xD
master
James 3 years ago
parent 386b7d8849
commit 714bc73546

@ -1,12 +1,11 @@
#include "Obfuscator.h" #include "Obfuscator.h"
//snake case is honestly so disgusting
void obf_one_time_please() void obf_one_time_please()
{ {
xed_tables_init(); xed_tables_init();
} }
bool obf_init_from_buffer(pobfuscator_t obf, void* buffer, int buffer_size) bool obf_init_from_buffer(pobfuscator_t obf, void* buffer, uint32_t buffer_size)
{ {
obf->current_label_id = 0; obf->current_label_id = 0;
obf->machine_mode = XED_MACHINE_MODE_LONG_64; obf->machine_mode = XED_MACHINE_MODE_LONG_64;
@ -36,7 +35,7 @@ bool obf_init_from_buffer(pobfuscator_t obf, void* buffer, int buffer_size)
return false; return false;
} }
unsigned int inst_len = xed_decoded_inst_get_length(&link->instruction); uint32_t inst_len = xed_decoded_inst_get_length(&link->instruction);
link->raw_data_size = inst_len; link->raw_data_size = inst_len;
link->raw_data = (unsigned char*)malloc(inst_len); link->raw_data = (unsigned char*)malloc(inst_len);
@ -73,8 +72,11 @@ bool obf_init_from_buffer(pobfuscator_t obf, void* buffer, int buffer_size)
bool obf_create_groups(pobfuscator_t obf, int32_t group_size) bool obf_create_groups(pobfuscator_t obf, int32_t group_size)
{ {
int cur_group_id = 0; uint32_t cur_group_id = 0;
int cur_offset = 0; uint32_t cur_offset = 0;
if (group_size < 32)
group_size = 32;
//assign instructions to groups //assign instructions to groups
for (pcode_link_t t = obf->code_start->next; t; t = t->next) for (pcode_link_t t = obf->code_start->next; t; t = t->next)
@ -191,8 +193,8 @@ void obf_replace_rel_jmps(pobfuscator_t obf)
pcode_link_t real_next = t->next; pcode_link_t real_next = t->next;
if (t->flags & CLFLAG_IS_REL_JUMP) if (t->flags & CLFLAG_IS_REL_JUMP)
{ {
unsigned int jmp_delta_width = xed_decoded_inst_get_branch_displacement_width(&t->instruction); uint32_t jmp_delta_width = xed_decoded_inst_get_branch_displacement_width(&t->instruction);
unsigned int opcode_size = t->raw_data_size - jmp_delta_width; uint32_t opcode_size = t->raw_data_size - jmp_delta_width;
switch (jmp_delta_width) switch (jmp_delta_width)
{ {
@ -281,7 +283,7 @@ bool obf_gen_all_labels(pobfuscator_t obf)
{ {
if (t->flags & CLFLAG_IS_REL_JUMP) if (t->flags & CLFLAG_IS_REL_JUMP)
{ {
int jump_delta = xed_decoded_inst_get_branch_displacement(&t->instruction); int32_t jump_delta = xed_decoded_inst_get_branch_displacement(&t->instruction);
if (!obf_gen_label(obf, t, jump_delta)) if (!obf_gen_label(obf, t, jump_delta))
return false; return false;
} }
@ -345,20 +347,20 @@ bool obf_gen_label(pobfuscator_t obf, pcode_link_t jmp, int32_t delta)
return true; return true;
} }
bool obf_allocate_group_buffers(pobfuscator_t obf, FnAllocateMem AllocMem) bool obf_allocate_group_buffers(pobfuscator_t obf, FnAllocateMem alloc_mem)
{ {
for (code_group_t& group : obf->groups) for (code_group_t& group : obf->groups)
{ {
group.base_address = (uint64_t)AllocMem(group.size_in_bytes); group.base_address = (uint64_t)alloc_mem(group.size_in_bytes);
if (!group.base_address) if (!group.base_address)
return false; return false;
} }
return true; return true;
} }
bool obf_copy_groups_into_buffers(pobfuscator_t obf, FnMemCopy MemCopy) bool obf_copy_groups_into_buffers(pobfuscator_t obf, FnMemCopy mem_copy)
{ {
for (uint32_t i = 0; i < obf->groups.size(); i) for (uint32_t i = 0; i < obf->groups.size(); i++)
{ {
pcode_group_t group = &obf->groups[i]; pcode_group_t group = &obf->groups[i];
uint64_t cur_addr = group->base_address; uint64_t cur_addr = group->base_address;
@ -366,15 +368,18 @@ bool obf_copy_groups_into_buffers(pobfuscator_t obf, FnMemCopy MemCopy)
{ {
if (!(t->flags & CLFLAG_IS_LABEL)) if (!(t->flags & CLFLAG_IS_LABEL))
{ {
MemCopy((void*)cur_addr, t->raw_data, t->raw_data_size); if (!cur_addr)
return false;
mem_copy((void*)cur_addr, t->raw_data, t->raw_data_size);
cur_addr += t->raw_data_size; cur_addr += t->raw_data_size;
} }
} }
printf("finished copying group %u\n", i);
} }
return true;
} }
#include <Windows.h> #include <Windows.h>
void obf_dbg_print_code(pobfuscator_t obf) void obf_dbg_print_code(pobfuscator_t obf)
{ {
HANDLE StdHandle = GetStdHandle(STD_OUTPUT_HANDLE); HANDLE StdHandle = GetStdHandle(STD_OUTPUT_HANDLE);
@ -413,26 +418,12 @@ void obf_dbg_print_code(pobfuscator_t obf)
} }
} }
void obf_dbg_print_group(pobfuscator_t obf, int group_id)
{
if (group_id >= obf->groups.size())
return;
for (pcode_link_t t = obf->groups[group_id].start; t && t->group == group_id; t = t->next)
{
if (!(t->flags & CLFLAG_IS_LABEL))
{
obf_print_byte_array(t->raw_data, t->raw_data_size);
}
}
}
#include <iostream> #include <iostream>
#include <iomanip> #include <iomanip>
void obf_print_byte_array(void* arr, unsigned int size) void obf_print_byte_array(void* arr, uint32_t size)
{ {
unsigned char* b = (unsigned char*)arr; unsigned char* b = (unsigned char*)arr;
for (int i = 0; i < size; i++) for (uint32_t i = 0; i < size; i++)
{ {
std::cout << std::hex << std::setw(2) << std::setfill('0') << (int)b[i] << ' '; std::cout << std::hex << std::setw(2) << std::setfill('0') << (int)b[i] << ' ';
} }

