Iizerd
/
Code_Virtualizer
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

finishing obfuscator

Browse Source
main
James 3 years ago
parent 2689c7d30c
commit 0acd3b7030
10 changed files with 1907 additions and 1302 deletions
Show Stats Download Patch File Download Diff File

1
CodeVirtualizer/Code.h
Unescape View File

@ -6,5 +6,6 @@
#define CODE_FLAG_IS_INST (1<<2)
#define CODE_FLAG_DO_NOT_DIVIDE (1<<3)
#define CODE_FLAG_IS_OBFUSCATED (1<<4)
#define CODE_FLAG_IS_RIP_REL (1<<5) //Figure out how to deal with this...
#endif

4
CodeVirtualizer/Jit.cpp
Unescape View File

@ -8,7 +8,7 @@
BOOL JitEmitPushfqInst(PNATIVE_CODE_BLOCK Block)
{
UCHAR RawData[] = { 0x9C };
PNATIVE_CODE_LINK Link = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, RawData, 1);
PNATIVE_CODE_LINK Link = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST | CODE_FLAG_DO_NOT_DIVIDE, RawData, 1);
XedDecode(&Link->XedInstruction, Link->RawData, 1);
NcAppendToBlock(Block, Link);
return TRUE;
@ -17,7 +17,7 @@ BOOL JitEmitPushfqInst(PNATIVE_CODE_BLOCK Block)
BOOL JitEmitPopfqInst(PNATIVE_CODE_BLOCK Block)
{
UCHAR RawData[] = { 0x9D };
PNATIVE_CODE_LINK Link = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, RawData, 1);
PNATIVE_CODE_LINK Link = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST | CODE_FLAG_DO_NOT_DIVIDE, RawData, 1);
XedDecode(&Link->XedInstruction, Link->RawData, 1);
NcAppendToBlock(Block, Link);
return TRUE;

31
CodeVirtualizer/Main.cpp
Unescape View File

@ -96,12 +96,23 @@ int main()
NcDisassemble(&RetNumBlock, RetNumCode, sizeof(RetNumCode));
OBFUSCATOR Obf;
Obf.Flags = 0;
Obf.MinInstCount = 4;
Obf.MinSizeForOpaqueBranch = 1;
Obf.InstructionMutateChance = 0;
Obf.OpaqueBranchChance = 100;
Obf.MinDepthForRandomOpaqueBranch = 0;
Obf.GlobalBlock = &RetNumBlock;
ObfObfuscate(&Obf, &RetNumBlock);
ObfObfuscate(&Obf, &RetNumBlock);
Obf.MinInstCount = 30;
ObfObfuscate(&Obf, &RetNumBlock);
Obf.BlockDivisionFactor = 2;
Obf.InstructionMutateChance = 100;
ObfObfuscate1(&Obf, &RetNumBlock);
Obf.MinSizeForOpaqueBranch = 50;
Obf.InstructionMutateChance = 50;
ObfObfuscate1(&Obf, &RetNumBlock);
printf("Finished second pas.\n");
//Obf.MinSizeForOpaqueBranch = 200;
//ObfObfuscate1(&Obf, &RetNumBlock);
//Obf.MinSizeForOpaqueBranch = 30;
//ObfObfuscate(&Obf, &RetNumBlock);
ULONG AsmSize;
@ -112,10 +123,12 @@ int main()
system("pause");
return 1;
}
PutToFile(Asm, AsmSize);
system("pause");
PVOID Exec = MakeExecutableBuffer(Asm, AsmSize);
typedef ULONG64(*FnRetNum)(ULONG Num);
printf("\n\nObfuscated: %llu Original: %llu\n\n", ((FnRetNum)Exec)(1776), RetNum(1776));
PutToFile(Asm, AsmSize);
printf("\n\nSize: %u Obfuscated: %llu Original: %llu\n\n", NcCountInstructions(&RetNumBlock), ((FnRetNum)Exec)(1776), RetNum(1776));
system("pause");
@ -123,10 +136,10 @@ int main()
NcDisassemble(&Block, meme1, sizeof(meme1));
OBFUSCATOR Obf;
Obf.Flags = 0;
Obf.MinInstCount = 12;
Obf.MinSizeForOpaqueBranch = 12;
Obf.GlobalBlock = &Block;
ObfObfuscate(&Obf, &Block);
Obf.MinInstCount = 4;
Obf.MinSizeForOpaqueBranch = 4;
ObfObfuscate(&Obf, &Block);
NcDebugPrint(&Block);

31
CodeVirtualizer/NativeCode.cpp
Unescape View File

@ -401,20 +401,14 @@ BOOL NcFixRelJmps(PNATIVE_CODE_BLOCK Block)
{
INT32 BranchDisp = 0;
if (!NcGetDeltaToLabel(T, &BranchDisp))
{
printf("\n1\n");
return NULL;
}
return FALSE;
ULONG DispWidth = XedDecodedInstGetBranchDisplacementWidthBits(&T->XedInstruction);
if (log2(abs(BranchDisp)) + 1 > DispWidth)
{
//duh oh
if (DispWidth == 32)
{
printf("\n2\n");
return NULL;
}
return FALSE;
////Grow displacement width to required size
//DispWidth *= 2;
@ -423,10 +417,7 @@ BOOL NcFixRelJmps(PNATIVE_CODE_BLOCK Block)
//if (log2(abs(BranchDisp)) + 1 > DispWidth)
//{
// if (DispWidth == 32)
// {
// printf("\n3\n");
// return NULL;
// }
// return FALSE;
// //Grow once more if not already at 32
// DispWidth *= 2;
@ -448,17 +439,10 @@ BOOL NcFixRelJmps(PNATIVE_CODE_BLOCK Block)
XedInst1(&EncoderInstruction, MachineState, IClass, DispWidth, XedRelBr(0, DispWidth));
XedEncoderRequestZeroSetMode(&EncoderRequest, &MachineState);
if (!XedConvertToEncoderRequest(&EncoderRequest, &EncoderInstruction))
{
printf("\n4\n");
return NULL;
}
return FALSE;
XED_ERROR_ENUM Err = XedEncode(&EncoderRequest, EncodeBuffer, 15, &ReturnedSize);
if (XED_ERROR_NONE != Err)
{
printf("%s %s %u \n", XedErrorEnumToString(Err), XedIClassEnumToString(IClass), DispWidth);
printf("\n5\n");
return NULL;
}
return FALSE;
//fixup T->RawData
delete[] T->RawData;
@ -469,10 +453,7 @@ BOOL NcFixRelJmps(PNATIVE_CODE_BLOCK Block)
//Decode instruction so its proper and all that
XedDecodedInstZeroSetMode(&T->XedInstruction, &MachineState);
if (XED_ERROR_NONE != XedDecode(&T->XedInstruction, T->RawData, T->RawDataSize))
{
printf("\n6\n");
return NULL;
}
return FALSE;
//Go back to the start and loop through all labels again because now this instruction is larger :))))
T = Block->Start;

