finished opauq branches

wfwd

CodeVirtualizer/Assembly.asm

@@ -1,4 +1,21 @@
 .CODE
 
 
+RetNum PROC
+	XOR EAX,EAX
+ContinueLoop:
+	ADD RAX,1
+	SUB RCX,1
+	ADD RCX,1
+	ADD RAX,2
+	SUB RAX,2
+	SUB RCX,1
+	JNZ ContinueLoop
+	ret
+RetNum ENDP
+
+NextFunction PROC
+	ret
+NextFunction ENDP
+
 END

CodeVirtualizer/Main.cpp

@@ -8,6 +8,13 @@
 #include "NativeCode.h"
 #include "Obfuscator.h"
 
+VOID PrintByteArr(PVOID Buff, ULONG BufSize)
+{
+	for (uint32_t i = 0; i < BufSize; i++)
+	{
+		std::cout << std::hex << std::setw(2) << std::setfill('0') << (int)((PUCHAR)Buff)[i] << ' ';
+	}
+}
 
 PVOID MakeExecutableBuffer(PVOID Buffer, ULONG BufferSize)
 {
@@ -64,12 +71,55 @@ UCHAR meme1[] = {
 0xc3,
 };
 
+UCHAR RetNumCode[] = {
+	0x33, 0xC0
+	, 0x48, 0x83, 0xC0, 0x01
+	, 0x48, 0x83, 0xE9, 0x01
+	, 0x48, 0x83, 0xC1, 0x01
+	, 0x48, 0x83, 0xC0, 0x02
+	, 0x48, 0x83, 0xE8, 0x02
+	, 0x48, 0x83, 0xE9, 0x01
+	, 0x75, 0xE6
+	, 0xC3
+};
+
+
+EXTERN_C ULONG64 RetNum(ULONG64 Num);
+
 int main()
 {
 	XedTablesInit();
 	srand(time(NULL));
 
-	NATIVE_CODE_BLOCK Block;
+
+	NATIVE_CODE_BLOCK RetNumBlock;
+	NcDisassemble(&RetNumBlock, RetNumCode, sizeof(RetNumCode));
+	OBFUSCATOR Obf;
+	Obf.Flags = 0;
+	Obf.MinInstCount = 4;
+	Obf.GlobalBlock = &RetNumBlock;
+	ObfObfuscate(&Obf, &RetNumBlock);
+	ObfObfuscate(&Obf, &RetNumBlock);
+	Obf.MinInstCount = 30;
+	ObfObfuscate(&Obf, &RetNumBlock);
+
+
+	ULONG AsmSize;
+	PVOID Asm = NcAssemble(&RetNumBlock, &AsmSize);
+	if (!Asm)
+	{
+		printf("failed to assemble\n");
+		system("pause");
+		return 1;
+	}
+	PVOID Exec = MakeExecutableBuffer(Asm, AsmSize);
+	typedef ULONG64(*FnRetNum)(ULONG Num);
+	printf("\n\nObfuscated: %llu    Original: %llu\n\n", ((FnRetNum)Exec)(1776), RetNum(1776));
+	PutToFile(Asm, AsmSize);
+	system("pause");
+
+
+	/*NATIVE_CODE_BLOCK Block;
 	NcDisassemble(&Block, meme1, sizeof(meme1));
 	OBFUSCATOR Obf;
 	Obf.Flags = 0;
@@ -90,7 +140,7 @@ int main()
 	PVOID Exec = MakeExecutableBuffer(Asm, AsmSize);
 	typedef ULONG(*FnGetFour)();
 	printf("numba is: %u size is %u\n\n", ((FnGetFour)Exec)(), AsmSize);
-	PutToFile(Asm, AsmSize);
+	PutToFile(Asm, AsmSize);*/
 
 
 	//PNATIVE_CODE_LINK Return1776 = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, meme1, sizeof(meme1));

CodeVirtualizer/NativeCode.cpp

@@ -401,27 +401,38 @@ BOOL NcFixRelJmps(PNATIVE_CODE_BLOCK Block)
 		{
 			INT32 BranchDisp = 0;
 			if (!NcGetDeltaToLabel(T, &BranchDisp))
-				return FALSE;
+			{
+				printf("\n1\n");
+				return NULL;
+			}
 
 			ULONG DispWidth = XedDecodedInstGetBranchDisplacementWidthBits(&T->XedInstruction);
 			if (log2(abs(BranchDisp)) + 1 > DispWidth)
 			{
 				//duh oh
 				if (DispWidth == 32)
-					return FALSE;
+				{
+					printf("\n2\n");
+					return NULL;
+				}
 
-				//Grow displacement width to required size
-				DispWidth *= 2;
+				////Grow displacement width to required size
+				//DispWidth *= 2;
 
-				//Check again
-				if (log2(abs(BranchDisp)) + 1 > DispWidth)
-				{
-					if (DispWidth == 32)
-						return FALSE;
+				////Check again
+				//if (log2(abs(BranchDisp)) + 1 > DispWidth)
+				//{
+				//	if (DispWidth == 32)
+				//	{
+				//		printf("\n3\n");
+				//		return NULL;
+				//	}
 
-					//Grow once more if not already at 32
-					DispWidth *= 2;
-				}
+				//	//Grow once more if not already at 32
+				//	DispWidth *= 2;
+				//}
+
+				DispWidth = 32;
 
