started obfuscator

main
Iizerd 3 years ago
parent 188309fc41
commit a9953f4318

2
.gitignore vendored

@ -34,9 +34,11 @@
*.ipch *.ipch
*.db *.db
x64/
.vs/ .vs/
*.log *.log
*.tlog *.tlog
*.ipdb *.ipdb
*.iobj *.iobj
*.idb *.idb
*.cod

@ -120,13 +120,13 @@
<PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode> <ConformanceMode>true</ConformanceMode>
<LanguageStandard>stdcpp17</LanguageStandard> <LanguageStandard>stdcpp17</LanguageStandard>
<AdditionalIncludeDirectories>C:\%24Fanta\IntelXED\build\obj\wkit\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> <AdditionalIncludeDirectories>build\obj\wkit\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<AssemblerOutput>All</AssemblerOutput> <AssemblerOutput>All</AssemblerOutput>
</ClCompile> </ClCompile>
<Link> <Link>
<SubSystem>Console</SubSystem> <SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation> <GenerateDebugInformation>true</GenerateDebugInformation>
<AdditionalLibraryDirectories>C:\%24Fanta\IntelXED\build\obj\wkit\lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories> <AdditionalLibraryDirectories>build\obj\wkit\lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalDependencies>xed.lib;%(AdditionalDependencies)</AdditionalDependencies> <AdditionalDependencies>xed.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link> </Link>
<MASM> <MASM>

@ -120,12 +120,12 @@ VOID JitMutateInstForXor(PNATIVE_CODE_LINK Link, PJIT_BITWISE_DATA JitData)
} }
VOID JitMutateInstForOr(PNATIVE_CODE_LINK Link, PJIT_BITWISE_DATA XorData) VOID JitMutateInstForOr(PNATIVE_CODE_LINK Link, PJIT_BITWISE_DATA JitData)
{ {
} }
VOID JitMutateInstForAnd(PNATIVE_CODE_LINK Link, PJIT_BITWISE_DATA XorData) VOID JitMutateInstForAnd(PNATIVE_CODE_LINK Link, PJIT_BITWISE_DATA JitData)
{ {
} }

@ -34,11 +34,11 @@ BOOL JitDoesInstOverriteConditionFlags(PNATIVE_CODE_LINK Link);
BOOL JitAreFlagsClobberedBeforeUse(PNATIVE_CODE_LINK Link); BOOL JitAreFlagsClobberedBeforeUse(PNATIVE_CODE_LINK Link);
VOID JitMutateInstForXor(PNATIVE_CODE_LINK Link, PJIT_BITWISE_DATA XorData); VOID JitMutateInstForXor(PNATIVE_CODE_LINK Link, PJIT_BITWISE_DATA JitData);
VOID JitMutateInstForOr(PNATIVE_CODE_LINK Link, PJIT_BITWISE_DATA XorData); VOID JitMutateInstForOr(PNATIVE_CODE_LINK Link, PJIT_BITWISE_DATA JitData);
VOID JitMutateInstForAnd(PNATIVE_CODE_LINK Link, PJIT_BITWISE_DATA XorData); VOID JitMutateInstForAnd(PNATIVE_CODE_LINK Link, PJIT_BITWISE_DATA JitData);
PNATIVE_CODE_BLOCK JitEmitPreRipMov(PNATIVE_CODE_LINK Link, INT32 Delta = 0); PNATIVE_CODE_BLOCK JitEmitPreRipMov(PNATIVE_CODE_LINK Link, INT32 Delta = 0);

