finished opauq branches

wfwd
3 years ago · 2689c7d30c
parent 90a967dc01
commit 2689c7d30c
8 changed files with 3440 additions and 1605 deletions
--- a/CodeVirtualizer/Assembly.asm
+++ b/CodeVirtualizer/Assembly.asm
@ -1,4 +1,21 @@
 .CODE
 RetNum PROC
 	XOR EAX,EAX
 ContinueLoop:
 	ADD RAX,1
 	SUB RCX,1
 	ADD RCX,1
 	ADD RAX,2
 	SUB RAX,2
 	SUB RCX,1
 	JNZ ContinueLoop
 	ret
 RetNum ENDP
 NextFunction PROC
 	ret
 NextFunction ENDP
 END
--- a/CodeVirtualizer/Main.cpp
+++ b/CodeVirtualizer/Main.cpp
@ -8,6 +8,13 @@
 #include "NativeCode.h"
 #include "Obfuscator.h"
 VOID PrintByteArr(PVOID Buff, ULONG BufSize)
 {
 	for (uint32_t i = 0; i < BufSize; i++)
 	{
 		std::cout << std::hex << std::setw(2) << std::setfill('0') << (int)((PUCHAR)Buff)[i] << ' ';
 	}
 }
 PVOID MakeExecutableBuffer(PVOID Buffer, ULONG BufferSize)
 {
@ -64,12 +71,55 @@ UCHAR meme1[] = {
 0xc3,
 };
 UCHAR RetNumCode[] = {
 	0x33, 0xC0
 	, 0x48, 0x83, 0xC0, 0x01
 	, 0x48, 0x83, 0xE9, 0x01
 	, 0x48, 0x83, 0xC1, 0x01
 	, 0x48, 0x83, 0xC0, 0x02
 	, 0x48, 0x83, 0xE8, 0x02
 	, 0x48, 0x83, 0xE9, 0x01
 	, 0x75, 0xE6
 	, 0xC3
 };
 EXTERN_C ULONG64 RetNum(ULONG64 Num);
 int main()
 {
 	XedTablesInit();
 	srand(time(NULL));
-	NATIVE_CODE_BLOCK Block;
+
 	NATIVE_CODE_BLOCK RetNumBlock;
 	NcDisassemble(&RetNumBlock, RetNumCode, sizeof(RetNumCode));
 	OBFUSCATOR Obf;
 	Obf.Flags = 0;
 	Obf.MinInstCount = 4;
 	Obf.GlobalBlock = &RetNumBlock;
 	ObfObfuscate(&Obf, &RetNumBlock);
 	ObfObfuscate(&Obf, &RetNumBlock);
 	Obf.MinInstCount = 30;
 	ObfObfuscate(&Obf, &RetNumBlock);
 	ULONG AsmSize;
 	PVOID Asm = NcAssemble(&RetNumBlock, &AsmSize);
 	if (!Asm)
 	{
 		printf("failed to assemble\n");
 		system("pause");
 		return 1;
 	}
 	PVOID Exec = MakeExecutableBuffer(Asm, AsmSize);
 	typedef ULONG64(*FnRetNum)(ULONG Num);
 	printf("\n\nObfuscated: %llu    Original: %llu\n\n", ((FnRetNum)Exec)(1776), RetNum(1776));
 	PutToFile(Asm, AsmSize);
 	system("pause");
 	/*NATIVE_CODE_BLOCK Block;
 	NcDisassemble(&Block, meme1, sizeof(meme1));
 	OBFUSCATOR Obf;
 	Obf.Flags = 0;
@ -90,7 +140,7 @@ int main()
 	PVOID Exec = MakeExecutableBuffer(Asm, AsmSize);
 	typedef ULONG(*FnGetFour)();
 	printf("numba is: %u size is %u\n\n", ((FnGetFour)Exec)(), AsmSize);
-	PutToFile(Asm, AsmSize);
+	PutToFile(Asm, AsmSize);*/
 	//PNATIVE_CODE_LINK Return1776 = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, meme1, sizeof(meme1));
--- a/CodeVirtualizer/NativeCode.cpp
+++ b/CodeVirtualizer/NativeCode.cpp
@ -401,27 +401,38 @@ BOOL NcFixRelJmps(PNATIVE_CODE_BLOCK Block)
 		{
 			INT32 BranchDisp = 0;
 			if (!NcGetDeltaToLabel(T, &BranchDisp))
-				return FALSE;
+			{
 				printf("\n1\n");
