diff --git a/Doxyfile b/Doxyfile index a00888f..ae7a141 100644 --- a/Doxyfile +++ b/Doxyfile @@ -1,4 +1,4 @@ -# Doxyfile 1.9.1 +# Doxyfile 1.9.3 # This file describes the settings to be used by the documentation system # doxygen (www.doxygen.org) for a project. @@ -44,14 +44,14 @@ PROJECT_NUMBER = v3.0 # for a project that appears at the top of each page and should give viewer a # quick idea about the purpose of the project. Keep the description short. -PROJECT_BRIEF = "Jit linker, mapper, obfuscator, and mutator" +PROJECT_BRIEF = "Jit linker, symbol mapper, and obfuscator" # With the PROJECT_LOGO tag one can specify a logo or an icon that is included # in the documentation. The maximum height of the logo should not exceed 55 # pixels and the maximum width should not exceed 200 pixels. Doxygen will copy # the logo to the output directory. -PROJECT_LOGO = +PROJECT_LOGO = doxygen/icon.png # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) path # into which the generated documentation will be written. If a relative path is @@ -93,14 +93,6 @@ ALLOW_UNICODE_NAMES = NO OUTPUT_LANGUAGE = English -# The OUTPUT_TEXT_DIRECTION tag is used to specify the direction in which all -# documentation generated by doxygen is written. Doxygen will use this -# information to generate all generated output in the proper direction. -# Possible values are: None, LTR, RTL and Context. -# The default value is: None. - -OUTPUT_TEXT_DIRECTION = None - # If the BRIEF_MEMBER_DESC tag is set to YES, doxygen will include brief member # descriptions after the members that are listed in the file and class # documentation (similar to Javadoc). Set to NO to disable this. @@ -258,16 +250,16 @@ TAB_SIZE = 4 # the documentation. An alias has the form: # name=value # For example adding -# "sideeffect=@par Side Effects:\n" +# "sideeffect=@par Side Effects:^^" # will allow you to put the command \sideeffect (or @sideeffect) in the # documentation, which will result in a user-defined paragraph with heading -# "Side Effects:". You can put \n's in the value part of an alias to insert -# newlines (in the resulting output). You can put ^^ in the value part of an -# alias to insert a newline as if a physical newline was in the original file. -# When you need a literal { or } or , in the value part of an alias you have to -# escape them by means of a backslash (\), this can lead to conflicts with the -# commands \{ and \} for these it is advised to use the version @{ and @} or use -# a double escape (\\{ and \\}) +# "Side Effects:". Note that you cannot put \n's in the value part of an alias +# to insert newlines (in the resulting output). You can put ^^ in the value part +# of an alias to insert a newline as if a physical newline was in the original +# file. When you need a literal { or } or , in the value part of an alias you +# have to escape them by means of a backslash (\), this can lead to conflicts +# with the commands \{ and \} for these it is advised to use the version @{ and +# @} or use a double escape (\\{ and \\}) ALIASES = @@ -277,7 +269,7 @@ ALIASES = # members will be omitted, etc. # The default value is: NO. -OPTIMIZE_OUTPUT_FOR_C = NO +OPTIMIZE_OUTPUT_FOR_C = YES # Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java or # Python sources only. Doxygen will then generate output that is more tailored @@ -312,8 +304,8 @@ OPTIMIZE_OUTPUT_SLICE = NO # extension. Doxygen has a built-in mapping, but you can override or extend it # using this tag. The format is ext=language, where ext is a file extension, and # language is one of the parsers supported by doxygen: IDL, Java, JavaScript, -# Csharp (C#), C, C++, D, PHP, md (Markdown), Objective-C, Python, Slice, VHDL, -# Fortran (fixed format Fortran: FortranFixed, free formatted Fortran: +# Csharp (C#), C, C++, Lex, D, PHP, md (Markdown), Objective-C, Python, Slice, +# VHDL, Fortran (fixed format Fortran: FortranFixed, free formatted Fortran: # FortranFree, unknown formatted Fortran: Fortran. In the later case the parser # tries to guess whether the code is fixed or free formatted code, this is the # default for Fortran type files). For instance to make doxygen treat .inc files @@ -466,7 +458,7 @@ LOOKUP_CACHE_SIZE = 0 # than 0 to get more control over the balance between CPU load and processing # speed. At this moment only the input processing can be done using multiple # threads. Since this is still an experimental feature the default is set to 1, -# which efficively disables parallel processing. Please report any issues you +# which effectively disables parallel processing. Please report any issues you # encounter. Generating dot graphs in parallel is controlled by the # DOT_NUM_THREADS setting. # Minimum value: 0, maximum value: 32, default value: 1. @@ -610,6 +602,12 @@ HIDE_SCOPE_NAMES = NO HIDE_COMPOUND_REFERENCE= NO +# If the SHOW_HEADERFILE tag is set to YES then the documentation for a class +# will show which file needs to be included to use the class. +# The default value is: YES. + +SHOW_HEADERFILE = YES + # If the SHOW_INCLUDE_FILES tag is set to YES then doxygen will put a list of # the files that are included by a file in the documentation of that file. # The default value is: YES. @@ -627,7 +625,7 @@ SHOW_GROUPED_MEMB_INC = NO # files with double quotes in the documentation rather than with sharp brackets. # The default value is: NO. -FORCE_LOCAL_INCLUDES = NO +FORCE_LOCAL_INCLUDES = YES # If the INLINE_INFO tag is set to YES then a tag [inline] is inserted in the # documentation for inline members. @@ -767,7 +765,8 @@ FILE_VERSION_FILTER = # output files in an output format independent way. To create the layout file # that represents doxygen's defaults, run doxygen with the -l option. You can # optionally specify a file name after the option, if omitted DoxygenLayout.xml -# will be used as the name of the layout file. +# will be used as the name of the layout file. See also section "Changing the +# layout of pages" for information. # # Note that if you run doxygen from a directory containing a file called # DoxygenLayout.xml, doxygen will parse it automatically even if the LAYOUT_FILE @@ -813,18 +812,26 @@ WARNINGS = YES WARN_IF_UNDOCUMENTED = YES # If the WARN_IF_DOC_ERROR tag is set to YES, doxygen will generate warnings for -# potential errors in the documentation, such as not documenting some parameters -# in a documented function, or documenting parameters that don't exist or using -# markup commands wrongly. +# potential errors in the documentation, such as documenting some parameters in +# a documented function twice, or documenting parameters that don't exist or +# using markup commands wrongly. # The default value is: YES. WARN_IF_DOC_ERROR = YES +# If WARN_IF_INCOMPLETE_DOC is set to YES, doxygen will warn about incomplete +# function parameter documentation. If set to NO, doxygen will accept that some +# parameters have no documentation without warning. +# The default value is: YES. + +WARN_IF_INCOMPLETE_DOC = YES + # This WARN_NO_PARAMDOC option can be enabled to get warnings for functions that # are documented, but have no documentation for their parameters or return -# value. If set to NO, doxygen will only warn about wrong or incomplete -# parameter documentation, but not about the absence of documentation. If -# EXTRACT_ALL is set to YES then this flag will automatically be disabled. +# value. If set to NO, doxygen will only warn about wrong parameter +# documentation, but not about the absence of documentation. If EXTRACT_ALL is +# set to YES then this flag will automatically be disabled. See also +# WARN_IF_INCOMPLETE_DOC # The default value is: NO. WARN_NO_PARAMDOC = NO @@ -850,7 +857,10 @@ WARN_FORMAT = "$file:$line: $text" # The WARN_LOGFILE tag can be used to specify a file to which warning and error # messages should be written. If left blank the output is written to standard -# error (stderr). +# error (stderr). In case the file specified cannot be opened for writing the +# warning and error messages are written to standard error. When as file - is +# specified the warning and error messages are written to standard output +# (stdout). WARN_LOGFILE = @@ -892,10 +902,10 @@ INPUT_ENCODING = UTF-8 # # If left blank the following patterns are tested:*.c, *.cc, *.cxx, *.cpp, # *.c++, *.java, *.ii, *.ixx, *.ipp, *.i++, *.inl, *.idl, *.ddl, *.odl, *.h, -# *.hh, *.hxx, *.hpp, *.h++, *.cs, *.d, *.php, *.php4, *.php5, *.phtml, *.inc, -# *.m, *.markdown, *.md, *.mm, *.dox (to be provided as doxygen C comment), -# *.py, *.pyw, *.f90, *.f95, *.f03, *.f08, *.f18, *.f, *.for, *.vhd, *.vhdl, -# *.ucf, *.qsf and *.ice. +# *.hh, *.hxx, *.hpp, *.h++, *.l, *.cs, *.d, *.php, *.php4, *.php5, *.phtml, +# *.inc, *.m, *.markdown, *.md, *.mm, *.dox (to be provided as doxygen C +# comment), *.py, *.pyw, *.f90, *.f95, *.f03, *.f08, *.f18, *.f, *.for, *.vhd, +# *.vhdl, *.ucf, *.qsf and *.ice. FILE_PATTERNS = *.c \ *.cc \ @@ -978,7 +988,7 @@ EXCLUDE_PATTERNS = # (namespaces, classes, functions, etc.) that should be excluded from the # output. The symbol name can be a fully qualified name, a word, or if the # wildcard * is used, a substring. Examples: ANamespace, AClass, -# AClass::ANamespace, ANamespace::*Test +# ANamespace::AClass, ANamespace::*Test # # Note that the wildcards are matched against the file with absolute path, so to # exclude all test directories use the pattern */test/* @@ -1091,19 +1101,19 @@ INLINE_SOURCES = YES # Fortran comments will always remain visible. # The default value is: YES. -STRIP_CODE_COMMENTS = YES +STRIP_CODE_COMMENTS = NO # If the REFERENCED_BY_RELATION tag is set to YES then for each documented # entity all documented functions referencing it will be listed. # The default value is: NO. -REFERENCED_BY_RELATION = NO +REFERENCED_BY_RELATION = YES # If the REFERENCES_RELATION tag is set to YES then for each documented function # all documented entities called/used by that function will be listed. # The default value is: NO. -REFERENCES_RELATION = NO +REFERENCES_RELATION = YES # If the REFERENCES_LINK_SOURCE tag is set to YES and SOURCE_BROWSER tag is set # to YES then the hyperlinks from functions in REFERENCES_RELATION and @@ -1121,7 +1131,7 @@ REFERENCES_LINK_SOURCE = YES # The default value is: YES. # This tag requires that the tag SOURCE_BROWSER is set to YES. -SOURCE_TOOLTIPS = YES +SOURCE_TOOLTIPS = NO # If the USE_HTAGS tag is set to YES then the references to source code will # point to the HTML generated by the htags(1) tool instead of doxygen built-in @@ -1143,7 +1153,7 @@ SOURCE_TOOLTIPS = YES # The default value is: NO. # This tag requires that the tag SOURCE_BROWSER is set to YES. -USE_HTAGS = YES +USE_HTAGS = NO # If the VERBATIM_HEADERS tag is set the YES then doxygen will generate a # verbatim copy of the header file for each class for which an include is @@ -1164,9 +1174,11 @@ VERBATIM_HEADERS = YES CLANG_ASSISTED_PARSING = NO -# If clang assisted parsing is enabled and the CLANG_ADD_INC_PATHS tag is set to -# YES then doxygen will add the directory of each input to the include path. +# If the CLANG_ASSISTED_PARSING tag is set to YES and the CLANG_ADD_INC_PATHS +# tag is set to YES then doxygen will add the directory of each input to the +# include path. # The default value is: YES. +# This tag requires that the tag CLANG_ASSISTED_PARSING is set to YES. CLANG_ADD_INC_PATHS = YES @@ -1301,7 +1313,7 @@ HTML_EXTRA_FILES = # The HTML_COLORSTYLE_HUE tag controls the color of the HTML output. Doxygen # will adjust the colors in the style sheet and background images according to -# this color. Hue is specified as an angle on a colorwheel, see +# this color. Hue is specified as an angle on a color-wheel, see # https://en.wikipedia.org/wiki/Hue