@ -59,7 +59,7 @@ typedef void (*FnMemCopy)(void* dest, void* src, uint32_t size);
void obf_one_time_please(); void obf_one_time_please();
//duh //duh
bool obf_init_from_buffer(pobfuscator_t obf, void* buffer, int buffer_size); bool obf_init_from_buffer(pobfuscator_t obf, void* buffer, uint32_t buffer_size);
//creates the groups of instructions based on number of bytes //creates the groups of instructions based on number of bytes
bool obf_create_groups(pobfuscator_t obf, int32_t group_size); bool obf_create_groups(pobfuscator_t obf, int32_t group_size);
@ -77,16 +77,15 @@ bool obf_gen_all_labels(pobfuscator_t obf);
bool obf_gen_label(pobfuscator_t obf, pcode_link_t start, int32_t delta); bool obf_gen_label(pobfuscator_t obf, pcode_link_t start, int32_t delta);
//allocate buffers for all groups //allocate buffers for all groups
bool obf_allocate_group_buffers(pobfuscator_t obf, FnAllocateMem AllocMem); bool obf_allocate_group_buffers(pobfuscator_t obf, FnAllocateMem alloc_mem);
//copy all instructions from each group into allocated buffers //copy all instructions from each group into allocated buffers
bool obf_copy_groups_into_buffers(pobfuscator_t obf, FnMemCopy MemCopy); bool obf_copy_groups_into_buffers(pobfuscator_t obf, FnMemCopy mem_copy);
//print all the code
void obf_dbg_print_code(pobfuscator_t obf); void obf_dbg_print_code(pobfuscator_t obf);
void obf_dbg_print_group(pobfuscator_t obf, int group_id); void obf_print_byte_array(void* arr, uint32_t size);
void obf_print_byte_array(void* arr, unsigned int size);
#endif #endif

