Code_Virtualizer/CodeVirtualizer/Obfuscator.cpp

#include "Obfuscator.h"




VOID ObfObfuscate1(POBFUSCATOR Obf, PNATIVE_CODE_BLOCK Block, ULONG Depth)
{
	ULONG InstructionCount = NcCountInstructions(Block);
	if (InstructionCount <= Obf->MinSizeForOpaqueBranch)
	{
		for (PNATIVE_CODE_LINK T = Block->Start; T && T != Block->End->Next;)
		{
			if ((T->Flags & CODE_FLAG_IS_LABEL) || (T->Flags & CODE_FLAG_DO_NOT_DIVIDE) || (T->Flags & CODE_FLAG_IS_REL_JMP))
			{
				T = T->Next;
				continue;
			}

			PNATIVE_CODE_LINK RealNext = T->Next;

			if ((rand() % 100) <= Obf->InstructionMutateChance)
			{
				PNATIVE_CODE_BLOCK PreOp = JitEmitPreRipMov(T);
				PNATIVE_CODE_BLOCK PostOp = JitEmitPostRipMov(T);

				NcInsertBlockBefore(T, PreOp, FALSE);
				NcInsertBlockAfter(T, PostOp, FALSE);

				if (Block->Start == T)
					Block->Start = PreOp->Start;
				if (Block->End == T)
					Block->End = PostOp->End;

				//for (ULONG i = 0; i < T->RawDataSize; i++)
				//	T->RawData[i] = (UCHAR)(rand() % 255);

				T->Flags |= CODE_FLAG_DO_NOT_DIVIDE;

			}

			T = RealNext;
		}
	}
	else
	{
		ULONG TargetCount = max(Obf->MinSizeForOpaqueBranch, InstructionCount / ((Obf->Flags & OBF_ATTRIBUTE_RANDOMIZE_DIVISOR) ? (rand() % Obf->BlockDivisionFactor) : Obf->BlockDivisionFactor)); // max(Obf->MinBlockSize, InstructionCount / Obf->BlockDivisionFactor);
		ULONG CurrentCount = 0;
		PNATIVE_CODE_LINK NewBlockStart = Block->Start;
		for (PNATIVE_CODE_LINK T = Block->Start; T && T != Block->End->Next;)
		{
			if (T->Flags & CODE_FLAG_IS_LABEL)
			{
				T = T->Next;
				continue;
			}

			++CurrentCount;

			if (T->Flags & CODE_FLAG_DO_NOT_DIVIDE)
			{
				T = T->Next;
				continue;
			}

			if (CurrentCount == TargetCount)
			{
				if (Depth >= Obf->MinDepthForRandomOpaqueBranch && (rand() % 100) <= Obf->OpaqueBranchChance)
				{
					NATIVE_CODE_BLOCK NotTaken, Taken;
					ObfCreateOpaqueBranches(NewBlockStart, T, &NotTaken, &Taken);
					ObfObfuscate1(Obf, &NotTaken, Depth + 1);
					ObfObfuscate1(Obf, &Taken, Depth + 1);
					ObfCombineOpaqueBranches(&NotTaken, &Taken, NcGenUnusedLabelId(Obf->GlobalBlock), NcGenUnusedLabelId(Obf->GlobalBlock));
					ObfInsertOpaqueBranchBlock(NewBlockStart, T, &NotTaken);
					T = NotTaken.End;
				}
				else
				{
					NATIVE_CODE_BLOCK TempBlock;
					if (NcDeepCopyPartialBlock(NewBlockStart, T, &TempBlock))
					{
						ObfObfuscate1(Obf, &TempBlock, Depth + 1);
						ObfInsertOpaqueBranchBlock(NewBlockStart, T, &TempBlock);
					}
					T = TempBlock.End;
				}
				NewBlockStart = T->Next;
				CurrentCount = 0;
			}
			T = T->Next;
		}
		if (NewBlockStart)
		{
			NATIVE_CODE_BLOCK NotTaken, Taken;
			ObfCreateOpaqueBranches(NewBlockStart, Block->End, &NotTaken, &Taken);
			ObfObfuscate1(Obf, &NotTaken, Depth + 1);
			ObfObfuscate1(Obf, &Taken, Depth + 1);
			ObfCombineOpaqueBranches(&NotTaken, &Taken, NcGenUnusedLabelId(Obf->GlobalBlock), NcGenUnusedLabelId(Obf->GlobalBlock));
			ObfInsertOpaqueBranchBlock(NewBlockStart, Block->End, &NotTaken);
		}
	}



	

}