|
|
|
|
#ifndef _OBFUSCATOR_H
|
|
|
|
|
#define _OBFUSCATOR_H
|
|
|
|
|
|
|
|
|
|
#include <vector>
|
|
|
|
|
#include <string>
|
|
|
|
|
|
|
|
|
|
extern "C"
|
|
|
|
|
{
|
|
|
|
|
#include "xed/xed-interface.h"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#define CLFLAG_IS_LABEL (1<<0)
|
|
|
|
|
#define CLFLAG_IS_REL_JUMP (1<<1)
|
|
|
|
|
#define CLFLAG_IS_ABS_ADDR (1<<2)
|
|
|
|
|
#define CLFLAG_IS_GAGET (1<<3)
|
|
|
|
|
#define CLFLAG_IS_GROUP_JMP (1<<4)
|
|
|
|
|
|
|
|
|
|
typedef struct _code_link_t
|
|
|
|
|
{
|
|
|
|
|
_code_link_t* next;
|
|
|
|
|
_code_link_t* prev;
|
|
|
|
|
|
|
|
|
|
uint32_t flags;
|
|
|
|
|
int group;
|
|
|
|
|
std::string label_name;
|
|
|
|
|
|
|
|
|
|
xed_decoded_inst_t instruction;
|
|
|
|
|
unsigned char* raw_data;
|
|
|
|
|
unsigned int raw_data_size;
|
|
|
|
|
}code_link_t, * pcode_link_t;
|
|
|
|
|
|
|
|
|
|
typedef struct _code_group_t
|
|
|
|
|
{
|
|
|
|
|
uint64_t base_address;
|
|
|
|
|
pcode_link_t start;
|
|
|
|
|
int size_in_bytes;
|
|
|
|
|
}code_group_t, *pcode_group_t;
|
|
|
|
|
|
|
|
|
|
typedef struct _obfuscator_t
|
|
|
|
|
{
|
|
|
|
|
pcode_link_t code_start;
|
|
|
|
|
pcode_link_t code_end;
|
|
|
|
|
std::vector<code_group_t> groups;
|
|
|
|
|
int group_size;
|
|
|
|
|
int current_label_id;
|
|
|
|
|
xed_machine_mode_enum_t machine_mode;
|
|
|
|
|
xed_address_width_enum_t addr_width;
|
|
|
|
|
}obfuscator_t, *pobfuscator_t;
|
|
|
|
|
|
|
|
|
|
//snickers
|
|
|
|
|
void obf_one_time_please();
|
|
|
|
|
|
|
|
|
|
//duh
|
|
|
|
|
bool obf_init_from_buffer(pobfuscator_t obf, void* buffer, int buffer_size);
|
|
|
|
|
|
|
|
|
|
//creates the groups of instructions based on number of bytes
|
|
|
|
|
bool obf_create_groups(pobfuscator_t obf, int group_size);
|
|
|
|
|
|
|
|
|
|
//replaces all relative jumps with the abs jump gadget
|
|
|
|
|
void obf_replace_rel_jmps(pobfuscator_t obf);
|
|
|
|
|
|
|
|
|
|
//replaces address in the abs jmp stub with the right address of the given label.
|
|
|
|
|
bool obf_replace_abs_jmps(pobfuscator_t obf);
|
|
|
|
|
|
|
|
|
|
//return number of bytes needed to store given group
|
|
|
|
|
size_t obf_get_group_size(pobfuscator_t obf, int group_id);
|
|
|
|
|
|
|
|
|
|
//copy group to whever u want it to go
|
|
|
|
|
void obf_copy_group_to_buffer(pobfuscator_t obf, void* buffer, int group_id);
|
|
|
|
|
|
|
|
|
|
//generate all the labels after loaded from buffa
|
|
|
|
|
bool obf_gen_all_labels(pobfuscator_t obf);
|
|
|
|
|
|
|
|
|
|
//walk backwards or forwards until placing label
|
|
|
|
|
bool obf_gen_label(pobfuscator_t obf, pcode_link_t start, int32_t delta);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
void obf_dbg_print_code(pobfuscator_t obf);
|
|
|
|
|
|
|
|
|
|
void obf_dbg_print_group(pobfuscator_t obf, int group_id);
|
|
|
|
|
|
|
|
|
|
void obf_print_byte_array(void* arr, unsigned int size);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#endif
|