@ -2,7 +2,8 @@
#include <Windows.h> #include <Windows.h>
#include <stdio.h> #include <stdio.h>
#include "Windas.h"
#include "XedWrap.h"
#include "NativeCode.h" #include "NativeCode.h"
#include "RipXorInst.h" #include "RipXorInst.h"
#include "RipMovInst.h" #include "RipMovInst.h"
@ -45,7 +46,6 @@ int main()
XedTablesInit(); XedTablesInit();
srand(time(NULL)); srand(time(NULL));
NATIVE_CODE_BLOCK Block; NATIVE_CODE_BLOCK Block;
NcDisassemble(&Block, TestBuffer, TestBufferSize); NcDisassemble(&Block, TestBuffer, TestBufferSize);
NATIVE_CODE_BLOCK NotTaken; NATIVE_CODE_BLOCK NotTaken;
@ -53,11 +53,6 @@ int main()
printf("\n\nOriginal\n"); printf("\n\nOriginal\n");
NcDebugPrint(&Block); NcDebugPrint(&Block);
ObfCreateOpaqueBranches(Block.Start->Next, Block.Start->Next->Next->Next->Next, &NotTaken, &Taken); ObfCreateOpaqueBranches(Block.Start->Next, Block.Start->Next->Next->Next->Next, &NotTaken, &Taken);
//printf("\n\nNotTaken\n");
//NcDebugPrint(&NotTaken);
//printf("\n\nTaken\n");
//NcDebugPrint(&Taken);
//printf("\n\nCombined\n");
ObfCombineOpaqueBranches(&NotTaken, &Taken, NcGenUnusedLabelId(&Block), NcGenUnusedLabelId(&Block)); ObfCombineOpaqueBranches(&NotTaken, &Taken, NcGenUnusedLabelId(&Block), NcGenUnusedLabelId(&Block));
ObfInsertOpaqueBranchBlock(Block.Start->Next, Block.Start->Next->Next->Next->Next, &NotTaken); ObfInsertOpaqueBranchBlock(Block.Start->Next, Block.Start->Next->Next->Next->Next, &NotTaken);
printf("\n\nNew\n"); printf("\n\nNew\n");

@ -121,7 +121,19 @@ VOID NcUnlink(PNATIVE_CODE_LINK Link)
} }
} }
ULONG NcCalcBlockSize(PNATIVE_CODE_BLOCK Block) ULONG NcCountInstructions(PNATIVE_CODE_BLOCK Block)
{
ULONG InstructionCount = 0;
for (PNATIVE_CODE_LINK T = Block->Start; T && T != Block->End->Next; T = T->Next)
{
if (T->Flags & CODE_FLAG_IS_LABEL)
continue;
++InstructionCount;
}
return InstructionCount;
}
ULONG NcCalcBlockSizeInBytes(PNATIVE_CODE_BLOCK Block)
{ {
ULONG TotalSize = 0; ULONG TotalSize = 0;
for (PNATIVE_CODE_LINK T = Block->Start; T && T != Block->End->Next; T = T->Next) for (PNATIVE_CODE_LINK T = Block->Start; T && T != Block->End->Next; T = T->Next)
@ -498,7 +510,7 @@ PVOID NcAssemble(PNATIVE_CODE_BLOCK Block, PULONG OutSize)
if (!NcFixRelJmps(Block)) if (!NcFixRelJmps(Block))
return NULL; return NULL;
*OutSize = NcCalcBlockSize(Block); *OutSize = NcCalcBlockSizeInBytes(Block);
PUCHAR Buffer = (PUCHAR)malloc(*OutSize); PUCHAR Buffer = (PUCHAR)malloc(*OutSize);
if (!Buffer) if (!Buffer)

@ -41,7 +41,9 @@ VOID NcInsertLinkBefore(PNATIVE_CODE_LINK Link1, PNATIVE_CODE_LINK Link2);
VOID NcUnlink(PNATIVE_CODE_LINK Link); VOID NcUnlink(PNATIVE_CODE_LINK Link);
ULONG NcCalcBlockSize(PNATIVE_CODE_BLOCK Block); ULONG NcCountInstructions(PNATIVE_CODE_BLOCK Block);
ULONG NcCalcBlockSizeInBytes(PNATIVE_CODE_BLOCK Block);
VOID NcChangeLabelId(PNATIVE_CODE_BLOCK Block1, ULONG Original, ULONG New); VOID NcChangeLabelId(PNATIVE_CODE_BLOCK Block1, ULONG Original, ULONG New);

