opaque branching done

CodeVirtualizer/Main.cpp

@@ -1,14 +1,12 @@
 
 #include <Windows.h>
 #include <stdio.h>
+#include <fstream>
 
 #include "Windas.h"
 #include "XedWrap.h"
 #include "NativeCode.h"
-#include "RipXorInst.h"
+#include "Obfuscator.h"
-#include "RipMovInst.h"
-#include "OpaqueBranching.h"
-#include "Jit.h"
 
 
 PVOID MakeExecutableBuffer(PVOID Buffer, ULONG BufferSize)
@@ -19,18 +17,26 @@ PVOID MakeExecutableBuffer(PVOID Buffer, ULONG BufferSize)
 	RtlCopyMemory(ExecBuffer, Buffer, BufferSize);
 }
 
+VOID PutToFile(PVOID Buffer, ULONG BufferSize)
+{
+	std::ofstream fout;
+	fout.open("C:\\Users\\Iizerd\\Desktop\\Leeg Hake\\Test.m", std::ios::binary | std::ios::out);
+	fout.write((PCHAR)Buffer, BufferSize);
+	fout.close();
+}
+
 UCHAR TestBuffer[] = {
 	0x48, 0x33, 0xC0,
 	0x48, 0x33, 0xC0,
-	0xEB, 0x0E,
+	//0xEB, 0x0E,
 	0x48, 0x33, 0xC0,
 	0x48, 0x33, 0xC0,
-	0x7E, 0x06,
+	//0x7E, 0x06,
 	0x48, 0x33, 0xC0,
 	0x48, 0x33, 0xC0,
 	0x48, 0x33, 0xC0,
 	0x48, 0x33, 0xC0,
-	0xEB, 0xF8,
+	//0xEB, 0xF8,
 	0x50,
 	0x48, 0xB8, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x0F,
 	0x48, 0x87, 0x04, 0x24,
@@ -38,8 +44,25 @@ UCHAR TestBuffer[] = {
 };
 ULONG TestBufferSize = sizeof(TestBuffer);
 
-UCHAR meme1[] = { 0xb8, 0xde, 0xc0, 0xac, 0x0e };
+UCHAR meme1[] = { 
-UCHAR meme2[] = { 0xc3 };
+	0x31, 0xc0, 
+	0x83, 0xc0, 0x01,
+	0x83, 0xc0, 0x01,
+0x83, 0xc0, 0x01, 
+0x83, 0xc0, 0x01, 
+0x83, 0xc0, 0x01,
+0x83, 0xc0, 0x01,
+0x83, 0xc0, 0x01,
+0x83, 0xc0, 0x01,
+0x83, 0xc0, 0x01,
+0x83, 0xc0, 0x01,
+0x83, 0xc0, 0x01,
+0x83, 0xc0, 0x01,
+0x83, 0xc0, 0x01,
+0x83, 0xc0, 0x01,
+0x83, 0xc0, 0x01,
+0xc3,
+};
 
 int main()
 {
@@ -47,17 +70,21 @@ int main()
 	srand(time(NULL));
 
 	NATIVE_CODE_BLOCK Block;
-	NcDisassemble(&Block, TestBuffer, TestBufferSize);
+	NcDisassemble(&Block, meme1, sizeof(meme1));
-	NATIVE_CODE_BLOCK NotTaken;
+	OBFUSCATOR Obf;
-	NATIVE_CODE_BLOCK Taken;
+	Obf.Flags = 0;
-	printf("\n\nOriginal\n");
+	Obf.MinInstCount = 3;
-	NcDebugPrint(&Block);
+	Obf.GlobalBlock = &Block;
-	ObfCreateOpaqueBranches(Block.Start->Next, Block.Start->Next->Next->Next->Next, &NotTaken, &Taken);
+	ObfObfuscate(&Obf, &Block);
-	ObfCombineOpaqueBranches(&NotTaken, &Taken, NcGenUnusedLabelId(&Block), NcGenUnusedLabelId(&Block));
+	ObfObfuscate(&Obf, &Block);
-	ObfInsertOpaqueBranchBlock(Block.Start->Next, Block.Start->Next->Next->Next->Next, &NotTaken);
+	//NcDebugPrint(&Block);
-	printf("\n\nNew\n");
+
-	NcDebugPrint(&Block);
+	ULONG AsmSize;
-
+	PVOID Asm = NcAssemble(&Block, &AsmSize);
+	PVOID Exec = MakeExecutableBuffer(Asm, AsmSize);
+	typedef ULONG(*FnGetFour)();
+	printf("numba is: %u size is %u\n\n", ((FnGetFour)Exec)(), AsmSize);
+	PutToFile(Asm, AsmSize);
 
 
 	//PNATIVE_CODE_LINK Return1776 = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, meme1, sizeof(meme1));

CodeVirtualizer/Nop.h

@@ -7,6 +7,6 @@
 
 PNATIVE_CODE_LINK NcEmitNop();
 
-BOOL NcEmitNopGroup(ULONG Count, PNATIVE_CODE_BLOCK Block)
+BOOL NcEmitNopGroup(ULONG Count, PNATIVE_CODE_BLOCK Block);
 
 #endif

CodeVirtualizer/Obfuscator.cpp

@@ -3,5 +3,52 @@
 
 
 
+VOID ObfObfuscate(POBFUSCATOR Obf, PNATIVE_CODE_BLOCK Block)
+{
+	ULONG InstructionCount = NcCountInstructions(Block);
+	if (InstructionCount <= Obf->MinInstCount)
+	{
 