 				//Encode new instruction 
 				XED_STATE MachineState;
@@ -437,9 +448,17 @@ BOOL NcFixRelJmps(PNATIVE_CODE_BLOCK Block)
 				XedInst1(&EncoderInstruction, MachineState, IClass, DispWidth, XedRelBr(0, DispWidth));
 				XedEncoderRequestZeroSetMode(&EncoderRequest, &MachineState);
 				if (!XedConvertToEncoderRequest(&EncoderRequest, &EncoderInstruction))
-					return FALSE;
-				if (XED_ERROR_NONE != XedEncode(&EncoderRequest, EncodeBuffer, 15, &ReturnedSize))
-					return FALSE;
+				{
+					printf("\n4\n");
+					return NULL;
+				}
+				XED_ERROR_ENUM Err = XedEncode(&EncoderRequest, EncodeBuffer, 15, &ReturnedSize);
+				if (XED_ERROR_NONE != Err)
+				{
+					printf("%s %s %u \n", XedErrorEnumToString(Err), XedIClassEnumToString(IClass), DispWidth);
+					printf("\n5\n");
+					return NULL;
+				}
 
 				//fixup T->RawData
 				delete[] T->RawData;
@@ -450,7 +469,10 @@ BOOL NcFixRelJmps(PNATIVE_CODE_BLOCK Block)
 				//Decode instruction so its proper and all that
 				XedDecodedInstZeroSetMode(&T->XedInstruction, &MachineState);
 				if (XED_ERROR_NONE != XedDecode(&T->XedInstruction, T->RawData, T->RawDataSize))
-					return FALSE;
+				{
+					printf("\n6\n");
+					return NULL;
+				}
 
 				//Go back to the start and loop through all labels again because now this instruction is larger :))))
 				T = Block->Start;

CodeVirtualizer/Obfuscator.cpp

@@ -6,7 +6,6 @@
 VOID ObfObfuscate(POBFUSCATOR Obf, PNATIVE_CODE_BLOCK Block)
 {
 	ULONG InstructionCount = NcCountInstructions(Block);
-	printf("RECIEVED INSTRUCTION COUNT: %u\n", InstructionCount);
 	if (InstructionCount <= Obf->MinInstCount)
 	{
 
@@ -16,8 +15,7 @@ VOID ObfObfuscate(POBFUSCATOR Obf, PNATIVE_CODE_BLOCK Block)
 		ULONG TargetCount = InstructionCount / 2;
 		ULONG CurrentCount = 0;
 		PNATIVE_CODE_LINK NewBlockStart = Block->Start;
-		PNATIVE_CODE_LINK RealEnd = Block->End->Next;
-		for (PNATIVE_CODE_LINK T = Block->Start; T && T != RealEnd;)
+		for (PNATIVE_CODE_LINK T = Block->Start; T && T != Block->End->Next;)
 		{
 			if (T->Flags & CODE_FLAG_IS_LABEL)
 			{
@@ -33,11 +31,7 @@ VOID ObfObfuscate(POBFUSCATOR Obf, PNATIVE_CODE_BLOCK Block)
 				ObfCreateOpaqueBranches(NewBlockStart, T, &NotTaken, &Taken);
 				ObfObfuscate(Obf, &NotTaken);
 				ObfObfuscate(Obf, &Taken);
-				if (!ObfCombineOpaqueBranches(&NotTaken, &Taken, NcGenUnusedLabelId(Obf->GlobalBlock), NcGenUnusedLabelId(Obf->GlobalBlock)))
-				{
-					printf("FAILED TO COMBINE BRANCHES.\n");
-					system("pause");
-				}
+				ObfCombineOpaqueBranches(&NotTaken, &Taken, NcGenUnusedLabelId(Obf->GlobalBlock), NcGenUnusedLabelId(Obf->GlobalBlock));
 				ObfInsertOpaqueBranchBlock(NewBlockStart, T, &NotTaken);
 				T = NotTaken.End;
 				NewBlockStart = T->Next;

CodeVirtualizer/x64/Debug/Assembly.lst

@@ -1,15 +1,47 @@
-Microsoft (R) Macro Assembler (x64) Version 14.27.29111.0   10/18/21 01:00:27
+Microsoft (R) Macro Assembler (x64) Version 14.27.29111.0   10/18/21 14:21:08
 Assembly.asm						     Page 1 - 1
 
 
  00000000			.CODE
 
 
+ 00000000			RetNum PROC
+ 00000000  33 C0			XOR EAX,EAX
+ 00000002			ContinueLoop:
+ 00000002  48/ 83 C0 01			ADD RAX,1
+ 00000006  48/ 83 E9 01			SUB RCX,1
+ 0000000A  48/ 83 C1 01			ADD RCX,1
+ 0000000E  48/ 83 C0 02			ADD RAX,2
+ 00000012  48/ 83 E8 02			SUB RAX,2
+ 00000016  48/ 83 E9 01			SUB RCX,1
+ 0000001A  75 E6			JNZ ContinueLoop
+ 0000001C  C3				ret
+ 0000001D			RetNum ENDP
+
+ 0000001D			NextFunction PROC
+ 0000001D  C3				ret
+ 0000001E			NextFunction ENDP
+
 				END
-Microsoft (R) Macro Assembler (x64) Version 14.27.29111.0   10/18/21 01:00:27
+Microsoft (R) Macro Assembler (x64) Version 14.27.29111.0   10/18/21 14:21:08
 Assembly.asm						     Symbols 2 - 1
 
 
 
+
+Procedures, parameters, and locals:
+
+                N a m e                 Type     Value    Attr
+
+NextFunction . . . . . . . . . .	P 	 0000001D _TEXT	Length= 00000001 Public
+RetNum . . . . . . . . . . . . .	P 	 00000000 _TEXT	Length= 0000001D Public
+  ContinueLoop . . . . . . . . .	L 	 00000002 _TEXT	
+
+
+Symbols:
+
+                N a m e                 Type     Value    Attr
+
+
 	   0 Warnings
 	   0 Errors