78
CodeVirtualizer/Obfuscator.cpp
Unescape View File

@ -3,16 +3,47 @@
VOID ObfObfuscate(POBFUSCATOR Obf, PNATIVE_CODE_BLOCK Block)
VOID ObfObfuscate1(POBFUSCATOR Obf, PNATIVE_CODE_BLOCK Block, ULONG Depth)
{
ULONG InstructionCount = NcCountInstructions(Block);
if (InstructionCount <= Obf->MinInstCount)
if (InstructionCount <= Obf->MinSizeForOpaqueBranch)
{
for (PNATIVE_CODE_LINK T = Block->Start; T && T != Block->End->Next;)
{
if ((T->Flags & CODE_FLAG_IS_LABEL) || (T->Flags & CODE_FLAG_DO_NOT_DIVIDE) || (T->Flags & CODE_FLAG_IS_REL_JMP))
{
T = T->Next;
continue;
}
PNATIVE_CODE_LINK RealNext = T->Next;
if ((rand() % 100) <= Obf->InstructionMutateChance)
{
PNATIVE_CODE_BLOCK PreOp = JitEmitPreRipMov(T);
PNATIVE_CODE_BLOCK PostOp = JitEmitPostRipMov(T);
NcInsertBlockBefore(T, PreOp, FALSE);
NcInsertBlockAfter(T, PostOp, FALSE);
if (Block->Start == T)
Block->Start = PreOp->Start;
if (Block->End == T)
Block->End = PostOp->End;
//for (ULONG i = 0; i < T->RawDataSize; i++)
// T->RawData[i] = (UCHAR)(rand() % 255);
T->Flags |= CODE_FLAG_DO_NOT_DIVIDE;
}
T = RealNext;
}
}
else
{
ULONG TargetCount = InstructionCount / 2;
ULONG TargetCount = max(Obf->MinSizeForOpaqueBranch, InstructionCount / ((Obf->Flags & OBF_ATTRIBUTE_RANDOMIZE_DIVISOR) ? (rand() % Obf->BlockDivisionFactor) : Obf->BlockDivisionFactor)); // max(Obf->MinBlockSize, InstructionCount / Obf->BlockDivisionFactor);
ULONG CurrentCount = 0;
PNATIVE_CODE_LINK NewBlockStart = Block->Start;
for (PNATIVE_CODE_LINK T = Block->Start; T && T != Block->End->Next;)
@ -25,15 +56,34 @@ VOID ObfObfuscate(POBFUSCATOR Obf, PNATIVE_CODE_BLOCK Block)
++CurrentCount;
if (T->Flags & CODE_FLAG_DO_NOT_DIVIDE)
{
T = T->Next;
continue;
}
if (CurrentCount == TargetCount)
{
NATIVE_CODE_BLOCK NotTaken, Taken;
ObfCreateOpaqueBranches(NewBlockStart, T, &NotTaken, &Taken);
ObfObfuscate(Obf, &NotTaken);
ObfObfuscate(Obf, &Taken);
ObfCombineOpaqueBranches(&NotTaken, &Taken, NcGenUnusedLabelId(Obf->GlobalBlock), NcGenUnusedLabelId(Obf->GlobalBlock));
ObfInsertOpaqueBranchBlock(NewBlockStart, T, &NotTaken);
T = NotTaken.End;
if (Depth >= Obf->MinDepthForRandomOpaqueBranch && (rand() % 100) <= Obf->OpaqueBranchChance)
{
NATIVE_CODE_BLOCK NotTaken, Taken;
ObfCreateOpaqueBranches(NewBlockStart, T, &NotTaken, &Taken);
ObfObfuscate1(Obf, &NotTaken, Depth + 1);
ObfObfuscate1(Obf, &Taken, Depth + 1);
ObfCombineOpaqueBranches(&NotTaken, &Taken, NcGenUnusedLabelId(Obf->GlobalBlock), NcGenUnusedLabelId(Obf->GlobalBlock));
ObfInsertOpaqueBranchBlock(NewBlockStart, T, &NotTaken);
T = NotTaken.End;
}
else
{
NATIVE_CODE_BLOCK TempBlock;
if (NcDeepCopyPartialBlock(NewBlockStart, T, &TempBlock))
{
ObfObfuscate1(Obf, &TempBlock, Depth + 1);
ObfInsertOpaqueBranchBlock(NewBlockStart, T, &TempBlock);
}
T = TempBlock.End;
}
NewBlockStart = T->Next;
CurrentCount = 0;
}
@ -43,12 +93,16 @@ VOID ObfObfuscate(POBFUSCATOR Obf, PNATIVE_CODE_BLOCK Block)
{
NATIVE_CODE_BLOCK NotTaken, Taken;
ObfCreateOpaqueBranches(NewBlockStart, Block->End, &NotTaken, &Taken);
ObfObfuscate(Obf, &NotTaken);
ObfObfuscate(Obf, &Taken);
ObfObfuscate1(Obf, &NotTaken, Depth + 1);
ObfObfuscate1(Obf, &Taken, Depth + 1);
ObfCombineOpaqueBranches(&NotTaken, &Taken, NcGenUnusedLabelId(Obf->GlobalBlock), NcGenUnusedLabelId(Obf->GlobalBlock));
ObfInsertOpaqueBranchBlock(NewBlockStart, Block->End, &NotTaken);
}
}
}

13
CodeVirtualizer/Obfuscator.h
Unescape View File

@ -10,15 +10,24 @@
#define OBF_ATTRIBUTE_JIT (1<<0)
#define OBF_ATTRIBUTE_OPAQUE_BRANCHES (1<<1)
#define OBF_ATTRIBUTE_RANDOMIZE_DIVISOR (1<<2)
typedef struct _OBFUSCATOR
{
ULONG MinInstCount;
ULONG MinDepthForRandomOpaqueBranch;
ULONG MinSizeForOpaqueBranch;
UCHAR OpaqueBranchChance;
UCHAR InstructionMutateChance;
UCHAR BlockDivisionFactor;
ULONG Flags;
PNATIVE_CODE_BLOCK GlobalBlock;
}OBFUSCATOR, *POBFUSCATOR;
BOOL ObfJitInst();
//Recursive obfuscation routine using opaque branches and jit
VOID ObfObfuscate(POBFUSCATOR Obf, PNATIVE_CODE_BLOCK Block);
VOID ObfObfuscate1(POBFUSCATOR Obf, PNATIVE_CODE_BLOCK Block, ULONG Depth = 0);
#endif

