Iizerd
/
Code_Virtualizer
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

optional delta

Browse Source
main
James 3 years ago
parent 56744c559a
commit 9368f5288a
4 changed files with 24 additions and 11 deletions
Show Stats Download Patch File Download Diff File

14
CodeVirtualizer/RipMovInst.cpp
Unescape View File

@ -82,7 +82,7 @@ BOOL ObfEmitRipRelativeMovB(PNATIVE_CODE_BLOCK Block, INT32 RipDelta, PUCHAR Dat
return TRUE; return TRUE;
} }
PNATIVE_CODE_BLOCK ObfEmitPreMovForInst(PNATIVE_CODE_LINK Link) PNATIVE_CODE_BLOCK ObfEmitPreMovForInst(PNATIVE_CODE_LINK Link, INT32 DeltaToInst)
{ {
ULONG FourByte = Link->RawDataSize / 4; ULONG FourByte = Link->RawDataSize / 4;
ULONG TwoByte = (Link->RawDataSize - (FourByte * 4)) / 2; ULONG TwoByte = (Link->RawDataSize - (FourByte * 4)) / 2;
@ -99,6 +99,7 @@ PNATIVE_CODE_BLOCK ObfEmitPreMovForInst(PNATIVE_CODE_LINK Link)
INT32 RipDelta = (((Count - 1) * DWORD_MOV_INST_LENGTH) + (TwoByte * WORD_MOV_INST_LENGTH) + (OneByte * BYTE_MOV_INST_LENGTH)); INT32 RipDelta = (((Count - 1) * DWORD_MOV_INST_LENGTH) + (TwoByte * WORD_MOV_INST_LENGTH) + (OneByte * BYTE_MOV_INST_LENGTH));
//Account for already MOVd instructions //Account for already MOVd instructions
RipDelta += ((FourByte - Count) * 4); RipDelta += ((FourByte - Count) * 4);
RipDelta += DeltaToInst;
//Add the actual instruction //Add the actual instruction
if (!ObfEmitRipRelativeMovD(Block, RipDelta, DataOffset)) if (!ObfEmitRipRelativeMovD(Block, RipDelta, DataOffset))
{ {
@ -114,6 +115,7 @@ PNATIVE_CODE_BLOCK ObfEmitPreMovForInst(PNATIVE_CODE_LINK Link)
{ {
INT32 RipDelta = (OneByte * BYTE_MOV_INST_LENGTH); INT32 RipDelta = (OneByte * BYTE_MOV_INST_LENGTH);
RipDelta += (FourByte * 4); RipDelta += (FourByte * 4);
RipDelta += DeltaToInst;
if (!ObfEmitRipRelativeMovW(Block, RipDelta, DataOffset)) if (!ObfEmitRipRelativeMovW(Block, RipDelta, DataOffset))
{ {
NcDelete(Block); NcDelete(Block);
@ -127,6 +129,7 @@ PNATIVE_CODE_BLOCK ObfEmitPreMovForInst(PNATIVE_CODE_LINK Link)
{ {
INT32 RipDelta = 0; INT32 RipDelta = 0;
RipDelta += (FourByte * 4) + (TwoByte * 2); RipDelta += (FourByte * 4) + (TwoByte * 2);
RipDelta += DeltaToInst;
if (!ObfEmitRipRelativeMovB(Block, RipDelta, DataOffset)) if (!ObfEmitRipRelativeMovB(Block, RipDelta, DataOffset))
{ {
NcDelete(Block); NcDelete(Block);
@ -144,7 +147,7 @@ PNATIVE_CODE_BLOCK ObfEmitPreMovForInst(PNATIVE_CODE_LINK Link)
return Block; return Block;
} }
PNATIVE_CODE_BLOCK ObfEmitPostMovForInst(PNATIVE_CODE_LINK Link) PNATIVE_CODE_BLOCK ObfEmitPostMovForInst(PNATIVE_CODE_LINK Link, INT32 DeltaToInst)
{ {
ULONG FourByte = Link->RawDataSize / 4; ULONG FourByte = Link->RawDataSize / 4;
ULONG TwoByte = (Link->RawDataSize - (FourByte * 4)) / 2; ULONG TwoByte = (Link->RawDataSize - (FourByte * 4)) / 2;
@ -160,6 +163,7 @@ PNATIVE_CODE_BLOCK ObfEmitPostMovForInst(PNATIVE_CODE_LINK Link)
INT32 RipDelta = Link->RawDataSize - ((FourByte - Count) * 4); INT32 RipDelta = Link->RawDataSize - ((FourByte - Count) * 4);
RipDelta += (FourByte - (Count - 1)) * DWORD_MOV_INST_LENGTH; RipDelta += (FourByte - (Count - 1)) * DWORD_MOV_INST_LENGTH;
RipDelta *= (-1); RipDelta *= (-1);
RipDelta += DeltaToInst;
if (!ObfEmitRipRelativeMovD(Block, RipDelta, (PUCHAR)&ZeroValue)) if (!ObfEmitRipRelativeMovD(Block, RipDelta, (PUCHAR)&ZeroValue))
{ {
NcDelete(Block); NcDelete(Block);
@ -175,7 +179,7 @@ PNATIVE_CODE_BLOCK ObfEmitPostMovForInst(PNATIVE_CODE_LINK Link)
RipDelta += (FourByte * DWORD_MOV_INST_LENGTH); RipDelta += (FourByte * DWORD_MOV_INST_LENGTH);
RipDelta += WORD_MOV_INST_LENGTH; RipDelta += WORD_MOV_INST_LENGTH;
RipDelta *= (-1); RipDelta *= (-1);
RipDelta += DeltaToInst;
if (!ObfEmitRipRelativeMovW(Block, RipDelta, (PUCHAR)&ZeroValue)) if (!ObfEmitRipRelativeMovW(Block, RipDelta, (PUCHAR)&ZeroValue))
{ {
NcDelete(Block); NcDelete(Block);
@ -191,6 +195,7 @@ PNATIVE_CODE_BLOCK ObfEmitPostMovForInst(PNATIVE_CODE_LINK Link)
RipDelta += WORD_MOV_INST_LENGTH; RipDelta += WORD_MOV_INST_LENGTH;
RipDelta += BYTE_MOV_INST_LENGTH; RipDelta += BYTE_MOV_INST_LENGTH;
RipDelta *= (-1); RipDelta *= (-1);
RipDelta += DeltaToInst;
if (!ObfEmitRipRelativeMovB(Block, RipDelta, (PUCHAR)&ZeroValue)) if (!ObfEmitRipRelativeMovB(Block, RipDelta, (PUCHAR)&ZeroValue))
{ {
NcDelete(Block); NcDelete(Block);
@ -206,4 +211,5 @@ PNATIVE_CODE_BLOCK ObfEmitPostMovForInst(PNATIVE_CODE_LINK Link)
delete StartLink; delete StartLink;
return Block; return Block;
} }

