diff --git a/CodeVirtualizer/Code.h b/CodeVirtualizer/Code.h
index e57c0c8..0f2bb64 100644
--- a/CodeVirtualizer/Code.h
+++ b/CodeVirtualizer/Code.h
@@ -4,5 +4,6 @@
#define CODE_FLAG_IS_LABEL (1<<0)
#define CODE_FLAG_IS_REL_JMP (1<<1)
#define CODE_FLAG_IS_INST (1<<2)
+#define CODE_FLAG_DO_NOT_DIVIDE (1<<3)
#endif
\ No newline at end of file
diff --git a/CodeVirtualizer/CodeVirtualizer.vcxproj b/CodeVirtualizer/CodeVirtualizer.vcxproj
index a02c7fc..44635e7 100644
--- a/CodeVirtualizer/CodeVirtualizer.vcxproj
+++ b/CodeVirtualizer/CodeVirtualizer.vcxproj
@@ -149,10 +149,12 @@
+
+
@@ -162,9 +164,11 @@
+
+
diff --git a/CodeVirtualizer/CodeVirtualizer.vcxproj.filters b/CodeVirtualizer/CodeVirtualizer.vcxproj.filters
index aedcfd9..85be4c6 100644
--- a/CodeVirtualizer/CodeVirtualizer.vcxproj.filters
+++ b/CodeVirtualizer/CodeVirtualizer.vcxproj.filters
@@ -21,10 +21,10 @@
VirtualMachine
- Obfuscator\RipXorInst
+ Obfuscator\Jit\RipXorInst
- Obfuscator\RipMovInst
+ Obfuscator\Jit\RipMovInst
Obfuscator
@@ -32,6 +32,12 @@
Obfuscator\Nop
+
+ Obfuscator\Branching\Junk
+
+
+ Obfuscator\Branching\OpaqueBranching
+
@@ -51,10 +57,10 @@
VirtualMachine
- Obfuscator\RipXorInst
+ Obfuscator\Jit\RipXorInst
- Obfuscator\RipMovInst
+ Obfuscator\Jit\RipMovInst
Obfuscator
@@ -62,6 +68,12 @@
Obfuscator\Nop
+
+ Obfuscator\Branching\Junk
+
+
+ Obfuscator\Branching\OpaqueBranching
+
@@ -79,14 +91,32 @@
{cc5b78db-cdf7-4b83-9652-2722cbdec89e}
-
+
+ {4b1bac75-b456-46a5-ad8b-453ffef9eef9}
+
+
+ {3e2b0e35-a45c-42c4-9a63-df17442bd6eb}
+
+
+ {53f6966d-c6e0-422a-9e72-e94a5bab8958}
+
+
+ {a15ab2ae-ba21-4f72-b110-ed3012cfefde}
+
+
+ {aa4e6b0f-dd50-41e7-bc46-5dc8a6b44a62}
+
+
{7040cc27-0179-47d5-9908-962d224b8c6e}
-
+
{51b7ca69-a7e9-4634-9eb2-d70f211fe2d2}
-
- {4b1bac75-b456-46a5-ad8b-453ffef9eef9}
+
+ {a280c509-ba7e-4660-93fb-459ffe274a17}
+
+
+ {9b60f523-bf84-4740-9ee6-b8f34a317078}
\ No newline at end of file
diff --git a/CodeVirtualizer/Junk.cpp b/CodeVirtualizer/Junk.cpp
new file mode 100644
index 0000000..150e189
--- /dev/null
+++ b/CodeVirtualizer/Junk.cpp
@@ -0,0 +1 @@
+#include "Junk.h"
\ No newline at end of file
diff --git a/CodeVirtualizer/Junk.h b/CodeVirtualizer/Junk.h
new file mode 100644
index 0000000..679a052
--- /dev/null
+++ b/CodeVirtualizer/Junk.h
@@ -0,0 +1,9 @@
+#ifndef __JUNK_CODE_H
+#define __JUNK_CODE_H
+
+#include "Windas.h"
+#include "XedWrap.h"
+#include "NativeCode.h"
+
+
+#endif
\ No newline at end of file
diff --git a/CodeVirtualizer/NativeCode.cpp b/CodeVirtualizer/NativeCode.cpp
index bd884a2..9bed5c2 100644
--- a/CodeVirtualizer/NativeCode.cpp
+++ b/CodeVirtualizer/NativeCode.cpp
@@ -282,6 +282,64 @@ PNATIVE_CODE_LINK NcValidateJmp(PNATIVE_CODE_LINK Jmp, INT32 Delta)
return Jmp;
}
+PNATIVE_CODE_LINK NcDeepCopy(PNATIVE_CODE_LINK Link)
+{