for more information. For instance the value # 0 represents red, 60 is yellow, 120 is green, 180 is cyan, 240 is blue, 300 # purple, and 360 is red again. @@ -1311,7 +1323,7 @@ HTML_EXTRA_FILES = HTML_COLORSTYLE_HUE = 220 # The HTML_COLORSTYLE_SAT tag controls the purity (or saturation) of the colors -# in the HTML output. For a value of 0 the output will use grayscales only. A +# in the HTML output. For a value of 0 the output will use gray-scales only. A # value of 255 will produce the most vivid colors. # Minimum value: 0, maximum value: 255, default value: 100. # This tag requires that the tag GENERATE_HTML is set to YES. @@ -1393,6 +1405,13 @@ GENERATE_DOCSET = NO DOCSET_FEEDNAME = "Doxygen generated docs" +# This tag determines the URL of the docset feed. A documentation feed provides +# an umbrella under which multiple documentation sets from a single provider +# (such as a company or product suite) can be grouped. +# This tag requires that the tag GENERATE_DOCSET is set to YES. + +DOCSET_FEEDURL = + # This tag specifies a string that should uniquely identify the documentation # set bundle. This should be a reverse domain-name style string, e.g. # com.mycompany.MyDocSet. Doxygen will append .docset to the name. @@ -1418,8 +1437,12 @@ DOCSET_PUBLISHER_NAME = Publisher # If the GENERATE_HTMLHELP tag is set to YES then doxygen generates three # additional HTML index files: index.hhp, index.hhc, and index.hhk. The # index.hhp is a project file that can be read by Microsoft's HTML Help Workshop -# (see: -# https://www.microsoft.com/en-us/download/details.aspx?id=21138) on Windows. +# on Windows. In the beginning of 2021 Microsoft took the original page, with +# a.o. the download links, offline the HTML help workshop was already many years +# in maintenance mode). You can download the HTML help workshop from the web +# archives at Installation executable (see: +# http://web.archive.org/web/20160201063255/http://download.microsoft.com/downlo +# ad/0/A/9/0A939EF6-E31C-430F-A3DF-DFAE7960D564/htmlhelp.exe). # # The HTML Help Workshop contains a compiler that can convert all HTML output # generated by doxygen into a single compiled HTML file (.chm). Compiled HTML @@ -1578,16 +1601,28 @@ DISABLE_INDEX = NO # to work a browser that supports JavaScript, DHTML, CSS and frames is required # (i.e. any modern browser). Windows users are probably better off using the # HTML help feature. Via custom style sheets (see HTML_EXTRA_STYLESHEET) one can -# further fine-tune the look of the index. As an example, the default style -# sheet generated by doxygen has an example that shows how to put an image at -# the root of the tree instead of the PROJECT_NAME. Since the tree basically has -# the same information as the tab index, you could consider setting -# DISABLE_INDEX to YES when enabling this option. +# further fine tune the look of the index (see "Fine-tuning the output"). As an +# example, the default style sheet generated by doxygen has an example that +# shows how to put an image at the root of the tree instead of the PROJECT_NAME. +# Since the tree basically has the same information as the tab index, you could +# consider setting DISABLE_INDEX to YES when enabling this option. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. GENERATE_TREEVIEW = NO +# When both GENERATE_TREEVIEW and DISABLE_INDEX are set to YES, then the +# FULL_SIDEBAR option determines if the side bar is limited to only the treeview +# area (value NO) or if it should extend to the full height of the window (value +# YES). Setting this to YES gives a layout similar to +# https://docs.readthedocs.io with more room for contents, but less room for the +# project logo, title, and description. If either GENERATE_TREEVIEW or +# DISABLE_INDEX is set to NO, this option has no effect. +# The default value is: NO. +# This tag requires that the tag GENERATE_HTML is set to YES. + +FULL_SIDEBAR = NO + # The ENUM_VALUES_PER_LINE tag can be used to set the number of enum values that # doxygen will group on one line in the generated HTML documentation. # @@ -1612,6 +1647,13 @@ TREEVIEW_WIDTH = 250 EXT_LINKS_IN_WINDOW = NO +# If the OBFUSCATE_EMAILS tag is set to YES, doxygen will obfuscate email +# addresses. +# The default value is: YES. +# This tag requires that the tag GENERATE_HTML is set to YES. + +OBFUSCATE_EMAILS = YES + # If the HTML_FORMULA_FORMAT option is set to svg, doxygen will use the pdf2svg # tool (see https://github.com/dawbarton/pdf2svg) or inkscape (see # https://inkscape.org) to generate formulas as SVG images instead of PNGs for @@ -1660,11 +1702,29 @@ FORMULA_MACROFILE = USE_MATHJAX = NO +# With MATHJAX_VERSION it is possible to specify the MathJax version to be used. +# Note that the different versions of MathJax have different requirements with +# regards to the different settings, so it is possible that also other MathJax +# settings have to be changed when switching between the different MathJax +# versions. +# Possible values are: MathJax_2 and MathJax_3. +# The default value is: MathJax_2. +# This tag requires that the tag USE_MATHJAX is set to YES. + +MATHJAX_VERSION = MathJax_2 + # When MathJax is enabled you can set the default output format to be used for -# the MathJax output. See the MathJax site (see: -# http://docs.mathjax.org/en/v2.7-latest/output.html) for more details. +# the MathJax output. For more details about the output format see MathJax +# version 2 (see: +# http://docs.mathjax.org/en/v2.7-latest/output.html) and MathJax version 3 +# (see: +# http://docs.mathjax.org/en/latest/web/components/output.html). # Possible values are: HTML-CSS (which is slower, but has the best -# compatibility), NativeMML (i.e. MathML) and SVG. +# compatibility. This is the name for Mathjax version 2, for MathJax version 3 +# this will be translated into chtml), NativeMML (i.e. MathML. Only supported +# for NathJax 2. For MathJax version 3 chtml will be used instead.), chtml (This +# is the name for Mathjax version 3, for MathJax version 2 this will be +# translated into HTML-CSS) and SVG. # The default value is: HTML-CSS. # This tag requires that the tag USE_MATHJAX is set to YES. @@ -1677,15 +1737,21 @@ MATHJAX_FORMAT = HTML-CSS # MATHJAX_RELPATH should be ../mathjax. The default value points to the MathJax # Content Delivery Network so you can quickly see the result without installing # MathJax. However, it is strongly recommended to install a local copy of -# MathJax from https://www.mathjax.org before deployment. -# The default value is: https://cdn.jsdelivr.net/npm/mathjax@2. +# MathJax from https://www.mathjax.org before deployment. The default value is: +# - in case of MathJax version 2: https://cdn.jsdelivr.net/npm/mathjax@2 +# - in case of MathJax version 3: https://cdn.jsdelivr.net/npm/mathjax@3 # This tag requires that the tag USE_MATHJAX is set to YES. MATHJAX_RELPATH = https://cdn.jsdelivr.net/npm/mathjax@2 # The MATHJAX_EXTENSIONS tag can be used to specify one or more MathJax # extension names that should be enabled during MathJax rendering. For example +# for MathJax version 2 (see +# https://docs.mathjax.org/en/v2.7-latest/tex.html#tex-and-latex-extensions): # MATHJAX_EXTENSIONS = TeX/AMSmath TeX/AMSsymbols +# For example for MathJax version 3 (see +# http://docs.mathjax.org/en/latest/input/tex/extensions/index.html): +# MATHJAX_EXTENSIONS = ams # This tag requires that the tag USE_MATHJAX is set to YES. MATHJAX_EXTENSIONS = @@ -1865,29 +1931,31 @@ PAPER_TYPE = a4 EXTRA_PACKAGES = -# The LATEX_HEADER tag can be used to specify a personal LaTeX header for the -# generated LaTeX document. The header should contain everything until the first -# chapter. If it is left blank doxygen will generate a standard header. See -# section "Doxygen usage" for information on how to let doxygen write the -# default header to a separate file. +# The LATEX_HEADER tag can be used to specify a user-defined LaTeX header for +# the generated LaTeX document. The header should contain everything until the +# first chapter. If it is left blank doxygen will generate a standard header. It +# is highly recommended to start with a default header using +# doxygen -w latex new_header.tex new_footer.tex new_stylesheet.sty +# and then modify the file new_header.tex. See also section "Doxygen usage" for +# information on how to generate the default header that doxygen normally uses. # -# Note: Only use a user-defined header if you know what you are doing! The -# following commands have a special meaning inside the header: $title, -# $datetime, $date, $doxygenversion, $projectname, $projectnumber, -# $projectbrief, $projectlogo. Doxygen will replace $title with the empty -# string, for the replacement values of the other commands the user is referred -# to HTML_HEADER. +# Note: Only use a user-defined header if you know what you are doing! +# Note: The header is subject to change so you typically have to regenerate the +# default header when upgrading to a newer version of doxygen. The following +# commands have a special meaning inside the header (and footer): For a +# description of the possible markers and block names see the documentation. # This tag requires that the tag GENERATE_LATEX is set to YES. LATEX_HEADER = -# The LATEX_FOOTER tag can be used to specify a personal LaTeX footer for the -# generated LaTeX document. The footer should contain everything after the last -# chapter. If it is left blank doxygen will generate a standard footer. See +# The LATEX_FOOTER tag can be used to specify a user-defined LaTeX footer for +# the generated LaTeX document. The footer should contain everything after the +# last chapter. If it is left blank doxygen will generate a standard footer. See # LATEX_HEADER for more information on how to generate a default footer and what -# special commands can be used inside the footer. -# -# Note: Only use a user-defined footer if you know what you are doing! +# special commands can be used inside the footer. See also section "Doxygen +# usage" for information on how to generate the default footer that doxygen +# normally uses. Note: Only use a user-defined footer if you know what you are +# doing! # This tag requires that the tag GENERATE_LATEX is set to YES. LATEX_FOOTER = @@ -1932,8 +2000,7 @@ USE_PDFLATEX = YES # If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \batchmode # command to the generated LaTeX files. This will instruct LaTeX to keep running -# if errors occur, instead of asking the user for help. This option is also used -# when generating formulas in HTML. +# if errors occur, instead of asking the user for help. # The default value is: NO. # This tag requires that the tag GENERATE_LATEX is set to YES. @@ -1946,16 +2013,6 @@ LATEX_BATCHMODE = NO LATEX_HIDE_INDICES = NO -# If the LATEX_SOURCE_CODE tag is set to YES then doxygen will include source -# code with syntax highlighting in the LaTeX output. -# -# Note that which sources are shown also depends on other settings such as -# SOURCE_BROWSER. -# The default value is: NO. -# This tag requires that the tag GENERATE_LATEX is set to YES. - -LATEX_SOURCE_CODE = NO - # The LATEX_BIB_STYLE tag can be used to specify the style to use for the # bibliography, e.g. plainnat, or ieeetr. See # https://en.wikipedia.org/wiki/BibTeX and \cite for more info. @@ -2036,16 +2093,6 @@ RTF_STYLESHEET_FILE = RTF_EXTENSIONS_FILE = -# If the RTF_SOURCE_CODE tag is set to YES then doxygen will include source code -# with syntax highlighting in the RTF output. -# -# Note that which sources are shown also depends on other settings such as -# SOURCE_BROWSER. -# The default value is: NO. -# This tag requires that the tag GENERATE_RTF is set to YES. - -RTF_SOURCE_CODE = NO - #--------------------------------------------------------------------------- # Configuration options related to the man page output #--------------------------------------------------------------------------- @@ -2142,15 +2189,6 @@ GENERATE_DOCBOOK = NO DOCBOOK_OUTPUT = docbook -# If the DOCBOOK_PROGRAMLISTING tag is set to YES, doxygen will include the -# program listings (including syntax highlighting and cross-referencing -# information) to the DOCBOOK output. Note that enabling this will significantly -# increase the size of the DOCBOOK output. -# The default value is: NO. -# This tag requires that the tag GENERATE_DOCBOOK is set to YES. - -DOCBOOK_PROGRAMLISTING = NO - #--------------------------------------------------------------------------- # Configuration options for the AutoGen Definitions output #--------------------------------------------------------------------------- @@ -2333,15 +2371,6 @@ EXTERNAL_PAGES = YES # Configuration options related to the dot tool #--------------------------------------------------------------------------- -# If the CLASS_DIAGRAMS tag is set to YES, doxygen will generate a class diagram -# (in HTML and LaTeX) for classes with base or super classes. Setting the tag to -# NO turns the diagrams off. Note that this option also works with HAVE_DOT -# disabled, but it is recommended to install and use dot, since it yields more -# powerful graphs. -# The default value is: YES. - -CLASS_DIAGRAMS = YES - # You can include diagrams made with dia in doxygen documentation. Doxygen will # then run dia to produce the diagram and insert it in the documentation. The # DIA_PATH tag allows you to specify the directory where the dia binary resides. @@ -2398,11 +2427,14 @@ DOT_FONTSIZE = 10 DOT_FONTPATH = -# If the CLASS_GRAPH tag is set to YES then doxygen will generate a graph for -# each documented class showing the direct and indirect inheritance relations. -# Setting this tag to YES will force the CLASS_DIAGRAMS tag to NO. +# If the CLASS_GRAPH tag is set to YES (or GRAPH) then doxygen will generate a +# graph for each documented class showing the direct and indirect inheritance +# relations. In case HAVE_DOT is set as well dot will be used to draw the graph, +# otherwise the built-in generator will be used. If the CLASS_GRAPH tag is set +# to TEXT the direct and indirect inheritance relations will be shown as texts / +# links. +# Possible values are: NO, YES, TEXT and GRAPH. # The default value is: YES. -# This tag requires that the tag HAVE_DOT is set to YES. CLASS_GRAPH = YES @@ -2531,6 +2563,13 @@ GRAPHICAL_HIERARCHY = YES DIRECTORY_GRAPH = YES +# The DIR_GRAPH_MAX_DEPTH tag can be used to limit the maximum number of levels +# of child directories generated in directory dependency graphs by dot. +# Minimum value: 1, maximum value: 25, default value: 1. +# This tag requires that the tag DIRECTORY_GRAPH is set to YES. + +DIR_GRAPH_MAX_DEPTH = 1 + # The DOT_IMAGE_FORMAT tag can be used to set the image format of the images # generated by dot. For an explanation of the image formats see the section # output formats in the documentation of the dot tool (Graphviz (see: @@ -2584,10 +2623,10 @@ MSCFILE_DIRS = DIAFILE_DIRS = # When using plantuml, the PLANTUML_JAR_PATH tag should be used to specify the -# path where java can find the plantuml.jar file. If left blank, it is assumed -# PlantUML is not used or called during a preprocessing step. Doxygen will -# generate a warning when it encounters a \startuml command in this case and -# will not generate output for the diagram. +# path where java can find the plantuml.jar file or to the filename of jar file +# to be used. If left blank, it is assumed PlantUML is not used or called during +# a preprocessing step. Doxygen will generate a warning when it encounters a +# \startuml command in this case and will not generate output for the diagram. PLANTUML_JAR_PATH = @@ -2649,6 +2688,8 @@ DOT_MULTI_TARGETS = NO # If the GENERATE_LEGEND tag is set to YES doxygen will generate a legend page # explaining the meaning of the various boxes and arrows in the dot generated # graphs. +# Note: This tag requires that UML_LOOK isn't set, i.e. the doxygen internal +# graphical representation for inheritance and collaboration diagrams is used. # The default value is: YES. # This tag requires that the tag HAVE_DOT is set to YES. @@ -2657,8 +2698,8 @@ GENERATE_LEGEND = YES # If the DOT_CLEANUP tag is set to YES, doxygen will remove the intermediate # files that are used to generate the various graphs. # -# Note: This setting is not only used for dot files but also for msc and -# plantuml temporary files. +# Note: This setting is not only used for dot files but also for msc temporary +# files. # The default value is: YES. DOT_CLEANUP = YES diff --git a/README.md b/README.md index 0e8ea0b..13cf6d3 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,7 @@ # Theodosius - Jit linker, Mapper, Mutator, and Obfuscator Theodosius (Theo for short) is a jit linker created for obfuscation. The project is extremely modular in design and supports both kernel and usermode projects. +Theo works with static libraries rather than completely compiled binaries. This allows it to easily position, obfuscate, and scatter symbols anywhere as the project takes the place of the linker. ### Table Of Contents diff --git a/doxygen/html/annotated.html b/doxygen/html/annotated.html index 62e5f0b..1153a6f 100644 --- a/doxygen/html/annotated.html +++ b/doxygen/html/annotated.html @@ -2,10 +2,10 @@ - - + + -Theodosius: Class List +Theodosius: Data Structures @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ + @@ -63,42 +64,41 @@ $(function() {
-
-
Class List
+
Data Structures
-
Here are the classes, structs, unions and interfaces with brief descriptions:
+
Here are the data structures with brief descriptions:
[detail level 1234]
- - - - + + + + - - + + - + - - + + - - - + + + - +
 NtheoThe outer most encompassing namespace of this project
 Ndecompthe namespace that contains all of the decomposition related code
 Cdecomp_tthe main decomposition class which is responsible for breaking down lib file into coff files, and extracted used symbols from the coff files
 Croutine_tthe routine class which is responsible for creating symbols for routines. if the routine is located inside a section with the name ".split" it will break functions into instruction symbols
 NtheoThe outer most encompassing namespace of this project.
 Ndecompthe namespace that contains all of the decomposition related code.
 Cdecomp_tthe main decomposition class which is responsible for breaking down lib file into coff files, and extracted used symbols from the coff files.
 Croutine_tthe routine class which is responsible for creating symbols for routines. if the routine is located inside a section with the name ".split" it will break functions into instruction symbols.
 Csymbol_tsymbol_t is an abstraction upon the coff symbol. this allows for easier manipulation of the symbol. symbols can be different things, sections, functions, and even instructions (when functions are broken down)
 Nobfthis is the main namespace for obfuscation related things
 Ntransformthis namespace encompasses the code for transforming relocations
 Nobfthis is the main namespace for obfuscation related things.
 Ntransformthis namespace encompasses the code for transforming relocations.
 Cadd_op_t
 Coperation_toperation_t is the base class for all types of transformations. classes that inherit this class are singleton and simply call the super constructor (operation_t::operation_t)
 Coperation_toperation_t is the base class for all types of transformations. classes that inherit this class are singleton and simply call the super constructor (operation_t::operation_t).
 Crol_op_t
 Cror_op_t
 Csub_op_t
 Cxor_op_t
 Cengine_tsingleton obfuscation engine class. this class is responsible for keeping track of the registered passes and the order in which to execute them
 Cpass_tthe pass_t class is a base clase for all passes made. you must override the pass_t::run virtual function and declare the logic of your pass there
 Cengine_tsingleton obfuscation engine class. this class is responsible for keeping track of the registered passes and the order in which to execute them.
 Chello_world_pass_thello world pass example of how to inherit pass_t.
 Cjcc_rewrite_pass_tjcc rewrite pass which rewrites rip relative jcc's so that they are position independent
 Cnext_inst_pass_tThis pass is used to generate transformations and jmp code to change RIP to the next instruction
 Creloc_transform_pass_tthis pass is like the next_inst_pass, however, relocations are encrypted with transformations instead of the address of the next instruction. this pass only runs at the instruction level and appends transformations into the reloc_t object of the instruction symbol
 Chello_world_pass_thello world pass example of how to inherit pass_t
 Nrecompthis namespace encompasses all recomposition related code
 Cpass_tthe pass_t class is a base clase for all passes made. you must override the pass_t::run virtual function and declare the logic of your pass there
 Creloc_transform_pass_tthis pass is like the next_inst_pass, however, relocations are encrypted with transformations instead of the address of the next instruction. this pass only runs at the instruction level and appends transformations into the reloc_t object of the instruction symbol
 Nrecompthis namespace encompasses all recomposition related code.
 Crecomp_tthe main class responsible for recomposition
 Creloc_tmeta data about a relocation for a symbol
 Csymbol_table_tthis class is a high level wrapper for a hashmap that contains decomp::symbol_t values. the symbol values are references by a hashcode
 Csymbol_table_tthis class is a high level wrapper for a hashmap that contains decomp::symbol_t values. the symbol values are references by a hashcode.
 Ctheo_tthe main class which encapsulates a symbol table, decomp, and recomp objects. This class is a bridge that connects all three: decomp, obf, recomp
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/classes.html b/doxygen/html/classes.html index daae3ae..9955a8e 100644 --- a/doxygen/html/classes.html +++ b/doxygen/html/classes.html @@ -2,10 +2,10 @@ - - + + -Theodosius: Class Index +Theodosius: Data Structure Index @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
@@ -63,53 +64,52 @@ $(function() {
-
-
Class Index
+
Data Structure Index
A | D | E | H | J | N | O | P | R | S | T | X
-
A
+
A
add_op_t (theo::obf::transform)
-
D
+
D
decomp_t (theo::decomp)
-
E
+
E
engine_t (theo::obf)
-
H
+
H
hello_world_pass_t (theo::obf)
-
J
+
J
jcc_rewrite_pass_t (theo::obf)
-
N
+
N
next_inst_pass_t (theo::obf)
-
O
+
O
operation_t (theo::obf::transform)
-
P
+
P
pass_t (theo::obf)
-
R
+
R
recomp_t (theo::recomp)
reloc_t (theo::recomp)
reloc_transform_pass_t (theo::obf)
rol_op_t (theo::obf::transform)
ror_op_t (theo::obf::transform)
routine_t (theo::decomp)
-
S
+
S
sub_op_t (theo::obf::transform)
symbol_t (theo::decomp)
symbol_table_t (theo::recomp)
-
T
+
T
theo_t (theo)
-
X
+
X
xor_op_t (theo::obf::transform)
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d0/d08/classtheo_1_1obf_1_1pass__t-members.html b/doxygen/html/d0/d08/classtheo_1_1obf_1_1pass__t-members.html index 4807e2e..972fb87 100644 --- a/doxygen/html/d0/d08/classtheo_1_1obf_1_1pass__t-members.html +++ b/doxygen/html/d0/d08/classtheo_1_1obf_1_1pass__t-members.html @@ -2,8 +2,8 @@ - - + + Theodosius: Member List @@ -19,10 +19,10 @@
- - + + @@ -31,21 +31,22 @@
-
Theodosius -  v3.0 +
+
Theodosius v3.0
Jit linker, mapper, obfuscator, and mutator
- + +/* @license-end */ +
-
-
theo::obf::pass_t Member List
+
theo::obf::pass_t Member List

