parent
a85dbbe76b
commit
b3b44e5d72
@ -0,0 +1,37 @@
|
|||||||
|
# Prerequisites
|
||||||
|
*.d
|
||||||
|
|
||||||
|
# Compiled Object files
|
||||||
|
*.slo
|
||||||
|
*.lo
|
||||||
|
*.o
|
||||||
|
*.obj
|
||||||
|
|
||||||
|
# Precompiled Headers
|
||||||
|
*.gch
|
||||||
|
*.pch
|
||||||
|
|
||||||
|
# Compiled Dynamic libraries
|
||||||
|
*.so
|
||||||
|
*.dylib
|
||||||
|
*.dll
|
||||||
|
|
||||||
|
# Fortran module files
|
||||||
|
*.mod
|
||||||
|
*.smod
|
||||||
|
|
||||||
|
# Compiled Static libraries
|
||||||
|
*.lai
|
||||||
|
*.la
|
||||||
|
*.a
|
||||||
|
*.lib
|
||||||
|
|
||||||
|
# Executables
|
||||||
|
*.exe
|
||||||
|
*.out
|
||||||
|
*.app
|
||||||
|
*.pdb
|
||||||
|
*.ipch
|
||||||
|
*.db
|
||||||
|
|
||||||
|
.vs/
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -0,0 +1,2 @@
|
|||||||
|
PlatformToolSet=v142:VCToolArchitecture=Native32Bit:VCToolsVersion=14.27.29110:TargetPlatformVersion=10.0.19041.0:
|
||||||
|
Debug|Win32|C:\$Fanta\ShellcodeObfuscator\|
|
@ -0,0 +1,12 @@
|
|||||||
|
main.cpp
|
||||||
|
Obfuscator.cpp
|
||||||
|
C:\$Fanta\ShellcodeObfuscator\ShellcodeObfuscator\Obfuscator.cpp(38,15): warning C4018: '<': signed/unsigned mismatch
|
||||||
|
Generating Code...
|
||||||
|
C:\$Fanta\ShellcodeObfuscator\ShellcodeObfuscator\Obfuscator.cpp(40): warning C4715: 'obf_get_group_size': not all control paths return a value
|
||||||
|
main.obj : error LNK2019: unresolved external symbol "void __cdecl xed_tables_init(void)" (?xed_tables_init@@YAXXZ) referenced in function _main
|
||||||
|
main.obj : error LNK2019: unresolved external symbol "char const * __cdecl xed_error_enum_t2str(enum xed_error_enum_t)" (?xed_error_enum_t2str@@YAPBDW4xed_error_enum_t@@@Z) referenced in function _main
|
||||||
|
main.obj : error LNK2019: unresolved external symbol "enum xed_error_enum_t __cdecl xed_decode(struct xed_decoded_inst_s *,unsigned char const *,unsigned int)" (?xed_decode@@YA?AW4xed_error_enum_t@@PAUxed_decoded_inst_s@@PBEI@Z) referenced in function _main
|
||||||
|
main.obj : error LNK2019: unresolved external symbol "void __cdecl xed_operand_values_set_mode(struct xed_decoded_inst_s *,struct xed_state_s const *)" (?xed_operand_values_set_mode@@YAXPAUxed_decoded_inst_s@@PBUxed_state_s@@@Z) referenced in function "void __cdecl xed_decoded_inst_set_mode(struct xed_decoded_inst_s *,enum xed_machine_mode_enum_t,enum xed_address_width_enum_t)" (?xed_decoded_inst_set_mode@@YAXPAUxed_decoded_inst_s@@W4xed_machine_mode_enum_t@@W4xed_address_width_enum_t@@@Z)
|
||||||
|
main.obj : error LNK2019: unresolved external symbol "void __cdecl xed_decoded_inst_zero(struct xed_decoded_inst_s *)" (?xed_decoded_inst_zero@@YAXPAUxed_decoded_inst_s@@@Z) referenced in function _main
|
||||||
|
C:\$Fanta\IntelXED\build\obj\wkit\lib\xed.lib : warning LNK4272: library machine type 'x64' conflicts with target machine type 'x86'
|
||||||
|
C:\$Fanta\ShellcodeObfuscator\Debug\ShellcodeObfuscator.exe : fatal error LNK1120: 5 unresolved externals
|
Binary file not shown.