+ if (Link->Flags & CODE_FLAG_IS_LABEL)
+ {
+ return new NATIVE_CODE_LINK(Link->Label, NULL);
+ }
+ else
+ {
+ XED_ICLASS_ENUM IClass = XedDecodedInstGetIClass(&Link->XedInst);
+ printf("Doing %s\n", XedIClassEnumToString(IClass));
+
+ PNATIVE_CODE_LINK NewLink = new NATIVE_CODE_LINK(Link->Flags, Link->RawData, Link->RawDataSize);
+ NewLink->Label = Link->Label;
+ XED_ERROR_ENUM DecodeError = XedDecode(&NewLink->XedInst, Link->RawData, Link->RawDataSize);
+ if (DecodeError != XED_ERROR_NONE)
+ {
+ printf("XedDecode failed in NcDeepCopy: %s\n", XedErrorEnumToString(DecodeError));
+ delete NewLink;
+ return NULL;
+ }
+ printf("succeeded\n");
+ return NewLink;
+ }
+}
+
+PNATIVE_CODE_BLOCK NcDeepCopyPartialBlock(PNATIVE_CODE_LINK Start, PNATIVE_CODE_LINK End)
+{
+ if (!Start || !End)
+ return NULL;
+
+ PNATIVE_CODE_BLOCK Block = new NATIVE_CODE_BLOCK;
+ if (!Block)
+ return NULL;
+
+ for (PNATIVE_CODE_LINK CurLink = Start; CurLink != End->Next; CurLink = CurLink->Next)
+ {
+ PNATIVE_CODE_LINK Temp = NcDeepCopy(CurLink);
+ if (!Temp)
+ {
+ NcDeleteBlock(Block);
+ delete Block;
+ return NULL;
+ }
+
+ if (Temp->Flags & CODE_FLAG_IS_REL_JMP)
+ Block->HasRelativeJumps = TRUE;
+
+ NcAppendToBlock(Block, Temp);
+ }
+
+ return Block;
+}
+
+PNATIVE_CODE_BLOCK NcDeepCopyBlock(PNATIVE_CODE_BLOCK Block)
+{
+ return NcDeepCopyPartialBlock(Block->Start, Block->End);
+}
+
BOOL NcDisassemble(PNATIVE_CODE_BLOCK Block, PVOID Buffer, ULONG BufferSize)
{
PUCHAR Buf = (PUCHAR)Buffer;
@@ -296,12 +354,13 @@ BOOL NcDisassemble(PNATIVE_CODE_BLOCK Block, PVOID Buffer, ULONG BufferSize)
if (DecodeError != XED_ERROR_NONE)
{
printf("XedDecode failed with error %s\n", XedErrorEnumToString(DecodeError));
- NcDelete(Block);
+ NcDeleteBlock(Block);
delete Link;
return FALSE;
}
Link->RawDataSize = XedDecodedInstGetLength(&Link->XedInst);
Link->RawData = new UCHAR[Link->RawDataSize];
+ memcpy(Link->RawData, (Buf + Offset), Link->RawDataSize);
NcAppendToBlock(Block, Link);
@@ -315,10 +374,10 @@ BOOL NcDisassemble(PNATIVE_CODE_BLOCK Block, PVOID Buffer, ULONG BufferSize)
PVOID NcAssemble(PNATIVE_CODE_BLOCK Block)
{
-
+ return NULL;
}
-VOID NcDelete(PNATIVE_CODE_BLOCK Block)
+VOID NcDeleteBlock(PNATIVE_CODE_BLOCK Block)
{
for (PNATIVE_CODE_LINK T = Block->Start; T;)
{
diff --git a/CodeVirtualizer/NativeCode.h b/CodeVirtualizer/NativeCode.h
index b0ad6a4..a73f250 100644
--- a/CodeVirtualizer/NativeCode.h
+++ b/CodeVirtualizer/NativeCode.h
@@ -55,11 +55,17 @@ BOOL NcCreateLabels(PNATIVE_CODE_BLOCK Block);
PNATIVE_CODE_LINK NcValidateJmp(PNATIVE_CODE_LINK Link, INT32 Delta);
+PNATIVE_CODE_LINK NcDeepCopy(PNATIVE_CODE_LINK Link);
+
+PNATIVE_CODE_BLOCK NcDeepCopyPartialBlock(PNATIVE_CODE_LINK Start, PNATIVE_CODE_LINK End);
+
+PNATIVE_CODE_BLOCK NcDeepCopyBlock(PNATIVE_CODE_BLOCK Block);
