working

xD
3 years ago · 714bc73546
parent 386b7d8849
commit 714bc73546
11 changed files with 52 additions and 54 deletions
--- a/ShellcodeObfuscator/Obfuscator.cpp
+++ b/ShellcodeObfuscator/Obfuscator.cpp
@ -1,12 +1,11 @@
 #include "Obfuscator.h"

-//snake case is honestly so disgusting
 void obf_one_time_please()
 {
 	xed_tables_init();
 }

-bool obf_init_from_buffer(pobfuscator_t obf, void* buffer, int buffer_size)
+bool obf_init_from_buffer(pobfuscator_t obf, void* buffer, uint32_t buffer_size)
 {
 	obf->current_label_id = 0;
 	obf->machine_mode = XED_MACHINE_MODE_LONG_64;
@ -36,7 +35,7 @@ bool obf_init_from_buffer(pobfuscator_t obf, void* buffer, int buffer_size)
 			return false;
 		}

-		unsigned int inst_len = xed_decoded_inst_get_length(&link->instruction);
+		uint32_t inst_len = xed_decoded_inst_get_length(&link->instruction);
 		link->raw_data_size = inst_len;

 		link->raw_data = (unsigned char*)malloc(inst_len);
@ -73,8 +72,11 @@ bool obf_init_from_buffer(pobfuscator_t obf, void* buffer, int buffer_size)

 bool obf_create_groups(pobfuscator_t obf, int32_t group_size)
 {
-	int cur_group_id = 0;
-	int cur_offset = 0;
+	uint32_t cur_group_id = 0;
+	uint32_t cur_offset = 0;
+
+	if (group_size < 32)
+		group_size = 32;

 	//assign instructions to groups
 	for (pcode_link_t t = obf->code_start->next; t; t = t->next)
@ -191,8 +193,8 @@ void obf_replace_rel_jmps(pobfuscator_t obf)
 		pcode_link_t real_next = t->next;
 		if (t->flags & CLFLAG_IS_REL_JUMP)
 		{
-			unsigned int jmp_delta_width = xed_decoded_inst_get_branch_displacement_width(&t->instruction);
-			unsigned int opcode_size = t->raw_data_size - jmp_delta_width;
+			uint32_t jmp_delta_width = xed_decoded_inst_get_branch_displacement_width(&t->instruction);
+			uint32_t opcode_size = t->raw_data_size - jmp_delta_width;

 			switch (jmp_delta_width)
 			{
@ -281,7 +283,7 @@ bool obf_gen_all_labels(pobfuscator_t obf)
 	{
 		if (t->flags & CLFLAG_IS_REL_JUMP)
 		{
-			int jump_delta = xed_decoded_inst_get_branch_displacement(&t->instruction);
+			int32_t jump_delta = xed_decoded_inst_get_branch_displacement(&t->instruction);
 			if (!obf_gen_label(obf, t, jump_delta))
 				return false;
 		}
@ -345,20 +347,20 @@ bool obf_gen_label(pobfuscator_t obf, pcode_link_t jmp, int32_t delta)
 	return true;
 }

-bool obf_allocate_group_buffers(pobfuscator_t obf, FnAllocateMem AllocMem)
+bool obf_allocate_group_buffers(pobfuscator_t obf, FnAllocateMem alloc_mem)
 {
 	for (code_group_t& group : obf->groups)
 	{
-		group.base_address = (uint64_t)AllocMem(group.size_in_bytes);
+		group.base_address = (uint64_t)alloc_mem(group.size_in_bytes);
 		if (!group.base_address)
 			return false;
 	}
 	return true;
 }

-bool obf_copy_groups_into_buffers(pobfuscator_t obf, FnMemCopy MemCopy)
+bool obf_copy_groups_into_buffers(pobfuscator_t obf, FnMemCopy mem_copy)
 {
-	for (uint32_t i = 0; i < obf->groups.size(); i)
+	for (uint32_t i = 0; i < obf->groups.size(); i++)
 	{
 		pcode_group_t group = &obf->groups[i];
 		uint64_t cur_addr = group->base_address;
@ -366,15 +368,18 @@ bool obf_copy_groups_into_buffers(pobfuscator_t obf, FnMemCopy MemCopy)
 		{
 			if (!(t->flags & CLFLAG_IS_LABEL))
 			{
-				MemCopy((void*)cur_addr, t->raw_data, t->raw_data_size);
+				if (!cur_addr)
+					return false;
+				mem_copy((void*)cur_addr, t->raw_data, t->raw_data_size);
 				cur_addr += t->raw_data_size;
 			}
 		}
+		printf("finished copying group %u\n", i);
 	}
+	return true;
 }