8
CodeVirtualizer/x64/Debug/Jit.cod
Unescape View File

@ -5930,7 +5930,7 @@ $LN6:
00047 c6 45 04 9d mov BYTE PTR RawData$[rbp], 157 ; 0000009dH
; 20 : PNATIVE_CODE_LINK Link = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, RawData, 1);
; 20 : PNATIVE_CODE_LINK Link = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST | CODE_FLAG_DO_NOT_DIVIDE, RawData, 1);
0004b b9 f0 00 00 00 mov ecx, 240 ; 000000f0H
00050 e8 00 00 00 00 call ??2@YAPEAX_K@Z ; operator new
@ -5944,7 +5944,7 @@ $LN6:
0006e 41 b9 01 00 00
00 mov r9d, 1
00074 4c 8d 45 04 lea r8, QWORD PTR RawData$[rbp]
00078 ba 04 00 00 00 mov edx, 4
00078 ba 0c 00 00 00 mov edx, 12
0007d 48 8b 8d 28 01
00 00 mov rcx, QWORD PTR $T5[rbp]
00084 e8 00 00 00 00 call ??0_NATIVE_CODE_LINK@@QEAA@KPEAXKH@Z ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK
@ -6099,7 +6099,7 @@ $LN6:
00047 c6 45 04 9c mov BYTE PTR RawData$[rbp], 156 ; 0000009cH
; 11 : PNATIVE_CODE_LINK Link = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, RawData, 1);
; 11 : PNATIVE_CODE_LINK Link = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST | CODE_FLAG_DO_NOT_DIVIDE, RawData, 1);
0004b b9 f0 00 00 00 mov ecx, 240 ; 000000f0H
00050 e8 00 00 00 00 call ??2@YAPEAX_K@Z ; operator new
@ -6113,7 +6113,7 @@ $LN6:
0006e 41 b9 01 00 00
00 mov r9d, 1
00074 4c 8d 45 04 lea r8, QWORD PTR RawData$[rbp]
00078 ba 04 00 00 00 mov edx, 4
00078 ba 0c 00 00 00 mov edx, 12
0007d 48 8b 8d 28 01
00 00 mov rcx, QWORD PTR $T5[rbp]
00084 e8 00 00 00 00 call ??0_NATIVE_CODE_LINK@@QEAA@KPEAXKH@Z ; _NATIVE_CODE_LINK::_NATIVE_CODE_LINK