This is the complete list of members for theo::obf::pass_t, including all inherited members.

- +
pass_t(decomp::sym_type_t sym_type)theo::obf::pass_tinlineexplicit
run(decomp::symbol_t *sym)=0theo::obf::pass_tpure virtual
run(decomp::symbol_t *sym)=0theo::obf::pass_tpure virtual
sym_type()theo::obf::pass_tinline
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d0/d18/_demo_01_example_01_using_01_theo_8md.html b/doxygen/html/d0/d18/_demo_01_example_01_using_01_theo_8md.html index 9d82b73..5f06321 100644 --- a/doxygen/html/d0/d18/_demo_01_example_01_using_01_theo_8md.html +++ b/doxygen/html/d0/d18/_demo_01_example_01_using_01_theo_8md.html @@ -2,8 +2,8 @@ - - + + Theodosius: examples/demo/Demo Example Using Theo.md File Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-
-
examples/demo/Demo Example Using Theo.md File Reference
+
examples/demo/Demo Example Using Theo.md File Reference
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d0/d5e/symbol__table_8hpp.html b/doxygen/html/d0/d5e/symbol__table_8hpp.html index daebcab..a58638c 100644 --- a/doxygen/html/d0/d5e/symbol__table_8hpp.html +++ b/doxygen/html/d0/d5e/symbol__table_8hpp.html @@ -2,8 +2,8 @@ - - + + Theodosius: include/recomp/symbol_table.hpp File Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-Classes | +Data Structures | Namespaces
-
-
symbol_table.hpp File Reference
+
symbol_table.hpp File Reference
#include <algorithm>
@@ -79,29 +79,29 @@ $(function() { #include <map>
#include <optional>
#include <vector>
-#include <decomp/symbol.hpp>
+#include <decomp/symbol.hpp>
-

