#include #include #include "NativeCode.h" #include "RipXorInst.h" #include "RipMovInst.h" #include "OpaqueBranching.h" #include "Jit.h" PVOID MakeExecutableBuffer(PVOID Buffer, ULONG BufferSize) { PVOID ExecBuffer = VirtualAlloc(nullptr, BufferSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE); if (!ExecBuffer) return NULL; RtlCopyMemory(ExecBuffer, Buffer, BufferSize); } UCHAR TestBuffer[] = { 0x48, 0x33, 0xC0, 0x48, 0x33, 0xC0, 0xEB, 0x0E, 0x48, 0x33, 0xC0, 0x48, 0x33, 0xC0, 0x7E, 0x06, 0x48, 0x33, 0xC0, 0x48, 0x33, 0xC0, 0x48, 0x33, 0xC0, 0x48, 0x33, 0xC0, 0xEB, 0xF8, 0x50, 0x48, 0xB8, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x0F, 0x48, 0x87, 0x04, 0x24, 0xC3, }; ULONG TestBufferSize = sizeof(TestBuffer); UCHAR meme1[] = { 0x31, 0xc0 }; int main() { XedTablesInit(); srand(time(NULL)); NATIVE_CODE_BLOCK Block; NcDisassemble(&Block, TestBuffer, TestBufferSize); PNATIVE_CODE_LINK NewLink = new NATIVE_CODE_LINK(CODE_FLAG_IS_INST, meme1, sizeof(meme1)); NcInsertLinkBefore(Block.End->Prev->Prev->Prev->Prev, NewLink); ULONG AssembledSize; PVOID AssembledBlock = NcAssemble(&Block, &AssembledSize); if (!AssembledBlock || !AssembledSize) { printf("Something failed nicka.\n"); system("pause"); return -1; } PUCHAR Tb = (PUCHAR)AssembledBlock; for (uint32_t i = 0; i < AssembledSize; i++) { std::cout << std::hex << std::setw(2) << std::setfill('0') << (int)Tb[i] << ' '; } //PNATIVE_CODE_BLOCK OpaqueBranch = ObfGenOpaqueBranch(Block.Start, Block.End); //NcDebugPrint(OpaqueBranch); system("pause"); /*NATIVE_CODE_LINK T; T.RawDataSize = 10; T.RawData = new UCHAR[10]; memset(T.RawData, 0xAA, 10); JIT_BITWISE_DATA Data; RtlSecureZeroMemory(&Data, sizeof(JIT_BITWISE_DATA)); PNATIVE_CODE_BLOCK NewBlock = JitEmitPreRipMov(&T); if (NewBlock) { printf("\n"); NcDebugPrint(NewBlock); printf("\n"); NcPrintBlockCode(NewBlock); } system("pause");*/ }