diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..2ee2efe --- /dev/null +++ b/.gitignore @@ -0,0 +1,37 @@ +# Prerequisites +*.d + +# Compiled Object files +*.slo +*.lo +*.o +*.obj + +# Precompiled Headers +*.gch +*.pch + +# Compiled Dynamic libraries +*.so +*.dylib +*.dll + +# Fortran module files +*.mod +*.smod + +# Compiled Static libraries +*.lai +*.la +*.a +*.lib + +# Executables +*.exe +*.out +*.app +*.pdb +*.ipch +*.db + +.vs/ diff --git a/ShellcodeObfuscator.sln b/ShellcodeObfuscator.sln new file mode 100644 index 0000000..97d146c --- /dev/null +++ b/ShellcodeObfuscator.sln @@ -0,0 +1,31 @@ + +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio Version 16 +VisualStudioVersion = 16.0.30413.136 +MinimumVisualStudioVersion = 10.0.40219.1 +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ShellcodeObfuscator", "ShellcodeObfuscator\ShellcodeObfuscator.vcxproj", "{AD60371B-51A7-4D48-86A9-D25BBC30F797}" +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|x64 = Debug|x64 + Debug|x86 = Debug|x86 + Release|x64 = Release|x64 + Release|x86 = Release|x86 + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {AD60371B-51A7-4D48-86A9-D25BBC30F797}.Debug|x64.ActiveCfg = Debug|x64 + {AD60371B-51A7-4D48-86A9-D25BBC30F797}.Debug|x64.Build.0 = Debug|x64 + {AD60371B-51A7-4D48-86A9-D25BBC30F797}.Debug|x86.ActiveCfg = Debug|Win32 + {AD60371B-51A7-4D48-86A9-D25BBC30F797}.Debug|x86.Build.0 = Debug|Win32 + {AD60371B-51A7-4D48-86A9-D25BBC30F797}.Release|x64.ActiveCfg = Release|x64 + {AD60371B-51A7-4D48-86A9-D25BBC30F797}.Release|x64.Build.0 = Release|x64 + {AD60371B-51A7-4D48-86A9-D25BBC30F797}.Release|x86.ActiveCfg = Release|Win32 + {AD60371B-51A7-4D48-86A9-D25BBC30F797}.Release|x86.Build.0 = Release|Win32 + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection + GlobalSection(ExtensibilityGlobals) = postSolution + SolutionGuid = {29EA9F55-5BDC-411D-854F-EB1B4DDEC228} + EndGlobalSection +EndGlobal diff --git a/ShellcodeObfuscator/Debug/Shellcod.ad60371b.tlog/CL.command.1.tlog b/ShellcodeObfuscator/Debug/Shellcod.ad60371b.tlog/CL.command.1.tlog new file mode 100644 index 0000000..19efcc8 Binary files /dev/null and b/ShellcodeObfuscator/Debug/Shellcod.ad60371b.tlog/CL.command.1.tlog differ diff --git a/ShellcodeObfuscator/Debug/Shellcod.ad60371b.tlog/CL.read.1.tlog b/ShellcodeObfuscator/Debug/Shellcod.ad60371b.tlog/CL.read.1.tlog new file mode 100644 index 0000000..79692df Binary files /dev/null and b/ShellcodeObfuscator/Debug/Shellcod.ad60371b.tlog/CL.read.1.tlog differ diff --git a/ShellcodeObfuscator/Debug/Shellcod.ad60371b.tlog/CL.write.1.tlog b/ShellcodeObfuscator/Debug/Shellcod.ad60371b.tlog/CL.write.1.tlog new file mode 100644 index 0000000..a33709f Binary files /dev/null and b/ShellcodeObfuscator/Debug/Shellcod.ad60371b.tlog/CL.write.1.tlog differ diff --git a/ShellcodeObfuscator/Debug/Shellcod.ad60371b.tlog/ShellcodeObfuscator.lastbuildstate b/ShellcodeObfuscator/Debug/Shellcod.ad60371b.tlog/ShellcodeObfuscator.lastbuildstate new file mode 100644 index 0000000..d32e142 --- /dev/null +++ b/ShellcodeObfuscator/Debug/Shellcod.ad60371b.tlog/ShellcodeObfuscator.lastbuildstate @@ -0,0 +1,2 @@ +PlatformToolSet=v142:VCToolArchitecture=Native32Bit:VCToolsVersion=14.27.29110:TargetPlatformVersion=10.0.19041.0: +Debug|Win32|C:\$Fanta\ShellcodeObfuscator\| diff --git a/ShellcodeObfuscator/Debug/Shellcod.ad60371b.tlog/link-cvtres.read.1.tlog b/ShellcodeObfuscator/Debug/Shellcod.ad60371b.tlog/link-cvtres.read.1.tlog new file mode 100644 index 0000000..46b134b --- /dev/null +++ b/ShellcodeObfuscator/Debug/Shellcod.ad60371b.tlog/link-cvtres.read.1.tlog @@ -0,0 +1 @@ +ÿþ \ No newline at end of file diff --git a/ShellcodeObfuscator/Debug/Shellcod.ad60371b.tlog/link-cvtres.write.1.tlog b/ShellcodeObfuscator/Debug/Shellcod.ad60371b.tlog/link-cvtres.write.1.tlog new file mode 100644 index 0000000..46b134b --- /dev/null +++ b/ShellcodeObfuscator/Debug/Shellcod.ad60371b.tlog/link-cvtres.write.1.tlog @@ -0,0 +1 @@ +ÿþ \ No newline at end of file diff --git a/ShellcodeObfuscator/Debug/Shellcod.ad60371b.tlog/link-rc.read.1.tlog b/ShellcodeObfuscator/Debug/Shellcod.ad60371b.tlog/link-rc.read.1.tlog new file mode 100644 index 0000000..46b134b --- /dev/null +++ b/ShellcodeObfuscator/Debug/Shellcod.ad60371b.tlog/link-rc.read.1.tlog @@ -0,0 +1 @@ +ÿþ \ No newline at end