@ -0,0 +1,309 @@
|
|||||||
|
#include "Obfuscator.h"
|
||||||
|
|
||||||
|
//snake case is honestly so disgusting
|
||||||
|
void obf_one_time_please()
|
||||||
|
{
|
||||||
|
xed_tables_init();
|
||||||
|
}
|
||||||
|
|
||||||
|
bool obf_init_from_buffer(pobfuscator_t obf, void* buffer, int buffer_size)
|
||||||
|
{
|
||||||
|
obf->current_label_id = 0;
|
||||||
|
obf->machine_mode = XED_MACHINE_MODE_LONG_64;
|
||||||
|
obf->addr_width = XED_ADDRESS_WIDTH_64b;
|
||||||
|
|
||||||
|
unsigned long long off = 0;
|
||||||
|
|
||||||
|
obf->code_start = new code_link_t;
|
||||||
|
obf->code_end = obf->code_start;
|
||||||
|
obf->code_start->flags = 0;
|
||||||
|
obf->code_start->group = 0;
|
||||||
|
obf->code_start->label_name = "omegalawl";
|
||||||
|
obf->code_start->prev = obf->code_start->next = nullptr;
|
||||||
|
|
||||||
|
while (off < buffer_size)
|
||||||
|
{
|
||||||
|
pcode_link_t link = new code_link_t;
|
||||||
|
link->flags = 0;
|
||||||
|
link->group = 0;
|
||||||
|
|
||||||
|
xed_decoded_inst_zero(&link->instruction);
|
||||||
|
xed_decoded_inst_set_mode(&link->instruction, obf->machine_mode, obf->addr_width);
|
||||||
|
xed_error_enum_t err = xed_decode(&link->instruction, (unsigned char*)((unsigned char*)buffer + off), 15);
|
||||||
|
if (err != XED_ERROR_NONE)
|
||||||
|
{
|
||||||
|
printf("Failed decoding instruction at %llu with error \"%s\"(%d)", off, xed_error_enum_t2str(err), err);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
unsigned int inst_len = xed_decoded_inst_get_length(&link->instruction);
|
||||||
|
link->raw_data_size = inst_len;
|
||||||
|
|
||||||
|
link->raw_data = (unsigned char*)malloc(inst_len);
|
||||||
|
if (!link->raw_data)
|
||||||
|
{
|
||||||
|
printf("outta memory son.\n");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
memcpy(link->raw_data, ((unsigned char*)buffer + off), inst_len);
|
||||||
|
|
||||||
|
//filter out 8 byte wide jumps cuz they aint relative dawg and wont be showin up in my shellcod
|
||||||
|
xed_category_enum_t cat = xed_decoded_inst_get_category(&link->instruction);
|
||||||
|
if (cat == XED_CATEGORY_COND_BR || cat == XED_CATEGORY_UNCOND_BR)
|
||||||
|
{
|
||||||
|
unsigned int disp_width = xed_decoded_inst_get_branch_displacement_width(&link->instruction);
|
||||||
|
if (disp_width != 8)
|
||||||
|
{
|
||||||
|
link->flags |= CLFLAG_IS_REL_JUMP;
|
||||||
|
|
||||||
|
//int jump_delta = xed_decoded_inst_get_branch_displacement(&link->instruction);
|
||||||
|
//printf("Jump delta is %d\n", jump_delta);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
link->prev = obf->code_end;
|
||||||
|
link->next = nullptr;
|
||||||
|
obf->code_end->next = link;
|
||||||
|
obf->code_end = link;
|
||||||
|
|
||||||
|
off += inst_len;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void obf_create_groups(pobfuscator_t obf, int group_size)
|
||||||
|
{
|
||||||
|
int group_id = 0, size_in_bytes = 0;
|
||||||
|
pcode_link_t start = obf->code_start->next;
|
||||||
|
for (pcode_link_t t = obf->code_start->next; t; t = t->next)
|
||||||
|
{
|
||||||
|
if (size_in_bytes + t->instruction._decoded_length > group_size)
|
||||||
|
{
|
||||||
|
size_in_bytes = 0;
|
||||||
|
obf->groups.emplace_back();
|
||||||
|
obf->groups.back().size_in_bytes = size_in_bytes;
|
||||||
|
obf->groups.back().start = start;
|
||||||
|
start = t;
|
||||||
|
++group_id;
|
||||||
|
}
|
||||||
|
|
||||||
|
t->group = group_id;
|
||||||
|
size_in_bytes += t->instruction._decoded_length;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void obf_replace_rel_jmps(pobfuscator_t obf)
|
||||||
|
|
||||||
|
{ // original_jump -------------------------.