547
CodeVirtualizer/x64/Debug/Main.cod
Unescape View File

@ -427,9 +427,10 @@ PUBLIC ??_7?$basic_filebuf@DU?$char_traits@D@std@@@std@@6B@ ; std::basic_filebuf
PUBLIC ??_7?$basic_ofstream@DU?$char_traits@D@std@@@std@@6B@ ; std::basic_ofstream<char,std::char_traits<char> >::`vftable'
PUBLIC ??_8?$basic_ofstream@DU?$char_traits@D@std@@@std@@7B@ ; std::basic_ofstream<char,std::char_traits<char> >::`vbtable'
PUBLIC ??_C@_0CJ@GEFBLICI@C?3?2Users?2Iizerd?2Desktop?2Leeg?5Ha@ ; `string'
PUBLIC ??_C@_0BG@KBAIGCC@Finished?5second?5pas?4?6@ ; `string'
PUBLIC ??_C@_0BE@GALOGKHF@failed?5to?5assemble?6@ ; `string'
PUBLIC ??_C@_05PDJBBECF@pause@ ; `string'
PUBLIC ??_C@_0CH@OKHDPAIH@?6?6Obfuscated?3?5?$CFllu?5?5?5?5Original?3@ ; `string'
PUBLIC ??_C@_0DC@MEGCPGB@?6?6Size?3?5?$CFu?5?5?5Obfuscated?3?5?$CFllu?5?5@ ; `string'
PUBLIC ??_C@_0N@LPFKKEBD@?3AM?3am?3PM?3pm@ ; `string'
PUBLIC ??_C@_0GI@GFIDMGHH@C?3?2Program?5Files?5?$CIx86?$CJ?2Microsof@ ; `string'
PUBLIC ??_C@_1NA@LKMCOJGD@?$AAC?$AA?3?$AA?2?$AAP?$AAr?$AAo?$AAg?$AAr?$AAa?$AAm?$AA?5?$AAF?$AAi?$AAl?$AAe@ ; `string'
@ -591,9 +592,10 @@ EXTRN __imp__time64:PROC
EXTRN ?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z:PROC ; std::setw
EXTRN xed_tables_init:PROC
EXTRN ??0_NATIVE_CODE_BLOCK@@QEAA@XZ:PROC ; _NATIVE_CODE_BLOCK::_NATIVE_CODE_BLOCK
EXTRN ?NcCountInstructions@@YAKPEAU_NATIVE_CODE_BLOCK@@@Z:PROC ; NcCountInstructions
EXTRN ?NcDisassemble@@YAHPEAU_NATIVE_CODE_BLOCK@@PEAXK@Z:PROC ; NcDisassemble
EXTRN ?NcAssemble@@YAPEAXPEAU_NATIVE_CODE_BLOCK@@PEAK@Z:PROC ; NcAssemble
EXTRN ?ObfObfuscate@@YAXPEAU_OBFUSCATOR@@PEAU_NATIVE_CODE_BLOCK@@@Z:PROC ; ObfObfuscate
EXTRN ?ObfObfuscate1@@YAXPEAU_OBFUSCATOR@@PEAU_NATIVE_CODE_BLOCK@@K@Z:PROC ; ObfObfuscate1
EXTRN ??_E?$basic_filebuf@DU?$char_traits@D@std@@@std@@UEAAPEAXI@Z:PROC ; std::basic_filebuf<char,std::char_traits<char> >::`vector deleting destructor'
EXTRN ??_E?$basic_ofstream@DU?$char_traits@D@std@@@std@@UEAAPEAXI@Z:PROC ; std::basic_ofstream<char,std::char_traits<char> >::`vector deleting destructor'
EXTRN RetNum:PROC
@ -1484,7 +1486,7 @@ pdata ENDS
; COMDAT pdata
pdata SEGMENT
$pdata$main DD imagerel $LN7
DD imagerel $LN7+461
DD imagerel $LN7+527
DD imagerel $unwind$main
pdata ENDS
; COMDAT pdata
@ -2259,10 +2261,11 @@ CONST ENDS
CONST SEGMENT
??_C@_0N@LPFKKEBD@?3AM?3am?3PM?3pm@ DB ':AM:am:PM:pm', 00H ; `string'
CONST ENDS
; COMDAT ??_C@_0CH@OKHDPAIH@?6?6Obfuscated?3?5?$CFllu?5?5?5?5Original?3@
; COMDAT ??_C@_0DC@MEGCPGB@?6?6Size?3?5?$CFu?5?5?5Obfuscated?3?5?$CFllu?5?5@
CONST SEGMENT
??_C@_0CH@OKHDPAIH@?6?6Obfuscated?3?5?$CFllu?5?5?5?5Original?3@ DB 0aH, 0aH
DB 'Obfuscated: %llu Original: %llu', 0aH, 0aH, 00H ; `string'
??_C@_0DC@MEGCPGB@?6?6Size?3?5?$CFu?5?5?5Obfuscated?3?5?$CFllu?5?5@ DB 0aH
DB 0aH, 'Size: %u Obfuscated: %llu Original: %llu', 0aH, 0aH
DB 00H ; `string'
CONST ENDS
; COMDAT ??_C@_05PDJBBECF@pause@
CONST SEGMENT
@ -2272,6 +2275,11 @@ CONST ENDS
CONST SEGMENT
??_C@_0BE@GALOGKHF@failed?5to?5assemble?6@ DB 'failed to assemble', 0aH, 00H ; `string'
CONST ENDS
; COMDAT ??_C@_0BG@KBAIGCC@Finished?5second?5pas?4?6@
CONST SEGMENT
??_C@_0BG@KBAIGCC@Finished?5second?5pas?4?6@ DB 'Finished second pas.', 0aH
DB 00H ; `string'
CONST ENDS
; COMDAT ??_C@_0CJ@GEFBLICI@C?3?2Users?2Iizerd?2Desktop?2Leeg?5Ha@
CONST SEGMENT
??_C@_0CJ@GEFBLICI@C?3?2Users?2Iizerd?2Desktop?2Leeg?5Ha@ DB 'C:\Users\Ii'
@ -3346,11 +3354,11 @@ $ip2state$main DB 0aH
DB 00H
DB 0b2H
DB 02H
DB 'y', 02H
DB 0f9H, 02H
DB 00H
DB '('
DB 02H
DB 011H, 02H
DB 099H, 02H
DB 00H
xdata ENDS
; COMDAT xdata
@ -3373,7 +3381,7 @@ $unwind$main DD 025052f19H
DD 05002H
DD imagerel __GSHandlerCheck_EH4
DD imagerel $cppxdata$main
DD 01f2H
DD 01faH
xdata ENDS
; COMDAT CONST
CONST SEGMENT
@ -3406,7 +3414,7 @@ main$rtcVarDesc DD 0a4H
DD 04H
DQ FLAT:main$rtcName$2
DD 078H
DD 010H
DD 018H
DQ FLAT:main$rtcName$1
DD 028H
DD 030H
@ -8739,10 +8747,11 @@ AsmSize$ = 132
Asm$ = 168
Exec$ = 200
$T6 = 420
tv134 = 440
tv128 = 448
tv132 = 456
__$ArrayPad$ = 464
tv143 = 440
tv132 = 448
tv141 = 456
tv139 = 464
__$ArrayPad$ = 472
main PROC ; COMDAT
; 90 : {
@ -8760,7 +8769,7 @@ $LN7:
0001e 48 8b 05 00 00
00 00 mov rax, QWORD PTR __security_cookie
00025 48 33 c5 xor rax, rbp
00028 48 89 85 d0 01
00028 48 89 85 d8 01
00 00 mov QWORD PTR __$ArrayPad$[rbp], rax
0002f 48 8d 0d 00 00
00 00 lea rcx, OFFSET FLAT:__4031338C_Main@cpp
@ -8798,282 +8807,328 @@ $LN7:
; 97 : OBFUSCATOR Obf;
; 98 : Obf.Flags = 0;
0006f c7 45 5c 00 00
00 00 mov DWORD PTR Obf$[rbp+4], 0
0006f c7 45 64 00 00
00 00 mov DWORD PTR Obf$[rbp+12], 0
; 99 : Obf.MinSizeForOpaqueBranch = 1;
00076 c7 45 5c 01 00
00 00 mov DWORD PTR Obf$[rbp+4], 1
