diff --git a/ShellcodeObfuscator/Obfuscator.cpp b/ShellcodeObfuscator/Obfuscator.cpp index 7aa818d..e971305 100644 --- a/ShellcodeObfuscator/Obfuscator.cpp +++ b/ShellcodeObfuscator/Obfuscator.cpp @@ -1,12 +1,11 @@ #include "Obfuscator.h" -//snake case is honestly so disgusting void obf_one_time_please() { xed_tables_init(); } -bool obf_init_from_buffer(pobfuscator_t obf, void* buffer, int buffer_size) +bool obf_init_from_buffer(pobfuscator_t obf, void* buffer, uint32_t buffer_size) { obf->current_label_id = 0; obf->machine_mode = XED_MACHINE_MODE_LONG_64; @@ -36,7 +35,7 @@ bool obf_init_from_buffer(pobfuscator_t obf, void* buffer, int buffer_size) return false; } - unsigned int inst_len = xed_decoded_inst_get_length(&link->instruction); + uint32_t inst_len = xed_decoded_inst_get_length(&link->instruction); link->raw_data_size = inst_len; link->raw_data = (unsigned char*)malloc(inst_len); @@ -73,8 +72,11 @@ bool obf_init_from_buffer(pobfuscator_t obf, void* buffer, int buffer_size) bool obf_create_groups(pobfuscator_t obf, int32_t group_size) { - int cur_group_id = 0; - int cur_offset = 0; + uint32_t cur_group_id = 0; + uint32_t cur_offset = 0; + + if (group_size < 32) + group_size = 32; //assign instructions to groups for (pcode_link_t t = obf->code_start->next; t; t = t->next) @@ -191,8 +193,8 @@ void obf_replace_rel_jmps(pobfuscator_t obf) pcode_link_t real_next = t->next; if (t->flags & CLFLAG_IS_REL_JUMP) { - unsigned int jmp_delta_width = xed_decoded_inst_get_branch_displacement_width(&t->instruction); - unsigned int opcode_size = t->raw_data_size - jmp_delta_width; + uint32_t jmp_delta_width = xed_decoded_inst_get_branch_displacement_width(&t->instruction); + uint32_t opcode_size = t->raw_data_size - jmp_delta_width; switch (jmp_delta_width) { @@ -281,7 +283,7 @@ bool obf_gen_all_labels(pobfuscator_t obf) { if (t->flags & CLFLAG_IS_REL_JUMP) { - int jump_delta = xed_decoded_inst_get_branch_displacement(&t->instruction); + int32_t jump_delta = xed_decoded_inst_get_branch_displacement(&t->instruction); if (!obf_gen_label(obf, t, jump_delta)) return false; } @@ -345,20 +347,20 @@ bool obf_gen_label(pobfuscator_t obf, pcode_link_t jmp, int32_t delta) return true; } -bool obf_allocate_group_buffers(pobfuscator_t obf, FnAllocateMem AllocMem) +bool obf_allocate_group_buffers(pobfuscator_t obf, FnAllocateMem alloc_mem) { for (code_group_t& group : obf->groups) { - group.base_address = (uint64_t)AllocMem(group.size_in_bytes); + group.base_address = (uint64_t)alloc_mem(group.size_in_bytes); if (!group.base_address) return false; } return true; } -bool obf_copy_groups_into_buffers(pobfuscator_t obf, FnMemCopy MemCopy) +bool obf_copy_groups_into_buffers(pobfuscator_t obf, FnMemCopy mem_copy) { - for (uint32_t i = 0; i < obf->groups.size(); i) + for (uint32_t i = 0; i < obf->groups.size(); i++) { pcode_group_t group = &obf->groups[i]; uint64_t cur_addr = group->base_address; @@ -366,15 +368,18 @@ bool obf_copy_groups_into_buffers(pobfuscator_t obf, FnMemCopy MemCopy) { if (!(t->flags & CLFLAG_IS_LABEL)) { - MemCopy((void*)cur_addr, t->raw_data, t->raw_data_size); + if (!cur_addr) + return false; + mem_copy((void*)cur_addr, t->raw_data, t->raw_data_size); cur_addr += t->raw_data_size; } } + printf("finished copying group %u\n", i); } + return true; } #include - void obf_dbg_print_code(pobfuscator_t obf) { HANDLE StdHandle = GetStdHandle(STD_OUTPUT_HANDLE); @@ -413,26 +418,12 @@ void obf_dbg_print_code(pobfuscator_t obf) } } -void obf_dbg_print_group(pobfuscator_t obf, int group_id) -{ - if (group_id >= obf->groups.size()) - return; - - for (pcode_link_t t = obf->groups[group_id].start; t && t->group == group_id; t = t->next) - { - if (!