#include #include #include "NativeCode.h" #include "RipXorInst.h" #include "RipMovInst.h" UCHAR TestBuffer[]{ 0x48, 0x33, 0xC0, 0x48, 0x33, 0xC0, 0xEB, 0x0E, 0x48, 0x33, 0xC0, 0x48, 0x33, 0xC0, 0x7E, 0x06, 0x48, 0x33, 0xC0, 0x48, 0x33, 0xC0, 0x48, 0x33, 0xC0, 0x48, 0x33, 0xC0, 0xEB, 0xF8, 0x50, 0x48, 0xB8, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x0F, 0x48, 0x87, 0x04, 0x24, 0xC3, }; ULONG TestBufferSize = sizeof(TestBuffer); int main() { XedTablesInit(); xed_state_t state; state.mmode = XED_MACHINE_MODE_LONG_64; state.stack_addr_width = XED_ADDRESS_WIDTH_64b; xed_encoder_instruction_t inst; //xed_inst2(&inst, state, XED_ICLASS_ADD, 0, xed_reg(XED_REG_EAX), // xed_mem_bd(XED_REG_EDX, xed_disp(0x11223344, 32), 32)); xed_inst1(&inst, state, XED_ICLASS_JLE, 32, xed_relbr(0x1776, 32)); xed_encoder_request_t request; xed_encoder_request_zero_set_mode(&request, &state); if (!xed_convert_to_encoder_request(&request, &inst)) { printf("failed to convert instruction.\n"); system("pause"); return -1; } unsigned char storage[15]; unsigned int len; xed_error_enum_t err = xed_encode(&request, storage, 15, &len); if (err != XED_ERROR_NONE) { printf("XedEncode failed with error %s\n", XedErrorEnumToString(err)); system("pause"); return FALSE; } printf("len: %u\n", len); for (int i = 0; i < len; i++) { std::cout << std::setw(2) << std::setfill('0') << std::hex << (INT)storage[i] << ' '; } std::cout << '\n'; return -1; NATIVE_CODE_BLOCK Block; XedTablesInit(); NcDisassemble(&Block, TestBuffer, TestBufferSize); NcDebugPrint(&Block); NATIVE_CODE_LINK T; T.RawDataSize = 10; T.RawData = new UCHAR[10]; memset(T.RawData, 0xAA, 10); XOR_INST_DATA Data; RtlSecureZeroMemory(&Data, sizeof(XOR_INST_DATA)); PNATIVE_CODE_BLOCK NewBlock = ObfEmitPreMovForInst(&T); if (NewBlock) { printf("\n"); NcDebugPrint(NewBlock); printf("\n"); NcPrintBlockCode(NewBlock); } //PNATIVE_CODE_LINK temp = new NATIVE_CODE_LINK("Hello"); system("pause"); }