Go to the source code of this file.

+

Go to the source code of this file.

- +

-Classes

+Data Structures

class  theo::recomp::symbol_table_t
 this class is a high level wrapper for a hashmap that contains decomp::symbol_t values. the symbol values are references by a hashcode. More...
 
- - + - +

+

Namespaces

 theo
namespace  theo
 The outer most encompassing namespace of this project.
 
 theo::recomp
namespace  theo::recomp
 this namespace encompasses all recomposition related code.
 
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d0/d5e/symbol__table_8hpp_source.html b/doxygen/html/d0/d5e/symbol__table_8hpp_source.html new file mode 100644 index 0000000..5dbcf17 --- /dev/null +++ b/doxygen/html/d0/d5e/symbol__table_8hpp_source.html @@ -0,0 +1,185 @@ + + + + + + + +Theodosius: include/recomp/symbol_table.hpp Source File + + + + + + + + + +
+
+ + + + + + + +
+
Theodosius v3.0 +
+
Jit linker, symbol mapper, and obfuscator
+
+
+ + + + + + + + +
+
+ + +
+ +
+ + +
+
+
symbol_table.hpp
+
+
+Go to the documentation of this file.
1// Copyright (c) 2022, _xeroxz
+
2// All rights reserved.
+
3//
+
4// Redistribution and use in source and binary forms, with or without
+
5// modification, are permitted provided that the following conditions are met:
+
6//
+
7// 1. Redistributions of source code must retain the above copyright notice,
+
8// this list of conditions and the following disclaimer.
+
9//
+
10// 2. Redistributions in binary form must reproduce the above copyright notice,
+
11// this list of conditions and the following disclaimer in the documentation
+
12// and/or other materials provided with the distribution.
+
13//
+
14// 3. Neither the name of the copyright holder nor the names of its
+
15// contributors may be used to endorse or promote products derived from
+
16// this software without specific prior written permission.
+
17//
+
18// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+
19// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+
20// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+
21// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+
22// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+
23// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+
24// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+
25// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+
26// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+
27// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+
28// POSSIBILITY OF SUCH DAMAGE.
+
29//
+
30
+
31#pragma once
+
32#include <algorithm>
+
33#include <functional>
+
34#include <map>
+
35#include <optional>
+
36#include <vector>
+
37
+
38#include <decomp/symbol.hpp>
+
39
+
40namespace theo::recomp {
+
41/// <summary>
+
42/// this class is a high level wrapper for a hashmap that contains
+
43/// decomp::symbol_t values. the symbol values are references by a hashcode.
+
44/// </summary>
+
45class symbol_table_t {
+
46 public:
+
47 /// <summary>
+
48 /// default constructor. does nothing.
+
49 /// </summary>
+
50 symbol_table_t() {}
+
51
+
52 /// <summary>
+
53 /// this constructor will populate the m_table private field with symbols.
+
54 /// </summary>
+
55 /// <param name="syms">vector of decomp::symbol_t</param>
+
56 symbol_table_t(const std::vector<decomp::symbol_t>&& syms);
+
57
+
58 /// <summary>
+
59 /// add symbol to m_table
+
60 /// </summary>
+
61 /// <param name="sym">symbol to be added.</param>
+
62 void put_symbol(decomp::symbol_t& sym);
+
63
+
64 /// <summary>
+
65 /// add a vector of symbol to m_table
+
66 /// </summary>
+
67 /// <param name="syms"></param>
+
68 void put_symbols(std::vector<decomp::symbol_t>& syms);
+
69
+
70 /// <summary>
+
71 /// returns an optional pointer to a symbol from the symbol table given the
+
72 /// symbols hash (hash of its name) the hash is produced by
+
73 /// theo::decomp::symbol_t::hash
+
74 /// </summary>
+
75 /// <param name="hash">hashcode of the symbol to get from the symbol
+
76 /// table...</param> <returns>returns an optional pointer to a
+
77 /// theo::decomp::symbol_t</returns>
+
78 std::optional<decomp::symbol_t*> sym_from_hash(std::size_t hash);
+
79
+
80 /// <summary>
+
81 /// returns an optional pointer to a symbol given its allocation location.
+
82 /// </summary>
+
83 /// <param name="allocated_at">the address where the symbol is allocated
+
84 /// at.</param> <returns>returns an optional pointer to a
+
85 /// theo::decomp::symbol_t</returns>
+
86 std::optional<decomp::symbol_t*> sym_from_alloc(std::uintptr_t allocated_at);
+
87
+
88 /// <summary>
+
89 /// this function is a wrapper function that allows you to get at each entry
+
90 /// in the symbol table by reference.
+
91 /// </summary>
+
92 /// <param name="fn">a callback function that will be called for each
+
93 /// symbol</param>
+
94 void for_each(std::function<void(decomp::symbol_t& sym)> fn);
+
95
+
96 /// <summary>
+
97 /// returns the size of the symbol table.
+
98 /// </summary>
+
99 /// <returns>returns the size of the symbol table.</returns>
+
100 std::uint32_t size();
+
101
+
102 private:
+
103 std::map<std::size_t, decomp::symbol_t> m_table;
+
104};
+
105} // namespace theo::recomp
+
+ +
+Generated by doxygen 1.9.3 +
+ + diff --git a/doxygen/html/d0/da4/xor__op_8hpp.html b/doxygen/html/d0/da4/xor__op_8hpp.html index eb36c53..50c9c38 100644 --- a/doxygen/html/d0/da4/xor__op_8hpp.html +++ b/doxygen/html/d0/da4/xor__op_8hpp.html @@ -2,8 +2,8 @@ - - + + Theodosius: include/obf/transform/xor_op.hpp File Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-Classes | +Data Structures | Namespaces
-
-
xor_op.hpp File Reference
+
xor_op.hpp File Reference
-
#include <obf/transform/operation.hpp>
+
#include <obf/transform/operation.hpp>
-

Go to the source code of this file.

+

Go to the source code of this file.

- +

-Classes

+Data Structures

class  theo::obf::transform::xor_op_t
 
- - + - + - +

+

Namespaces

 theo
namespace  theo
 The outer most encompassing namespace of this project.
 
 theo::obf
namespace  theo::obf
 this is the main namespace for obfuscation related things.
 
 theo::obf::transform
namespace  theo::obf::transform
 this namespace encompasses the code for transforming relocations.
 
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d0/da4/xor__op_8hpp_source.html b/doxygen/html/d0/da4/xor__op_8hpp_source.html new file mode 100644 index 0000000..09af067 --- /dev/null +++ b/doxygen/html/d0/da4/xor__op_8hpp_source.html @@ -0,0 +1,127 @@ + + + + + + + +Theodosius: include/obf/transform/xor_op.hpp Source File + + + + + + + + + +
+
+ + + + + + + +
+
Theodosius v3.0 +
+
Jit linker, symbol mapper, and obfuscator
+
+
+ + + + + + + + +
+
+ + +
+ +
+ + +
+
+
xor_op.hpp
+
+
+Go to the documentation of this file.
1// Copyright (c) 2022, _xeroxz
+
2// All rights reserved.
+
3//
+
4// Redistribution and use in source and binary forms, with or without
+
5// modification, are permitted provided that the following conditions are met:
+
6//
+
7// 1. Redistributions of source code must retain the above copyright notice,
+
8// this list of conditions and the following disclaimer.
+
9//
+
10// 2. Redistributions in binary form must reproduce the above copyright notice,
+
11// this list of conditions and the following disclaimer in the documentation
+
12// and/or other materials provided with the distribution.
+
13//
+
14// 3. Neither the name of the copyright holder nor the names of its
+
15// contributors may be used to endorse or promote products derived from
+
16// this software without specific prior written permission.
+
17//
+
18// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+
19// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+
20// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+
21// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+
22// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+
23// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+
24// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+
25// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+
26// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+
27// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+
28// POSSIBILITY OF SUCH DAMAGE.
+
29//
+
30
+
31#pragma once
+
32#include <obf/transform/operation.hpp>
+
33
+
34namespace theo::obf::transform {
+
35class xor_op_t : public operation_t {
+
36 explicit xor_op_t()
+
37 : operation_t([&](std::size_t val,
+
38 std::uint32_t imm) -> std::size_t { return val ^ imm; },
+
39 XED_ICLASS_XOR) {}
+
40
+
41 public:
+
42 static xor_op_t* get() {
+
43 static xor_op_t obj;
+
44 return &obj;
+
45 }
+
46};
+
47} // namespace theo::obf::transform
+
+ +
+Generated by doxygen 1.9.3 +
+ + diff --git a/doxygen/html/d1/d82/reloc_8hpp.html b/doxygen/html/d1/d82/reloc_8hpp.html index 2f5c064..ae731a6 100644 --- a/doxygen/html/d1/d82/reloc_8hpp.html +++ b/doxygen/html/d1/d82/reloc_8hpp.html @@ -2,8 +2,8 @@ - - + + Theodosius: include/recomp/reloc.hpp File Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-Classes | +Data Structures | Namespaces
-
-
reloc.hpp File Reference
+
reloc.hpp File Reference
#include <cstddef>
#include <cstdint>
-#include <obf/transform/transform.hpp>
+#include <obf/transform/transform.hpp>
-

Go to the source code of this file.

+

Go to the source code of this file.

- +

-Classes

+Data Structures

class  theo::recomp::reloc_t
 meta data about a relocation for a symbol More...
 
- - + - +

+

Namespaces

 theo
namespace  theo
 The outer most encompassing namespace of this project.
 
 theo::recomp
namespace  theo::recomp
 this namespace encompasses all recomposition related code.
 