of file diff --git a/ShellcodeObfuscator/Debug/Shellcod.ad60371b.tlog/link-rc.write.1.tlog b/ShellcodeObfuscator/Debug/Shellcod.ad60371b.tlog/link-rc.write.1.tlog new file mode 100644 index 0000000..46b134b --- /dev/null +++ b/ShellcodeObfuscator/Debug/Shellcod.ad60371b.tlog/link-rc.write.1.tlog @@ -0,0 +1 @@ +ÿþ \ No newline at end of file diff --git a/ShellcodeObfuscator/Debug/Shellcod.ad60371b.tlog/link.command.1.tlog b/ShellcodeObfuscator/Debug/Shellcod.ad60371b.tlog/link.command.1.tlog new file mode 100644 index 0000000..46b134b --- /dev/null +++ b/ShellcodeObfuscator/Debug/Shellcod.ad60371b.tlog/link.command.1.tlog @@ -0,0 +1 @@ +ÿþ \ No newline at end of file diff --git a/ShellcodeObfuscator/Debug/Shellcod.ad60371b.tlog/link.read.1.tlog b/ShellcodeObfuscator/Debug/Shellcod.ad60371b.tlog/link.read.1.tlog new file mode 100644 index 0000000..46b134b --- /dev/null +++ b/ShellcodeObfuscator/Debug/Shellcod.ad60371b.tlog/link.read.1.tlog @@ -0,0 +1 @@ +ÿþ \ No newline at end of file diff --git a/ShellcodeObfuscator/Debug/Shellcod.ad60371b.tlog/link.write.1.tlog b/ShellcodeObfuscator/Debug/Shellcod.ad60371b.tlog/link.write.1.tlog new file mode 100644 index 0000000..46b134b --- /dev/null +++ b/ShellcodeObfuscator/Debug/Shellcod.ad60371b.tlog/link.write.1.tlog @@ -0,0 +1 @@ +ÿþ \ No newline at end of file diff --git a/ShellcodeObfuscator/Debug/Shellcod.ad60371b.tlog/unsuccessfulbuild b/ShellcodeObfuscator/Debug/Shellcod.ad60371b.tlog/unsuccessfulbuild new file mode 100644 index 0000000..e69de29 diff --git a/ShellcodeObfuscator/Debug/ShellcodeObfuscator.log b/ShellcodeObfuscator/Debug/ShellcodeObfuscator.log new file mode 100644 index 0000000..e68270e --- /dev/null +++ b/ShellcodeObfuscator/Debug/ShellcodeObfuscator.log @@ -0,0 +1,12 @@ + main.cpp + Obfuscator.cpp +C:\$Fanta\ShellcodeObfuscator\ShellcodeObfuscator\Obfuscator.cpp(38,15): warning C4018: '<': signed/unsigned mismatch + Generating Code... +C:\$Fanta\ShellcodeObfuscator\ShellcodeObfuscator\Obfuscator.cpp(40): warning C4715: 'obf_get_group_size': not all control paths return a value +main.obj : error LNK2019: unresolved external symbol "void __cdecl xed_tables_init(void)" (?xed_tables_init@@YAXXZ) referenced in function _main +main.obj : error LNK2019: unresolved external symbol "char const * __cdecl xed_error_enum_t2str(enum xed_error_enum_t)" (?xed_error_enum_t2str@@YAPBDW4xed_error_enum_t@@@Z) referenced in function _main +main.obj : error LNK2019: unresolved external symbol "enum xed_error_enum_t __cdecl xed_decode(struct xed_decoded_inst_s *,unsigned char const *,unsigned int)" (?xed_decode@@YA?AW4xed_error_enum_t@@PAUxed_decoded_inst_s@@PBEI@Z) referenced in function _main +main.obj : error LNK2019: unresolved external symbol "void __cdecl xed_operand_values_set_mode(struct xed_decoded_inst_s *,struct xed_state_s const *)" (?xed_operand_values_set_mode@@YAXPAUxed_decoded_inst_s@@PBUxed_state_s@@@Z) referenced in function "void __cdecl xed_decoded_inst_set_mode(struct xed_decoded_inst_s *,enum xed_machine_mode_enum_t,enum xed_address_width_enum_t)" (?xed_decoded_inst_set_mode@@YAXPAUxed_decoded_inst_s@@W4xed_machine_mode_enum_t@@W4xed_address_width_enum_t@@@Z) +main.obj : error LNK2019: unresolved external symbol "void __cdecl xed_decoded_inst_zero(struct xed_decoded_inst_s *)" (?xed_decoded_inst_zero@@YAXPAUxed_decoded_inst_s@@@Z) referenced in function _main +C:\$Fanta\IntelXED\build\obj\wkit\lib\xed.lib : warning LNK4272: library machine type 'x64' conflicts with target machine type 'x86' +C:\$Fanta\ShellcodeObfuscator\Debug\ShellcodeObfuscator.exe : fatal error LNK1120: 5 unresolved externals diff --git a/ShellcodeObfuscator/Debug/vc142.idb b/ShellcodeObfuscator/Debug/vc142.idb new file mode 100644 index 0000000..02f8a5f Binary files /dev/null and b/ShellcodeObfuscator/Debug/vc142.idb differ diff --git a/ShellcodeObfuscator/Obfuscator.cpp b/ShellcodeObfuscator/Obfuscator.cpp new file mode 100644 index 0000000..82852fe --- /dev/null +++ b/ShellcodeObfuscator/Obfuscator.cpp @@ -0,0 +1,309 @@ +#include "Obfuscator.h" + +//snake case is honestly so disgusting +void obf_one_time_please() +{ + xed_tables_init(); +} + +bool obf_init_from_buffer(pobfuscator_t obf, void* buffer, int buffer_size) +{ + obf->current_label_id = 0; + obf->machine_mode = XED_MACHINE_MODE_LONG_64; + obf->addr_width = XED_ADDRESS_WIDTH_64b; + + unsigned long long off = 0; + + obf->code_start = new code_link_t; + obf->code_end = obf->code_start; + obf->code_start->flags = 0; + obf->code_start->group = 0; + obf->code_start->label_name = "omegalawl"; + obf->code_start->prev = obf->code_start->next = nullptr; + + while (off < buffer_size) + { + pcode_link_t link = new code_link_t; + link->flags = 0; + link->group = 0; + + xed_decoded_inst_zero(&link->instruction); + xed_decoded_inst_set_mode(&link->instruction, obf->machine_mode, obf->addr_width); + xed_error_enum_t err = xed_decode(&link->instruction, (unsigned char*)((unsigned char*)buffer + off), 15); + if (err != XED_ERROR_NONE) + { + printf("Failed decoding instruction at %llu with error \"%s\"(%d)", off, xed_error_enum_t2str(err), err); + return false; + } + + unsigned int inst_len = xed_decoded_inst_get_length(&link->instruction); + link->raw_data_size = inst_len; + + link->raw_data = (unsigned char*)malloc(inst_len); + if (!link->raw_data) + { + printf("outta memory son.\n"); + return false; + } + + memcpy(link->raw_data, ((unsigned char*)buffer + off), inst_len); + + //filter out 8 byte wide jumps cuz they aint relative dawg and wont be showin up in my shellcod + xed_category_enum_t cat = xed_decoded_inst_get_category(&link->instruction); + if (cat == XED_CATEGORY_COND_BR || cat == XED_CATEGORY_UNCOND_BR) + { + unsigned int disp_width = xed_decoded_inst_get_branch_displacement_width(&link->instruction); + if (disp_width != 8) + { + link->flags |= CLFLAG_IS_REL_JUMP; + + //int jump_delta = xed_decoded_inst_get_branch_displacement(&link->instruction); + //printf("Jump delta is %d\n", jump_delta); + } + } + + link->prev = obf->code_end; + link->next = nullptr; + obf->code_end->next = link; + obf->code_end = link; + + off += inst_len; + } +} + +void obf_create_groups(pobfuscator_t obf, int group_size) +{ + int group_id = 0, size_in_bytes = 0; + pcode_link_t start = obf->code_start->next; + for (pcode_link_t t = obf->code_start->next; t; t = t->next) + { + if (size_in_bytes + t->instruction._decoded_length > group_size) + { + size_in_bytes = 0; + obf->groups.emplace_back(); + obf->groups.back().size_in_bytes = size_in_bytes; + obf->groups.back().start = start; + start = t; + ++group_id; + } + + t->group = group_id; + size_in_bytes += t->instruction._decoded_length; + } +} + +void obf_replace_rel_jmps(pobfuscator_t obf) + +{ // original_jump -------------------------. + // jmp 0x10 0xEB, 0x10 | + // push rax 0x50, <----' + // mov rax,abs_address 0x48, 0xB8, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x0F, + // xchg rax,[rsp] 0x48, 0x87, 0x04, 0x24, + // ret 0xC3 + + for (pcode_link_t t = obf->code_start->next; t;) + { + if (t->flags & CLFLAG_IS_REL_JUMP) + { + pcode_link_t real_next = t->next; + unsigned int inst_len = xed_decoded_inst_get_length(&t->instruction); + unsigned int jmp_delta_width = xed_decoded_inst_get_branch_displacement_width(&t->instruction); + unsigned int opcode_size = inst_len - jmp_delta_width; + + switch (jmp_delta_width) + { + case 1: + *(char*)((unsigned char*)t->raw_data + opcode_size) = (char)2; break; + case 2: + *(short*)((unsigned char*)t->raw_data + opcode_size) = (short)2; break; + case 4: + *(int*)((unsigned char*)t->raw_data + opcode_size) = (int)2; break; + } + t->flags = 0; + + pcode_link_t jmp_around_gagt = new code_link_t; + jmp_around_gagt->flags = 0; + jmp_around_gagt->label_name = ""; + jmp_around_gagt->raw_data = (unsigned char*)malloc(2); + jmp_around_gagt->raw_data_size = 2; + unsigned char jmp_around_gagt_data[] = { 0xEB, 0x10 }; + memcpy(jmp_around_gagt->raw_data, jmp_around_gagt_data, 10); + + + pcode_link_t push_rax = new code_link_t; + push_rax->flags = 0; + push_rax->label_name = ""; + push_rax->raw_data = (unsigned char*)malloc(1); + push_rax->raw_data_size = 1; + *(unsigned char*)push_rax->raw_data = 0x50; + push_rax->label_name = ""; + + + pcode_link_t mov_address = new code_link_t; + mov_address->flags = CLFLAG_IS_ABS_ADDR; + mov_address->label_name = t->label_name; + mov_address->raw_data = (unsigned char*)malloc(10); + mov_address->raw_data_size = 10; + unsigned char mov_address_data[] = { 0x48, 0xB8, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x0F }; + memcpy(mov_address->raw_data, mov_address_data, 10); + + pcode_link_t xchg_rax_rsp = new