|
||||||
|
// jmp 0x10 0xEB, 0x10 |
|
||||||
|
// push rax 0x50, <----'
|
||||||
|
// mov rax,abs_address 0x48, 0xB8, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x0F,
|
||||||
|
// xchg rax,[rsp] 0x48, 0x87, 0x04, 0x24,
|
||||||
|
// ret 0xC3
|
||||||
|
|
||||||
|
for (pcode_link_t t = obf->code_start->next; t;)
|
||||||
|
{
|
||||||
|
if (t->flags & CLFLAG_IS_REL_JUMP)
|
||||||
|
{
|
||||||
|
pcode_link_t real_next = t->next;
|
||||||
|
unsigned int inst_len = xed_decoded_inst_get_length(&t->instruction);
|
||||||
|
unsigned int jmp_delta_width = xed_decoded_inst_get_branch_displacement_width(&t->instruction);
|
||||||
|
unsigned int opcode_size = inst_len - jmp_delta_width;
|
||||||
|
|
||||||
|
switch (jmp_delta_width)
|
||||||
|
{
|
||||||
|
case 1:
|
||||||
|
*(char*)((unsigned char*)t->raw_data + opcode_size) = (char)2; break;
|
||||||
|
case 2:
|
||||||
|
*(short*)((unsigned char*)t->raw_data + opcode_size) = (short)2; break;
|
||||||
|
case 4:
|
||||||
|
*(int*)((unsigned char*)t->raw_data + opcode_size) = (int)2; break;
|
||||||
|
}
|
||||||
|
t->flags = 0;
|
||||||
|
|
||||||
|
pcode_link_t jmp_around_gagt = new code_link_t;
|
||||||
|
jmp_around_gagt->flags = 0;
|
||||||
|
jmp_around_gagt->label_name = "";
|
||||||
|
jmp_around_gagt->raw_data = (unsigned char*)malloc(2);
|
||||||
|
jmp_around_gagt->raw_data_size = 2;
|
||||||
|
unsigned char jmp_around_gagt_data[] = { 0xEB, 0x10 };
|
||||||
|
memcpy(jmp_around_gagt->raw_data, jmp_around_gagt_data, 10);
|
||||||
|
|
||||||
|
|
||||||
|
pcode_link_t push_rax = new code_link_t;
|
||||||
|
push_rax->flags = 0;
|
||||||
|
push_rax->label_name = "";
|
||||||
|
push_rax->raw_data = (unsigned char*)malloc(1);
|
||||||
|
push_rax->raw_data_size = 1;
|
||||||
|
*(unsigned char*)push_rax->raw_data = 0x50;
|
||||||
|
push_rax->label_name = "";
|
||||||
|
|
||||||
|
|
||||||
|
pcode_link_t mov_address = new code_link_t;
|
||||||
|
mov_address->flags = CLFLAG_IS_ABS_ADDR;
|
||||||
|
mov_address->label_name = t->label_name;
|
||||||
|
mov_address->raw_data = (unsigned char*)malloc(10);
|
||||||
|
mov_address->raw_data_size = 10;
|
||||||
|
unsigned char mov_address_data[] = { 0x48, 0xB8, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x0F };
|
||||||
|
memcpy(mov_address->raw_data, mov_address_data, 10);
|
||||||
|
|
||||||
|
pcode_link_t xchg_rax_rsp = new code_link_t;
|
||||||
|
xchg_rax_rsp->flags = 0;
|
||||||
|
xchg_rax_rsp->label_name = "";
|
||||||
|
xchg_rax_rsp->raw_data = (unsigned char*)malloc(4);
|
||||||
|
xchg_rax_rsp->raw_data_size = 4;
|
||||||
|
unsigned char xchg_rax_rsp_data[] = { 0x48, 0x87, 0x04, 0x24 };
|
||||||
|
memcpy(xchg_rax_rsp->raw_data, xchg_rax_rsp_data, 4);
|
||||||
|
|
||||||
|
pcode_link_t ret = new code_link_t;
|
||||||
|
ret->flags = 0;
|
||||||
|
ret->label_name = "";
|
||||||
|
ret->raw_data = (unsigned char*)malloc(1);
|
||||||
|
ret->raw_data_size = 1;
|
||||||
|
*(unsigned char*)ret->raw_data = 0xC3;
|
||||||
|
|
||||||
|
t->next = jmp_around_gagt;
|
||||||
|
jmp_around_gagt->next = push_rax;
|
||||||
|
push_rax->next = mov_address;
|
||||||
|
mov_address->next = xchg_rax_rsp;
|
||||||
|
xchg_rax_rsp->next = ret;
|
||||||
|
ret->next = real_next;
|
||||||
|
|
||||||
|
real_next->prev = ret;
|
||||||
|
ret->prev = xchg_rax_rsp;
|
||||||
|
xchg_rax_rsp->prev = mov_address;
|
||||||
|
mov_address->prev = push_rax;
|
||||||
|
push_rax->prev = jmp_around_gagt;
|
||||||
|
jmp_around_gagt->prev = t;
|
||||||
|
|
||||||
|
|
||||||
|
t = real_next;
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
t = t->next;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void obf_replace_abs_jmps(pobfuscator_t obf)
|
||||||
|
{
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
size_t obf_get_group_size(pobfuscator_t obf, int group_id)
|
||||||
|
{
|
||||||
|
if (group_id < obf->groups.size())
|
||||||
|
return obf->groups[group_id].size_in_bytes;
|
||||||
|
}
|
||||||
|
|
||||||
|
void obf_copy_group_to_buffer(pobfuscator_t obf, void* buffer, int group_id)
|
||||||
|
{
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
bool obf_gen_all_labels(pobfuscator_t obf)
|
||||||
|
{
|
||||||
|
for (pcode_link_t t = obf->code_start->next; t; t = t->next)
|
||||||
|
{
|
||||||
|
if (t->flags & CLFLAG_IS_REL_JUMP)
|
||||||
|
{
|
||||||
|
int jump_delta = xed_decoded_inst_get_branch_displacement(&t->instruction);
|
||||||
|
if (!obf_gen_label(obf, t, jump_delta))
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
bool obf_gen_label(pobfuscator_t obf, pcode_link_t jmp, int32_t delta)
|
||||||
|
{
|
||||||
|
obf->current_label_id++;
|
||||||
|
pcode_link_t temp;
|
||||||
|