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d1/d82/reloc_8hpp_source.html b/doxygen/html/d1/d82/reloc_8hpp_source.html new file mode 100644 index 0000000..700d167 --- /dev/null +++ b/doxygen/html/d1/d82/reloc_8hpp_source.html @@ -0,0 +1,192 @@ + + + + + + + +Theodosius: include/recomp/reloc.hpp Source File + + + + + + + + + +
+
+ + + + + + + +
+
Theodosius v3.0 +
+
Jit linker, symbol mapper, and obfuscator
+
+
+ + + + + + + + +
+
+ + +
+ +
+ + +
+
+
reloc.hpp
+
+
+Go to the documentation of this file.
1// Copyright (c) 2022, _xeroxz
+
2// All rights reserved.
+
3//
+
4// Redistribution and use in source and binary forms, with or without
+
5// modification, are permitted provided that the following conditions are met:
+
6//
+
7// 1. Redistributions of source code must retain the above copyright notice,
+
8// this list of conditions and the following disclaimer.
+
9//
+
10// 2. Redistributions in binary form must reproduce the above copyright notice,
+
11// this list of conditions and the following disclaimer in the documentation
+
12// and/or other materials provided with the distribution.
+
13//
+
14// 3. Neither the name of the copyright holder nor the names of its
+
15// contributors may be used to endorse or promote products derived from
+
16// this software without specific prior written permission.
+
17//
+
18// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+
19// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+
20// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+
21// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+
22// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+
23// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+
24// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+
25// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+
26// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+
27// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+
28// POSSIBILITY OF SUCH DAMAGE.
+
29//
+
30
+
31#pragma once
+
32#include <cstddef>
+
33#include <cstdint>
+
34#include <obf/transform/transform.hpp>
+
35
+
36namespace theo::recomp {
+
37
+
38/// <summary>
+
39/// meta data about a relocation for a symbol
+
40/// </summary>
+
41class reloc_t {
+
42 public:
+
43 /// <summary>
+
44 /// explicit constructor for this class.
+
45 /// </summary>
+
46 /// <param name="offset">offset into the symbol data where the relocation is
+
47 /// at. all relocations are assumed to be linear virtual addresses of the
+
48 /// symbol.</param>
+
49 /// <param name="hash">hash of the symbol to which the relocation is
+
50 /// of.</param> <param name="sym_name">the name of the symbol to which the
+
51 /// relocation is of.</param>
+
52 explicit reloc_t(std::uint32_t offset,
+
53 std::size_t hash,
+
54 const std::string&& sym_name)
+
55 : m_offset(offset), m_hash(hash), m_sym_name(sym_name) {}
+
56
+
57 /// <summary>
+
58 /// returns the hash of the relocation symbol.
+
59 /// </summary>
+
60 /// <returns>hash of the relocation symbol</returns>
+
61 std::size_t hash() { return m_hash; }
+
62
+
63 /// <summary>
+
64 /// returns the name of the relocation symbol.
+
65 /// </summary>
+
66 /// <returns>returns the name of the relocation symbol.</returns>
+
67 std::string name() { return m_sym_name; }
+
68
+
69 /// <summary>
+
70 /// returns the offset into the symbol to which the relocation will be
+
71 /// applied. the offset is in bytes. zero based.
+
72 /// </summary>
+
73 /// <returns>returns the offset into the symbol to which the relocation will
+
74 /// be applied. the offset is in bytes. zero based.</returns>
+
75 std::uint32_t offset() { return m_offset; }
+
76
+
77 /// <summary>
+
78 /// sets the offset to which the relocation gets applied too.
+
79 /// </summary>
+
80 /// <param name="offset">offset to which the relocation gets applied
+
81 /// too.</param>
+
82 void offset(std::uint32_t offset) { m_offset = offset; }
+
83
+
84 /// <summary>
+
85 /// adds a transformation to be applied to the relocation prior to writing it
+
86 /// into the symbol.
+
87 /// </summary>
+
88 /// <param name="entry">a pair containing a lambda function that when executed
+
89 /// transforms a relocation. the second value in the pair is a random value
+
90 /// which is passed to the lambda.</param>
+
91 void add_transform(
+
92 std::pair<obf::transform::transform_t*, std::uint32_t> entry) {
+
93 m_transforms.push_back(entry);
+
94 }
+
95
+
96 /// <summary>
+
97 /// gets the vector of transformation.
+
98 /// </summary>
+
99 /// <returns>returns the vector of transformations.</returns>
+
100 std::vector<std::pair<obf::transform::transform_t*, std::uint32_t>>&
+
101 get_transforms() {
+
102 return m_transforms;
+
103 }
+
104
+
105 private:
+
106 std::vector<std::pair<obf::transform::transform_t*, std::uint32_t>>
+
107 m_transforms;
+
108 std::string m_sym_name;
+
109 std::size_t m_hash;
+
110 std::uint32_t m_offset;
+
111};
+
112} // namespace theo::recomp
+
+ +
+Generated by doxygen 1.9.3 +
+ + diff --git a/doxygen/html/d1/d87/classtheo_1_1obf_1_1engine__t-members.html b/doxygen/html/d1/d87/classtheo_1_1obf_1_1engine__t-members.html index f13764a..9392861 100644 --- a/doxygen/html/d1/d87/classtheo_1_1obf_1_1engine__t-members.html +++ b/doxygen/html/d1/d87/classtheo_1_1obf_1_1engine__t-members.html @@ -2,8 +2,8 @@ - - + + Theodosius: Member List @@ -19,10 +19,10 @@
- - + + @@ -31,21 +31,22 @@
-
Theodosius -  v3.0 +
+
Theodosius v3.0
Jit linker, mapper, obfuscator, and mutator
- + +/* @license-end */ +
-
-
theo::obf::engine_t Member List
+
theo::obf::engine_t Member List

This is the complete list of members for theo::obf::engine_t, including all inherited members.

- +
add_pass(pass_t *pass)theo::obf::engine_t
get()theo::obf::engine_tstatic
get()theo::obf::engine_tstatic
run(decomp::symbol_t *sym)theo::obf::engine_t
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d1/da1/classtheo_1_1decomp_1_1routine__t-members.html b/doxygen/html/d1/da1/classtheo_1_1decomp_1_1routine__t-members.html index c3035b2..8b1e1d2 100644 --- a/doxygen/html/d1/da1/classtheo_1_1decomp_1_1routine__t-members.html +++ b/doxygen/html/d1/da1/classtheo_1_1decomp_1_1routine__t-members.html @@ -2,8 +2,8 @@ - - + + Theodosius: Member List @@ -19,10 +19,10 @@
- - + + @@ -31,21 +31,22 @@
-
Theodosius -  v3.0 +
+
Theodosius v3.0
Jit linker, mapper, obfuscator, and mutator
- + +/* @license-end */ +
-
-
theo::decomp::routine_t Member List
+
theo::decomp::routine_t Member List

This is the complete list of members for theo::decomp::routine_t, including all inherited members.

- + - +
data()theo::decomp::routine_t
decompose()theo::decomp::routine_t
decompose()theo::decomp::routine_t
routine_t(coff::symbol_t *sym, coff::image_t *img, coff::section_header_t *scn, std::vector< std::uint8_t > &fn, sym_type_t dcmp_type)theo::decomp::routine_texplicit
scn()theo::decomp::routine_t
scn()theo::decomp::routine_t
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d1/def/add__op_8hpp.html b/doxygen/html/d1/def/add__op_8hpp.html index 52f8e28..7c04d10 100644 --- a/doxygen/html/d1/def/add__op_8hpp.html +++ b/doxygen/html/d1/def/add__op_8hpp.html @@ -2,8 +2,8 @@ - - + + Theodosius: include/obf/transform/add_op.hpp File Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-Classes | +Data Structures | Namespaces
-
-
add_op.hpp File Reference
+
add_op.hpp File Reference
-
#include <obf/transform/operation.hpp>
+
#include <obf/transform/operation.hpp>
-

Go to the source code of this file.

+

Go to the source code of this file.

- +

-Classes

+Data Structures

class  theo::obf::transform::add_op_t
 
- - + - + - +

+

Namespaces

 theo
namespace  theo
 The outer most encompassing namespace of this project.
 
 theo::obf
namespace  theo::obf
 this is the main namespace for obfuscation related things.
 
 theo::obf::transform
namespace  theo::obf::transform
 this namespace encompasses the code for transforming relocations.
 