+
BOOL NcDisassemble(PNATIVE_CODE_BLOCK Block, PVOID Buffer, ULONG BufferSize);
PVOID NcAssemble(PNATIVE_CODE_BLOCK Block);
-VOID NcDelete(PNATIVE_CODE_BLOCK Block);
+VOID NcDeleteBlock(PNATIVE_CODE_BLOCK Block);
VOID NcDebugPrint(PNATIVE_CODE_BLOCK Block);
diff --git a/CodeVirtualizer/OpaqueBranching.cpp b/CodeVirtualizer/OpaqueBranching.cpp
new file mode 100644
index 0000000..a4591c5
--- /dev/null
+++ b/CodeVirtualizer/OpaqueBranching.cpp
@@ -0,0 +1 @@
+#include "OpaqueBranching.h"
\ No newline at end of file
diff --git a/CodeVirtualizer/OpaqueBranching.h b/CodeVirtualizer/OpaqueBranching.h
new file mode 100644
index 0000000..5760180
--- /dev/null
+++ b/CodeVirtualizer/OpaqueBranching.h
@@ -0,0 +1,11 @@
+#ifndef __OPAQUE_BRANCHING_H
+#define __OPAQUE_BRANCHING_H
+
+#include "Windas.h"
+#include "XedWrap.h"
+#include "NativeCode.h"
+
+
+VOID ObfGenerateOpaqueBranch(PNATIVE_CODE_LINK Start, ULONG Length);
+
+#endif
\ No newline at end of file
diff --git a/CodeVirtualizer/RipMovInst.cpp b/CodeVirtualizer/RipMovInst.cpp
index f8402cd..4fbf765 100644
--- a/CodeVirtualizer/RipMovInst.cpp
+++ b/CodeVirtualizer/RipMovInst.cpp
@@ -61,7 +61,7 @@ PNATIVE_CODE_BLOCK ObfEmitPreMovForInst(PNATIVE_CODE_LINK Link, INT32 DeltaToIns
system("pause");
if (!ObfEmitRipRelativeMovD(Block, RipDelta, DataOffset))
{
- NcDelete(Block);
+ NcDeleteBlock(Block);
delete Block;
return NULL;
}
@@ -76,7 +76,7 @@ PNATIVE_CODE_BLOCK ObfEmitPreMovForInst(PNATIVE_CODE_LINK Link, INT32 DeltaToIns
RipDelta += DeltaToInst;
if (!ObfEmitRipRelativeMovW(Block, RipDelta, DataOffset))
{
- NcDelete(Block);
+ NcDeleteBlock(Block);
delete Block;
return NULL;
}
@@ -90,7 +90,7 @@ PNATIVE_CODE_BLOCK ObfEmitPreMovForInst(PNATIVE_CODE_LINK Link, INT32 DeltaToIns
RipDelta += DeltaToInst;
if (!ObfEmitRipRelativeMovB(Block, RipDelta, DataOffset))
{
- NcDelete(Block);
+ NcDeleteBlock(Block);
delete Block;
return NULL;
}
@@ -124,7 +124,7 @@ PNATIVE_CODE_BLOCK ObfEmitPostMovForInst(PNATIVE_CODE_LINK Link, INT32 DeltaToIn
RipDelta += DeltaToInst;
if (!ObfEmitRipRelativeMovD(Block, RipDelta, (PUCHAR)&ZeroValue))
{
- NcDelete(Block);
+ NcDeleteBlock(Block);
delete Block;
return NULL;
}
@@ -140,7 +140,7 @@ PNATIVE_CODE_BLOCK ObfEmitPostMovForInst(PNATIVE_CODE_LINK Link, INT32 DeltaToIn
RipDelta += DeltaToInst;
if (!ObfEmitRipRelativeMovW(Block, RipDelta, (PUCHAR)&ZeroValue))
{
- NcDelete(Block);
+ NcDeleteBlock(Block);
delete Block;
return NULL;
}
@@ -156,7 +156,7 @@ PNATIVE_CODE_BLOCK ObfEmitPostMovForInst(PNATIVE_CODE_LINK Link, INT32 DeltaToIn
RipDelta += DeltaToInst;
if (!ObfEmitRipRelativeMovB(Block, RipDelta, (PUCHAR)&ZeroValue))
{
- NcDelete(Block);
+ NcDeleteBlock(Block);
delete Block;
return NULL;
}
diff --git a/CodeVirtualizer/RipXorInst.cpp b/CodeVirtualizer/RipXorInst.cpp
