master
James 3 years ago
parent b3b44e5d72
commit d70e179c11

@ -124,16 +124,16 @@ void obf_replace_rel_jmps(pobfuscator_t obf)
pcode_link_t jmp_around_gagt = new code_link_t; pcode_link_t jmp_around_gagt = new code_link_t;
jmp_around_gagt->flags = 0; jmp_around_gagt->flags = 0;
jmp_around_gagt->label_name = ""; jmp_around_gagt->label_name = "";
jmp_around_gagt->raw_data = (unsigned char*)malloc(2); jmp_around_gagt->raw_data = new unsigned char[2];
jmp_around_gagt->raw_data_size = 2; jmp_around_gagt->raw_data_size = 2;
unsigned char jmp_around_gagt_data[] = { 0xEB, 0x10 }; unsigned char jmp_around_gagt_data[] = { 0xEB, 0x10 };
memcpy(jmp_around_gagt->raw_data, jmp_around_gagt_data, 10); memcpy(jmp_around_gagt->raw_data, jmp_around_gagt_data, 2);
pcode_link_t push_rax = new code_link_t; pcode_link_t push_rax = new code_link_t;
push_rax->flags = 0; push_rax->flags = 0;
push_rax->label_name = ""; push_rax->label_name = "";
push_rax->raw_data = (unsigned char*)malloc(1); push_rax->raw_data = new unsigned char[1];
push_rax->raw_data_size = 1; push_rax->raw_data_size = 1;
*(unsigned char*)push_rax->raw_data = 0x50; *(unsigned char*)push_rax->raw_data = 0x50;
push_rax->label_name = ""; push_rax->label_name = "";
@ -142,7 +142,7 @@ void obf_replace_rel_jmps(pobfuscator_t obf)
pcode_link_t mov_address = new code_link_t; pcode_link_t mov_address = new code_link_t;
mov_address->flags = CLFLAG_IS_ABS_ADDR; mov_address->flags = CLFLAG_IS_ABS_ADDR;
mov_address->label_name = t->label_name; mov_address->label_name = t->label_name;
mov_address->raw_data = (unsigned char*)malloc(10); mov_address->raw_data = new unsigned char[10];
mov_address->raw_data_size = 10; mov_address->raw_data_size = 10;
unsigned char mov_address_data[] = { 0x48, 0xB8, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x0F }; unsigned char mov_address_data[] = { 0x48, 0xB8, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x0F };
memcpy(mov_address->raw_data, mov_address_data, 10); memcpy(mov_address->raw_data, mov_address_data, 10);
@ -150,7 +150,7 @@ void obf_replace_rel_jmps(pobfuscator_t obf)
pcode_link_t xchg_rax_rsp = new code_link_t; pcode_link_t xchg_rax_rsp = new code_link_t;
xchg_rax_rsp->flags = 0; xchg_rax_rsp->flags = 0;
xchg_rax_rsp->label_name = ""; xchg_rax_rsp->label_name = "";
xchg_rax_rsp->raw_data = (unsigned char*)malloc(4); xchg_rax_rsp->raw_data = new unsigned char[4];
xchg_rax_rsp->raw_data_size = 4; xchg_rax_rsp->raw_data_size = 4;
unsigned char xchg_rax_rsp_data[] = { 0x48, 0x87, 0x04, 0x24 }; unsigned char xchg_rax_rsp_data[] = { 0x48, 0x87, 0x04, 0x24 };
memcpy(xchg_rax_rsp->raw_data, xchg_rax_rsp_data, 4); memcpy(xchg_rax_rsp->raw_data, xchg_rax_rsp_data, 4);
@ -158,7 +158,7 @@ void obf_replace_rel_jmps(pobfuscator_t obf)
pcode_link_t ret = new code_link_t; pcode_link_t ret = new code_link_t;
ret->flags = 0; ret->flags = 0;
ret->label_name = ""; ret->label_name = "";
ret->raw_data = (unsigned char*)malloc(1); ret->raw_data = new unsigned char[1];
ret->raw_data_size = 1; ret->raw_data_size = 1;
*(unsigned char*)ret->raw_data = 0xC3; *(unsigned char*)ret->raw_data = 0xC3;
@ -186,7 +186,57 @@ void obf_replace_rel_jmps(pobfuscator_t obf)
void obf_replace_abs_jmps(pobfuscator_t obf) void obf_replace_abs_jmps(pobfuscator_t obf)
{ {
//FIRST ITERATE AND CHECK BEHIND THE JMP
//pcode_link_t Temp;
//for (Temp = Jmp; Temp && Temp->Prev; Temp = Temp->Prev)
//{
// if (Temp->Prev->IsLabel && Temp->Prev->Name == Jmp->Name)
// {
// Jmp->Data = (PVOID)Delta;
// return TRUE;
// }
// Delta -= Assembler->Instructions[Temp->Prev->InstructionId].LengthInBytes;
//}
////NOW LOOK IN FRONT
//Delta = Assembler->Instructions[Jmp->InstructionId].LengthInBytes; //9
//for (Temp = Jmp; Temp && Temp->Next; Temp = Temp->Next)
//{
// if (Temp->Next->IsLabel && Temp->Next->Name == Jmp->Name)
// {
// Jmp->Data = (PVOID)Delta;
// return TRUE;
// }
// Delta += Assembler->Instructions[Temp->Next->InstructionId].LengthInBytes;
//}
//return FALSE;
for (pcode_link_t t = obf->code_start->next; t;)
{
if (t->flags & CLFLAG_IS_ABS_ADDR)
{
pcode_link_t temp;
for (temp = t; temp && temp->prev; temp = temp->prev)
{
if (temp->flags & CLFLAG_IS_LABEL && temp->label_name == t->label_name)
{
uint64_t addr = obf->groups[t->group].base_address;
pcode_link_t temp2 = obf->groups[t->group].start;
for (; temp2 && temp2->group == temp->group; temp2 = temp2->next)
{
if (temp2 == temp)
{
break;
}
addr += temp->raw_data_size;
}
}
}
}
}
} }
size_t obf_get_group_size(pobfuscator_t obf, int group_id) size_t obf_get_group_size(pobfuscator_t obf, int group_id)