code_link_t; + xchg_rax_rsp->flags = 0; + xchg_rax_rsp->label_name = ""; + xchg_rax_rsp->raw_data = (unsigned char*)malloc(4); + xchg_rax_rsp->raw_data_size = 4; + unsigned char xchg_rax_rsp_data[] = { 0x48, 0x87, 0x04, 0x24 }; + memcpy(xchg_rax_rsp->raw_data, xchg_rax_rsp_data, 4); + + pcode_link_t ret = new code_link_t; + ret->flags = 0; + ret->label_name = ""; + ret->raw_data = (unsigned char*)malloc(1); + ret->raw_data_size = 1; + *(unsigned char*)ret->raw_data = 0xC3; + + t->next = jmp_around_gagt; + jmp_around_gagt->next = push_rax; + push_rax->next = mov_address; + mov_address->next = xchg_rax_rsp; + xchg_rax_rsp->next = ret; + ret->next = real_next; + + real_next->prev = ret; + ret->prev = xchg_rax_rsp; + xchg_rax_rsp->prev = mov_address; + mov_address->prev = push_rax; + push_rax->prev = jmp_around_gagt; + jmp_around_gagt->prev = t; + + + t = real_next; + continue; + } + t = t->next; + } +} + +void obf_replace_abs_jmps(pobfuscator_t obf) +{ + +} + +size_t obf_get_group_size(pobfuscator_t obf, int group_id) +{ + if (group_id < obf->groups.size()) + return obf->groups[group_id].size_in_bytes; +} + +void obf_copy_group_to_buffer(pobfuscator_t obf, void* buffer, int group_id) +{ + +} + +bool obf_gen_all_labels(pobfuscator_t obf) +{ + for (pcode_link_t t = obf->code_start->next; t; t = t->next) + { + if (t->flags & CLFLAG_IS_REL_JUMP) + { + int jump_delta = xed_decoded_inst_get_branch_displacement(&t->instruction); + if (!obf_gen_label(obf, t, jump_delta)) + return false; + } + } + return true; +} + +bool obf_gen_label(pobfuscator_t obf, pcode_link_t jmp, int32_t delta) +{ + obf->current_label_id++; + pcode_link_t temp; + //when going positive, counting starts at NEXT instruction(excluding size of jmp) + //when negative, counting INCLUDES the size of the jmp instructrion + if (delta > 0) + { + temp = jmp->next; + while (delta && temp) + { + delta -= temp->instruction._decoded_length; + //if (delta == 0) break; + temp = temp->next; + } + if (temp && temp->flags & CLFLAG_IS_LABEL) + { + jmp->label_name = temp->label_name; + return true; + } + } + else if (delta < 0) + { + temp = jmp; + while (temp) + { + delta += temp->instruction._decoded_length; + if (delta == 0) break; + temp = temp->prev; + } + + if (temp && temp->prev && (temp->prev->flags & CLFLAG_IS_LABEL)) + { + jmp->label_name = temp->prev->label_name; + return true; + } + } + else return false; + + if (!temp) + return false; + + //couldnt find label, adding new one + pcode_link_t new_label = new code_link_t; + new_label->flags = CLFLAG_IS_LABEL; + new_label->label_name = std::to_string(obf->current_label_id); + jmp->label_name = new_label->label_name; + + new_label->next = temp; + new_label->prev = temp->prev; + if (temp->prev) + temp->prev->next = new_label; + temp->prev = new_label; + + return true; +} + +void obf_dbg_print_code(pobfuscator_t obf) +{ + for (pcode_link_t t = obf->code_start->next; t; t = t->next) + { + if (!(t->flags & CLFLAG_IS_LABEL)) + { + obf_print_byte_array(t->raw_data, t->raw_data_size); + } + /*if (t->flags & CLFLAG_IS_REL_JUMP) + { + printf("\tJump to: %s\n", t->label_name.data()); + } + else if (t->flags & CLFLAG_IS_LABEL) + { + printf("Label: %s\n", t->label_name.data()); + } + else + { + printf("\tRegular Instruction.\n"); + }*/ + } +} + + +#include +#include +void obf_print_byte_array(void* arr, unsigned int size) +{ + unsigned char* b = (unsigned char*)arr; + for (int i = 0; i < size; i++) + { + std::cout << std::hex << std::setw(2) << std::setfill('0') << (int)b[i] << ' '; + } + std::cout << '\n'; + return; +} diff --git a/ShellcodeObfuscator/Obfuscator.h b/ShellcodeObfuscator/Obfuscator.h new file mode 100644 index 0000000..eaf45a3 --- /dev/null +++ b/ShellcodeObfuscator/Obfuscator.h @@ -0,0 +1,81 @@ +#ifndef _OBFUSCATOR_H +#define _OBFUSCATOR_H + +#include +#include + +extern "C" +{ +#include "xed/xed-interface.h" +} + +#define CLFLAG_IS_LABEL (1<<0) +#define CLFLAG_IS_REL_JUMP (1<<1) +#define CLFLAG_IS_ABS_ADDR (1<<2) + +typedef struct _code_link_t +{ + _code_link_t* next; + _code_link_t* prev; + + uint32_t flags; + int group; + std::string label_name; + + xed_decoded_inst_t instruction; + unsigned char* raw_data; + unsigned int raw_data_size; +}code_link_t, * pcode_link_t; + +typedef struct _code_group_t +{ + uint64_t base_address; + pcode_link_t start; + int