|
|
|
|
#ifndef _OBFUSCATOR_H
|
|
|
|
|
#define _OBFUSCATOR_H
|
|
|
|
|
|
|
|
|
|
#include <vector>
|
|
|
|
|
#include <string>
|
|
|
|
|
|
|
|
|
|
extern "C"
|
|
|
|
|
{
|
|
|
|
|
#include "xed/xed-interface.h"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#define CLFLAG_IS_LABEL (1<<0)
|
|
|
|
|
#define CLFLAG_IS_REL_JUMP (1<<1)
|
|
|
|
|
#define CLFLAG_IS_ABS_ADDR (1<<2)
|
|
|
|
|
#define CLFLAG_IS_GAGET (1<<3)
|
|
|
|
|
|
|
|
|
|
#define ABS_JUMP_GAGT_SIZE 16
|
|
|
|
|
#define END_OF_GROUP_GAGT_SIZE 14
|
|
|
|
|
|
|
|
|
|
typedef struct _code_link_t
|
|
|
|
|
{
|
|
|
|
|
_code_link_t* next;
|
|
|
|
|
_code_link_t* prev;
|
|
|
|
|
|
|
|
|
|
uint32_t flags;
|
|
|
|
|
int32_t group;
|
|
|
|
|
std::string label_name;
|
|
|
|
|
|
|
|
|
|
xed_decoded_inst_t instruction;
|
|
|
|
|
unsigned char* raw_data;
|
|
|
|
|
unsigned int raw_data_size;
|
|
|
|
|
}code_link_t, * pcode_link_t;
|
|
|
|
|
|
|
|
|
|
typedef struct _code_group_t
|
|
|
|
|
{
|
|
|
|
|
uint64_t base_address;
|
|
|
|
|
pcode_link_t start;
|
|
|
|
|
pcode_link_t end;
|
|
|
|
|
int32_t size_in_bytes;
|
|
|
|
|
_code_group_t(uint64_t ba = 0, pcode_link_t s = nullptr, pcode_link_t e = nullptr, int32_t si = 0)
|
|
|
|
|
: base_address(ba), start(s), end(e), size_in_bytes(si) {};
|
|
|
|
|
}code_group_t, *pcode_group_t;
|
|
|
|
|
|
|
|
|
|
typedef struct _obfuscator_t
|
|
|
|
|
{
|
|
|
|
|
pcode_link_t code_start;
|
|
|
|
|
pcode_link_t code_end;
|
|
|
|
|
std::vector<code_group_t> groups;
|
|
|
|
|
int32_t current_label_id;
|
|
|
|
|
xed_machine_mode_enum_t machine_mode;
|
|
|
|
|
xed_address_width_enum_t addr_width;
|
|
|
|
|
}obfuscator_t, *pobfuscator_t;
|
|
|
|
|
|
|
|
|
|
typedef void* (*FnAllocateMem)(uint32_t size);
|
|
|
|
|
|
|
|
|
|
typedef void (*FnMemCopy)(void* dest, void* src, uint32_t size);
|
|
|
|
|
|
|
|
|
|
//snickers
|
|
|
|
|
void obf_one_time_please();
|
|
|
|
|
|
|
|
|
|
//duh
|
|
|
|
|
bool obf_init_from_buffer(pobfuscator_t obf, void* buffer, uint32_t buffer_size);
|
|
|
|
|
|
|
|
|
|
//creates the groups of instructions based on number of bytes
|
|
|
|
|
bool obf_create_groups(pobfuscator_t obf, int32_t group_size);
|
|
|
|
|
|
|
|
|
|
//replaces all relative jumps with the abs jump gadget
|
|
|
|
|
void obf_replace_rel_jmps(pobfuscator_t obf);
|
|
|
|
|
|
|
|
|
|
//replaces address in the abs jmp stub with the right address of the given label.
|
|
|
|
|
bool obf_resolve_abs_addresses(pobfuscator_t obf);
|
|
|
|
|
|
|
|
|
|
//generate all the labels after loaded from buffa
|
|
|
|
|
bool obf_gen_all_labels(pobfuscator_t obf);
|
|
|
|
|
|
|
|
|
|
//walk backwards or forwards until placing label
|
|
|
|
|
bool obf_gen_label(pobfuscator_t obf, pcode_link_t start, int32_t delta);
|
|
|
|
|
|
|
|
|
|
//allocate buffers for all groups
|
|
|
|
|
bool obf_allocate_group_buffers(pobfuscator_t obf, FnAllocateMem alloc_mem);
|
|
|
|
|
|
|
|
|
|
//copy all instructions from each group into allocated buffers
|
|
|
|
|
bool obf_copy_groups_into_buffers(pobfuscator_t obf, FnMemCopy mem_copy);
|
|
|
|
|
|
|
|
|
|
//print all the code
|
|
|
|
|
void obf_dbg_print_code(pobfuscator_t obf);
|
|
|
|
|
|
|
|
|
|
void obf_print_byte_array(void* arr, uint32_t size);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#endif
|