@ -1,2 +1,8 @@
 main.cpp  Obfuscator.cpp
C:\$Fanta\ShellcodeObfuscator\ShellcodeObfuscator\Obfuscator.cpp(353,20): warning C4018: '<': signed/unsigned mismatch
main.cpp
Generating Code...
C:\$Fanta\ShellcodeObfuscator\ShellcodeObfuscator\Obfuscator.cpp(246): warning C4715: 'obf_get_group_size': not all control paths return a value
C:\$Fanta\ShellcodeObfuscator\ShellcodeObfuscator\Obfuscator.cpp(72): warning C4715: 'obf_init_from_buffer': not all control paths return a value
LINK : warning LNK4098: defaultlib 'LIBCMT' conflicts with use of other libs; use /NODEFAULTLIB:library
ShellcodeObfuscator.vcxproj -> C:\$Fanta\ShellcodeObfuscator\x64\Debug\ShellcodeObfuscator.exe ShellcodeObfuscator.vcxproj -> C:\$Fanta\ShellcodeObfuscator\x64\Debug\ShellcodeObfuscator.exe

@ -1,10 +1,9 @@
 Obfuscator.cpp  Obfuscator.cpp
C:\$Fanta\ShellcodeObfuscator\ShellcodeObfuscator\Obfuscator.cpp(302,20): warning C4018: '<': signed/unsigned mismatch C:\$Fanta\ShellcodeObfuscator\ShellcodeObfuscator\Obfuscator.cpp(353,20): warning C4018: '<': signed/unsigned mismatch
LINK : warning LNK4098: defaultlib 'LIBCMT' conflicts with use of other libs; use /NODEFAULTLIB:library LINK : warning LNK4098: defaultlib 'LIBCMT' conflicts with use of other libs; use /NODEFAULTLIB:library
Generating code Generating code
C:\$Fanta\ShellcodeObfuscator\ShellcodeObfuscator\Obfuscator.cpp(72): warning C4715: 'obf_init_from_buffer': not all control paths return a value 2 of 134 functions ( 1.5%) were compiled, the rest were copied from previous compilation.
29 of 134 functions (21.6%) were compiled, the rest were copied from previous compilation. 0 functions were new in current compilation
13 functions were new in current compilation 0 functions had inline decision re-evaluated but remain unchanged
1 functions had inline decision re-evaluated but remain unchanged
Finished generating code Finished generating code
ShellcodeObfuscator.vcxproj -> C:\$Fanta\ShellcodeObfuscator\x64\Release\ShellcodeObfuscator.exe ShellcodeObfuscator.vcxproj -> C:\$Fanta\ShellcodeObfuscator\x64\Release\ShellcodeObfuscator.exe

Binary file not shown.
Loading…
Cancel
Save