diff --git a/CodeVirtualizer/CodeVirtualizer.vcxproj b/CodeVirtualizer/CodeVirtualizer.vcxproj index 2891904..da9ec6a 100644 --- a/CodeVirtualizer/CodeVirtualizer.vcxproj +++ b/CodeVirtualizer/CodeVirtualizer.vcxproj @@ -151,6 +151,7 @@ + @@ -161,6 +162,7 @@ + diff --git a/CodeVirtualizer/CodeVirtualizer.vcxproj.filters b/CodeVirtualizer/CodeVirtualizer.vcxproj.filters index abd0b5e..9ffa026 100644 --- a/CodeVirtualizer/CodeVirtualizer.vcxproj.filters +++ b/CodeVirtualizer/CodeVirtualizer.vcxproj.filters @@ -26,6 +26,9 @@ Obfuscator\RipMovInst + + Obfuscator + @@ -50,6 +53,9 @@ Obfuscator\RipMovInst + + Obfuscator + diff --git a/CodeVirtualizer/NativeCode.cpp b/CodeVirtualizer/NativeCode.cpp index a72673b..3d4f0f9 100644 --- a/CodeVirtualizer/NativeCode.cpp +++ b/CodeVirtualizer/NativeCode.cpp @@ -73,9 +73,57 @@ VOID NcConcat(PNATIVE_CODE_BLOCK Block1, PNATIVE_CODE_BLOCK Block2) //update the label names so that there are no conflicts between the two blocks } +ULONG NcGenUnusedLabelId(STDVECTOR CONST& LabelIds) +{ + ULONG ReturnLabelId = rand(); + while (StdFind(LabelIds.begin(), LabelIds.end(), ReturnLabelId) != LabelIds.end()) + ReturnLabelId = rand(); + return ReturnLabelId; +} + +VOID NcChangeLabelId(PNATIVE_CODE_BLOCK Block1, ULONG Original, ULONG New) +{ + for (PNATIVE_CODE_LINK T = Block1->Start; T; T = T->Next) + { + if ((T->Flags & CODE_FLAG_IS_LABEL) && T->Label == Original) + T->Label = New; + } +} + +VOID NcFixLabelsForBlocks(PNATIVE_CODE_BLOCK Block1, PNATIVE_CODE_BLOCK Block2) +{ + STDVECTOR BlockOneLabels; + for (PNATIVE_CODE_LINK T = Block1->Start; T; T = T->Next) + { + if ((T->Flags & CODE_FLAG_IS_LABEL) && StdFind(BlockOneLabels.begin(), BlockOneLabels.end(), T->Label) != BlockOneLabels.end()) + BlockOneLabels.push_back(T->Label); + } + + for (PNATIVE_CODE_LINK T = Block2->Start; T; T = T->Next) + { + if ((T->Flags & CODE_FLAG_IS_LABEL) && StdFind(BlockOneLabels.begin(), BlockOneLabels.end(), T->Label) != BlockOneLabels.end()) + NcChangeLabelId(Block2, T->Label, NcGenUnusedLabelId(BlockOneLabels)); + } +} + BOOL NcInsertBlockAfter(PNATIVE_CODE_LINK Link, PNATIVE_CODE_BLOCK Block) { - return FALSE; + if (!Link || !Link->Block || !Block || !Block->Start || !Block->End || Link->Block == Block) + return FALSE; + + if (Block->HasRelativeJumps && Link->Block->HasRelativeJumps) + NcFixLabelsForBlocks(Link->Block, Block); + + if (Link->Next) + Link->Next->Prev = Block->End; + Block->End->Next = Link->Next; + Block->Start->Prev = Link; + Link->Next = Block->Start; + + for (PNATIVE_CODE_LINK T = Block->Start; T; T = T->Next) + T->Block = Link->Block; + + return TRUE; } BOOL NcInsertBlockBefore(PNATIVE_CODE_LINK Link, PNATIVE_CODE_BLOCK Block) @@ -84,24 +132,16 @@ BOOL NcInsertBlockBefore(PNATIVE_CODE_LINK Link, PNATIVE_CODE_BLOCK Block) return FALSE; if (Block->HasRelativeJumps && Link->Block->HasRelativeJumps) - { - //TODO: increment all labels inside of the block being added - return FALSE; - } - else - { - if (Link->Prev) - Link->Prev->Next = Block->Start; - Block->Start->Prev = Link->Prev; - - Block->End->Next = Link; - Link->Prev = Block->End; - } + NcFixLabelsForBlocks(Link->Block, Block); + + if (Link->Prev) + Link->Prev->Next = Block->Start; + Block->Start->Prev = Link->Prev; + Block->End->Next = Link; + Link->Prev = Block->End; for (PNATIVE_CODE_LINK T = Block->Start; T; T = T->Next) - { T->Block = Link->Block; - } return TRUE; } diff --git a/CodeVirtualizer/NativeCode.h b/CodeVirtualizer/NativeCode.h index 4078202..d521cb1 100644 --- a/CodeVirtualizer/NativeCode.h +++ b/CodeVirtualizer/NativeCode.h @@ -38,6 +38,12 @@ VOID NcUnlink(PNATIVE_CODE_LINK Link); VOID NcConcat(PNATIVE_CODE_BLOCK Block1, PNATIVE_CODE_BLOCK Block2); +VOID NcChangeLabelId(PNATIVE_CODE_BLOCK Block1, ULONG Original, ULONG New); + +ULONG NcGenUnusedLabelId(STDVECTOR CONST& LabelIds); + +VOID NcFixLabelsForBlocks(PNATIVE_CODE_BLOCK Block1, PNATIVE_CODE_BLOCK Block2); + BOOL NcInsertBlockAfter(PNATIVE_CODE_LINK Link, PNATIVE_CODE_BLOCK Block); BOOL NcInsertBlockBefore(PNATIVE_CODE_LINK Link, PNATIVE_CODE_BLOCK Block); diff --git a/CodeVirtualizer/Obfuscator.cpp b/CodeVirtualizer/Obfuscator.cpp new file mode 100644 index 0000000..02f045a --- /dev/null +++ b/CodeVirtualizer/Obfuscator.cpp @@ -0,0 +1,7 @@ +#include "Obfuscator.h" + + + + + + diff --git a/CodeVirtualizer/Obfuscator.h b/CodeVirtualizer/Obfuscator.h new file mode 100644 index 0000000..4a5f4db --- /dev/null +++ b/CodeVirtualizer/Obfuscator.h @@ -0,0 +1,7 @@ +#ifndef __OBFUSCATOR_H +#define __OBFUSCATOR_H + + + + +#endif \ No newline at end of file diff --git a/CodeVirtualizer/RipXorInst.h b/CodeVirtualizer/RipXorInst.h index 1337a14..346752c 100644 --- a/CodeVirtualizer/RipXorInst.h +++ b/CodeVirtualizer/RipXorInst.h @@ -35,9 +35,7 @@ BOOL ObfEmitRipRelativeXorB(PNATIVE_CODE_BLOCK Block, INT32 RipDelta, ULONG Valu VOID ObfXorInstBytes(PNATIVE_CODE_LINK Link, PXOR_INST_DATA XorData); -PNATIVE_CODE_BLOCK ObfEmitPreXorForInst(PNATIVE_CODE_LINK Link, PXOR_INST_DATA XorData, BOOL SaveFlags, INT32 DeltaToInst - - = 0); +PNATIVE_CODE_BLOCK ObfEmitPreXorForInst(PNATIVE_CODE_LINK Link, PXOR_INST_DATA XorData, BOOL SaveFlags, INT32 DeltaToInst = 0); PNATIVE_CODE_BLOCK ObfEmitPostXorForInst(PNATIVE_CODE_LINK Link, PXOR_INST_DATA XorData, BOOL SaveFlags, INT32 DeltaToInst = 0); diff --git a/CodeVirtualizer/Windas.h b/CodeVirtualizer/Windas.h index a03d179..14af02e 100644 --- a/CodeVirtualizer/Windas.h +++ b/CodeVirtualizer/Windas.h @@ -10,6 +10,7 @@ #define INLINE inline #define STDSTRING std::string #define STDVECTOR std::vector +#define StdFind std::find #endif \ No newline at end of file