@ -14,6 +14,15 @@
#include "Obfuscator.h" #include "Obfuscator.h"
void* alloc_mem(uint32_t size)
{
return malloc(size);
}
void mem_copy(void* src, void* dest, uint32_t size)
{
memcpy(src, dest, size);
}
int main(int argc, char** argv) int main(int argc, char** argv)
{ {
@ -28,16 +37,15 @@ int main(int argc, char** argv)
obf_replace_rel_jmps(&obf); obf_replace_rel_jmps(&obf);
obf_create_groups(&obf, 10); obf_create_groups(&obf, 10);
obf_dbg_print_code(&obf);
obf_allocate_group_buffers(&obf, alloc_mem);
obf_resolve_abs_addresses(&obf); obf_resolve_abs_addresses(&obf);
obf_copy_groups_into_buffers(&obf, mem_copy);
printf("\n\n"); printf("\n\n");
obf_dbg_print_code(&obf);
printf("%u is num of groups.\n", obf.groups.size());
obf_print_byte_array((void*)obf.groups[0].base_address, obf.groups[0].size_in_bytes);
/*for (int i = 0; i < obf.groups.size(); i++)
{
printf("\nprinting group %d \n", i);
obf_dbg_print_group(&obf, i);
}*/
system("pause"); system("pause");
} }

@ -5,7 +5,6 @@ c:\$fanta\shellcode-obfuscator\shellcodeobfuscator\x64\debug\obfuscator.obj
c:\$fanta\shellcode-obfuscator\x64\debug\shellcodeobfuscator.exe c:\$fanta\shellcode-obfuscator\x64\debug\shellcodeobfuscator.exe
c:\$fanta\shellcode-obfuscator\x64\debug\shellcodeobfuscator.ilk c:\$fanta\shellcode-obfuscator\x64\debug\shellcodeobfuscator.ilk
c:\$fanta\shellcode-obfuscator\x64\debug\shellcodeobfuscator.pdb c:\$fanta\shellcode-obfuscator\x64\debug\shellcodeobfuscator.pdb
c:\$fanta\shellcode-obfuscator\shellcodeobfuscator\x64\debug\obfuscator.new.obj.enc
c:\$fanta\shellcode-obfuscator\shellcodeobfuscator\x64\debug\shellcod.ad60371b.tlog\cl.command.1.tlog c:\$fanta\shellcode-obfuscator\shellcodeobfuscator\x64\debug\shellcod.ad60371b.tlog\cl.command.1.tlog
c:\$fanta\shellcode-obfuscator\shellcodeobfuscator\x64\debug\shellcod.ad60371b.tlog\cl.read.1.tlog c:\$fanta\shellcode-obfuscator\shellcodeobfuscator\x64\debug\shellcod.ad60371b.tlog\cl.read.1.tlog
c:\$fanta\shellcode-obfuscator\shellcodeobfuscator\x64\debug\shellcod.ad60371b.tlog\cl.write.1.tlog c:\$fanta\shellcode-obfuscator\shellcodeobfuscator\x64\debug\shellcod.ad60371b.tlog\cl.write.1.tlog

@ -1,6 +1,7 @@
 Obfuscator.cpp  main.cpp
C:\$Fanta\shellcode-obfuscator\ShellcodeObfuscator\Obfuscator.cpp(86,39): warning C4018: '>': signed/unsigned mismatch Obfuscator.cpp
C:\$Fanta\shellcode-obfuscator\ShellcodeObfuscator\Obfuscator.cpp(418,20): warning C4018: '<': signed/unsigned mismatch C:\$Fanta\shellcode-obfuscator\ShellcodeObfuscator\Obfuscator.cpp(88,39): warning C4018: '>': signed/unsigned mismatch
C:\$Fanta\shellcode-obfuscator\ShellcodeObfuscator\Obfuscator.cpp(280): warning C4715: 'obf_get_group_size': not all control paths return a value Generating Code...
C:\$Fanta\shellcode-obfuscator\ShellcodeObfuscator\Obfuscator.cpp(72): warning C4715: 'obf_init_from_buffer': not all control paths return a value C:\$Fanta\shellcode-obfuscator\ShellcodeObfuscator\Obfuscator.cpp(71): warning C4715: 'obf_init_from_buffer': not all control paths return a value
LINK : warning LNK4098: defaultlib 'LIBCMT' conflicts with use of other libs; use /NODEFAULTLIB:library
ShellcodeObfuscator.vcxproj -> C:\$Fanta\shellcode-obfuscator\x64\Debug\ShellcodeObfuscator.exe ShellcodeObfuscator.vcxproj -> C:\$Fanta\shellcode-obfuscator\x64\Debug\ShellcodeObfuscator.exe

Binary file not shown.
Loading…
Cancel
Save