 				return NULL;
 			}
 			ULONG DispWidth = XedDecodedInstGetBranchDisplacementWidthBits(&T->XedInstruction);
 			if (log2(abs(BranchDisp)) + 1 > DispWidth)
 			{
 				//duh oh
 				if (DispWidth == 32)
-					return FALSE;
+				{
 					printf("\n2\n");
 					return NULL;
 				}
-				//Grow displacement width to required size
+				////Grow displacement width to required size
-				DispWidth *= 2;
+				//DispWidth *= 2;
-				//Check again
+				////Check again
-				if (log2(abs(BranchDisp)) + 1 > DispWidth)
+				//if (log2(abs(BranchDisp)) + 1 > DispWidth)
-				{
+				//{
-					if (DispWidth == 32)
+				//	if (DispWidth == 32)
-						return FALSE;
+				//	{
 				//		printf("\n3\n");
 				//		return NULL;
 				//	}
-					//Grow once more if not already at 32
+				//	//Grow once more if not already at 32
-					DispWidth *= 2;
+				//	DispWidth *= 2;
-				}
+				//}
 				DispWidth = 32;
 				//Encode new instruction 
 				XED_STATE MachineState;
@ -437,9 +448,17 @@ BOOL NcFixRelJmps(PNATIVE_CODE_BLOCK Block)
 				XedInst1(&EncoderInstruction, MachineState, IClass, DispWidth, XedRelBr(0, DispWidth));
 				XedEncoderRequestZeroSetMode(&EncoderRequest, &MachineState);
 				if (!XedConvertToEncoderRequest(&EncoderRequest, &EncoderInstruction))
-					return FALSE;
+				{
-				if (XED_ERROR_NONE != XedEncode(&EncoderRequest, EncodeBuffer, 15, &ReturnedSize))
+					printf("\n4\n");
-					return FALSE;
+					return NULL;
 				}
 				XED_ERROR_ENUM Err = XedEncode(&EncoderRequest, EncodeBuffer, 15, &ReturnedSize);
 				if (XED_ERROR_NONE != Err)
 				{
 					printf("%s %s %u \n", XedErrorEnumToString(Err), XedIClassEnumToString(IClass), DispWidth);
 					printf("\n5\n");
 					return NULL;
 				}
 				//fixup T->RawData
 				delete[] T->RawData;
@ -450,7 +469,10 @@ BOOL NcFixRelJmps(PNATIVE_CODE_BLOCK Block)
 				//Decode instruction so its proper and all that
 				XedDecodedInstZeroSetMode(&T->XedInstruction, &MachineState);
 				if (XED_ERROR_NONE != XedDecode(&T->XedInstruction, T->RawData, T->RawDataSize))
-					return FALSE;
+				{
 					printf("\n6\n");
 					return NULL;
 				}
 				//Go back to the start and loop through all labels again because now this instruction is larger :))))
 				T = Block->Start;
--- a/CodeVirtualizer/Obfuscator.cpp
+++ b/CodeVirtualizer/Obfuscator.cpp
@ -6,7 +6,6 @@
 VOID ObfObfuscate(POBFUSCATOR Obf, PNATIVE_CODE_BLOCK Block)
 {
 	ULONG InstructionCount = NcCountInstructions(Block);
 	printf("RECIEVED INSTRUCTION COUNT: %u\n", InstructionCount);
 	if (InstructionCount <= Obf->MinInstCount)
 	{
@ -16,8 +15,7 @@ VOID ObfObfuscate(POBFUSCATOR Obf, PNATIVE_CODE_BLOCK Block)
 		ULONG TargetCount = InstructionCount / 2;