4
CodeVirtualizer/RipMovInst.h
Unescape View File

@ -23,9 +23,9 @@ BOOL ObfEmitRipRelativeMovW(PNATIVE_CODE_BLOCK Block, INT32 RipDelta, PUCHAR Dat
BOOL ObfEmitRipRelativeMovB(PNATIVE_CODE_BLOCK Block, INT32 RipDelta, PUCHAR Data); BOOL ObfEmitRipRelativeMovB(PNATIVE_CODE_BLOCK Block, INT32 RipDelta, PUCHAR Data);
PNATIVE_CODE_BLOCK ObfEmitPreMovForInst(PNATIVE_CODE_LINK Link); PNATIVE_CODE_BLOCK ObfEmitPreMovForInst(PNATIVE_CODE_LINK Link, INT32 DeltaToInst);
PNATIVE_CODE_BLOCK ObfEmitPostMovForInst(PNATIVE_CODE_LINK Link); PNATIVE_CODE_BLOCK ObfEmitPostMovForInst(PNATIVE_CODE_LINK Link, INT32 DeltaToInst);

11
CodeVirtualizer/RipXorInst.cpp
Unescape View File

@ -150,7 +150,7 @@ VOID ObfXorInstBytes(PNATIVE_CODE_LINK Link, PXOR_INST_DATA XorData)
} }
PNATIVE_CODE_BLOCK ObfEmitPreXorForInst(PNATIVE_CODE_LINK Link, PXOR_INST_DATA XorData, BOOL SaveFlags) PNATIVE_CODE_BLOCK ObfEmitPreXorForInst(PNATIVE_CODE_LINK Link, PXOR_INST_DATA XorData, BOOL SaveFlags, INT32 DeltaToInst)
{ {
ULONG FourByte = Link->RawDataSize / 4; ULONG FourByte = Link->RawDataSize / 4;
ULONG TwoByte = (Link->RawDataSize - (FourByte * 4)) / 2; ULONG TwoByte = (Link->RawDataSize - (FourByte * 4)) / 2;
@ -177,6 +177,7 @@ PNATIVE_CODE_BLOCK ObfEmitPreXorForInst(PNATIVE_CODE_LINK Link, PXOR_INST_DATA X
RipDelta += 1; RipDelta += 1;
//Account for already XORd instructions //Account for already XORd instructions
RipDelta += ((FourByte - Count) * 4); RipDelta += ((FourByte - Count) * 4);
RipDelta += DeltaToInst;
//Add the actual instruction //Add the actual instruction
if (!ObfEmitRipRelativeXorD(Block, RipDelta, XorData->Data[FourByte-Count])) if (!ObfEmitRipRelativeXorD(Block, RipDelta, XorData->Data[FourByte-Count]))
{ {
@ -193,6 +194,7 @@ PNATIVE_CODE_BLOCK ObfEmitPreXorForInst(PNATIVE_CODE_LINK Link, PXOR_INST_DATA X
if (SaveFlags) if (SaveFlags)
RipDelta += 1; RipDelta += 1;
RipDelta += (FourByte * 4); RipDelta += (FourByte * 4);
RipDelta += DeltaToInst;
if (!ObfEmitRipRelativeXorW(Block, RipDelta, XorData->Data[3])) if (!ObfEmitRipRelativeXorW(Block, RipDelta, XorData->Data[3]))
{ {
NcDelete(Block); NcDelete(Block);
@ -207,6 +209,7 @@ PNATIVE_CODE_BLOCK ObfEmitPreXorForInst(PNATIVE_CODE_LINK Link, PXOR_INST_DATA X
if (SaveFlags) if (SaveFlags)
RipDelta += 1; RipDelta += 1;