(t->flags & CLFLAG_IS_LABEL)) - { - obf_print_byte_array(t->raw_data, t->raw_data_size); - } - } -} - #include #include -void obf_print_byte_array(void* arr, unsigned int size) +void obf_print_byte_array(void* arr, uint32_t size) { unsigned char* b = (unsigned char*)arr; - for (int i = 0; i < size; i++) + for (uint32_t i = 0; i < size; i++) { std::cout << std::hex << std::setw(2) << std::setfill('0') << (int)b[i] << ' '; } diff --git a/ShellcodeObfuscator/Obfuscator.h b/ShellcodeObfuscator/Obfuscator.h index 84736b7..9076b11 100644 --- a/ShellcodeObfuscator/Obfuscator.h +++ b/ShellcodeObfuscator/Obfuscator.h @@ -9,12 +9,12 @@ extern "C" #include "xed/xed-interface.h" } -#define CLFLAG_IS_LABEL (1<<0) -#define CLFLAG_IS_REL_JUMP (1<<1) -#define CLFLAG_IS_ABS_ADDR (1<<2) -#define CLFLAG_IS_GAGET (1<<3) +#define CLFLAG_IS_LABEL (1<<0) +#define CLFLAG_IS_REL_JUMP (1<<1) +#define CLFLAG_IS_ABS_ADDR (1<<2) +#define CLFLAG_IS_GAGET (1<<3) -#define ABS_JUMP_GAGT_SIZE 16 +#define ABS_JUMP_GAGT_SIZE 16 #define END_OF_GROUP_GAGT_SIZE 14 typedef struct _code_link_t @@ -59,7 +59,7 @@ typedef void (*FnMemCopy)(void* dest, void* src, uint32_t size); void obf_one_time_please(); //duh -bool obf_init_from_buffer(pobfuscator_t obf, void* buffer, int buffer_size); +bool obf_init_from_buffer(pobfuscator_t obf, void* buffer, uint32_t buffer_size); //creates the groups of instructions based on number of bytes bool obf_create_groups(pobfuscator_t obf, int32_t group_size); @@ -77,16 +77,15 @@ bool obf_gen_all_labels(pobfuscator_t obf); bool obf_gen_label(pobfuscator_t obf, pcode_link_t start, int32_t delta); //allocate buffers for all groups -bool obf_allocate_group_buffers(pobfuscator_t obf, FnAllocateMem AllocMem); +bool obf_allocate_group_buffers(pobfuscator_t obf, FnAllocateMem alloc_mem); //copy all instructions from each group into allocated buffers -bool obf_copy_groups_into_buffers(pobfuscator_t obf, FnMemCopy MemCopy); +bool obf_copy_groups_into_buffers(pobfuscator_t obf, FnMemCopy mem_copy); +//print all the code void obf_dbg_print_code(pobfuscator_t obf); -void obf_dbg_print_group(pobfuscator_t obf, int group_id); - -void obf_print_byte_array(void* arr, unsigned int size); +void obf_print_byte_array(void* arr, uint32_t size); #endif \ No newline at end of file diff --git a/ShellcodeObfuscator/main.cpp b/ShellcodeObfuscator/main.cpp index ff3e76f..e0d3e3b 100644 --- a/ShellcodeObfuscator/main.cpp +++ b/ShellcodeObfuscator/main.cpp @@ -14,6 +14,15 @@ #include "Obfuscator.h" +void* alloc_mem(uint32_t size) +{ + return malloc(size); +} + +void mem_copy(void* src, void* dest, uint32_t size) +{ + memcpy(src, dest, size); +} int main(int argc, char** argv) { @@ -28,16 +37,15 @@ int main(int argc, char** argv) obf_replace_rel_jmps(&obf); obf_create_groups(&obf, 10); + obf_dbg_print_code(&obf); + + obf_allocate_group_buffers(&obf, alloc_mem); obf_resolve_abs_addresses(&obf); + obf_copy_groups_into_buffers(&obf, mem_copy); + printf("\n\n"); - obf_dbg_print_code(&obf); - printf("%u is num of groups.\n", obf.groups.size()); + obf_print_byte_array((void*)obf.groups[0].base_address, obf.groups[0].size_in_bytes); - /*for (int i = 0; i < obf.groups.size(); i++) - { - printf("\nprinting group %d \n", i); - obf_dbg_print_group(&obf, i); - }*/ system("pause"); } diff --git a/ShellcodeObfuscator/x64/Debug/Shellcod.ad60371b.tlog/CL.read.1.tlog b/ShellcodeObfuscator/x64/Debug/Shellcod.ad60371b.tlog/CL.read.1.tlog index d2ba163..e87f80f 100644 Binary files a/ShellcodeObfuscator/x64/Debug/Shellcod.ad60371b.tlog/CL.read.1.tlog and b/ShellcodeObfuscator/x64/Debug/Shellcod.ad60371b.tlog/CL.read.1.tlog differ diff --git a/ShellcodeObfuscator/x64/Debug/Shellcod.ad60371b.tlog/CL.write.1.tlog b/ShellcodeObfuscator/x64/Debug/Shellcod.ad60371b.tlog/CL.write.1.tlog