; 100 : Obf.InstructionMutateChance = 0;
0007d c6 45 61 00 mov BYTE PTR Obf$[rbp+9], 0
; 101 : Obf.OpaqueBranchChance = 100;
00081 c6 45 60 64 mov BYTE PTR Obf$[rbp+8], 100 ; 00000064H
; 102 : Obf.MinDepthForRandomOpaqueBranch = 0;
00085 c7 45 58 00 00
00 00 mov DWORD PTR Obf$[rbp], 0
; 103 : Obf.GlobalBlock = &RetNumBlock;
; 99 : Obf.MinInstCount = 4;
0008c 48 8d 45 08 lea rax, QWORD PTR RetNumBlock$[rbp]
00090 48 89 45 68 mov QWORD PTR Obf$[rbp+16], rax
00076 c7 45 58 04 00
00 00 mov DWORD PTR Obf$[rbp], 4
; 104 : Obf.BlockDivisionFactor = 2;
; 100 : Obf.GlobalBlock = &RetNumBlock;
00094 c6 45 62 02 mov BYTE PTR Obf$[rbp+10], 2
0007d 48 8d 45 08 lea rax, QWORD PTR RetNumBlock$[rbp]
00081 48 89 45 60 mov QWORD PTR Obf$[rbp+8], rax
; 105 : Obf.InstructionMutateChance = 100;
; 101 : ObfObfuscate(&Obf, &RetNumBlock);
00098 c6 45 61 64 mov BYTE PTR Obf$[rbp+9], 100 ; 00000064H
00085 48 8d 55 08 lea rdx, QWORD PTR RetNumBlock$[rbp]
00089 48 8d 4d 58 lea rcx, QWORD PTR Obf$[rbp]
0008d e8 00 00 00 00 call ?ObfObfuscate@@YAXPEAU_OBFUSCATOR@@PEAU_NATIVE_CODE_BLOCK@@@Z ; ObfObfuscate
; 106 : ObfObfuscate1(&Obf, &RetNumBlock);
; 102 : ObfObfuscate(&Obf, &RetNumBlock);
0009c 45 33 c0 xor r8d, r8d
0009f 48 8d 55 08 lea rdx, QWORD PTR RetNumBlock$[rbp]
000a3 48 8d 4d 58 lea rcx, QWORD PTR Obf$[rbp]
000a7 e8 00 00 00 00 call ?ObfObfuscate1@@YAXPEAU_OBFUSCATOR@@PEAU_NATIVE_CODE_BLOCK@@K@Z ; ObfObfuscate1
00092 48 8d 55 08 lea rdx, QWORD PTR RetNumBlock$[rbp]
00096 48 8d 4d 58 lea rcx, QWORD PTR Obf$[rbp]
0009a e8 00 00 00 00 call ?ObfObfuscate@@YAXPEAU_OBFUSCATOR@@PEAU_NATIVE_CODE_BLOCK@@@Z ; ObfObfuscate
; 107 : Obf.MinSizeForOpaqueBranch = 50;
; 103 : Obf.MinInstCount = 30;
000ac c7 45 5c 32 00
00 00 mov DWORD PTR Obf$[rbp+4], 50 ; 00000032H
0009f c7 45 58 1e 00
00 00 mov DWORD PTR Obf$[rbp], 30
; 108 : Obf.InstructionMutateChance = 50;
; 104 : ObfObfuscate(&Obf, &RetNumBlock);
000b3 c6 45 61 32 mov BYTE PTR Obf$[rbp+9], 50 ; 00000032H
000a6 48 8d 55 08 lea rdx, QWORD PTR RetNumBlock$[rbp]
000aa 48 8d 4d 58 lea rcx, QWORD PTR Obf$[rbp]
000ae e8 00 00 00 00 call ?ObfObfuscate@@YAXPEAU_OBFUSCATOR@@PEAU_NATIVE_CODE_BLOCK@@@Z ; ObfObfuscate
; 109 : ObfObfuscate1(&Obf, &RetNumBlock);
; 105 :
; 106 :
; 107 : ULONG AsmSize;
; 108 : PVOID Asm = NcAssemble(&RetNumBlock, &AsmSize);
000b7 45 33 c0 xor r8d, r8d
000ba 48 8d 55 08 lea rdx, QWORD PTR RetNumBlock$[rbp]
000be 48 8d 4d 58 lea rcx, QWORD PTR Obf$[rbp]
000c2 e8 00 00 00 00 call ?ObfObfuscate1@@YAXPEAU_OBFUSCATOR@@PEAU_NATIVE_CODE_BLOCK@@K@Z ; ObfObfuscate1
000b3 48 8d 95 84 00
; 110 :
; 111 : printf("Finished second pas.\n");
000c7 48 8d 0d 00 00
00 00 lea rcx, OFFSET FLAT:??_C@_0BG@KBAIGCC@Finished?5second?5pas?4?6@
000ce e8 00 00 00 00 call printf
; 112 : //Obf.MinSizeForOpaqueBranch = 200;
; 113 : //ObfObfuscate1(&Obf, &RetNumBlock);
; 114 : //Obf.MinSizeForOpaqueBranch = 30;
; 115 : //ObfObfuscate(&Obf, &RetNumBlock);
; 116 :
; 117 :
; 118 : ULONG AsmSize;
; 119 : PVOID Asm = NcAssemble(&RetNumBlock, &AsmSize);
000d3 48 8d 95 84 00
00 00 lea rdx, QWORD PTR AsmSize$[rbp]
000ba 48 8d 4d 08 lea rcx, QWORD PTR RetNumBlock$[rbp]
000be e8 00 00 00 00 call ?NcAssemble@@YAPEAXPEAU_NATIVE_CODE_BLOCK@@PEAK@Z ; NcAssemble
000c3 48 89 85 a8 00
000da 48 8d 4d 08 lea rcx, QWORD PTR RetNumBlock$[rbp]
000de e8 00 00 00 00 call ?NcAssemble@@YAPEAXPEAU_NATIVE_CODE_BLOCK@@PEAK@Z ; NcAssemble
000e3 48 89 85 a8 00
00 00 mov QWORD PTR Asm$[rbp], rax
; 109 : if (!Asm)
; 120 : if (!Asm)
000ca 48 83 bd a8 00
000ea 48 83 bd a8 00
00 00 00 cmp QWORD PTR Asm$[rbp], 0
000d2 75 37 jne SHORT $LN2@main
000f2 75 37 jne SHORT $LN2@main
; 110 : {
; 111 : printf("failed to assemble\n");
; 121 : {
; 122 : printf("failed to assemble\n");
000d4 48 8d 0d 00 00
000f4 48 8d 0d 00 00
00 00 lea rcx, OFFSET FLAT:??_C@_0BE@GALOGKHF@failed?5to?5assemble?6@
000db e8 00 00 00 00 call printf
000fb e8 00 00 00 00 call printf
; 112 : system("pause");
; 123 : system("pause");
000e0 48 8d 0d 00 00
00100 48 8d 0d 00 00
00 00 lea rcx, OFFSET FLAT:??_C@_05PDJBBECF@pause@
000e7 ff 15 00 00 00
00107 ff 15 00 00 00
00 call QWORD PTR __imp_system
; 113 : return 1;
; 124 : return 1;
000ed c7 85 a4 01 00
0010d c7 85 a4 01 00
00 01 00 00 00 mov DWORD PTR $T6[rbp], 1
000f7 48 8d 4d 08 lea rcx, QWORD PTR RetNumBlock$[rbp]
000fb e8 00 00 00 00 call ??1_NATIVE_CODE_BLOCK@@QEAA@XZ
00100 8b 85 a4 01 00
00117 48 8d 4d 08 lea rcx, QWORD PTR RetNumBlock$[rbp]
0011b e8 00 00 00 00 call ??1_NATIVE_CODE_BLOCK@@QEAA@XZ
00120 8b 85 a4 01 00
00 mov eax, DWORD PTR $T6[rbp]
00106 e9 93 00 00 00 jmp $LN5@main
00126 e9 b5 00 00 00 jmp $LN5@main
$LN2@main:
; 114 : }