RipDelta += (FourByte * 4) + (TwoByte * 2); RipDelta += (FourByte * 4) + (TwoByte * 2);
RipDelta += DeltaToInst;
if (!ObfEmitRipRelativeXorB(Block, RipDelta, XorData->Data[4])) if (!ObfEmitRipRelativeXorB(Block, RipDelta, XorData->Data[4]))
{ {
NcDelete(Block); NcDelete(Block);
@ -231,7 +234,7 @@ PNATIVE_CODE_BLOCK ObfEmitPreXorForInst(PNATIVE_CODE_LINK Link, PXOR_INST_DATA X
return Block; return Block;
} }
PNATIVE_CODE_BLOCK ObfEmitPostXorForInst(PNATIVE_CODE_LINK Link, PXOR_INST_DATA XorData, BOOL SaveFlags) PNATIVE_CODE_BLOCK ObfEmitPostXorForInst(PNATIVE_CODE_LINK Link, PXOR_INST_DATA XorData, BOOL SaveFlags, INT32 DeltaToInst)
{ {
ULONG FourByte = Link->RawDataSize / 4; ULONG FourByte = Link->RawDataSize / 4;
ULONG TwoByte = (Link->RawDataSize - (FourByte * 4)) / 2; ULONG TwoByte = (Link->RawDataSize - (FourByte * 4)) / 2;
@ -256,6 +259,7 @@ PNATIVE_CODE_BLOCK ObfEmitPostXorForInst(PNATIVE_CODE_LINK Link, PXOR_INST_DATA
RipDelta += 1; RipDelta += 1;
RipDelta += (FourByte - (Count - 1)) * DWORD_XOR_INST_LENGTH; RipDelta += (FourByte - (Count - 1)) * DWORD_XOR_INST_LENGTH;
RipDelta *= (-1); RipDelta *= (-1);
RipDelta += DeltaToInst;
if (!ObfEmitRipRelativeXorD(Block, RipDelta, XorData->Data[FourByte - Count])) if (!ObfEmitRipRelativeXorD(Block, RipDelta, XorData->Data[FourByte - Count]))
{ {
NcDelete(Block); NcDelete(Block);
@ -273,7 +277,7 @@ PNATIVE_CODE_BLOCK ObfEmitPostXorForInst(PNATIVE_CODE_LINK Link, PXOR_INST_DATA
RipDelta += (FourByte * DWORD_XOR_INST_LENGTH); RipDelta += (FourByte * DWORD_XOR_INST_LENGTH);
RipDelta += WORD_XOR_INST_LENGTH; RipDelta += WORD_XOR_INST_LENGTH;
RipDelta *= (-1); RipDelta *= (-1);
RipDelta += DeltaToInst;
if (!ObfEmitRipRelativeXorW(Block, RipDelta, XorData->Data[3])) if (!ObfEmitRipRelativeXorW(Block, RipDelta, XorData->Data[3]))
{ {
NcDelete(Block); NcDelete(Block);
@ -291,6 +295,7 @@ PNATIVE_CODE_BLOCK ObfEmitPostXorForInst(PNATIVE_CODE_LINK Link, PXOR_INST_DATA
RipDelta += WORD_XOR_INST_LENGTH; RipDelta += WORD_XOR_INST_LENGTH;
RipDelta += BYTE_XOR_INST_LENGTH; RipDelta += BYTE_XOR_INST_LENGTH;
RipDelta *= (-1); RipDelta *= (-1);
RipDelta += DeltaToInst;
if (!ObfEmitRipRelativeXorB(Block, RipDelta, XorData->Data[4])) if (!ObfEmitRipRelativeXorB(Block, RipDelta, XorData->Data[4]))
{ {
NcDelete(Block); NcDelete(Block);

