK OpaqueBranch = ObfGenOpaqueBranch(Block.Start, Block.End);
	//NcDebugPrint(OpaqueBranch);


	/*NATIVE_CODE_LINK T;
	T.RawDataSize = 10;
	T.RawData = new UCHAR[10];
	memset(T.RawData, 0xAA, 10);
	JIT_BITWISE_DATA Data;
	RtlSecureZeroMemory(&Data, sizeof(JIT_BITWISE_DATA));
	PNATIVE_CODE_BLOCK NewBlock = JitEmitPreRipMov(&T);
	if (NewBlock)
	{
		printf("\n");
		NcDebugPrint(NewBlock);
		printf("\n");
		NcPrintBlockCode(NewBlock);
	}
	system("pause");*/
	
}
started native disassembler native disassembler started and project layout 3 years ago
			`#include <Windows.h>`
			`#include <stdio.h>`


			`#include "NativeCode.h"`
rip mov 3 years ago			`#include "RipXorInst.h"`
deal with flags for xoring instructions basically decide if we need to save and restore flags before xoring prior two and after the instruction executes. 3 years ago			`#include "RipMovInst.h"`
opaque branching done 3 years ago			`#include "OpaqueBranching.h"`
reformat jit 3 years ago			`#include "Jit.h"`
started native disassembler native disassembler started and project layout 3 years ago
assembler dwaf 3 years ago
			`PVOID MakeExecutableBuffer(PVOID Buffer, ULONG BufferSize)`
			`{`
			`PVOID ExecBuffer = VirtualAlloc(nullptr, BufferSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE);`
			`if (!ExecBuffer)`
			`return NULL;`
			`RtlCopyMemory(ExecBuffer, Buffer, BufferSize);`
			`}`

reformat jit 3 years ago			`UCHAR TestBuffer[] = {`
dwafwad 3 years ago			`0x48, 0x33, 0xC0,`
			`0x48, 0x33, 0xC0,`
			`0xEB, 0x0E,`
			`0x48, 0x33, 0xC0,`
			`0x48, 0x33, 0xC0,`
			`0x7E, 0x06,`
			`0x48, 0x33, 0xC0,`
			`0x48, 0x33, 0xC0,`
			`0x48, 0x33, 0xC0,`
			`0x48, 0x33, 0xC0,`
			`0xEB, 0xF8,`
			`0x50,`
			`0x48, 0xB8, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x0F,`
			`0x48, 0x87, 0x04, 0x24,`
			`0xC3,`
			`};`
			`ULONG TestBufferSize = sizeof(TestBuffer);`

fixed rip moving 3 years ago			`UCHAR meme1[] = { 0xb8, 0xde, 0xc0, 0xac, 0x0e };`
			`UCHAR meme2[] = { 0xc3 };`
assembler dwaf 3 years ago
started native disassembler native disassembler started and project layout 3 years ago			`int main()`
			`{`
opaque branches 3 years ago			`XedTablesInit();`
assembler dwaf 3 years ago			`srand(time(NULL));`

fixed rip moving 3 years ago
opque branches done 3 years ago			`NATIVE_CODE_BLOCK Block;`
			`NcDisassemble(&Block, TestBuffer, TestBufferSize);`
			`NATIVE_CODE_BLOCK NotTaken;`
			`NATIVE_CODE_BLOCK Taken;`
			`printf("\n\nOriginal\n");`
			`NcDebugPrint(&Block);`
			`ObfCreateOpaqueBranches(Block.Start->Next, Block.Start->Next->Next->Next->Next, &NotTaken, &Taken);`
			`//printf("\n\nNotTaken\n");`
			`//NcDebugPrint(&NotTaken);`
			`//printf("\n\nTaken\n");`
			`//NcDebugPrint(&Taken);`
			`//printf("\n\nCombined\n");`
			`ObfCombineOpaqueBranches(&NotTaken, &Taken, NcGenUnusedLabelId(&Block), NcGenUnusedLabelId(&Block));`
			`ObfInsertOpaqueBranchBlock(Block.Start->Next, Block.Start->Next->Next->Next->Next, &NotTaken);`
			`printf("\n\nNew\n");`
			`NcDebugPrint(&Block);`


			`//PNATIVE_CODE_LINK Return1776 = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, meme1, sizeof(meme1));`
			`//PNATIVE_CODE_LINK RetInst = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, meme2, sizeof(meme2));`
			`//PNATIVE_CODE_BLOCK Pre1 = JitEmitPreRipMov(Return1776);`
			`//PNATIVE_CODE_BLOCK Post1 = JitEmitPostRipMov(Return1776);`
			`//PNATIVE_CODE_BLOCK Pre2 = JitEmitPreRipMov(RetInst);`
			`//PNATIVE_CODE_BLOCK Post2 = JitEmitPostRipMov(RetInst);`