; 115 : PVOID Exec = MakeExecutableBuffer(Asm, AsmSize);
; 125 : }
; 126 : PutToFile(Asm, AsmSize);
0010b 8b 95 84 00 00
0012b 8b 95 84 00 00
00 mov edx, DWORD PTR AsmSize$[rbp]
00111 48 8b 8d a8 00
00131 48 8b 8d a8 00
00 00 mov rcx, QWORD PTR Asm$[rbp]
00118 e8 00 00 00 00 call ?MakeExecutableBuffer@@YAPEAXPEAXK@Z ; MakeExecutableBuffer
0011d 48 89 85 c8 00
00 00 mov QWORD PTR Exec$[rbp], rax
00138 e8 00 00 00 00 call ?PutToFile@@YAXPEAXK@Z ; PutToFile
; 116 : typedef ULONG64(*FnRetNum)(ULONG Num);
; 117 : printf("\n\nObfuscated: %llu Original: %llu\n\n", ((FnRetNum)Exec)(1776), RetNum(1776));
; 127 : system("pause");
00124 b9 f0 06 00 00 mov ecx, 1776 ; 000006f0H
00129 e8 00 00 00 00 call RetNum
0012e 48 89 85 b8 01
00 00 mov QWORD PTR tv134[rbp], rax
00135 48 8b 85 c8 00
00 00 mov rax, QWORD PTR Exec$[rbp]
0013c 48 89 85 c0 01
00 00 mov QWORD PTR tv128[rbp], rax
00143 b9 f0 06 00 00 mov ecx, 1776 ; 000006f0H
00148 ff 95 c0 01 00
00 call QWORD PTR tv128[rbp]
0014e 48 89 85 c8 01
00 00 mov QWORD PTR tv132[rbp], rax
00155 4c 8b 85 b8 01
00 00 mov r8, QWORD PTR tv134[rbp]
0015c 48 8b 95 c8 01
00 00 mov rdx, QWORD PTR tv132[rbp]
00163 48 8d 0d 00 00
00 00 lea rcx, OFFSET FLAT:??_C@_0CH@OKHDPAIH@?6?6Obfuscated?3?5?$CFllu?5?5?5?5Original?3@
0016a e8 00 00 00 00 call printf
0013d 48 8d 0d 00 00
00 00 lea rcx, OFFSET FLAT:??_C@_05PDJBBECF@pause@
00144 ff 15 00 00 00
00 call QWORD PTR __imp_system
; 118 : PutToFile(Asm, AsmSize);
; 128 :
; 129 : PVOID Exec = MakeExecutableBuffer(Asm, AsmSize);
0016f 8b 95 84 00 00
0014a 8b 95 84 00 00
00 mov edx, DWORD PTR AsmSize$[rbp]
00175 48 8b 8d a8 00
00150 48 8b 8d a8 00
00 00 mov rcx, QWORD PTR Asm$[rbp]
0017c e8 00 00 00 00 call ?PutToFile@@YAXPEAXK@Z ; PutToFile
00157 e8 00 00 00 00 call ?MakeExecutableBuffer@@YAPEAXPEAXK@Z ; MakeExecutableBuffer
0015c 48 89 85 c8 00
00 00 mov QWORD PTR Exec$[rbp], rax
; 119 : system("pause");
; 130 : typedef ULONG64(*FnRetNum)(ULONG Num);
; 131 : printf("\n\nSize: %u Obfuscated: %llu Original: %llu\n\n", NcCountInstructions(&RetNumBlock), ((FnRetNum)Exec)(1776), RetNum(1776));
00181 48 8d 0d 00 00
00163 b9 f0 06 00 00 mov ecx, 1776 ; 000006f0H
00168 e8 00 00 00 00 call RetNum
0016d 48 89 85 b8 01
00 00 mov QWORD PTR tv143[rbp], rax
00174 48 8b 85 c8 00
00 00 mov rax, QWORD PTR Exec$[rbp]
0017b 48 89 85 c0 01
00 00 mov QWORD PTR tv132[rbp], rax
00182 b9 f0 06 00 00 mov ecx, 1776 ; 000006f0H
00187 ff 95 c0 01 00
00 call QWORD PTR tv132[rbp]
0018d 48 89 85 c8 01
00 00 mov QWORD PTR tv141[rbp], rax
00194 48 8d 4d 08 lea rcx, QWORD PTR RetNumBlock$[rbp]
00198 e8 00 00 00 00 call ?NcCountInstructions@@YAKPEAU_NATIVE_CODE_BLOCK@@@Z ; NcCountInstructions
0019d 89 85 d0 01 00
00 mov DWORD PTR tv139[rbp], eax
001a3 4c 8b 8d b8 01
00 00 mov r9, QWORD PTR tv143[rbp]
001aa 4c 8b 85 c8 01
00 00 mov r8, QWORD PTR tv141[rbp]
001b1 8b 95 d0 01 00
00 mov edx, DWORD PTR tv139[rbp]
001b7 48 8d 0d 00 00
00 00 lea rcx, OFFSET FLAT:??_C@_0DC@MEGCPGB@?6?6Size?3?5?$CFu?5?5?5Obfuscated?3?5?$CFllu?5?5@
001be e8 00 00 00 00 call printf
; 132 : system("pause");
001c3 48 8d 0d 00 00
00 00 lea rcx, OFFSET FLAT:??_C@_05PDJBBECF@pause@
00188 ff 15 00 00 00
001ca ff 15 00 00 00
00 call QWORD PTR __imp_system
0018e 90 npad 1
; 120 :
; 121 :
; 122 : /*NATIVE_CODE_BLOCK Block;
; 123 : NcDisassemble(&Block, meme1, sizeof(meme1));
; 124 : OBFUSCATOR Obf;
; 125 : Obf.Flags = 0;
; 126 : Obf.MinInstCount = 12;
; 127 : Obf.GlobalBlock = &Block;
; 128 : ObfObfuscate(&Obf, &Block);
; 129 : Obf.MinInstCount = 4;
; 130 : ObfObfuscate(&Obf, &Block);
; 131 : NcDebugPrint(&Block);
; 132 :
; 133 : ULONG ByteSize = NcCalcBlockSizeInBytes(&Block);
; 134 : ULONG InstSize = NcCountInstructions(&Block);
; 135 :
; 136 : printf("Bytes: %u, Insts: %u, FlagsMeme: %u.\n", ByteSize, InstSize, Obf.Flags);
; 137 :
; 138 : ULONG AsmSize;
; 139 : PVOID Asm = NcAssemble(&Block, &AsmSize);
; 140 : PVOID Exec = MakeExecutableBuffer(Asm, AsmSize);
; 141 : typedef ULONG(*FnGetFour)();
; 142 : printf("numba is: %u size is %u\n\n", ((FnGetFour)Exec)(), AsmSize);
; 143 : PutToFile(Asm, AsmSize);*/
; 144 :
001d0 90 npad 1
; 133 :
; 134 :
; 135 : /*NATIVE_CODE_BLOCK Block;
; 136 : NcDisassemble(&Block, meme1, sizeof(meme1));
; 137 : OBFUSCATOR Obf;
; 138 : Obf.Flags = 0;
; 139 : Obf.MinSizeForOpaqueBranch = 12;
; 140 : Obf.GlobalBlock = &Block;
; 141 : ObfObfuscate(&Obf, &Block);
; 142 : Obf.MinSizeForOpaqueBranch = 4;
; 143 : ObfObfuscate(&Obf, &Block);
; 144 : NcDebugPrint(&Block);
; 145 :
; 146 : //PNATIVE_CODE_LINK Return1776 = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, meme1, sizeof(meme1));