size_in_bytes; +}code_group_t, *pcode_group_t; + +typedef struct _obfuscator_t +{ + pcode_link_t code_start; + pcode_link_t code_end; + std::vector groups; + int group_size; + int current_label_id; + xed_machine_mode_enum_t machine_mode; + xed_address_width_enum_t addr_width; +}obfuscator_t, *pobfuscator_t; + +//snickers +void obf_one_time_please(); + +//duh +bool obf_init_from_buffer(pobfuscator_t obf, void* buffer, int buffer_size); + +//creates the groups of instructions based on number of bytes +void obf_create_groups(pobfuscator_t obf, int group_size); + +//replaces all relative jumps with the abs jump gadget +void obf_replace_rel_jmps(pobfuscator_t obf); + +//replaces address in the abs jmp stub with the right address of the given label. +void obf_replace_abs_jmps(pobfuscator_t obf); + +//return number of bytes needed to store given group +size_t obf_get_group_size(pobfuscator_t obf, int group_id); + +//copy group to whever u want it to go +void obf_copy_group_to_buffer(pobfuscator_t obf, void* buffer, int group_id); + +//generate all the labels after loaded from buffa +bool obf_gen_all_labels(pobfuscator_t obf); + +//walk backwards or forwards until placing label +bool obf_gen_label(pobfuscator_t obf, pcode_link_t start, int32_t delta); + + +void obf_dbg_print_code(pobfuscator_t obf); + +void obf_print_byte_array(void* arr, unsigned int size); + + +#endif \ No newline at end of file diff --git a/ShellcodeObfuscator/ShellcodeObfuscator.vcxproj b/ShellcodeObfuscator/ShellcodeObfuscator.vcxproj new file mode 100644 index 0000000..e2097ba --- /dev/null +++ b/ShellcodeObfuscator/ShellcodeObfuscator.vcxproj @@ -0,0 +1,167 @@ + + + + + Debug + Win32 + + + Release + Win32 + + + Debug + x64 + + + Release + x64 + + + + 16.0 + Win32Proj + {ad60371b-51a7-4d48-86a9-d25bbc30f797} + ShellcodeObfuscator + 10.0 + + + + Application + true + v142 + Unicode + false + + + Application + false + v142 + true + Unicode + false + + + Application + true + v142 + Unicode + false + + + Application + false + v142 + true + Unicode + false + + + + + + + + + + + + + + + + + + + + + true + + + false + + + true + + + false + + + + Level3 + true + WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + C:\%24Fanta\IntelXED\build\obj\wkit\include;%(AdditionalIncludeDirectories) + + + Console + true + C:\%24Fanta\IntelXED\build\obj\wkit\lib;%(AdditionalLibraryDirectories) + + + + + Level3 + true + true + true + WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + C:\%24Fanta\IntelXED\build\obj\wkit\include;%(AdditionalIncludeDirectories) + + + Console + true + true + true + C:\%24Fanta\IntelXED\build\obj\wkit\lib;%(AdditionalLibraryDirectories) + + + + + Level3 + true + _DEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + stdcpp17 + C:\%24Fanta\IntelXED\build\obj\wkit\include;%(AdditionalIncludeDirectories) + + + Console + true + C:\%24Fanta\IntelXED\build\obj\wkit\lib;%(AdditionalLibraryDirectories) + xed.lib;%(AdditionalDependencies) + + + + + Level3 + true + true + true + NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + stdcpp17 + C:\%24Fanta\IntelXED\build\obj\wkit\include;%(AdditionalIncludeDirectories) + + + Console + true + true + true + C:\%24Fanta\IntelXED\build\obj\wkit\lib;%(AdditionalLibraryDirectories) + xed.lib;%(AdditionalDependencies) + + + + + + + + + + + + + \ No newline at end of file diff --git a/ShellcodeObfuscator/ShellcodeObfuscator.vcxproj.filters b/ShellcodeObfuscator/ShellcodeObfuscator.vcxproj.filters new file mode 100644 index 0000000..f255472 --- /dev/null +++ b/ShellcodeObfuscator/ShellcodeObfuscator.vcxproj.filters @@ -0,0 +1,10 @@ + + + + + + + + + + \ No newline at end of file diff --git a/ShellcodeObfuscator/ShellcodeObfuscator.vcxproj.user b/ShellcodeObfuscator/ShellcodeObfuscator.vcxproj.user new file mode 100644 index 0000000..88a5509 --- /dev/null +++ b/ShellcodeObfuscator/ShellcodeObfuscator.vcxproj.user @@ -0,0 +1,4 @@ + + + + \ No newline at end of file diff --git a/ShellcodeObfuscator/main.cpp b/ShellcodeObfuscator/main.cpp new file mode 100644 index 0000000..1558faa --- /dev/null +++ b/ShellcodeObfuscator/main.cpp @@ -0,0 +1,30 @@ +//#include "Obfuscator.h" +// +//#include "xed/xed-interface.h" +// +//int main() +//{ +// xed_decoded_inst_t instruction; +// +// return 1; +//} + + +//#pragma comment(lib, "xed.lib") + +#include "Obfuscator.h" + + +int main(int argc, char** argv) +{ + unsigned char buffer[] = { 0x48, 0x33, 0xC0, 0x48, 0x33, 0xC0, 0xEB, 0x08, 0x48, 0x33, 0xC0, 0x7E, 0x03, 0x48, 0x33, 0xC0, 0x48, 0x33, 0xC0 };//{ 0x48, 0x33, 0xC0, 0x48, 0x33, 0xC0, 0xEB, 0xFB, 0x48, 0x33, 0xC0, 0x7E, 0xF6, 0xC3 }; + unsigned int buffer_size = sizeof(buffer); + + obfuscator_t obf; + obf_one_time_please(); + obf_init_from_buffer(&obf, buffer, buffer_size); + obf_gen_all_labels(&obf); + obf_replace_rel_jmps(&obf); + obf_dbg_print_code(&obf); + system("pause"); +} diff --git a/ShellcodeObfuscator/x64/Debug/Shellcod.ad60371b.tlog/CL.command.1.tlog b/ShellcodeObfuscator/x64/Debug/Shellcod.ad60371b.tlog/CL.command.1.tlog new file mode 100644 index 0000000..94c51c5 Binary files /dev/null and b/ShellcodeObfuscator/x64/Debug/Shellcod.ad60371b.tlog/CL.command.1.tlog differ diff --git a/ShellcodeObfuscator/x64/Debug/Shellcod.ad60371b.tlog/CL.read.1.tlog b/ShellcodeObfuscator/x64/Debug/Shellcod.ad60371b.tlog/CL.read.1.tlog new file mode 100644 index 0000000..1ef8f25 Binary files /dev/null and b/ShellcodeObfuscator/x64/Debug/Shellcod.ad60371b.tlog/CL.read.1.tlog differ diff --git a/ShellcodeObfuscator/x64/Debug/Shellcod.ad60371b.tlog/CL.write.1.tlog b/ShellcodeObfuscator/x64/Debug/Shellcod.ad60371b.tlog/CL.write.1.tlog new file mode 100644 index 0000000..5c3daf5 Binary files /dev/null and b/ShellcodeObfuscator/x64/Debug/Shellcod.ad60371b.tlog/CL.write.1.tlog differ diff --git a/ShellcodeObfuscator/x64/Debug/Shellcod.ad60371b.tlog/ShellcodeObfuscator.lastbuildstate b/ShellcodeObfuscator/x64/Debug/Shellcod.ad60371b.tlog/ShellcodeObfuscator.lastbuildstate new file mode 100644 index 0000000..fd05189 --- /dev/null +++ b/ShellcodeObfuscator/x64/Debug/Shellcod.ad60371b.tlog/ShellcodeObfuscator.lastbuildstate @@ -0,0 +1,2 @@ +PlatformToolSet=v142:VCToolArchitecture=Native32Bit:VCToolsVersion=14.27.29110:TargetPlatformVersion=10.0.19041.0: +Debug|x64|C:\$Fanta\ShellcodeObfuscator\| diff --git a/ShellcodeObfuscator/x64/Debug/Shellcod.ad60371b.tlog/link.command.1.tlog b/ShellcodeObfuscator/x64/Debug/Shellcod.ad60371b.tlog/link.command.1.tlog new file mode 100644 index 0000000..1c3c74b Binary files /dev/null and b/ShellcodeObfuscator/x64/Debug/Shellcod.ad60371b.tlog/link.command.1.tlog differ diff --git a/ShellcodeObfuscator/x64/Debug/Shellcod.ad60371b.tlog/link.read.1.tlog b/ShellcodeObfuscator/x64/Debug/Shellcod.ad60371b.tlog/link.read.1.tlog new file mode 100644 index 0000000..731562c Binary files /dev/null and b/ShellcodeObfuscator/x64/Debug/Shellcod.ad60371b.tlog/link.read.1.tlog differ diff --git a/ShellcodeObfuscator/x64/Debug/Shellcod.ad60371b.tlog/link.write.1.tlog b/ShellcodeObfuscator/x64/Debug/Shellcod.ad60371b.tlog/link.write.1.tlog new file mode 100644 index 0000000..56c60ff Binary files /dev/null and b/ShellcodeObfuscator/x64/Debug/Shellcod.ad60371b.tlog/link.write.1.tlog differ diff --git a/ShellcodeObfuscator/x64/Debug/ShellcodeObfuscator.Build.CppClean.log b/ShellcodeObfuscator/x64/Debug/ShellcodeObfuscator.Build.CppClean.log new file mode 100644 index 0000000..b2455fb --- /dev/null +++ b/ShellcodeObfuscator/x64/Debug/ShellcodeObfuscator.Build.CppClean.log @@ -0,0 +1,21 @@ +c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\debug\vc142.pdb +c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\debug\vc142.idb +c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\debug\obfuscator.obj +c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\debug\main.obj +c:\$fanta\shellcodeobfuscator\x64\debug\shellcodeobfuscator.pdb +c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\debug\shellcod.ad60371b.tlog\cl.command.1.tlog +c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\debug\shellcod.ad60371b.tlog\cl.read.1.tlog +c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\debug\shellcod.ad60371b.tlog\cl.write.1.tlog +c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\debug\shellcod.ad60371b.tlog\link-cvtres.read.1.tlog +c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\debug\shellcod.ad60371b.tlog\link-cvtres.write.1.tlog +c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\debug\shellcod.ad60371b.tlog\link-rc.read.1.tlog +c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\debug\shellcod.ad60371b.tlog\link-rc.write.1.tlog +c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\debug\shellcod.ad60371b.tlog\link.1328-cvtres.read.1.tlog +c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\debug\shellcod.ad60371b.tlog\link.1328-cvtres.write.1.tlog +c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\debug\shellcod.ad60371b.tlog\link.1328-rc.read.1.tlog +c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\debug\shellcod.ad60371b.tlog\link.1328-rc.write.1.tlog +c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\debug\shellcod.ad60371b.tlog\link.1328.read.1.tlog +c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\debug\shellcod.ad60371b.tlog\link.1328.write.1.tlog +c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\debug\shellcod.ad60371b.tlog\link.command.1.tlog +c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\debug\shellcod.ad60371b.tlog\link.read.1.tlog +c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\debug\shellcod.ad60371b.tlog\link.write.1.tlog diff --git a/ShellcodeObfuscator/x64/Debug/ShellcodeObfuscator.exe.recipe b/ShellcodeObfuscator/x64/Debug/ShellcodeObfuscator.exe.recipe new file mode 100644 index 0000000..31bfa17 --- /dev/null +++ b/ShellcodeObfuscator/x64/Debug/ShellcodeObfuscator.exe.recipe @@ -0,0 +1,7 @@ + + + C:\$Fanta\ShellcodeObfuscator\x64\Debug\ShellcodeObfuscator.exe + + + + \ No newline at end of file diff --git a/ShellcodeObfuscator/x64/Debug/ShellcodeObfuscator.log b/ShellcodeObfuscator/x64/Debug/ShellcodeObfuscator.log new file mode 100644 index 0000000..4015257 --- /dev/null +++ b/ShellcodeObfuscator/x64/Debug/ShellcodeObfuscator.log @@ -0,0 +1,2 @@ + main.cpp + ShellcodeObfuscator.vcxproj -> C:\$Fanta\ShellcodeObfuscator\x64\Debug\ShellcodeObfuscator.exe diff --git a/ShellcodeObfuscator/x64/Debug/ShellcodeObfuscator.vcxproj.FileListAbsolute.txt b/ShellcodeObfuscator/x64/Debug/ShellcodeObfuscator.vcxproj.FileListAbsolute.txt new file mode 100644 index 0000000..e69de29 diff --git a/ShellcodeObfuscator/x64/Debug/vc142.idb b/ShellcodeObfuscator/x64/Debug/vc142.idb new file mode 100644 index 0000000..7e44f1e Binary files /dev/null and b/ShellcodeObfuscator/x64/Debug/vc142.idb differ diff --git a/ShellcodeObfuscator/x64/Release/Shellcod.ad60371b.tlog/CL.command.1.tlog b/ShellcodeObfuscator/x64/Release/Shellcod.ad60371b.tlog/CL.command.1.tlog new file mode 100644 index 0000000..9eaff67 Binary files /dev/null and b/ShellcodeObfuscator/x64/Release/Shellcod.ad60371b.tlog/CL.command.1.tlog differ diff --git a/ShellcodeObfuscator/x64/Release/Shellcod.ad60371b.tlog/CL.read.1.tlog b/ShellcodeObfuscator/x64/Release/Shellcod.ad60371b.tlog/CL.read.1.tlog new file mode 100644 index 0000000..76dcc75 Binary files /dev/null and b/ShellcodeObfuscator/x64/Release/Shellcod.ad60371b.tlog/CL.read.1.tlog differ diff --git a/ShellcodeObfuscator/x64/Release/Shellcod.ad60371b.tlog/CL.write.1.tlog b/ShellcodeObfuscator/x64/Release/Shellcod.ad60371b.tlog/CL.write.1.tlog new file mode 100644 index 0000000..fed7c98 Binary files /dev/null and b/ShellcodeObfuscator/x64/Release/Shellcod.ad60371b.tlog/CL.write.1.tlog differ diff --git a/ShellcodeObfuscator/x64/Release/Shellcod.ad60371b.tlog/ShellcodeObfuscator.lastbuildstate b/ShellcodeObfuscator/x64/Release/Shellcod.ad60371b.tlog/ShellcodeObfuscator.lastbuildstate new file mode 100644 index 0000000..3edbd45 --- /dev/null +++ b/ShellcodeObfuscator/x64/Release/Shellcod.ad60371b.tlog/ShellcodeObfuscator.lastbuildstate @@ -0,0 +1,2 @@ +PlatformToolSet=v142:VCToolArchitecture=Native32Bit:VCToolsVersion=14.27.29110:TargetPlatformVersion=10.0.19041.0: +Release|x64|C:\$Fanta\ShellcodeObfuscator\| diff --git a/ShellcodeObfuscator/x64/Release/Shellcod.ad60371b.tlog/ShellcodeObfuscator.write.1u.tlog b/ShellcodeObfuscator/x64/Release/Shellcod.ad60371b.tlog/ShellcodeObfuscator.write.1u.tlog new file mode 100644 index 0000000..9dce939 Binary files /dev/null and b/ShellcodeObfuscator/x64/Release/Shellcod.ad60371b.tlog/ShellcodeObfuscator.write.1u.tlog differ diff --git a/ShellcodeObfuscator/x64/Release/Shellcod.ad60371b.tlog/link.command.1.tlog b/ShellcodeObfuscator/x64/Release/Shellcod.ad60371b.tlog/link.command.1.tlog new file mode 100644 index 0000000..e98d86b Binary files /dev/null and b/ShellcodeObfuscator/x64/Release/Shellcod.ad60371b.tlog/link.command.1.tlog differ diff --git a/ShellcodeObfuscator/x64/Release/Shellcod.ad60371b.tlog/link.read.1.tlog