more busywork

main
James 3 years ago
parent 9368f5288a
commit a88fbcbde1

@ -151,6 +151,7 @@
<ItemGroup> <ItemGroup>
<ClCompile Include="NativeCode.cpp" /> <ClCompile Include="NativeCode.cpp" />
<ClCompile Include="Main.cpp" /> <ClCompile Include="Main.cpp" />
<ClCompile Include="Obfuscator.cpp" />
<ClCompile Include="RipMovInst.cpp" /> <ClCompile Include="RipMovInst.cpp" />
<ClCompile Include="RipXorInst.cpp" /> <ClCompile Include="RipXorInst.cpp" />
<ClCompile Include="Virtualizer.cpp" /> <ClCompile Include="Virtualizer.cpp" />
@ -161,6 +162,7 @@
<ItemGroup> <ItemGroup>
<ClInclude Include="Code.h" /> <ClInclude Include="Code.h" />
<ClInclude Include="NativeCode.h" /> <ClInclude Include="NativeCode.h" />
<ClInclude Include="Obfuscator.h" />
<ClInclude Include="RipMovInst.h" /> <ClInclude Include="RipMovInst.h" />
<ClInclude Include="RipXorInst.h" /> <ClInclude Include="RipXorInst.h" />
<ClInclude Include="Virtualizer.h" /> <ClInclude Include="Virtualizer.h" />

@ -26,6 +26,9 @@
<ClInclude Include="RipMovInst.h"> <ClInclude Include="RipMovInst.h">
<Filter>Obfuscator\RipMovInst</Filter> <Filter>Obfuscator\RipMovInst</Filter>
</ClInclude> </ClInclude>
<ClInclude Include="Obfuscator.h">
<Filter>Obfuscator</Filter>
</ClInclude>
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>
<ClCompile Include="Main.cpp" /> <ClCompile Include="Main.cpp" />
@ -50,6 +53,9 @@
<ClCompile Include="RipMovInst.cpp"> <ClCompile Include="RipMovInst.cpp">
<Filter>Obfuscator\RipMovInst</Filter> <Filter>Obfuscator\RipMovInst</Filter>
</ClCompile> </ClCompile>
<ClCompile Include="Obfuscator.cpp">
<Filter>Obfuscator</Filter>
</ClCompile>
</ItemGroup> </ItemGroup>
<ItemGroup> <ItemGroup>
<Filter Include="Xed"> <Filter Include="Xed">

@ -73,9 +73,57 @@ VOID NcConcat(PNATIVE_CODE_BLOCK Block1, PNATIVE_CODE_BLOCK Block2)
//update the label names so that there are no conflicts between the two blocks //update the label names so that there are no conflicts between the two blocks
} }
ULONG NcGenUnusedLabelId(STDVECTOR<ULONG> CONST& LabelIds)
{
ULONG ReturnLabelId = rand();
while (StdFind(LabelIds.begin(), LabelIds.end(), ReturnLabelId) != LabelIds.end())
ReturnLabelId = rand();
return ReturnLabelId;
}
VOID NcChangeLabelId(PNATIVE_CODE_BLOCK Block1, ULONG Original, ULONG New)
{
for (PNATIVE_CODE_LINK T = Block1->Start; T; T = T->Next)
{
if ((T->Flags & CODE_FLAG_IS_LABEL) && T->Label == Original)
T->Label = New;
}
}
VOID NcFixLabelsForBlocks(PNATIVE_CODE_BLOCK Block1, PNATIVE_CODE_BLOCK Block2)
{
STDVECTOR<ULONG> BlockOneLabels;
for (PNATIVE_CODE_LINK T = Block1->Start; T; T = T->Next)
{
if ((T->Flags & CODE_FLAG_IS_LABEL) && StdFind(BlockOneLabels.begin(), BlockOneLabels.end(), T->Label) != BlockOneLabels.end())
BlockOneLabels.push_back(T->Label);
}
for (PNATIVE_CODE_LINK T = Block2->Start; T; T = T->Next)
{
if ((T->Flags & CODE_FLAG_IS_LABEL) && StdFind(BlockOneLabels.begin(), BlockOneLabels.end(), T->Label) != BlockOneLabels.end())
NcChangeLabelId(Block2, T->Label, NcGenUnusedLabelId(BlockOneLabels));
}
}
BOOL NcInsertBlockAfter(PNATIVE_CODE_LINK Link, PNATIVE_CODE_BLOCK Block) BOOL NcInsertBlockAfter(PNATIVE_CODE_LINK Link, PNATIVE_CODE_BLOCK Block)
{ {
if (!Link || !Link->Block || !Block || !Block->Start || !Block->End || Link->Block == Block)
return FALSE; return FALSE;
if (Block->HasRelativeJumps && Link->Block->HasRelativeJumps)
NcFixLabelsForBlocks(Link->Block, Block);
if (Link->Next)
Link->Next->Prev = Block->End;
Block->End->Next = Link->Next;
Block->Start->Prev = Link;
Link->Next = Block->Start;
for (PNATIVE_CODE_LINK T = Block->Start; T; T = T->Next)
T->Block = Link->Block;
return TRUE;
} }
BOOL NcInsertBlockBefore(PNATIVE_CODE_LINK Link, PNATIVE_CODE_BLOCK Block) BOOL NcInsertBlockBefore(PNATIVE_CODE_LINK Link, PNATIVE_CODE_BLOCK Block)
@ -84,24 +132,16 @@ BOOL NcInsertBlockBefore(PNATIVE_CODE_LINK Link, PNATIVE_CODE_BLOCK Block)
return FALSE; return FALSE;
if (Block->HasRelativeJumps && Link->Block->HasRelativeJumps) if (Block->HasRelativeJumps && Link->Block->HasRelativeJumps)
{ NcFixLabelsForBlocks(Link->Block, Block);
//TODO: increment all labels inside of the block being added
return FALSE;
}
else
{
if (Link->Prev) if (Link->Prev)
Link->Prev->Next = Block->Start; Link->Prev->Next = Block->Start;
Block->Start->Prev = Link->Prev; Block->Start->Prev = Link->Prev;
Block->End->Next = Link; Block->End->Next = Link;
Link->Prev = Block->End; Link->Prev = Block->End;
}
for (PNATIVE_CODE_LINK T = Block->Start; T; T = T->Next) for (PNATIVE_CODE_LINK T = Block->Start; T; T = T->Next)
{
T->Block = Link->Block; T->Block = Link->Block;
}
return TRUE; return TRUE;
} }