; 147 : //PNATIVE_CODE_LINK RetInst = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, meme2, sizeof(meme2));
; 148 : //PNATIVE_CODE_BLOCK Pre1 = JitEmitPreRipMov(Return1776);
; 149 : //PNATIVE_CODE_BLOCK Post1 = JitEmitPostRipMov(Return1776);
; 150 : //PNATIVE_CODE_BLOCK Pre2 = JitEmitPreRipMov(RetInst);
; 151 : //PNATIVE_CODE_BLOCK Post2 = JitEmitPostRipMov(RetInst);
; 152 :
; 153 : //NcAppendToBlock(Pre1, Return1776);
; 154 : //NcInsertBlockAfter(Pre1->End, Post1, 0);
; 155 : //Pre1->End = Post1->End;
; 156 : //NcInsertBlockAfter(Pre1->End, Pre2, 0);
; 157 : //Pre1->End = Pre2->End;
; 158 : //NcAppendToBlock(Pre1, RetInst);
; 159 : //NcInsertBlockAfter(Pre1->End, Post2, 0);
; 160 : //Pre1->End = Post2->End;
; 161 :
; 162 : ///*Pre->Start = Return1776;
; 163 : //Pre->End = Return1776;*/
; 164 :
; 165 : //for (ULONG i = 0; i < Return1776->RawDataSize; i++)
; 166 : // Return1776->RawData[i] = (UCHAR)rand();
; 167 : //for (ULONG i = 0; i < RetInst->RawDataSize; i++)
; 168 : // RetInst->RawData[i] = (UCHAR)rand();
; 169 :
; 170 :
; 171 :
; 172 : //ULONG AsmLen;
; 173 : //PVOID Asm = NcAssemble(Pre1, &AsmLen);
; 174 : //PUCHAR Tb = (PUCHAR)Asm;
; 175 : //for (uint32_t i = 0; i < AsmLen; i++)
; 176 : //{
; 177 : // std::cout << std::hex << std::setw(2) << std::setfill('0') << (int)Tb[i] << ' ';
; 178 : //}
; 179 :
; 180 : //system("pause");
; 181 :
; 182 : //typedef ULONG64(*FnGet1776)();
; 183 : //FnGet1776 ExecBuffer = (FnGet1776)MakeExecutableBuffer(Asm, AsmLen);
; 184 : //if (ExecBuffer)
; 185 : //{
; 186 : // printf("The numba was: %X\n", ExecBuffer());
; 187 : // printf("The numba was: %X\n", ExecBuffer());
; 188 :
; 189 : // printf("The numba was: %X\n", ExecBuffer());
; 190 :
; 191 : // printf("The numba was: %X\n", ExecBuffer());
; 146 : ULONG ByteSize = NcCalcBlockSizeInBytes(&Block);
; 147 : ULONG InstSize = NcCountInstructions(&Block);
; 148 :
; 149 : printf("Bytes: %u, Insts: %u, FlagsMeme: %u.\n", ByteSize, InstSize, Obf.Flags);
; 150 :
; 151 : ULONG AsmSize;
; 152 : PVOID Asm = NcAssemble(&Block, &AsmSize);
; 153 : PVOID Exec = MakeExecutableBuffer(Asm, AsmSize);
; 154 : typedef ULONG(*FnGetFour)();
; 155 : printf("numba is: %u size is %u\n\n", ((FnGetFour)Exec)(), AsmSize);
; 156 : PutToFile(Asm, AsmSize);*/
; 157 :
; 158 :
; 159 : //PNATIVE_CODE_LINK Return1776 = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, meme1, sizeof(meme1));
; 160 : //PNATIVE_CODE_LINK RetInst = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, meme2, sizeof(meme2));
; 161 : //PNATIVE_CODE_BLOCK Pre1 = JitEmitPreRipMov(Return1776);
; 162 : //PNATIVE_CODE_BLOCK Post1 = JitEmitPostRipMov(Return1776);
; 163 : //PNATIVE_CODE_BLOCK Pre2 = JitEmitPreRipMov(RetInst);
; 164 : //PNATIVE_CODE_BLOCK Post2 = JitEmitPostRipMov(RetInst);
; 165 :
; 166 : //NcAppendToBlock(Pre1, Return1776);
; 167 : //NcInsertBlockAfter(Pre1->End, Post1, 0);
; 168 : //Pre1->End = Post1->End;
; 169 : //NcInsertBlockAfter(Pre1->End, Pre2, 0);
; 170 : //Pre1->End = Pre2->End;
; 171 : //NcAppendToBlock(Pre1, RetInst);
; 172 : //NcInsertBlockAfter(Pre1->End, Post2, 0);
; 173 : //Pre1->End = Post2->End;
; 174 :
; 175 : ///*Pre->Start = Return1776;
; 176 : //Pre->End = Return1776;*/
; 177 :
; 178 : //for (ULONG i = 0; i < Return1776->RawDataSize; i++)
; 179 : // Return1776->RawData[i] = (UCHAR)rand();
; 180 : //for (ULONG i = 0; i < RetInst->RawDataSize; i++)
; 181 : // RetInst->RawData[i] = (UCHAR)rand();
; 182 :
; 183 :
; 184 :
; 185 : //ULONG AsmLen;
; 186 : //PVOID Asm = NcAssemble(Pre1, &AsmLen);
; 187 : //PUCHAR Tb = (PUCHAR)Asm;
; 188 : //for (uint32_t i = 0; i < AsmLen; i++)
; 189 : //{
; 190 : // std::cout << std::hex << std::setw(2) << std::setfill('0') << (int)Tb[i] << ' ';
; 191 : //}
; 192 :
; 193 : //}
; 193 : //system("pause");
; 194 :
; 195 :
; 196 : //NcDebugPrint(Post);
; 197 :
; 198 :
; 199 :
; 200 : /*NATIVE_CODE_BLOCK Block;
; 201 : NcDisassemble(&Block, TestBuffer, TestBufferSize);
; 202 : PNATIVE_CODE_LINK NewLink = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, meme1, sizeof(meme1));
; 195 : //typedef ULONG64(*FnGet1776)();
; 196 : //FnGet1776 ExecBuffer = (FnGet1776)MakeExecutableBuffer(Asm, AsmLen);
; 197 : //if (ExecBuffer)
; 198 : //{
; 199 : // printf("The numba was: %X\n", ExecBuffer());
; 200 : // printf("The numba was: %X\n", ExecBuffer());
; 201 :
; 202 : // printf("The numba was: %X\n", ExecBuffer());
; 203 :
; 204 : NcInsertLinkBefore(Block.End->Prev->Prev->Prev->Prev, NewLink);
; 205 : ULONG AssembledSize;
; 206 : PVOID AssembledBlock = NcAssemble(&Block, &AssembledSize);
; 207 : if (!AssembledBlock || !AssembledSize)
; 208 : {
; 209 : printf("Something failed nicka.\n");
