|
|
|
|
|
|
|
#include <Windows.h>
|
|
|
|
#include <stdio.h>
|
|
|
|
|
|
|
|
|
|
|
|
#include "NativeCode.h"
|
|
|
|
#include "RipXorInst.h"
|
|
|
|
#include "RipMovInst.h"
|
|
|
|
|
|
|
|
UCHAR TestBuffer[]{
|
|
|
|
0x48, 0x33, 0xC0,
|
|
|
|
0x48, 0x33, 0xC0,
|
|
|
|
0xEB, 0x0E,
|
|
|
|
0x48, 0x33, 0xC0,
|
|
|
|
0x48, 0x33, 0xC0,
|
|
|
|
0x7E, 0x06,
|
|
|
|
0x48, 0x33, 0xC0,
|
|
|
|
0x48, 0x33, 0xC0,
|
|
|
|
0x48, 0x33, 0xC0,
|
|
|
|
0x48, 0x33, 0xC0,
|
|
|
|
0xEB, 0xF8,
|
|
|
|
0x50,
|
|
|
|
0x48, 0xB8, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x0F,
|
|
|
|
0x48, 0x87, 0x04, 0x24,
|
|
|
|
0xC3,
|
|
|
|
};
|
|
|
|
ULONG TestBufferSize = sizeof(TestBuffer);
|
|
|
|
|
|
|
|
int main()
|
|
|
|
{
|
|
|
|
XedTablesInit();
|
|
|
|
xed_state_t state;
|
|
|
|
state.mmode = XED_MACHINE_MODE_LONG_64;
|
|
|
|
state.stack_addr_width = XED_ADDRESS_WIDTH_64b;
|
|
|
|
|
|
|
|
xed_encoder_instruction_t inst;
|
|
|
|
|
|
|
|
//xed_inst2(&inst, state, XED_ICLASS_ADD, 0, xed_reg(XED_REG_EAX),
|
|
|
|
// xed_mem_bd(XED_REG_EDX, xed_disp(0x11223344, 32), 32));
|
|
|
|
|
|
|
|
xed_inst1(&inst, state, XED_ICLASS_JLE, 32, xed_relbr(0x1776, 32));
|
|
|
|
|
|
|
|
xed_encoder_request_t request;
|
|
|
|
xed_encoder_request_zero_set_mode(&request, &state);
|
|
|
|
if (!xed_convert_to_encoder_request(&request, &inst))
|
|
|
|
{
|
|
|
|
printf("failed to convert instruction.\n");
|
|
|
|
system("pause");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
unsigned char storage[15];
|
|
|
|
unsigned int len;
|
|
|
|
|
|
|
|
xed_error_enum_t err = xed_encode(&request, storage, 15, &len);
|
|
|
|
if (err != XED_ERROR_NONE)
|
|
|
|
{
|
|
|
|
printf("XedEncode failed with error %s\n", XedErrorEnumToString(err));
|
|
|
|
system("pause");
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
printf("len: %u\n", len);
|
|
|
|
for (int i = 0; i < len; i++)
|
|
|
|
{
|
|
|
|
std::cout << std::setw(2) << std::setfill('0') << std::hex << (INT)storage[i] << ' ';
|
|
|
|
}
|
|
|
|
std::cout << '\n';
|
|
|
|
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
|
|
|
|
NATIVE_CODE_BLOCK Block;
|
|
|
|
|
|
|
|
XedTablesInit();
|
|
|
|
NcDisassemble(&Block, TestBuffer, TestBufferSize);
|
|
|
|
NcDebugPrint(&Block);
|
|
|
|
|
|
|
|
NATIVE_CODE_LINK T;
|
|
|
|
T.RawDataSize = 10;
|
|
|
|
T.RawData = new UCHAR[10];
|
|
|
|
memset(T.RawData, 0xAA, 10);
|
|
|
|
XOR_INST_DATA Data;
|
|
|
|
RtlSecureZeroMemory(&Data, sizeof(XOR_INST_DATA));
|
|
|
|
PNATIVE_CODE_BLOCK NewBlock = ObfEmitPreMovForInst(&T);
|
|
|
|
if (NewBlock)
|
|
|
|
{
|
|
|
|
printf("\n");
|
|
|
|
NcDebugPrint(NewBlock);
|
|
|
|
printf("\n");
|
|
|
|
NcPrintBlockCode(NewBlock);
|
|
|
|
}
|
|
|
|
//PNATIVE_CODE_LINK temp = new NATIVE_CODE_LINK("Hello");
|
|
|
|
system("pause");
|
|
|
|
|
|
|
|
}
|