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d1/def/add__op_8hpp_source.html b/doxygen/html/d1/def/add__op_8hpp_source.html new file mode 100644 index 0000000..f0e0b52 --- /dev/null +++ b/doxygen/html/d1/def/add__op_8hpp_source.html @@ -0,0 +1,127 @@ + + + + + + + +Theodosius: include/obf/transform/add_op.hpp Source File + + + + + + + + + +
+
+ + + + + + + +
+
Theodosius v3.0 +
+
Jit linker, symbol mapper, and obfuscator
+
+
+ + + + + + + + +
+
+ + +
+ +
+ + +
+
+
add_op.hpp
+
+
+Go to the documentation of this file.
1// Copyright (c) 2022, _xeroxz
+
2// All rights reserved.
+
3//
+
4// Redistribution and use in source and binary forms, with or without
+
5// modification, are permitted provided that the following conditions are met:
+
6//
+
7// 1. Redistributions of source code must retain the above copyright notice,
+
8// this list of conditions and the following disclaimer.
+
9//
+
10// 2. Redistributions in binary form must reproduce the above copyright notice,
+
11// this list of conditions and the following disclaimer in the documentation
+
12// and/or other materials provided with the distribution.
+
13//
+
14// 3. Neither the name of the copyright holder nor the names of its
+
15// contributors may be used to endorse or promote products derived from
+
16// this software without specific prior written permission.
+
17//
+
18// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+
19// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+
20// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+
21// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+
22// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+
23// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+
24// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+
25// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+
26// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+
27// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+
28// POSSIBILITY OF SUCH DAMAGE.
+
29//
+
30
+
31#pragma once
+
32#include <obf/transform/operation.hpp>
+
33
+
34namespace theo::obf::transform {
+
35class add_op_t : public operation_t {
+
36 explicit add_op_t()
+
37 : operation_t([&](std::size_t val,
+
38 std::uint32_t imm) -> std::size_t { return val + imm; },
+
39 XED_ICLASS_ADD) {}
+
40
+
41 public:
+
42 static add_op_t* get() {
+
43 static add_op_t obj;
+
44 return &obj;
+
45 }
+
46};
+
47} // namespace theo::obf::transform
+
+ +
+Generated by doxygen 1.9.3 +
+ + diff --git a/doxygen/html/d2/d24/theo_8hpp.html b/doxygen/html/d2/d24/theo_8hpp.html index 47b557a..e5a421e 100644 --- a/doxygen/html/d2/d24/theo_8hpp.html +++ b/doxygen/html/d2/d24/theo_8hpp.html @@ -2,8 +2,8 @@ - - + + Theodosius: include/theo.hpp File Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-Classes | +Data Structures | Namespaces | Macros | Typedefs
-
-
theo.hpp File Reference
+
theo.hpp File Reference
#include <spdlog/spdlog.h>
-#include <decomp/decomp.hpp>
-#include <obf/engine.hpp>
-#include <recomp/recomp.hpp>
-#include <recomp/symbol_table.hpp>
-#include <obf/passes/jcc_rewrite_pass.hpp>
-#include <obf/passes/next_inst_pass.hpp>
-#include <obf/passes/reloc_transform_pass.hpp>
+#include <decomp/decomp.hpp>
+#include <obf/engine.hpp>
+#include <recomp/recomp.hpp>
+#include <recomp/symbol_table.hpp>
+#include <obf/passes/jcc_rewrite_pass.hpp>
+#include <obf/passes/next_inst_pass.hpp>
+#include <obf/passes/reloc_transform_pass.hpp>
#include <optional>
#include <tuple>
#include <vector>
#include <xed-decode.h>
#include <xed-interface.h>
-

Go to the source code of this file.

+

Go to the source code of this file.

- +

-Classes

+Data Structures

class  theo::theo_t
 the main class which encapsulates a symbol table, decomp, and recomp objects. This class is a bridge that connects all three: decomp, obf, recomp. More...
 
- - +

+

Namespaces

 theo
namespace  theo
 The outer most encompassing namespace of this project.
 
-

+

Macros

#define XED_ENCODER
 
-

+

Typedefs

using theo::lnk_fns_t = std::tuple< recomp::allocator_t, recomp::copier_t, recomp::resolver_t >
 tuple of functions used by theo to allocate, copy, and resolve symbols. More...
 

Macro Definition Documentation

- +

◆ XED_ENCODER

@@ -128,12 +128,14 @@ Typedefs
+

Definition at line 46 of file theo.hpp.

+
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d2/d24/theo_8hpp_source.html b/doxygen/html/d2/d24/theo_8hpp_source.html new file mode 100644 index 0000000..6ffd40d --- /dev/null +++ b/doxygen/html/d2/d24/theo_8hpp_source.html @@ -0,0 +1,190 @@ + + + + + + + +Theodosius: include/theo.hpp Source File + + + + + + + + + +
+
+ + + + + + + +
+
Theodosius v3.0 +
+
Jit linker, symbol mapper, and obfuscator
+
+
+ + + + + + + + +
+
+ + +
+ +
+ + +
+
+
theo.hpp
+
+
+Go to the documentation of this file.
1// Copyright (c) 2022, _xeroxz
+
2// All rights reserved.
+
3//
+
4// Redistribution and use in source and binary forms, with or without
+
5// modification, are permitted provided that the following conditions are met:
+
6//
+
7// 1. Redistributions of source code must retain the above copyright notice,
+
8// this list of conditions and the following disclaimer.
+
9//
+
10// 2. Redistributions in binary form must reproduce the above copyright notice,
+
11// this list of conditions and the following disclaimer in the documentation
+
12// and/or other materials provided with the distribution.
+
13//
+
14// 3. Neither the name of the copyright holder nor the names of its
+
15// contributors may be used to endorse or promote products derived from
+
16// this software without specific prior written permission.
+
17//
+
18// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+
19// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+
20// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+
21// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+
22// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+
23// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+
24// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+
25// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+
26// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+
27// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+
28// POSSIBILITY OF SUCH DAMAGE.
+
29//
+
30
+
31#pragma once
+
32#include <spdlog/spdlog.h>
+
33#include <decomp/decomp.hpp>
+
34#include <obf/engine.hpp>
+
35#include <recomp/recomp.hpp>
+
36#include <recomp/symbol_table.hpp>
+
37
+
38#include <obf/passes/jcc_rewrite_pass.hpp>
+
39#include <obf/passes/next_inst_pass.hpp>
+
40#include <obf/passes/reloc_transform_pass.hpp>
+
41
+
42#include <optional>
+
43#include <tuple>
+
44#include <vector>
+
45
+
46#define XED_ENCODER
+
47extern "C" {
+
48#include <xed-decode.h>
+
49#include <xed-interface.h>
+
50}
+
51
+
52/// <summary>
+
53/// The outer most encompassing namespace of this project.
+
54/// </summary>
+
55namespace theo {
+
56
+
57/// <summary>
+
58/// tuple of functions used by theo to allocate, copy, and resolve symbols.
+
59/// </summary>
+
60using lnk_fns_t =
+
61 std::tuple<recomp::allocator_t, recomp::copier_t, recomp::resolver_t>;
+
62
+
63/// <summary>
+
64/// the main class which encapsulates a symbol table, decomp, and recomp
+
65/// objects. This class is a bridge that connects all three: decomp, obf,
+
66/// recomp.
+
67///
+
68/// You will create an object of this type when using theo.
+
69/// </summary>
+
70class theo_t {
+
71 public:
+
72 /// <summary>
+
73 /// explicit constructor for theo class.
+
74 /// </summary>
+
75 /// <param name="lib">a vector of bytes consisting of a lib</param>
+
76 /// <param name="lnkr_fns"></param>
+
77 /// <param name="entry_sym">the name of the function which will be used as the
+
78 /// entry point</param>
+
79 explicit theo_t(std::vector<std::uint8_t>& lib,
+
80 lnk_fns_t lnkr_fns,
+
81 const std::string&& entry_sym);
+
82
+
83 /// <summary>
+
84 /// decomposes the lib file and return the number of symbols that are used.
+
85 /// </summary>
+
86 /// <returns>optional amount of symbols that are used. no value if
+
87 /// decomposition fails.</returns>
+
88 std::optional<std::uint32_t> decompose();
+
89
+
90 /// <summary>
+
91 /// compose the decomposed module. This will run obfuscation passes, the map
+
92 /// and resolve symbols to each other.
+
93 /// </summary>
+
94 /// <returns>returns the address of the entry point symbol</returns>
+
95 std::uintptr_t compose();
+
96
+
97 /// <summary>
+
98 /// given the name of a symbol, it returns the address of where its mapped.
+
99 /// </summary>
+
100 /// <param name="sym">the name of the symbol</param>
+
101 /// <returns>the address of the symbol</returns>
+
102 std::uintptr_t resolve(const std::string&& sym);
+
103
+
104 private:
+
105 std::string m_entry_sym;
+
106 decomp::decomp_t m_dcmp;
+
107 recomp::recomp_t m_recmp;
+
108 recomp::symbol_table_t m_sym_tbl;
+
109};
+
110} // namespace theo
+
+ +
+Generated by doxygen 1.9.3 +
+ + diff --git a/doxygen/html/d2/d26/theo_8cpp.html b/doxygen/html/d2/d26/theo_8cpp.html index 801622c..c705d24 100644 --- a/doxygen/html/d2/d26/theo_8cpp.html +++ b/doxygen/html/d2/d26/theo_8cpp.html @@ -2,8 +2,8 @@ - - + + Theodosius: src/theo.cpp File Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
Namespaces
-
-
theo.cpp File Reference
+
theo.cpp File Reference
-
#include <theo.hpp>
+
#include <theo.hpp>
-

Go to the source code of this file.

+

Go to the source code of this file.

- - +

+

Namespaces

 theo
namespace  theo
 The outer most encompassing namespace of this project.
 