//when going positive, counting starts at NEXT instruction(excluding size of jmp)
|
||||||
|
//when negative, counting INCLUDES the size of the jmp instructrion
|
||||||
|
if (delta > 0)
|
||||||
|
{
|
||||||
|
temp = jmp->next;
|
||||||
|
while (delta && temp)
|
||||||
|
{
|
||||||
|
delta -= temp->instruction._decoded_length;
|
||||||
|
//if (delta == 0) break;
|
||||||
|
temp = temp->next;
|
||||||
|
}
|
||||||
|
if (temp && temp->flags & CLFLAG_IS_LABEL)
|
||||||
|
{
|
||||||
|
jmp->label_name = temp->label_name;
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else if (delta < 0)
|
||||||
|
{
|
||||||
|
temp = jmp;
|
||||||
|
while (temp)
|
||||||
|
{
|
||||||
|
delta += temp->instruction._decoded_length;
|
||||||
|
if (delta == 0) break;
|
||||||
|
temp = temp->prev;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (temp && temp->prev && (temp->prev->flags & CLFLAG_IS_LABEL))
|
||||||
|
{
|
||||||
|
jmp->label_name = temp->prev->label_name;
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else return false;
|
||||||
|
|
||||||
|
if (!temp)
|
||||||
|
return false;
|
||||||
|
|
||||||
|
//couldnt find label, adding new one
|
||||||
|
pcode_link_t new_label = new code_link_t;
|
||||||
|
new_label->flags = CLFLAG_IS_LABEL;
|
||||||
|
new_label->label_name = std::to_string(obf->current_label_id);
|
||||||
|
jmp->label_name = new_label->label_name;
|
||||||
|
|
||||||
|
new_label->next = temp;
|
||||||
|
new_label->prev = temp->prev;
|
||||||
|
if (temp->prev)
|
||||||
|
temp->prev->next = new_label;
|
||||||
|
temp->prev = new_label;
|
||||||
|
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
void obf_dbg_print_code(pobfuscator_t obf)
|
||||||
|
{
|
||||||
|
for (pcode_link_t t = obf->code_start->next; t; t = t->next)
|
||||||
|
{
|
||||||
|
if (!(t->flags & CLFLAG_IS_LABEL))
|
||||||
|
{
|
||||||
|
obf_print_byte_array(t->raw_data, t->raw_data_size);
|
||||||
|
}
|
||||||
|
/*if (t->flags & CLFLAG_IS_REL_JUMP)
|
||||||
|
{
|
||||||
|
printf("\tJump to: %s\n", t->label_name.data());
|
||||||
|
}
|
||||||
|
else if (t->flags & CLFLAG_IS_LABEL)
|
||||||
|
{
|
||||||
|
printf("Label: %s\n", t->label_name.data());
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
printf("\tRegular Instruction.\n");
|
||||||
|
}*/
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#include <iostream>
|
||||||
|
#include <iomanip>
|
||||||
|
void obf_print_byte_array(void* arr, unsigned int size)
|
||||||
|
{
|
||||||
|
unsigned char* b = (unsigned char*)arr;
|
||||||
|
for (int i = 0; i < size; i++)
|
||||||
|
{
|
||||||
|
std::cout << std::hex << std::setw(2) << std::setfill('0') << (int)b[i] << ' ';
|
||||||
|
}
|
||||||
|
std::cout << '\n';
|
||||||
|
return;
|
||||||
|
}
|
@ -0,0 +1,81 @@
|
|||||||
|
#ifndef _OBFUSCATOR_H
|
||||||
|
#define _OBFUSCATOR_H
|
||||||
|
|
||||||
|
#include <vector>
|
||||||
|
#include <string>
|
||||||
|
|
||||||
|
extern "C"
|
||||||
|
{
|
||||||
|
#include "xed/xed-interface.h"
|
||||||
|
}
|
||||||
|
|
||||||
|
#define CLFLAG_IS_LABEL (1<<0)
|
||||||
|
#define CLFLAG_IS_REL_JUMP (1<<1)
|
||||||
|
#define CLFLAG_IS_ABS_ADDR (1<<2)
|
||||||
|
|
||||||
|
typedef struct _code_link_t
|
||||||
|
{
|
||||||
|
_code_link_t* next;
|
||||||
|
_code_link_t* prev;
|
||||||
|
|
||||||
|
uint32_t flags;
|
||||||
|
int group;
|
||||||
|
std::string label_name;
|
||||||
|
|
||||||
|
xed_decoded_inst_t instruction;
|
||||||
|
unsigned char* raw_data;
|
||||||
|
unsigned int raw_data_size;
|
||||||
|
}code_link_t, * pcode_link_t;
|
||||||
|
|
||||||
|
typedef struct _code_group_t
|
||||||
|
{
|
||||||
|
uint64_t base_address;
|
||||||
|
pcode_link_t start;
|
||||||
|
int size_in_bytes;
|
||||||
|
}code_group_t, *pcode_group_t;
|
||||||
|
|
||||||
|
typedef struct _obfuscator_t
|
||||||
|
{
|
||||||
|
pcode_link_t code_start;
|
||||||
|
pcode_link_t code_end;
|
||||||
|
std::vector<code_group_t> groups;
|
||||||
|
int group_size;
|
||||||
|
int current_label_id;
|
||||||
|
xed_machine_mode_enum_t machine_mode;
|
||||||
|
xed_address_width_enum_t addr_width;
|
||||||
|
}obfuscator_t, *pobfuscator_t;
|
||||||
|
|
||||||
|
//snickers
|
||||||
|
void obf_one_time_please();
|
||||||
|
|
||||||
|
//duh
|
||||||
|
bool obf_init_from_buffer(pobfuscator_t obf, void* buffer, int buffer_size);
|
||||||
|
|
||||||
|
//creates the groups of instructions based on number of bytes
|
||||||
|
void obf_create_groups(pobfuscator_t obf, int group_size);
|
||||||
|
|
||||||
|
//replaces all relative jumps with the abs jump gadget
|
||||||
|
void obf_replace_rel_jmps(pobfuscator_t obf);
|
||||||
|
|
||||||
|
//replaces address in the abs jmp stub with the right address of the given label.