@ -38,6 +38,12 @@ VOID NcUnlink(PNATIVE_CODE_LINK Link);
VOID NcConcat(PNATIVE_CODE_BLOCK Block1, PNATIVE_CODE_BLOCK Block2); VOID NcConcat(PNATIVE_CODE_BLOCK Block1, PNATIVE_CODE_BLOCK Block2);
VOID NcChangeLabelId(PNATIVE_CODE_BLOCK Block1, ULONG Original, ULONG New);
ULONG NcGenUnusedLabelId(STDVECTOR<ULONG> CONST& LabelIds);
VOID NcFixLabelsForBlocks(PNATIVE_CODE_BLOCK Block1, PNATIVE_CODE_BLOCK Block2);
BOOL NcInsertBlockAfter(PNATIVE_CODE_LINK Link, PNATIVE_CODE_BLOCK Block); BOOL NcInsertBlockAfter(PNATIVE_CODE_LINK Link, PNATIVE_CODE_BLOCK Block);
BOOL NcInsertBlockBefore(PNATIVE_CODE_LINK Link, PNATIVE_CODE_BLOCK Block); BOOL NcInsertBlockBefore(PNATIVE_CODE_LINK Link, PNATIVE_CODE_BLOCK Block);

@ -0,0 +1,7 @@
#include "Obfuscator.h"

@ -0,0 +1,7 @@
#ifndef __OBFUSCATOR_H
#define __OBFUSCATOR_H
#endif

@ -35,9 +35,7 @@ BOOL ObfEmitRipRelativeXorB(PNATIVE_CODE_BLOCK Block, INT32 RipDelta, ULONG Valu
VOID ObfXorInstBytes(PNATIVE_CODE_LINK Link, PXOR_INST_DATA XorData); VOID ObfXorInstBytes(PNATIVE_CODE_LINK Link, PXOR_INST_DATA XorData);
PNATIVE_CODE_BLOCK ObfEmitPreXorForInst(PNATIVE_CODE_LINK Link, PXOR_INST_DATA XorData, BOOL SaveFlags, INT32 DeltaToInst PNATIVE_CODE_BLOCK ObfEmitPreXorForInst(PNATIVE_CODE_LINK Link, PXOR_INST_DATA XorData, BOOL SaveFlags, INT32 DeltaToInst = 0);
= 0);
PNATIVE_CODE_BLOCK ObfEmitPostXorForInst(PNATIVE_CODE_LINK Link, PXOR_INST_DATA XorData, BOOL SaveFlags, INT32 DeltaToInst = 0); PNATIVE_CODE_BLOCK ObfEmitPostXorForInst(PNATIVE_CODE_LINK Link, PXOR_INST_DATA XorData, BOOL SaveFlags, INT32 DeltaToInst = 0);

@ -10,6 +10,7 @@
#define INLINE inline #define INLINE inline
#define STDSTRING std::string #define STDSTRING std::string
#define STDVECTOR std::vector #define STDVECTOR std::vector
#define StdFind std::find
#endif #endif
Loading…
Cancel
Save