 #include <Windows.h>
-
 void obf_dbg_print_code(pobfuscator_t obf)
 {
 	HANDLE StdHandle = GetStdHandle(STD_OUTPUT_HANDLE);
@ -413,26 +418,12 @@ void obf_dbg_print_code(pobfuscator_t obf)
 	}
 }

-void obf_dbg_print_group(pobfuscator_t obf, int group_id)
-{
-	if (group_id >= obf->groups.size())
-		return;
-
-	for (pcode_link_t t = obf->groups[group_id].start; t && t->group == group_id; t = t->next)
-	{
-		if (!(t->flags & CLFLAG_IS_LABEL))
-		{
-			obf_print_byte_array(t->raw_data, t->raw_data_size);
-		}
-	}
-}
-
 #include <iostream>
 #include <iomanip>
-void obf_print_byte_array(void* arr, unsigned int size)
+void obf_print_byte_array(void* arr, uint32_t size)
 {
 	unsigned char* b = (unsigned char*)arr;
-	for (int i = 0; i < size; i++)
+	for (uint32_t i = 0; i < size; i++)
 	{
 		std::cout << std::hex << std::setw(2) << std::setfill('0') << (int)b[i] << ' ';
 	}
--- a/ShellcodeObfuscator/Obfuscator.h
+++ b/ShellcodeObfuscator/Obfuscator.h
@ -9,12 +9,12 @@ extern "C"
 #include "xed/xed-interface.h"
 }

-#define CLFLAG_IS_LABEL			(1<<0)
-#define CLFLAG_IS_REL_JUMP		(1<<1)
-#define CLFLAG_IS_ABS_ADDR		(1<<2)
-#define CLFLAG_IS_GAGET			(1<<3)
+#define CLFLAG_IS_LABEL					(1<<0)
+#define CLFLAG_IS_REL_JUMP			(1<<1)
+#define CLFLAG_IS_ABS_ADDR			(1<<2)
+#define CLFLAG_IS_GAGET				(1<<3)

-#define ABS_JUMP_GAGT_SIZE		16
+#define ABS_JUMP_GAGT_SIZE			16
 #define END_OF_GROUP_GAGT_SIZE	14

 typedef struct _code_link_t
@ -59,7 +59,7 @@ typedef void (*FnMemCopy)(void* dest, void* src, uint32_t size);
 void obf_one_time_please();

 //duh 
-bool obf_init_from_buffer(pobfuscator_t obf, void* buffer, int buffer_size);
+bool obf_init_from_buffer(pobfuscator_t obf, void* buffer, uint32_t buffer_size);

 //creates the groups of instructions based on number of bytes
 bool obf_create_groups(pobfuscator_t obf, int32_t group_size);
@ -77,16 +77,15 @@ bool obf_gen_all_labels(pobfuscator_t obf);
 bool obf_gen_label(pobfuscator_t obf, pcode_link_t start, int32_t delta);

 //allocate buffers for all groups
-bool obf_allocate_group_buffers(pobfuscator_t obf, FnAllocateMem AllocMem);
+bool obf_allocate_group_buffers(pobfuscator_t obf, FnAllocateMem alloc_mem);

 //copy all instructions from each group into allocated buffers
-bool obf_copy_groups_into_buffers(pobfuscator_t obf, FnMemCopy MemCopy);
+bool obf_copy_groups_into_buffers(pobfuscator_t obf, FnMemCopy mem_copy);

+//print all the code
 void obf_dbg_print_code(pobfuscator_t obf);

-void obf_dbg_print_group(pobfuscator_t obf, int group_id);
-
-void obf_print_byte_array(void* arr, unsigned int size);
+void obf_print_byte_array(void* arr, uint32_t size);


 #endif
--- a/ShellcodeObfuscator/main.cpp
+++ b/ShellcodeObfuscator/main.cpp
@ -14,6 +14,15 @@

 #include "Obfuscator.h"

+void* alloc_mem(uint32_t size)
+{
+	return malloc(size);
+}
+
+void mem_copy(void* src, void* dest, uint32_t size)
+{
+	memcpy(src, dest, size);
+}

 int main(int argc, char** argv) 
 {
@ -28,16 +37,15 @@ int main(int argc, char** argv)
 	obf_replace_rel_jmps(&obf);

 	obf_create_groups(&obf, 10);
+	obf_dbg_print_code(&obf);
+
+	obf_allocate_group_buffers(&obf, alloc_mem);
 	obf_resolve_abs_addresses(&obf);
+	obf_copy_groups_into_buffers(&obf, mem_copy);
+
 	printf("\n\n");
-	obf_dbg_print_code(&obf);
-	printf("%u is num of groups.\n", obf.groups.size());