|
||||||
|
void obf_replace_abs_jmps(pobfuscator_t obf);
|
||||||
|
|
||||||
|
//return number of bytes needed to store given group
|
||||||
|
size_t obf_get_group_size(pobfuscator_t obf, int group_id);
|
||||||
|
|
||||||
|
//copy group to whever u want it to go
|
||||||
|
void obf_copy_group_to_buffer(pobfuscator_t obf, void* buffer, int group_id);
|
||||||
|
|
||||||
|
//generate all the labels after loaded from buffa
|
||||||
|
bool obf_gen_all_labels(pobfuscator_t obf);
|
||||||
|
|
||||||
|
//walk backwards or forwards until placing label
|
||||||
|
bool obf_gen_label(pobfuscator_t obf, pcode_link_t start, int32_t delta);
|
||||||
|
|
||||||
|
|
||||||
|
void obf_dbg_print_code(pobfuscator_t obf);
|
||||||
|
|
||||||
|
void obf_print_byte_array(void* arr, unsigned int size);
|
||||||
|
|
||||||
|
|
||||||
|
#endif
|
@ -0,0 +1,167 @@
|
|||||||
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
|
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||||
|
<ItemGroup Label="ProjectConfigurations">
|
||||||
|
<ProjectConfiguration Include="Debug|Win32">
|
||||||
|
<Configuration>Debug</Configuration>
|
||||||
|
<Platform>Win32</Platform>
|
||||||
|
</ProjectConfiguration>
|
||||||
|
<ProjectConfiguration Include="Release|Win32">
|
||||||
|
<Configuration>Release</Configuration>
|
||||||
|
<Platform>Win32</Platform>
|
||||||
|
</ProjectConfiguration>
|
||||||
|
<ProjectConfiguration Include="Debug|x64">
|
||||||
|
<Configuration>Debug</Configuration>
|
||||||
|
<Platform>x64</Platform>
|
||||||
|
</ProjectConfiguration>
|
||||||
|
<ProjectConfiguration Include="Release|x64">
|
||||||
|
<Configuration>Release</Configuration>
|
||||||
|
<Platform>x64</Platform>
|
||||||
|
</ProjectConfiguration>
|
||||||
|
</ItemGroup>
|
||||||
|
<PropertyGroup Label="Globals">
|
||||||
|
<VCProjectVersion>16.0</VCProjectVersion>
|
||||||
|
<Keyword>Win32Proj</Keyword>
|
||||||
|
<ProjectGuid>{ad60371b-51a7-4d48-86a9-d25bbc30f797}</ProjectGuid>
|
||||||
|
<RootNamespace>ShellcodeObfuscator</RootNamespace>
|
||||||
|
<WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
|
||||||
|
</PropertyGroup>
|
||||||
|
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
|
||||||
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
|
||||||
|
<ConfigurationType>Application</ConfigurationType>
|
||||||
|
<UseDebugLibraries>true</UseDebugLibraries>
|
||||||
|
<PlatformToolset>v142</PlatformToolset>
|
||||||
|
<CharacterSet>Unicode</CharacterSet>
|
||||||
|
<SpectreMitigation>false</SpectreMitigation>
|
||||||
|
</PropertyGroup>
|
||||||
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
|
||||||
|
<ConfigurationType>Application</ConfigurationType>
|
||||||
|
<UseDebugLibraries>false</UseDebugLibraries>
|
||||||
|
<PlatformToolset>v142</PlatformToolset>
|
||||||
|
<WholeProgramOptimization>true</WholeProgramOptimization>
|
||||||
|
<CharacterSet>Unicode</CharacterSet>
|
||||||
|
<SpectreMitigation>false</SpectreMitigation>
|
||||||
|
</PropertyGroup>
|
||||||
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
|
||||||
|
<ConfigurationType>Application</ConfigurationType>
|
||||||
|
<UseDebugLibraries>true</UseDebugLibraries>
|
||||||
|
<PlatformToolset>v142</PlatformToolset>
|
||||||
|
<CharacterSet>Unicode</CharacterSet>
|
||||||
|
<SpectreMitigation>false</SpectreMitigation>
|
||||||
|
</PropertyGroup>
|
||||||
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
|
||||||
|
<ConfigurationType>Application</ConfigurationType>
|
||||||
|
<UseDebugLibraries>false</UseDebugLibraries>
|
||||||
|
<PlatformToolset>v142</PlatformToolset>
|
||||||
|
<WholeProgramOptimization>true</WholeProgramOptimization>
|
||||||
|
<CharacterSet>Unicode</CharacterSet>
|
||||||
|
<SpectreMitigation>false</SpectreMitigation>
|
||||||
|
</PropertyGroup>
|
||||||
|
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
|
||||||
|
<ImportGroup Label="ExtensionSettings">
|
||||||
|
</ImportGroup>
|
||||||
|
<ImportGroup Label="Shared">
|
||||||
|
</ImportGroup>
|
||||||
|
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||||
|
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||||
|
</ImportGroup>
|
||||||
|
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||||
|
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||||
