Iizerd
/
Code_Virtualizer
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'f7b351fdb7'
${ noResults }
Code_Virtualizer/CodeVirtualizer/RipMovInst.cpp

174 lines
4.7 KiB
Raw Normal View History Unescape

rip mov
3 years ago
#include "RipMovInst.h"
BOOL ObfEmitRipRelativeMovD(PNATIVE_CODE_BLOCK Block, INT32 RipDelta, PUCHAR Data)
{
deal with flags for xoring instructions basically decide if we need to save and restore flags before xoring prior two and after the instruction executes.
3 years ago
UCHAR RawData[] = { 0xC7, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
rip mov
3 years ago
deal with flags for xoring instructions basically decide if we need to save and restore flags before xoring prior two and after the instruction executes.
3 years ago
PNATIVE_CODE_LINK Link = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, RawData, sizeof(RawData));
rip mov
3 years ago
*(PINT32)&Link->RawData[DWORD_MOV_INST_RIP_OFFSET] = RipDelta;
memcpy(&Link->RawData[DWORD_MOV_INST_MOV_OFFSET], Data, 4);
deal with flags for xoring instructions basically decide if we need to save and restore flags before xoring prior two and after the instruction executes.
3 years ago
printf("%p memes\n", Link);
opaque branches
3 years ago
XedDecode(&Link->XedInstruction, Link->RawData, Link->RawDataSize);
deal with flags for xoring instructions basically decide if we need to save and restore flags before xoring prior two and after the instruction executes.
3 years ago
NcAppendToBlock(Block, Link);
rip mov
3 years ago
return TRUE;
}
BOOL ObfEmitRipRelativeMovW(PNATIVE_CODE_BLOCK Block, INT32 RipDelta, PUCHAR Data)
{
deal with flags for xoring instructions basically decide if we need to save and restore flags before xoring prior two and after the instruction executes.
3 years ago
UCHAR RawData[] = { 0x66, 0xC7, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
rip mov
3 years ago
deal with flags for xoring instructions basically decide if we need to save and restore flags before xoring prior two and after the instruction executes.
3 years ago
PNATIVE_CODE_LINK Link = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, RawData, sizeof(RawData));
rip mov
3 years ago
*(PINT32)&Link->RawData[WORD_MOV_INST_RIP_OFFSET] = RipDelta;
memcpy(&Link->RawData[WORD_MOV_INST_MOV_OFFSET], Data, 2);
opaque branches
3 years ago
XedDecode(&Link->XedInstruction, Link->RawData, Link->RawDataSize);
deal with flags for xoring instructions basically decide if we need to save and restore flags before xoring prior two and after the instruction executes.
3 years ago
NcAppendToBlock(Block, Link);
rip mov
3 years ago
return TRUE;
}
BOOL ObfEmitRipRelativeMovB(PNATIVE_CODE_BLOCK Block, INT32 RipDelta, PUCHAR Data)
{
deal with flags for xoring instructions basically decide if we need to save and restore flags before xoring prior two and after the instruction executes.
3 years ago
UCHAR RawData[] = { 0xC6, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00 };
rip mov
3 years ago
deal with flags for xoring instructions basically decide if we need to save and restore flags before xoring prior two and after the instruction executes.
3 years ago
PNATIVE_CODE_LINK Link = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, RawData, sizeof(RawData));
rip mov
3 years ago
*(PINT32)&Link->RawData[BYTE_MOV_INST_RIP_OFFSET] = RipDelta;
Link->RawData[BYTE_MOV_INST_MOV_OFFSET] = *Data;
opaque branches
3 years ago
XedDecode(&Link->XedInstruction, Link->RawData, Link->RawDataSize);
deal with flags for xoring instructions basically decide if we need to save and restore flags before xoring prior two and after the instruction executes.
3 years ago
NcAppendToBlock(Block, Link);
rip mov
3 years ago
return TRUE;
}
optional delta
3 years ago
PNATIVE_CODE_BLOCK ObfEmitPreMovForInst(PNATIVE_CODE_LINK Link, INT32 DeltaToInst)
rip mov
3 years ago
{
ULONG FourByte = Link->RawDataSize / 4;
ULONG TwoByte = (Link->RawDataSize - (FourByte * 4)) / 2;
ULONG OneByte = (Link->RawDataSize - (FourByte * 4) - (TwoByte * 2));
PNATIVE_CODE_BLOCK Block = new NATIVE_CODE_BLOCK;
Block->Start = Block->End = new NATIVE_CODE_LINK;
PUCHAR DataOffset = Link->RawData;
ULONG Count = FourByte;
while (Count)
{
//Account for remaining MOVs
INT32 RipDelta = (((Count - 1) * DWORD_MOV_INST_LENGTH) + (TwoByte * WORD_MOV_INST_LENGTH) + (OneByte * BYTE_MOV_INST_LENGTH));
//Account for already MOVd instructions
RipDelta += ((FourByte - Count) * 4);
optional delta
3 years ago
RipDelta += DeltaToInst;
rip mov
3 years ago
//Add the actual instruction
deal with flags for xoring instructions basically decide if we need to save and restore flags before xoring prior two and after the instruction executes.