index b27b74a..ce35add 100644
--- a/CodeVirtualizer/RipXorInst.cpp
+++ b/CodeVirtualizer/RipXorInst.cpp
@@ -164,7 +164,7 @@ PNATIVE_CODE_BLOCK ObfEmitPreXorForInst(PNATIVE_CODE_LINK Link, PXOR_INST_DATA X
if (SaveFlags && !ObfEmitPushfqInst(Block))
{
- NcDelete(Block);
+ NcDeleteBlock(Block);
delete Block;
return NULL;
}
@@ -183,7 +183,7 @@ PNATIVE_CODE_BLOCK ObfEmitPreXorForInst(PNATIVE_CODE_LINK Link, PXOR_INST_DATA X
//Add the actual instruction
if (!ObfEmitRipRelativeXorD(Block, RipDelta, XorData->Data[FourByte-Count]))
{
- NcDelete(Block);
+ NcDeleteBlock(Block);
delete Block;
return NULL;
}
@@ -199,7 +199,7 @@ PNATIVE_CODE_BLOCK ObfEmitPreXorForInst(PNATIVE_CODE_LINK Link, PXOR_INST_DATA X
RipDelta += DeltaToInst;
if (!ObfEmitRipRelativeXorW(Block, RipDelta, XorData->Data[3]))
{
- NcDelete(Block);
+ NcDeleteBlock(Block);
delete Block;
return NULL;
}
@@ -214,7 +214,7 @@ PNATIVE_CODE_BLOCK ObfEmitPreXorForInst(PNATIVE_CODE_LINK Link, PXOR_INST_DATA X
RipDelta += DeltaToInst;
if (!ObfEmitRipRelativeXorB(Block, RipDelta, XorData->Data[4]))
{
- NcDelete(Block);
+ NcDeleteBlock(Block);
delete Block;
return NULL;
}
@@ -222,7 +222,7 @@ PNATIVE_CODE_BLOCK ObfEmitPreXorForInst(PNATIVE_CODE_LINK Link, PXOR_INST_DATA X
if (SaveFlags && !ObfEmitPopfqInst(Block))
{
- NcDelete(Block);
+ NcDeleteBlock(Block);
delete Block;
return NULL;
}
@@ -242,7 +242,7 @@ PNATIVE_CODE_BLOCK ObfEmitPostXorForInst(PNATIVE_CODE_LINK Link, PXOR_INST_DATA
if (SaveFlags && !ObfEmitPushfqInst(Block))
{
- NcDelete(Block);
+ NcDeleteBlock(Block);
delete Block;
return NULL;
}
@@ -258,7 +258,7 @@ PNATIVE_CODE_BLOCK ObfEmitPostXorForInst(PNATIVE_CODE_LINK Link, PXOR_INST_DATA
RipDelta += DeltaToInst;
if (!ObfEmitRipRelativeXorD(Block, RipDelta, XorData->Data[FourByte - Count]))
{
- NcDelete(Block);
+ NcDeleteBlock(Block);
delete Block;
return NULL;
}
@@ -276,7 +276,7 @@ PNATIVE_CODE_BLOCK ObfEmitPostXorForInst(PNATIVE_CODE_LINK Link, PXOR_INST_DATA
RipDelta += DeltaToInst;
if (!ObfEmitRipRelativeXorW(Block, RipDelta, XorData->Data[3]))
{
- NcDelete(Block);
+ NcDeleteBlock(Block);
delete Block;
return NULL;
}
@@ -294,7 +294,7 @@ PNATIVE_CODE_BLOCK ObfEmitPostXorForInst(PNATIVE_CODE_LINK Link, PXOR_INST_DATA
RipDelta += DeltaToInst;
if (!ObfEmitRipRelativeXorB(Block, RipDelta, XorData->Data[4]))
{
- NcDelete(Block);
+ NcDeleteBlock(Block);
delete Block;
return NULL;
}
@@ -302,7 +302,7 @@ PNATIVE_CODE_BLOCK ObfEmitPostXorForInst(PNATIVE_CODE_LINK Link, PXOR_INST_DATA
if (SaveFlags && !ObfEmitPopfqInst(Block))
{
- NcDelete(Block);
+ NcDeleteBlock(Block);
delete Block;
return NULL;
}
diff --git a/x64/Debug/CodeVirtualizer.ilk b/x64/Debug/CodeVirtualizer.ilk
index da2fac0..4566d4e 100644
Binary files a/x64/Debug/CodeVirtualizer.ilk and b/x64/Debug/CodeVirtualizer.ilk differ