|
</ImportGroup>
|
||||||
|
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||||
|
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||||
|
</ImportGroup>
|
||||||
|
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||||
|
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||||
|
</ImportGroup>
|
||||||
|
<PropertyGroup Label="UserMacros" />
|
||||||
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||||
|
<LinkIncremental>true</LinkIncremental>
|
||||||
|
</PropertyGroup>
|
||||||
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||||
|
<LinkIncremental>false</LinkIncremental>
|
||||||
|
</PropertyGroup>
|
||||||
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||||
|
<LinkIncremental>true</LinkIncremental>
|
||||||
|
</PropertyGroup>
|
||||||
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||||
|
<LinkIncremental>false</LinkIncremental>
|
||||||
|
</PropertyGroup>
|
||||||
|
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||||
|
<ClCompile>
|
||||||
|
<WarningLevel>Level3</WarningLevel>
|
||||||
|
<SDLCheck>true</SDLCheck>
|
||||||
|
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||||
|
<ConformanceMode>true</ConformanceMode>
|
||||||
|
<AdditionalIncludeDirectories>C:\%24Fanta\IntelXED\build\obj\wkit\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
|
||||||
|
</ClCompile>
|
||||||
|
<Link>
|
||||||
|
<SubSystem>Console</SubSystem>
|
||||||
|
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||||
|
<AdditionalLibraryDirectories>C:\%24Fanta\IntelXED\build\obj\wkit\lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
|
||||||
|
</Link>
|
||||||
|
</ItemDefinitionGroup>
|
||||||
|
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||||
|
<ClCompile>
|
||||||
|
<WarningLevel>Level3</WarningLevel>
|
||||||
|
<FunctionLevelLinking>true</FunctionLevelLinking>
|
||||||
|
<IntrinsicFunctions>true</IntrinsicFunctions>
|
||||||
|
<SDLCheck>true</SDLCheck>
|
||||||
|
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||||
|
<ConformanceMode>true</ConformanceMode>
|
||||||
|
<AdditionalIncludeDirectories>C:\%24Fanta\IntelXED\build\obj\wkit\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
|
||||||
|
</ClCompile>
|
||||||
|
<Link>
|
||||||
|
<SubSystem>Console</SubSystem>
|
||||||
|
<EnableCOMDATFolding>true</EnableCOMDATFolding>
|
||||||
|
<OptimizeReferences>true</OptimizeReferences>
|
||||||
|
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||||
|
<AdditionalLibraryDirectories>C:\%24Fanta\IntelXED\build\obj\wkit\lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
|
||||||
|
</Link>
|
||||||
|
</ItemDefinitionGroup>
|
||||||
|
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||||
|
<ClCompile>
|
||||||
|
<WarningLevel>Level3</WarningLevel>
|
||||||
|
<SDLCheck>true</SDLCheck>
|
||||||
|
<PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||||
|
<ConformanceMode>true</ConformanceMode>
|
||||||
|
<LanguageStandard>stdcpp17</LanguageStandard>
|
||||||
|
<AdditionalIncludeDirectories>C:\%24Fanta\IntelXED\build\obj\wkit\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
|
||||||
|
</ClCompile>
|
||||||
|
<Link>
|
||||||
|
<SubSystem>Console</SubSystem>
|
||||||
|
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||||
|
<AdditionalLibraryDirectories>C:\%24Fanta\IntelXED\build\obj\wkit\lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
|
||||||
|
<AdditionalDependencies>xed.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||||
|
</Link>
|
||||||
|
</ItemDefinitionGroup>
|
||||||
|
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||||
|
<ClCompile>
|
||||||
|
<WarningLevel>Level3</WarningLevel>
|
||||||
|
<FunctionLevelLinking>true</FunctionLevelLinking>
|
||||||
|
<IntrinsicFunctions>true</IntrinsicFunctions>
|
||||||
|
<SDLCheck>true</SDLCheck>
|
||||||
|
<PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||||
|
<ConformanceMode>true</ConformanceMode>
|
||||||
|
<LanguageStandard>stdcpp17</LanguageStandard>
|
||||||
|
<AdditionalIncludeDirectories>C:\%24Fanta\IntelXED\build\obj\wkit\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
|
||||||
|
</ClCompile>
|
||||||
|
<Link>
|
||||||
|
<SubSystem>Console</SubSystem>
|
||||||
|
<EnableCOMDATFolding>true</EnableCOMDATFolding>
|