3 years ago
printf("%p IS THE DATAOFFSET\n", DataOffset);
system("pause");
rip mov
3 years ago
if (!ObfEmitRipRelativeMovD(Block, RipDelta, DataOffset))
{
lol, forgot that needa actually copy the instruction
3 years ago
NcDeleteBlock(Block);
rip mov
3 years ago
delete Block;
return NULL;
}
DataOffset += 4;
--Count;
}
if (TwoByte)
{
INT32 RipDelta = (OneByte * BYTE_MOV_INST_LENGTH);
RipDelta += (FourByte * 4);
optional delta
3 years ago
RipDelta += DeltaToInst;
rip mov
3 years ago
if (!ObfEmitRipRelativeMovW(Block, RipDelta, DataOffset))
{
lol, forgot that needa actually copy the instruction
3 years ago
NcDeleteBlock(Block);
rip mov
3 years ago
delete Block;
return NULL;
}
DataOffset += 2;
}
if (OneByte)
{
INT32 RipDelta = 0;
RipDelta += (FourByte * 4) + (TwoByte * 2);
optional delta
3 years ago
RipDelta += DeltaToInst;
rip mov
3 years ago
if (!ObfEmitRipRelativeMovB(Block, RipDelta, DataOffset))
{
lol, forgot that needa actually copy the instruction
3 years ago
NcDeleteBlock(Block);
rip mov
3 years ago
delete Block;
return NULL;
}
}
PNATIVE_CODE_LINK StartLink = Block->Start;
Block->Start = Block->Start->Next;
if (Block->Start)
Block->Start->Prev = NULL;
delete StartLink;
return Block;
}
optional delta
3 years ago
PNATIVE_CODE_BLOCK ObfEmitPostMovForInst(PNATIVE_CODE_LINK Link, INT32 DeltaToInst)
rip mov
3 years ago
{
ULONG FourByte = Link->RawDataSize / 4;
ULONG TwoByte = (Link->RawDataSize - (FourByte * 4)) / 2;
ULONG OneByte = (Link->RawDataSize - (FourByte * 4) - (TwoByte * 2));
PNATIVE_CODE_BLOCK Block = new NATIVE_CODE_BLOCK;
Block->Start = Block->End = new NATIVE_CODE_LINK;
ULONG ZeroValue = 0;
ULONG Count = FourByte;
while (Count)
{
INT32 RipDelta = Link->RawDataSize - ((FourByte - Count) * 4);
RipDelta += (FourByte - (Count - 1)) * DWORD_MOV_INST_LENGTH;
RipDelta *= (-1);
optional delta
3 years ago
RipDelta += DeltaToInst;
rip mov
3 years ago
if (!ObfEmitRipRelativeMovD(Block, RipDelta, (PUCHAR)&ZeroValue))
{
lol, forgot that needa actually copy the instruction
3 years ago
NcDeleteBlock(Block);
rip mov
3 years ago
delete Block;
return NULL;
}
--Count;
}
if (TwoByte)
{
INT32 RipDelta = Link->RawDataSize - (FourByte * 4);
RipDelta += (FourByte * DWORD_MOV_INST_LENGTH);
RipDelta += WORD_MOV_INST_LENGTH;
RipDelta *= (-1);
optional delta
3 years ago
RipDelta += DeltaToInst;
rip mov
3 years ago
if (!ObfEmitRipRelativeMovW(Block, RipDelta, (PUCHAR)&ZeroValue))
{
lol, forgot that needa actually copy the instruction
3 years ago
NcDeleteBlock(Block);
rip mov
3 years ago
delete Block;
return NULL;
}
}
if (OneByte)
{
INT32 RipDelta = Link->RawDataSize - (FourByte * 4) - (TwoByte * 2);
RipDelta += (FourByte * DWORD_MOV_INST_LENGTH);
RipDelta += WORD_MOV_INST_LENGTH;
RipDelta += BYTE_MOV_INST_LENGTH;
RipDelta *= (-1);
optional delta
3 years ago
RipDelta += DeltaToInst;
rip mov
3 years ago
if (!ObfEmitRipRelativeMovB(Block, RipDelta, (PUCHAR)&ZeroValue))
{
lol, forgot that needa actually copy the instruction
3 years ago
NcDeleteBlock(Block);
rip mov
3 years ago
delete Block;
return NULL;
}
}
PNATIVE_CODE_LINK StartLink = Block->Start;
Block->Start = Block->Start->Next;
if (Block->Start)
Block->Start->Prev = NULL;
delete StartLink;
return Block;
optional delta
3 years ago
}