 		ULONG CurrentCount = 0;
 		PNATIVE_CODE_LINK NewBlockStart = Block->Start;
-		PNATIVE_CODE_LINK RealEnd = Block->End->Next;
+		for (PNATIVE_CODE_LINK T = Block->Start; T && T != Block->End->Next;)
 		for (PNATIVE_CODE_LINK T = Block->Start; T && T != RealEnd;)
 		{
 			if (T->Flags & CODE_FLAG_IS_LABEL)
 			{
@ -33,11 +31,7 @@ VOID ObfObfuscate(POBFUSCATOR Obf, PNATIVE_CODE_BLOCK Block)
 				ObfCreateOpaqueBranches(NewBlockStart, T, &NotTaken, &Taken);
 				ObfObfuscate(Obf, &NotTaken);
 				ObfObfuscate(Obf, &Taken);
-				if (!ObfCombineOpaqueBranches(&NotTaken, &Taken, NcGenUnusedLabelId(Obf->GlobalBlock), NcGenUnusedLabelId(Obf->GlobalBlock)))
+				ObfCombineOpaqueBranches(&NotTaken, &Taken, NcGenUnusedLabelId(Obf->GlobalBlock), NcGenUnusedLabelId(Obf->GlobalBlock));
 				{
 					printf("FAILED TO COMBINE BRANCHES.\n");
 					system("pause");
 				}
 				ObfInsertOpaqueBranchBlock(NewBlockStart, T, &NotTaken);
 				T = NotTaken.End;
 				NewBlockStart = T->Next;
--- a/CodeVirtualizer/x64/Debug/Assembly.lst
+++ b/CodeVirtualizer/x64/Debug/Assembly.lst
@ -1,15 +1,47 @@
-Microsoft (R) Macro Assembler (x64) Version 14.27.29111.0   10/18/21 01:00:27
+Microsoft (R) Macro Assembler (x64) Version 14.27.29111.0   10/18/21 14:21:08
 Assembly.asm						     Page 1 - 1
 00000000			.CODE
 00000000			RetNum PROC
 00000000  33 C0			XOR EAX,EAX
 00000002			ContinueLoop:
 00000002  48/ 83 C0 01			ADD RAX,1
 00000006  48/ 83 E9 01			SUB RCX,1
 0000000A  48/ 83 C1 01			ADD RCX,1
 0000000E  48/ 83 C0 02			ADD RAX,2
 00000012  48/ 83 E8 02			SUB RAX,2
 00000016  48/ 83 E9 01			SUB RCX,1
 0000001A  75 E6			JNZ ContinueLoop
 0000001C  C3				ret
 0000001D			RetNum ENDP
 0000001D			NextFunction PROC
 0000001D  C3				ret
 0000001E			NextFunction ENDP
 				END
-Microsoft (R) Macro Assembler (x64) Version 14.27.29111.0   10/18/21 01:00:27
+Microsoft (R) Macro Assembler (x64) Version 14.27.29111.0   10/18/21 14:21:08
 Assembly.asm						     Symbols 2 - 1
 Procedures, parameters, and locals:
                N a m e                 Type     Value    Attr
 NextFunction . . . . . . . . . .	P 	 0000001D _TEXT	Length= 00000001 Public
 RetNum . . . . . . . . . . . . .	P 	 00000000 _TEXT	Length= 0000001D Public
  ContinueLoop . . . . . . . . .	L 	 00000002 _TEXT	
 Symbols:
                N a m e                 Type     Value    Attr
 	   0 Warnings
 	   0 Errors
--- a/CodeVirtualizer/x64/Debug/Main.cod
+++ b/CodeVirtualizer/x64/Debug/Main.cod
--- a/CodeVirtualizer/x64/Debug/NativeCode.cod
+++ b/CodeVirtualizer/x64/Debug/NativeCode.cod
--- a/CodeVirtualizer/x64/Debug/Obfuscator.cod
+++ b/CodeVirtualizer/x64/Debug/Obfuscator.cod