||||||
|
<OptimizeReferences>true</OptimizeReferences>
|
||||||
|
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||||
|
<AdditionalLibraryDirectories>C:\%24Fanta\IntelXED\build\obj\wkit\lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
|
||||||
|
<AdditionalDependencies>xed.lib;%(AdditionalDependencies)</AdditionalDependencies>
|
||||||
|
</Link>
|
||||||
|
</ItemDefinitionGroup>
|
||||||
|
<ItemGroup>
|
||||||
|
<ClCompile Include="main.cpp" />
|
||||||
|
<ClCompile Include="Obfuscator.cpp" />
|
||||||
|
</ItemGroup>
|
||||||
|
<ItemGroup>
|
||||||
|
<ClInclude Include="Obfuscator.h" />
|
||||||
|
</ItemGroup>
|
||||||
|
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
|
||||||
|
<ImportGroup Label="ExtensionTargets">
|
||||||
|
</ImportGroup>
|
||||||
|
</Project>
|
@ -0,0 +1,10 @@
|
|||||||
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
|
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||||
|
<ItemGroup>
|
||||||
|
<ClCompile Include="main.cpp" />
|
||||||
|
<ClCompile Include="Obfuscator.cpp" />
|
||||||
|
</ItemGroup>
|
||||||
|
<ItemGroup>
|
||||||
|
<ClInclude Include="Obfuscator.h" />
|
||||||
|
</ItemGroup>
|
||||||
|
</Project>
|
@ -0,0 +1,4 @@
|
|||||||
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
|
<Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||||
|
<PropertyGroup />
|
||||||
|
</Project>
|
@ -0,0 +1,30 @@
|
|||||||
|
//#include "Obfuscator.h"
|
||||||
|
//
|
||||||
|
//#include "xed/xed-interface.h"
|
||||||
|
//
|
||||||
|
//int main()
|
||||||
|
//{
|
||||||
|
// xed_decoded_inst_t instruction;
|
||||||
|
//
|
||||||
|
// return 1;
|
||||||
|
//}
|
||||||
|
|
||||||
|
|
||||||
|
//#pragma comment(lib, "xed.lib")
|
||||||
|
|
||||||
|
#include "Obfuscator.h"
|
||||||
|
|
||||||
|
|
||||||
|
int main(int argc, char** argv)
|
||||||
|
{
|
||||||
|
unsigned char buffer[] = { 0x48, 0x33, 0xC0, 0x48, 0x33, 0xC0, 0xEB, 0x08, 0x48, 0x33, 0xC0, 0x7E, 0x03, 0x48, 0x33, 0xC0, 0x48, 0x33, 0xC0 };//{ 0x48, 0x33, 0xC0, 0x48, 0x33, 0xC0, 0xEB, 0xFB, 0x48, 0x33, 0xC0, 0x7E, 0xF6, 0xC3 };
|
||||||
|
unsigned int buffer_size = sizeof(buffer);
|
||||||
|
|
||||||
|
obfuscator_t obf;
|
||||||
|
obf_one_time_please();
|
||||||
|
obf_init_from_buffer(&obf, buffer, buffer_size);
|
||||||
|
obf_gen_all_labels(&obf);
|
||||||
|
obf_replace_rel_jmps(&obf);
|
||||||
|
obf_dbg_print_code(&obf);
|
||||||
|
system("pause");
|
||||||
|
}
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -0,0 +1,2 @@
|
|||||||
|
PlatformToolSet=v142:VCToolArchitecture=Native32Bit:VCToolsVersion=14.27.29110:TargetPlatformVersion=10.0.19041.0:
|
||||||
|
Debug|x64|C:\$Fanta\ShellcodeObfuscator\|
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -0,0 +1,21 @@
|
|||||||
|
c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\debug\vc142.pdb
|
||||||
|
c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\debug\vc142.idb
|
||||||
|
c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\debug\obfuscator.obj
|
||||||
|
c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\debug\main.obj
|
||||||
|
c:\$fanta\shellcodeobfuscator\x64\debug\shellcodeobfuscator.pdb
|
||||||
|
c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\debug\shellcod.ad60371b.tlog\cl.command.1.tlog
|
||||||
|
c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\debug\shellcod.ad60371b.tlog\cl.read.1.tlog
|
||||||
|
c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\debug\shellcod.ad60371b.tlog\cl.write.1.tlog
|
||||||
|
c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\debug\shellcod.ad60371b.tlog\link-cvtres.read.1.tlog
|
||||||
|
c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\debug\shellcod.ad60371b.tlog\link-cvtres.write.1.tlog
|
||||||
|
c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\debug\shellcod.ad60371b.tlog\link-rc.read.1.tlog
|
||||||
|
c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\debug\shellcod.ad60371b.tlog\link-rc.write.1.tlog
|
||||||
|
c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\debug\shellcod.ad60371b.tlog\link.1328-cvtres.read.1.tlog
|
||||||
|
c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\debug\shellcod.ad60371b.tlog\link.1328-cvtres.write.1.tlog
|
||||||
|