6
CodeVirtualizer/RipXorInst.h
Unescape View File

@ -35,9 +35,11 @@ BOOL ObfEmitRipRelativeXorB(PNATIVE_CODE_BLOCK Block, INT32 RipDelta, ULONG Valu
VOID ObfXorInstBytes(PNATIVE_CODE_LINK Link, PXOR_INST_DATA XorData); VOID ObfXorInstBytes(PNATIVE_CODE_LINK Link, PXOR_INST_DATA XorData);
PNATIVE_CODE_BLOCK ObfEmitPreXorForInst(PNATIVE_CODE_LINK Link, PXOR_INST_DATA XorData, BOOL SaveFlags); PNATIVE_CODE_BLOCK ObfEmitPreXorForInst(PNATIVE_CODE_LINK Link, PXOR_INST_DATA XorData, BOOL SaveFlags, INT32 DeltaToInst
= 0);
PNATIVE_CODE_BLOCK ObfEmitPostXorForInst(PNATIVE_CODE_LINK Link, PXOR_INST_DATA XorData, BOOL SaveFlags); PNATIVE_CODE_BLOCK ObfEmitPostXorForInst(PNATIVE_CODE_LINK Link, PXOR_INST_DATA XorData, BOOL SaveFlags, INT32 DeltaToInst = 0);

Write Preview
Loading…
Cancel
Save