_xeroxz
b397d2c8d2
|
3 years ago | |
|---|---|---|
| LICENSE | 3 years ago | |
| README.md | 3 years ago | |
README.md
LLOIFF - Low Level Obfuscation Intermediate File Format
LLOIFF is an intermediate file format which exists only in memory. This format is generated by stage 1 of LLO. The design of this intermediate file format must be robust enough that it can handle file formats of all types lifted to it. For example, PE-COFF (COFF meaning: including OBJ files), ELF, etc.
There can be multiple LLOIFF's at a given time, just as there can be multiple OBJ files in a LIB.
What LLOIFF Needs To Provide
LLOIFF needs to provide a clean C++2017 interfacable class that contains all information possible about a given file. This information includes: symbols, sections, original file, size, virtual size, etc...
LLOIFF Symbol Class
The LLOIFF symbol class is the base class for all symbol types. Such information as the original rva, symbol size, and symbol hash with setters and getters must be made. Something along these lines:
namespace llo::iff
{
using hash_t = std::uint64_t;
class rva_t
{
public:
rva_t();
rva_t(hash_t section_hash, std::uint32_t section_offset);
// ... fancy c++ stuff here like override's and such
};
class symbol_base_t
{
public:
symbol_base_t();
symbol_base_t(
const std::string& name,
rva_t rva_data
);
virtual std::size_t get_size() const;
virtual rva_t& get_rva() const;
virtual hash_t get_hash() const;
// ... fancy c++ stuff here like override's and such
};
// inherit symbol_base_t for symbol_function_t maybe...
class symbol_function_t : public symbol_base_t
{
public:
symbol_function_t();
symbol_function_t(
const std::string& name,
rva_t rva_data
);
}
}
LLOIFF Section Class
The LLOIFF section class does not need to be inheritance based as its really just a container of symbol_base_t's.
namespace llo::iff
{
class section_t
{
std::vector<std::uint8_t> section_data;
std::vector<symbol_base_t> symbols;
std::string section_name;
std::uint32_t section_protections;
public:
// ... constructors...
}
}