+	}
+	else
+	{
+		ULONG TargetCount = InstructionCount / 2;
+		ULONG CurrentCount = 0;
+		PNATIVE_CODE_LINK NewBlockStart = Block->Start;
+		for (PNATIVE_CODE_LINK T = Block->Start; T && T != Block->End->Next;)
+		{
+			if (T->Flags & CODE_FLAG_IS_LABEL)
+			{
+				T = T->Next;
+				continue;
+			}
+
+			++CurrentCount;
+			
+			if (CurrentCount == TargetCount)
+			{
+				NATIVE_CODE_BLOCK NotTaken, Taken;
+				ObfCreateOpaqueBranches(NewBlockStart, T, &NotTaken, &Taken);
+				ObfObfuscate(Obf, &NotTaken);
+				ObfObfuscate(Obf, &Taken);
+				ObfCombineOpaqueBranches(&NotTaken, &Taken, NcGenUnusedLabelId(Obf->GlobalBlock), NcGenUnusedLabelId(Obf->GlobalBlock));
+				ObfInsertOpaqueBranchBlock(NewBlockStart, T, &NotTaken);
+				T = NotTaken.End;
+				NewBlockStart = T->Next;
+				CurrentCount = 0;
+			}
+			T = T->Next;
+		}
+		if (NewBlockStart)
+		{
+			NATIVE_CODE_BLOCK NotTaken, Taken;
+			ObfCreateOpaqueBranches(NewBlockStart, Block->End, &NotTaken, &Taken);
+			ObfObfuscate(Obf, &NotTaken);
+			ObfObfuscate(Obf, &Taken);
+			ObfCombineOpaqueBranches(&NotTaken, &Taken, NcGenUnusedLabelId(Obf->GlobalBlock), NcGenUnusedLabelId(Obf->GlobalBlock));
+			ObfInsertOpaqueBranchBlock(NewBlockStart, Block->End, &NotTaken);
+		}
+	}
+
+}
 

CodeVirtualizer/Obfuscator.h

@@ -11,19 +11,14 @@
 #define OBF_ATTRIBUTE_JIT				(1<<0)
 #define OBF_ATTRIBUTE_OPAQUE_BRANCHES	(1<<1)
 
-
-
 typedef struct _OBFUSCATOR
 {
-	ULONG MinBlockSize;
+	ULONG MinInstCount;
-	PNATIVE_CODE_BLOCK Block;
+	ULONG Flags;
+	PNATIVE_CODE_BLOCK GlobalBlock;
 }OBFUSCATOR, *POBFUSCATOR;
 
-//recursive obfuscation routine
+//Recursive obfuscation routine using opaque branches and jit
-VOID ObfObfuscate(PNATIVE_CODE_BLOCK Block)
+VOID ObfObfuscate(POBFUSCATOR Obf, PNATIVE_CODE_BLOCK Block);
-{
-	ULONG InstructionCount = NcCountInstructions(Block);
-
-}
 
 #endif

CodeVirtualizer/OpaqueBranching.cpp

@@ -123,6 +123,12 @@ BOOL ObfInsertOpaqueBranchBlock(PNATIVE_CODE_LINK Start, PNATIVE_CODE_LINK End,
 	if (End->Next)
 		End->Next->Prev = OpaqueBranchBlock->End;
 
+	if (Start->Block->Start == Start)
+		Start->Block->Start = OpaqueBranchBlock->Start;
+
+	if (Start->Block->End == End)
+		Start->Block->End = OpaqueBranchBlock->End;
+
 	//Update group for the current isntructions
 	for (PNATIVE_CODE_LINK T = OpaqueBranchBlock->Start; T && T != OpaqueBranchBlock->End->Next; T = T->Next)
 		T->Block = Start->Block;

CodeVirtualizer/x64/Debug/Assembly.lst

@@ -1,4 +1,4 @@
-Microsoft (R) Macro Assembler (x64) Version 14.29.30038.1   10/17/21 15:17:32
+Microsoft (R) Macro Assembler (x64) Version 14.27.29111.0   10/18/21 01:00:27
 Assembly.asm						     Page 1 - 1
 
 
@@ -6,7 +6,7 @@ Assembly.asm						     Page 1 - 1
 
 
 				END
-Microsoft (R) Macro Assembler (x64) Version 14.29.30038.1   10/17/21 15:17:32
+Microsoft (R) Macro Assembler (x64) Version 14.27.29111.0   10/18/21 01:00:27
 Assembly.asm						     Symbols 2 - 1
 
 

CodeVirtualizer/x64/Debug/CodeVirtualizer.exe.recipe

@@ -1,11 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project>
-  <ProjectOutputs>
+  <ProjectOutputs>C:\$Fanta\code-virtualizer\x64\Debug\CodeVirtualizer.exe</ProjectOutputs>
-    <ProjectOutput>
+  <ContentFiles></ContentFiles>
-      <FullPath>C:\@\Work\code-virtualizer\x64\Debug\CodeVirtualizer.exe</FullPath>
+  <SatelliteDlls></SatelliteDlls>
-    </ProjectOutput>
+  <NonRecipeFileRefs></NonRecipeFileRefs>
-  </ProjectOutputs>
-  <ContentFiles />
-  <SatelliteDlls />
-  <NonRecipeFileRefs />
 </Project>