+	obf_print_byte_array((void*)obf.groups[0].base_address, obf.groups[0].size_in_bytes);

-	/*for (int i = 0; i < obf.groups.size(); i++)
-	{
-		printf("\nprinting group %d \n", i);
-		obf_dbg_print_group(&obf, i);
-	}*/
 	system("pause");
 }
--- a/ShellcodeObfuscator/x64/Debug/Shellcod.ad60371b.tlog/CL.read.1.tlog
+++ b/ShellcodeObfuscator/x64/Debug/Shellcod.ad60371b.tlog/CL.read.1.tlog
--- a/ShellcodeObfuscator/x64/Debug/Shellcod.ad60371b.tlog/CL.write.1.tlog
+++ b/ShellcodeObfuscator/x64/Debug/Shellcod.ad60371b.tlog/CL.write.1.tlog
--- a/ShellcodeObfuscator/x64/Debug/Shellcod.ad60371b.tlog/link.read.1.tlog
+++ b/ShellcodeObfuscator/x64/Debug/Shellcod.ad60371b.tlog/link.read.1.tlog
--- a/ShellcodeObfuscator/x64/Debug/Shellcod.ad60371b.tlog/link.write.1.tlog
+++ b/ShellcodeObfuscator/x64/Debug/Shellcod.ad60371b.tlog/link.write.1.tlog
--- a/ShellcodeObfuscator/x64/Debug/ShellcodeObfuscator.Build.CppClean.log
+++ b/ShellcodeObfuscator/x64/Debug/ShellcodeObfuscator.Build.CppClean.log
@ -5,7 +5,6 @@ c:\$fanta\shellcode-obfuscator\shellcodeobfuscator\x64\debug\obfuscator.obj
 c:\$fanta\shellcode-obfuscator\x64\debug\shellcodeobfuscator.exe
 c:\$fanta\shellcode-obfuscator\x64\debug\shellcodeobfuscator.ilk
 c:\$fanta\shellcode-obfuscator\x64\debug\shellcodeobfuscator.pdb
-c:\$fanta\shellcode-obfuscator\shellcodeobfuscator\x64\debug\obfuscator.new.obj.enc
 c:\$fanta\shellcode-obfuscator\shellcodeobfuscator\x64\debug\shellcod.ad60371b.tlog\cl.command.1.tlog
 c:\$fanta\shellcode-obfuscator\shellcodeobfuscator\x64\debug\shellcod.ad60371b.tlog\cl.read.1.tlog
 c:\$fanta\shellcode-obfuscator\shellcodeobfuscator\x64\debug\shellcod.ad60371b.tlog\cl.write.1.tlog
--- a/ShellcodeObfuscator/x64/Debug/ShellcodeObfuscator.log
+++ b/ShellcodeObfuscator/x64/Debug/ShellcodeObfuscator.log
@ -1,6 +1,7 @@
-  Obfuscator.cpp
-C:\$Fanta\shellcode-obfuscator\ShellcodeObfuscator\Obfuscator.cpp(86,39): warning C4018: '>': signed/unsigned mismatch
-C:\$Fanta\shellcode-obfuscator\ShellcodeObfuscator\Obfuscator.cpp(418,20): warning C4018: '<': signed/unsigned mismatch
-C:\$Fanta\shellcode-obfuscator\ShellcodeObfuscator\Obfuscator.cpp(280): warning C4715: 'obf_get_group_size': not all control paths return a value
-C:\$Fanta\shellcode-obfuscator\ShellcodeObfuscator\Obfuscator.cpp(72): warning C4715: 'obf_init_from_buffer': not all control paths return a value
+  main.cpp
+  Obfuscator.cpp
+C:\$Fanta\shellcode-obfuscator\ShellcodeObfuscator\Obfuscator.cpp(88,39): warning C4018: '>': signed/unsigned mismatch
+  Generating Code...
+C:\$Fanta\shellcode-obfuscator\ShellcodeObfuscator\Obfuscator.cpp(71): warning C4715: 'obf_init_from_buffer': not all control paths return a value
+LINK : warning LNK4098: defaultlib 'LIBCMT' conflicts with use of other libs; use /NODEFAULTLIB:library
  ShellcodeObfuscator.vcxproj -> C:\$Fanta\shellcode-obfuscator\x64\Debug\ShellcodeObfuscator.exe
--- a/ShellcodeObfuscator/x64/Debug/vc142.idb
+++ b/ShellcodeObfuscator/x64/Debug/vc142.idb
--- a/x64/Debug/ShellcodeObfuscator.ilk
+++ b/x64/Debug/ShellcodeObfuscator.ilk