b/ShellcodeObfuscator/x64/Release/Shellcod.ad60371b.tlog/link.read.1.tlog new file mode 100644 index 0000000..2ead3f0 Binary files /dev/null and b/ShellcodeObfuscator/x64/Release/Shellcod.ad60371b.tlog/link.read.1.tlog differ diff --git a/ShellcodeObfuscator/x64/Release/Shellcod.ad60371b.tlog/link.write.1.tlog b/ShellcodeObfuscator/x64/Release/Shellcod.ad60371b.tlog/link.write.1.tlog new file mode 100644 index 0000000..db869e0 Binary files /dev/null and b/ShellcodeObfuscator/x64/Release/Shellcod.ad60371b.tlog/link.write.1.tlog differ diff --git a/ShellcodeObfuscator/x64/Release/ShellcodeObfuscator.Build.CppClean.log b/ShellcodeObfuscator/x64/Release/ShellcodeObfuscator.Build.CppClean.log new file mode 100644 index 0000000..144760f --- /dev/null +++ b/ShellcodeObfuscator/x64/Release/ShellcodeObfuscator.Build.CppClean.log @@ -0,0 +1,14 @@ +c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\release\vc142.pdb +c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\release\obfuscator.obj +c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\release\main.obj +c:\$fanta\shellcodeobfuscator\x64\release\shellcodeobfuscator.exe +c:\$fanta\shellcodeobfuscator\x64\release\shellcodeobfuscator.pdb +c:\$fanta\shellcodeobfuscator\x64\release\shellcodeobfuscator.ipdb +c:\$fanta\shellcodeobfuscator\x64\release\shellcodeobfuscator.iobj +c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\release\shellcod.ad60371b.tlog\cl.command.1.tlog +c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\release\shellcod.ad60371b.tlog\cl.read.1.tlog +c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\release\shellcod.ad60371b.tlog\cl.write.1.tlog +c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\release\shellcod.ad60371b.tlog\link.command.1.tlog +c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\release\shellcod.ad60371b.tlog\link.read.1.tlog +c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\release\shellcod.ad60371b.tlog\link.write.1.tlog +c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\release\shellcod.ad60371b.tlog\shellcodeobfuscator.write.1u.tlog diff --git a/ShellcodeObfuscator/x64/Release/ShellcodeObfuscator.exe.recipe b/ShellcodeObfuscator/x64/Release/ShellcodeObfuscator.exe.recipe new file mode 100644 index 0000000..e4a6447 --- /dev/null +++ b/ShellcodeObfuscator/x64/Release/ShellcodeObfuscator.exe.recipe @@ -0,0 +1,7 @@ + + + C:\$Fanta\ShellcodeObfuscator\x64\Release\ShellcodeObfuscator.exe + + + + \ No newline at end of file diff --git a/ShellcodeObfuscator/x64/Release/ShellcodeObfuscator.log b/ShellcodeObfuscator/x64/Release/ShellcodeObfuscator.log new file mode 100644 index 0000000..e57bc2c --- /dev/null +++ b/ShellcodeObfuscator/x64/Release/ShellcodeObfuscator.log @@ -0,0 +1,10 @@ + Obfuscator.cpp +C:\$Fanta\ShellcodeObfuscator\ShellcodeObfuscator\Obfuscator.cpp(302,20): warning C4018: '<': signed/unsigned mismatch +LINK : warning LNK4098: defaultlib 'LIBCMT' conflicts with use of other libs; use /NODEFAULTLIB:library + Generating code +C:\$Fanta\ShellcodeObfuscator\ShellcodeObfuscator\Obfuscator.cpp(72): warning C4715: 'obf_init_from_buffer': not all control paths return a value + 29 of 134 functions (21.6%) were compiled, the rest were copied from previous compilation. + 13 functions were new in current compilation + 1 functions had inline decision re-evaluated but remain unchanged + Finished generating code + ShellcodeObfuscator.vcxproj -> C:\$Fanta\ShellcodeObfuscator\x64\Release\ShellcodeObfuscator.exe diff --git a/ShellcodeObfuscator/x64/Release/ShellcodeObfuscator.vcxproj.FileListAbsolute.txt b/ShellcodeObfuscator/x64/Release/ShellcodeObfuscator.vcxproj.FileListAbsolute.txt new file mode 100644 index 0000000..e69de29 diff --git a/x64/Debug/ShellcodeObfuscator.ilk b/x64/Debug/ShellcodeObfuscator.ilk new file mode 100644 index 0000000..a026ef7 Binary files /dev/null and b/x64/Debug/ShellcodeObfuscator.ilk differ diff --git a/x64/Release/ShellcodeObfuscator.iobj b/x64/Release/ShellcodeObfuscator.iobj new file mode 100644 index 0000000..63c740c Binary files /dev/null and b/x64/Release/ShellcodeObfuscator.iobj differ diff --git a/x64/Release/ShellcodeObfuscator.ipdb b/x64/Release/ShellcodeObfuscator.ipdb new file mode 100644 index 0000000..3fac718 Binary files /dev/null and b/x64/Release/ShellcodeObfuscator.ipdb differ