@ -3,25 +3,19 @@
PNATIVE_CODE_LINK NcEmitNop() PNATIVE_CODE_LINK NcEmitNop()
{ {
UCHAR RawData[] = { 0x90 }; UCHAR RawData[] = { 0x90 };
PNATIVE_CODE_LINK Link = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, RawData, 1); PNATIVE_CODE_LINK Link = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, RawData, 1, TRUE);
XedDecode(&Link->XedInstruction, Link->RawData, 1); //XedDecode(&Link->XedInstruction, Link->RawData, 1);
return Link; return Link;
} }
PNATIVE_CODE_BLOCK NcEmitNopGroup(ULONG Count) BOOL NcEmitNopGroup(ULONG Count, PNATIVE_CODE_BLOCK Block)
{ {
if (Count < 1) if (Count < 1)
return NULL; return FALSE;
PNATIVE_CODE_BLOCK Block = new NATIVE_CODE_BLOCK;
if (!Block)
return NULL;
while (Count) while (Count)
{ {
NcAppendToBlock(Block, NcEmitNop()); NcAppendToBlock(Block, NcEmitNop());
Count--; Count--;
} }
return TRUE;
return Block;
} }

@ -7,6 +7,6 @@
PNATIVE_CODE_LINK NcEmitNop(); PNATIVE_CODE_LINK NcEmitNop();
PNATIVE_CODE_BLOCK NcEmitNopGroup(ULONG Count); BOOL NcEmitNopGroup(ULONG Count, PNATIVE_CODE_BLOCK Block)
#endif #endif

@ -2,9 +2,27 @@
#define __OBFUSCATOR_H #define __OBFUSCATOR_H
#include "Windas.h"
#include "XedWrap.h"
#include "NativeCode.h"
#include "Jit.h"
#include "OpaqueBranching.h"
#define OBF_ATTRIBUTE_JIT (1<<0)
#define OBF_ATTRIBUTE_OPAQUE_BRANCHES (1<<1)
#define OBF_FLAG_IS_CODE_WRITEABLE (1<<0) //If this is set, JIT can be used
typedef struct _OBFUSCATOR
{
ULONG MinBlockSize;
PNATIVE_CODE_BLOCK Block;
}OBFUSCATOR, *POBFUSCATOR;
//recursive obfuscation routine
VOID ObfObfuscate(PNATIVE_CODE_BLOCK Block)
{
ULONG InstructionCount = NcCountInstructions(Block);
}
#endif #endif

@ -1,4 +1,4 @@
Microsoft (R) Macro Assembler (x64) Version 14.27.29111.0 10/16/21 19:53:02 Microsoft (R) Macro Assembler (x64) Version 14.29.30038.1 10/17/21 15:17:32
Assembly.asm Page 1 - 1 Assembly.asm Page 1 - 1
@ -6,7 +6,7 @@ Assembly.asm Page 1 - 1
END END
Microsoft (R) Macro Assembler (x64) Version 14.27.29111.0 10/16/21 19:53:02 Microsoft (R) Macro Assembler (x64) Version 14.29.30038.1 10/17/21 15:17:32
Assembly.asm Symbols 2 - 1 Assembly.asm Symbols 2 - 1

@ -1,7 +1,11 @@
<?xml version="1.0" encoding="utf-8"?> <?xml version="1.0" encoding="utf-8"?>
<Project> <Project>
<ProjectOutputs>C:\$Fanta\code-virtualizer\x64\Debug\CodeVirtualizer.exe</ProjectOutputs> <ProjectOutputs>
<ContentFiles></ContentFiles> <ProjectOutput>
<SatelliteDlls></SatelliteDlls> <FullPath>C:\@\Work\code-virtualizer\x64\Debug\CodeVirtualizer.exe</FullPath>
<NonRecipeFileRefs></NonRecipeFileRefs> </ProjectOutput>
</ProjectOutputs>
<ContentFiles />
<SatelliteDlls />
<NonRecipeFileRefs />
</Project> </Project>

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

@ -1,4 +1,4 @@
; Listing generated by Microsoft (R) Optimizing Compiler Version 19.27.29111.0 ; Listing generated by Microsoft (R) Optimizing Compiler Version 19.29.30038.1
include listing.inc include listing.inc

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

Binary file not shown.
Loading…
Cancel
Save