			`//NcAppendToBlock(Pre1, Return1776);`
			`//NcInsertBlockAfter(Pre1->End, Post1, 0);`
			`//Pre1->End = Post1->End;`
			`//NcInsertBlockAfter(Pre1->End, Pre2, 0);`
			`//Pre1->End = Pre2->End;`
			`//NcAppendToBlock(Pre1, RetInst);`
			`//NcInsertBlockAfter(Pre1->End, Post2, 0);`
			`//Pre1->End = Post2->End;`

			`///*Pre->Start = Return1776;`
			`//Pre->End = Return1776;*/`

			`//for (ULONG i = 0; i < Return1776->RawDataSize; i++)`
			`// Return1776->RawData[i] = (UCHAR)rand();`
			`//for (ULONG i = 0; i < RetInst->RawDataSize; i++)`
			`// RetInst->RawData[i] = (UCHAR)rand();`



			`//ULONG AsmLen;`
			`//PVOID Asm = NcAssemble(Pre1, &AsmLen);`
			`//PUCHAR Tb = (PUCHAR)Asm;`
			`//for (uint32_t i = 0; i < AsmLen; i++)`
			`//{`
			`// std::cout << std::hex << std::setw(2) << std::setfill('0') << (int)Tb[i] << ' ';`
			`//}`

			`//system("pause");`

			`//typedef ULONG64(*FnGet1776)();`
			`//FnGet1776 ExecBuffer = (FnGet1776)MakeExecutableBuffer(Asm, AsmLen);`
			`//if (ExecBuffer)`
			`//{`
			`// printf("The numba was: %X\n", ExecBuffer());`
			`// printf("The numba was: %X\n", ExecBuffer());`

			`// printf("The numba was: %X\n", ExecBuffer());`

			`// printf("The numba was: %X\n", ExecBuffer());`

			`//}`
fixed rip moving 3 years ago

			`//NcDebugPrint(Post);`



			`/*NATIVE_CODE_BLOCK Block;`
opaque branching done 3 years ago			`NcDisassemble(&Block, TestBuffer, TestBufferSize);`
assembler dwaf 3 years ago			`PNATIVE_CODE_LINK NewLink = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, meme1, sizeof(meme1));`

			`NcInsertLinkBefore(Block.End->Prev->Prev->Prev->Prev, NewLink);`
			`ULONG AssembledSize;`
			`PVOID AssembledBlock = NcAssemble(&Block, &AssembledSize);`
			`if (!AssembledBlock \|\| !AssembledSize)`
			`{`
			`printf("Something failed nicka.\n");`
			`system("pause");`
			`return -1;`
			`}`
			`PUCHAR Tb = (PUCHAR)AssembledBlock;`
			`for (uint32_t i = 0; i < AssembledSize; i++)`
			`{`
			`std::cout << std::hex << std::setw(2) << std::setfill('0') << (int)Tb[i] << ' ';`
			`}`
fixed rip moving 3 years ago			`*/`
opaque branches 3 years ago

assembler dwaf 3 years ago			`//PNATIVE_CODE_BLOCK OpaqueBranch = ObfGenOpaqueBranch(Block.Start, Block.End);`
			`//NcDebugPrint(OpaqueBranch);`
started native disassembler native disassembler started and project layout 3 years ago
assembler dwaf 3 years ago

			`/*NATIVE_CODE_LINK T;`
rip mov 3 years ago			`T.RawDataSize = 10;`
deal with flags for xoring instructions basically decide if we need to save and restore flags before xoring prior two and after the instruction executes. 3 years ago			`T.RawData = new UCHAR[10];`
			`memset(T.RawData, 0xAA, 10);`
reformat jit 3 years ago			`JIT_BITWISE_DATA Data;`
			`RtlSecureZeroMemory(&Data, sizeof(JIT_BITWISE_DATA));`
			`PNATIVE_CODE_BLOCK NewBlock = JitEmitPreRipMov(&T);`
xor xD xor instructions before and after they execute 3 years ago			`if (NewBlock)`
			`{`
			`printf("\n");`
			`NcDebugPrint(NewBlock);`
			`printf("\n");`
			`NcPrintBlockCode(NewBlock);`
reformat jit 3 years ago			`}`
assembler dwaf 3 years ago			`system("pause");*/`
started native disassembler native disassembler started and project layout 3 years ago
			`}`