; 210 : system("pause");
; 211 : return -1;
; 212 : }
; 213 : PUCHAR Tb = (PUCHAR)AssembledBlock;
; 214 : for (uint32_t i = 0; i < AssembledSize; i++)
; 215 : {
; 216 : std::cout << std::hex << std::setw(2) << std::setfill('0') << (int)Tb[i] << ' ';
; 217 : }
; 218 : */
; 219 :
; 220 :
; 221 : //PNATIVE_CODE_BLOCK OpaqueBranch = ObfGenOpaqueBranch(Block.Start, Block.End);
; 222 : //NcDebugPrint(OpaqueBranch);
; 223 :
; 224 :
; 225 :
; 226 : /*NATIVE_CODE_LINK T;
; 227 : T.RawDataSize = 10;
; 228 : T.RawData = new UCHAR[10];
; 229 : memset(T.RawData, 0xAA, 10);
; 230 : JIT_BITWISE_DATA Data;
; 231 : RtlSecureZeroMemory(&Data, sizeof(JIT_BITWISE_DATA));
; 232 : PNATIVE_CODE_BLOCK NewBlock = JitEmitPreRipMov(&T);
; 233 : if (NewBlock)
; 234 : {
; 235 : printf("\n");
; 236 : NcDebugPrint(NewBlock);
; 237 : printf("\n");
; 238 : NcPrintBlockCode(NewBlock);
; 239 : }
; 240 : system("pause");*/
; 241 :
; 242 : }
0018f 48 8d 4d 08 lea rcx, QWORD PTR RetNumBlock$[rbp]
00193 e8 00 00 00 00 call ??1_NATIVE_CODE_BLOCK@@QEAA@XZ
00198 eb 02 jmp SHORT $LN6@main
0019a eb 02 jmp SHORT $LN5@main
; 204 : // printf("The numba was: %X\n", ExecBuffer());
; 205 :
; 206 : //}
; 207 :
; 208 :
; 209 : //NcDebugPrint(Post);
; 210 :
; 211 :
; 212 :
; 213 : /*NATIVE_CODE_BLOCK Block;
; 214 : NcDisassemble(&Block, TestBuffer, TestBufferSize);
; 215 : PNATIVE_CODE_LINK NewLink = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, meme1, sizeof(meme1));
; 216 :
; 217 : NcInsertLinkBefore(Block.End->Prev->Prev->Prev->Prev, NewLink);
; 218 : ULONG AssembledSize;
; 219 : PVOID AssembledBlock = NcAssemble(&Block, &AssembledSize);
; 220 : if (!AssembledBlock || !AssembledSize)
; 221 : {
; 222 : printf("Something failed nicka.\n");
; 223 : system("pause");
; 224 : return -1;
; 225 : }
; 226 : PUCHAR Tb = (PUCHAR)AssembledBlock;
; 227 : for (uint32_t i = 0; i < AssembledSize; i++)
; 228 : {
; 229 : std::cout << std::hex << std::setw(2) << std::setfill('0') << (int)Tb[i] << ' ';
; 230 : }
; 231 : */
; 232 :
; 233 :
; 234 : //PNATIVE_CODE_BLOCK OpaqueBranch = ObfGenOpaqueBranch(Block.Start, Block.End);
; 235 : //NcDebugPrint(OpaqueBranch);
; 236 :
; 237 :
; 238 :
; 239 : /*NATIVE_CODE_LINK T;
; 240 : T.RawDataSize = 10;
; 241 : T.RawData = new UCHAR[10];
; 242 : memset(T.RawData, 0xAA, 10);
; 243 : JIT_BITWISE_DATA Data;
; 244 : RtlSecureZeroMemory(&Data, sizeof(JIT_BITWISE_DATA));
; 245 : PNATIVE_CODE_BLOCK NewBlock = JitEmitPreRipMov(&T);
; 246 : if (NewBlock)
; 247 : {
; 248 : printf("\n");
; 249 : NcDebugPrint(NewBlock);
; 250 : printf("\n");
; 251 : NcPrintBlockCode(NewBlock);
; 252 : }
; 253 : system("pause");*/
; 254 :
; 255 : }
001d1 48 8d 4d 08 lea rcx, QWORD PTR RetNumBlock$[rbp]
001d5 e8 00 00 00 00 call ??1_NATIVE_CODE_BLOCK@@QEAA@XZ
001da eb 02 jmp SHORT $LN6@main
001dc eb 02 jmp SHORT $LN5@main
$LN6@main:
0019c 33 c0 xor eax, eax
001de 33 c0 xor eax, eax
$LN5@main:
0019e 48 8b f8 mov rdi, rax
001a1 48 8d 4d e0 lea rcx, QWORD PTR [rbp-32]
001a5 48 8d 15 00 00
001e0 48 8b f8 mov rdi, rax
001e3 48 8d 4d e0 lea rcx, QWORD PTR [rbp-32]
001e7 48 8d 15 00 00
00 00 lea rdx, OFFSET FLAT:main$rtcFrameData
001ac e8 00 00 00 00 call _RTC_CheckStackVars
001b1 48 8b c7 mov rax, rdi
001b4 48 8b 8d d0 01
001ee e8 00 00 00 00 call _RTC_CheckStackVars
001f3 48 8b c7 mov rax, rdi
001f6 48 8b 8d d8 01
00 00 mov rcx, QWORD PTR __$ArrayPad$[rbp]
001bb 48 33 cd xor rcx, rbp
001be e8 00 00 00 00 call __security_check_cookie
001c3 48 8d a5 e8 01
001fd 48 33 cd xor rcx, rbp
00200 e8 00 00 00 00 call __security_check_cookie
00205 48 8d a5 e8 01
00 00 lea rsp, QWORD PTR [rbp+488]
001ca 5f pop rdi
001cb 5d pop rbp
001cc c3 ret 0
0020c 5f pop rdi
0020d 5d pop rbp
0020e c3 ret 0
main ENDP
_TEXT ENDS
; COMDAT text$x
@ -9084,10 +9139,11 @@ AsmSize$ = 132
Asm$ = 168
Exec$ = 200
$T6 = 420
tv134 = 440
tv128 = 448
tv132 = 456
__$ArrayPad$ = 464
tv143 = 440
tv132 = 448
tv141 = 456
tv139 = 464
__$ArrayPad$ = 472
main$dtor$0 PROC
00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx
00005 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx
@ -9112,10 +9168,11 @@ AsmSize$ = 132
Asm$ = 168
Exec$ = 200
$T6 = 420
tv134 = 440
tv128 = 448
tv132 = 456
__$ArrayPad$ = 464
tv143 = 440
tv132 = 448
tv141 = 456
tv139 = 464
__$ArrayPad$ = 472
main$dtor$0 PROC
00000 48 89 4c 24 08 mov QWORD PTR [rsp+8], rcx
00005 48 89 54 24 10 mov QWORD PTR [rsp+16], rdx

876
CodeVirtualizer/x64/Debug/NativeCode.cod
View File

File diff suppressed because it is too large Load Diff

1620
CodeVirtualizer/x64/Debug/Obfuscator.cod
View File

File diff suppressed because it is too large Load Diff
Write Preview
Loading…
Cancel
Save