index a63b80d..a2982ed 100644 Binary files a/ShellcodeObfuscator/x64/Debug/Shellcod.ad60371b.tlog/CL.write.1.tlog and b/ShellcodeObfuscator/x64/Debug/Shellcod.ad60371b.tlog/CL.write.1.tlog differ diff --git a/ShellcodeObfuscator/x64/Debug/Shellcod.ad60371b.tlog/link.read.1.tlog b/ShellcodeObfuscator/x64/Debug/Shellcod.ad60371b.tlog/link.read.1.tlog index 5d8283e..7797b56 100644 Binary files a/ShellcodeObfuscator/x64/Debug/Shellcod.ad60371b.tlog/link.read.1.tlog and b/ShellcodeObfuscator/x64/Debug/Shellcod.ad60371b.tlog/link.read.1.tlog differ diff --git a/ShellcodeObfuscator/x64/Debug/Shellcod.ad60371b.tlog/link.write.1.tlog b/ShellcodeObfuscator/x64/Debug/Shellcod.ad60371b.tlog/link.write.1.tlog index beeb96d..df41931 100644 Binary files a/ShellcodeObfuscator/x64/Debug/Shellcod.ad60371b.tlog/link.write.1.tlog and b/ShellcodeObfuscator/x64/Debug/Shellcod.ad60371b.tlog/link.write.1.tlog differ diff --git a/ShellcodeObfuscator/x64/Debug/ShellcodeObfuscator.Build.CppClean.log b/ShellcodeObfuscator/x64/Debug/ShellcodeObfuscator.Build.CppClean.log index 7af31cf..bf91f17 100644 --- a/ShellcodeObfuscator/x64/Debug/ShellcodeObfuscator.Build.CppClean.log +++ b/ShellcodeObfuscator/x64/Debug/ShellcodeObfuscator.Build.CppClean.log @@ -5,7 +5,6 @@ c:\$fanta\shellcode-obfuscator\shellcodeobfuscator\x64\debug\obfuscator.obj c:\$fanta\shellcode-obfuscator\x64\debug\shellcodeobfuscator.exe c:\$fanta\shellcode-obfuscator\x64\debug\shellcodeobfuscator.ilk c:\$fanta\shellcode-obfuscator\x64\debug\shellcodeobfuscator.pdb -c:\$fanta\shellcode-obfuscator\shellcodeobfuscator\x64\debug\obfuscator.new.obj.enc c:\$fanta\shellcode-obfuscator\shellcodeobfuscator\x64\debug\shellcod.ad60371b.tlog\cl.command.1.tlog c:\$fanta\shellcode-obfuscator\shellcodeobfuscator\x64\debug\shellcod.ad60371b.tlog\cl.read.1.tlog c:\$fanta\shellcode-obfuscator\shellcodeobfuscator\x64\debug\shellcod.ad60371b.tlog\cl.write.1.tlog diff --git a/ShellcodeObfuscator/x64/Debug/ShellcodeObfuscator.log b/ShellcodeObfuscator/x64/Debug/ShellcodeObfuscator.log index 102143b..bff0151 100644 --- a/ShellcodeObfuscator/x64/Debug/ShellcodeObfuscator.log +++ b/ShellcodeObfuscator/x64/Debug/ShellcodeObfuscator.log @@ -1,6 +1,7 @@ - Obfuscator.cpp -C:\$Fanta\shellcode-obfuscator\ShellcodeObfuscator\Obfuscator.cpp(86,39): warning C4018: '>': signed/unsigned mismatch -C:\$Fanta\shellcode-obfuscator\ShellcodeObfuscator\Obfuscator.cpp(418,20): warning C4018: '<': signed/unsigned mismatch -C:\$Fanta\shellcode-obfuscator\ShellcodeObfuscator\Obfuscator.cpp(280): warning C4715: 'obf_get_group_size': not all control paths return a value -C:\$Fanta\shellcode-obfuscator\ShellcodeObfuscator\Obfuscator.cpp(72): warning C4715: 'obf_init_from_buffer': not all control paths return a value + main.cpp + Obfuscator.cpp +C:\$Fanta\shellcode-obfuscator\ShellcodeObfuscator\Obfuscator.cpp(88,39): warning C4018: '>': signed/unsigned mismatch + Generating Code... +C:\$Fanta\shellcode-obfuscator\ShellcodeObfuscator\Obfuscator.cpp(71): warning C4715: 'obf_init_from_buffer': not all control paths return a value +LINK : warning LNK4098: defaultlib 'LIBCMT' conflicts with use of other libs; use /NODEFAULTLIB:library ShellcodeObfuscator.vcxproj -> C:\$Fanta\shellcode-obfuscator\x64\Debug\ShellcodeObfuscator.exe diff --git a/ShellcodeObfuscator/x64/Debug/vc142.idb b/ShellcodeObfuscator/x64/Debug/vc142.idb index 233c73e..ff0edfb 100644 Binary files a/ShellcodeObfuscator/x64/Debug/vc142.idb and b/ShellcodeObfuscator/x64/Debug/vc142.idb differ diff --git a/x64/Debug/ShellcodeObfuscator.ilk b/x64/Debug/ShellcodeObfuscator.ilk index 3189767..9d8be11 100644 Binary files a/x64/Debug/ShellcodeObfuscator.ilk and b/x64/Debug/ShellcodeObfuscator.ilk differ