c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\debug\shellcod.ad60371b.tlog\link.1328-rc.read.1.tlog
|
||||||
|
c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\debug\shellcod.ad60371b.tlog\link.1328-rc.write.1.tlog
|
||||||
|
c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\debug\shellcod.ad60371b.tlog\link.1328.read.1.tlog
|
||||||
|
c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\debug\shellcod.ad60371b.tlog\link.1328.write.1.tlog
|
||||||
|
c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\debug\shellcod.ad60371b.tlog\link.command.1.tlog
|
||||||
|
c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\debug\shellcod.ad60371b.tlog\link.read.1.tlog
|
||||||
|
c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\debug\shellcod.ad60371b.tlog\link.write.1.tlog
|
@ -0,0 +1,7 @@
|
|||||||
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
|
<Project>
|
||||||
|
<ProjectOutputs>C:\$Fanta\ShellcodeObfuscator\x64\Debug\ShellcodeObfuscator.exe</ProjectOutputs>
|
||||||
|
<ContentFiles></ContentFiles>
|
||||||
|
<SatelliteDlls></SatelliteDlls>
|
||||||
|
<NonRecipeFileRefs></NonRecipeFileRefs>
|
||||||
|
</Project>
|
@ -0,0 +1,2 @@
|
|||||||
|
main.cpp
|
||||||
|
ShellcodeObfuscator.vcxproj -> C:\$Fanta\ShellcodeObfuscator\x64\Debug\ShellcodeObfuscator.exe
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -0,0 +1,2 @@
|
|||||||
|
PlatformToolSet=v142:VCToolArchitecture=Native32Bit:VCToolsVersion=14.27.29110:TargetPlatformVersion=10.0.19041.0:
|
||||||
|
Release|x64|C:\$Fanta\ShellcodeObfuscator\|
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -0,0 +1,14 @@
|
|||||||
|
c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\release\vc142.pdb
|
||||||
|
c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\release\obfuscator.obj
|
||||||
|
c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\release\main.obj
|
||||||
|
c:\$fanta\shellcodeobfuscator\x64\release\shellcodeobfuscator.exe
|
||||||
|
c:\$fanta\shellcodeobfuscator\x64\release\shellcodeobfuscator.pdb
|
||||||
|
c:\$fanta\shellcodeobfuscator\x64\release\shellcodeobfuscator.ipdb
|
||||||
|
c:\$fanta\shellcodeobfuscator\x64\release\shellcodeobfuscator.iobj
|
||||||
|
c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\release\shellcod.ad60371b.tlog\cl.command.1.tlog
|
||||||
|
c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\release\shellcod.ad60371b.tlog\cl.read.1.tlog
|
||||||
|
c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\release\shellcod.ad60371b.tlog\cl.write.1.tlog
|
||||||
|
c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\release\shellcod.ad60371b.tlog\link.command.1.tlog
|
||||||
|
c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\release\shellcod.ad60371b.tlog\link.read.1.tlog
|
||||||
|
c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\release\shellcod.ad60371b.tlog\link.write.1.tlog
|
||||||
|
c:\$fanta\shellcodeobfuscator\shellcodeobfuscator\x64\release\shellcod.ad60371b.tlog\shellcodeobfuscator.write.1u.tlog
|
@ -0,0 +1,7 @@
|
|||||||
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
|
<Project>
|
||||||
|
<ProjectOutputs>C:\$Fanta\ShellcodeObfuscator\x64\Release\ShellcodeObfuscator.exe</ProjectOutputs>
|
||||||
|
<ContentFiles></ContentFiles>
|
||||||
|
<SatelliteDlls></SatelliteDlls>
|
||||||
|
<NonRecipeFileRefs></NonRecipeFileRefs>
|
||||||
|
</Project>
|
@ -0,0 +1,10 @@
|
|||||||
|
Obfuscator.cpp
|
||||||
|
C:\$Fanta\ShellcodeObfuscator\ShellcodeObfuscator\Obfuscator.cpp(302,20): warning C4018: '<': signed/unsigned mismatch
|
||||||
|
LINK : warning LNK4098: defaultlib 'LIBCMT' conflicts with use of other libs; use /NODEFAULTLIB:library
|
||||||
|
Generating code
|
||||||
|
C:\$Fanta\ShellcodeObfuscator\ShellcodeObfuscator\Obfuscator.cpp(72): warning C4715: 'obf_init_from_buffer': not all control paths return a value
|
||||||
|
29 of 134 functions (21.6%) were compiled, the rest were copied from previous compilation.
|
||||||
|
13 functions were new in current compilation
|
||||||
|
1 functions had inline decision re-evaluated but remain unchanged
|
||||||
|
Finished generating code
|
||||||
|
ShellcodeObfuscator.vcxproj -> C:\$Fanta\ShellcodeObfuscator\x64\Release\ShellcodeObfuscator.exe
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Loading…
Reference in new issue