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d2/d26/theo_8cpp_source.html b/doxygen/html/d2/d26/theo_8cpp_source.html new file mode 100644 index 0000000..23c06cc --- /dev/null +++ b/doxygen/html/d2/d26/theo_8cpp_source.html @@ -0,0 +1,155 @@ + + + + + + + +Theodosius: src/theo.cpp Source File + + + + + + + + + +
+
+ + + + + + + +
+
Theodosius v3.0 +
+
Jit linker, symbol mapper, and obfuscator
+
+
+ + + + + + + + +
+
+ + +
+ +
+ + +
+
+
theo.cpp
+
+
+Go to the documentation of this file.
1// Copyright (c) 2022, _xeroxz
+
2// All rights reserved.
+
3//
+
4// Redistribution and use in source and binary forms, with or without
+
5// modification, are permitted provided that the following conditions are met:
+
6//
+
7// 1. Redistributions of source code must retain the above copyright notice,
+
8// this list of conditions and the following disclaimer.
+
9//
+
10// 2. Redistributions in binary form must reproduce the above copyright notice,
+
11// this list of conditions and the following disclaimer in the documentation
+
12// and/or other materials provided with the distribution.
+
13//
+
14// 3. Neither the name of the copyright holder nor the names of its
+
15// contributors may be used to endorse or promote products derived from
+
16// this software without specific prior written permission.
+
17//
+
18// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+
19// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+
20// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+
21// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+
22// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+
23// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+
24// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+
25// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+
26// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+
27// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+
28// POSSIBILITY OF SUCH DAMAGE.
+
29//
+
30
+
31#include <theo.hpp>
+
32
+
33namespace theo {
+
34theo_t::theo_t(std::vector<std::uint8_t>& lib,
+
35 lnk_fns_t lnkr_fns,
+
36 const std::string&& entry_sym)
+
37 : m_dcmp(lib, &m_sym_tbl),
+
38 m_recmp(&m_dcmp, {}, {}, {}),
+
39 m_entry_sym(entry_sym) {
+
40 m_recmp.allocator(std::get<0>(lnkr_fns));
+
41 m_recmp.copier(std::get<1>(lnkr_fns));
+
42 m_recmp.resolver(std::get<2>(lnkr_fns));
+
43}
+
44
+
45std::optional<std::uint32_t> theo_t::decompose() {
+
46 auto res = m_dcmp.decompose(m_entry_sym);
+
47 if (!res.has_value()) {
+
48 spdlog::error("failed to decompose...\n");
+
49 return {};
+
50 }
+
51
+
52 spdlog::info("decompose successful... {} symbols", res.value()->size());
+
53 return res.value()->size();
+
54}
+
55
+
56std::uintptr_t theo_t::compose() {
+
57 // run obfuscation engine on all symbols...
+
58 //
+
59 auto engine = obf::engine_t::get();
+
60 m_sym_tbl.for_each([&](decomp::symbol_t& sym) { engine->run(&sym); });
+
61
+
62 m_recmp.allocate();
+
63 m_recmp.resolve();
+
64 m_recmp.copy_syms();
+
65 return m_recmp.resolve(m_entry_sym.data());
+
66}
+
67
+
68std::uintptr_t theo_t::resolve(const std::string&& sym) {
+
69 auto val = m_sym_tbl.sym_from_hash(decomp::symbol_t::hash(sym));
+
70 if (!val.has_value())
+
71 return {};
+
72
+
73 return val.value()->allocated_at();
+
74}
+
75} // namespace theo
+
+ +
+Generated by doxygen 1.9.3 +
+ + diff --git a/doxygen/html/d2/d96/decomp_8hpp.html b/doxygen/html/d2/d96/decomp_8hpp.html index 2fcd276..ed9d5fc 100644 --- a/doxygen/html/d2/d96/decomp_8hpp.html +++ b/doxygen/html/d2/d96/decomp_8hpp.html @@ -2,8 +2,8 @@ - - + + Theodosius: include/decomp/decomp.hpp File Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-Classes | +Data Structures | Namespaces | Typedefs
-
-
decomp.hpp File Reference
+
decomp.hpp File Reference
#include <spdlog/spdlog.h>
@@ -82,29 +82,29 @@ $(function() { #include <set>
#include <tuple>
#include <vector>
-#include <decomp/routine.hpp>
-#include <recomp/symbol_table.hpp>
+#include <decomp/routine.hpp>
+#include <recomp/symbol_table.hpp>
#include <coff/archive.hpp>
#include <coff/image.hpp>
-

Go to the source code of this file.

+

Go to the source code of this file.

- +

-Classes

+Data Structures

class  theo::decomp::decomp_t
 the main decomposition class which is responsible for breaking down lib file into coff files, and extracted used symbols from the coff files. More...
 
- - + - +

+

Namespaces

 theo
namespace  theo
 The outer most encompassing namespace of this project.
 
 theo::decomp
namespace  theo::decomp
 the namespace that contains all of the decomposition related code.
 
- @@ -113,7 +113,7 @@ Typedefs
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d2/d96/decomp_8hpp_source.html b/doxygen/html/d2/d96/decomp_8hpp_source.html new file mode 100644 index 0000000..ac430fd --- /dev/null +++ b/doxygen/html/d2/d96/decomp_8hpp_source.html @@ -0,0 +1,229 @@ + + + + + + + +Theodosius: include/decomp/decomp.hpp Source File + + + + + + + + + +
+
+

+

Typedefs

using theo::decomp::sym_data_t = std::tuple< coff::image_t *, coff::symbol_t *, std::uint32_t >
 meta symbol data. consists of the coff image which contains the coff symbol, the coff symbol itself, and the size (if any) of the symbol. More...
+ + + + + + +
+
Theodosius v3.0 +
+
Jit linker, symbol mapper, and obfuscator
+
+
+ + + + + + + + +
+
+ + +
+ +
+ + +
+
+
decomp.hpp
+
+
+Go to the documentation of this file.
1// Copyright (c) 2022, _xeroxz
+
2// All rights reserved.
+
3//
+
4// Redistribution and use in source and binary forms, with or without
+
5// modification, are permitted provided that the following conditions are met:
+
6//
+
7// 1. Redistributions of source code must retain the above copyright notice,
+
8// this list of conditions and the following disclaimer.
+
9//
+
10// 2. Redistributions in binary form must reproduce the above copyright notice,
+
11// this list of conditions and the following disclaimer in the documentation
+
12// and/or other materials provided with the distribution.
+
13//
+
14// 3. Neither the name of the copyright holder nor the names of its
+
15// contributors may be used to endorse or promote products derived from
+
16// this software without specific prior written permission.
+
17//
+
18// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+
19// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+
20// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+
21// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+
22// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+
23// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+
24// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+
25// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+
26// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+
27// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+
28// POSSIBILITY OF SUCH DAMAGE.
+
29//
+
30
+
31#pragma once
+
32#include <spdlog/spdlog.h>
+
33#include <cstdint>
+
34#include <linuxpe>
+
35#include <optional>
+
36#include <set>
+
37#include <tuple>
+
38#include <vector>
+
39
+
40#include <decomp/routine.hpp>
+
41#include <recomp/symbol_table.hpp>
+
42
+
43#include <coff/archive.hpp>
+
44#include <coff/image.hpp>
+
45
+
46/// <summary>
+
47/// the namespace that contains all of the decomposition related code.
+
48/// </summary>
+
49namespace theo::decomp {
+
50
+
51/// <summary>
+
52/// meta symbol data. consists of the coff image which contains the coff symbol,
+
53/// the coff symbol itself, and the size (if any) of the symbol.
+
54/// </summary>
+
55using sym_data_t = std::tuple<coff::image_t*, coff::symbol_t*, std::uint32_t>;
+
56
+
57/// <summary>
+
58/// the main decomposition class which is responsible for breaking down lib file
+
59/// into coff files, and extracted used symbols from the coff files.
+
60/// </summary>
+
61class decomp_t {
+
62 public:
+
63 /// <summary>
+
64 /// the explicit constructor for decomp_t
+
65 /// </summary>
+
66 /// <param name="lib">vector of bytes containing the lib file.</param>
+
67 /// <param name="syms">symbol table that gets populated and managed by this
+
68 /// class.</param>
+
69 explicit decomp_t(std::vector<std::uint8_t>& lib,
+
70 recomp::symbol_table_t* syms);
+
71
+
72 /// <summary>
+
73 /// gets all of the routine objects.
+
74 /// </summary>
+
75 /// <returns>vector of routine objects.</returns>
+
76 std::vector<routine_t> rtns();
+
77
+
78 /// <summary>
+
79 /// gets a vector of bytes consisting of the lib file.
+
80 /// </summary>
+
81 /// <returns>a vector of bytes consisting of the lib file.</returns>
+
82 std::vector<std::uint8_t> lib();
+
83
+
84 /// <summary>
+
85 /// gets all the obj files as a vector of a vector of bytes.
+
86 /// </summary>
+
87 /// <returns>all the obj files as a vector of a vector of bytes.</returns>
+
88 std::vector<std::vector<std::uint8_t>> objs();
+
89
+
90 /// <summary>
+
91 /// gets the symbol table.
+
92 /// </summary>
+
93 /// <returns>the symbol table.</returns>
+
94 recomp::symbol_table_t* syms();
+
95
+
96 /// <summary>
+
97 /// gets the section hash table section header --> hash of the section header
+
98 /// ptr.
+
99 /// </summary>
+
100 /// <returns>the section hash table section header --> hash of the section
+
101 /// header ptr.</returns>
+
102 std::map<coff::section_header_t*, std::size_t>& scn_hash_tbl();
+
103
+
104 /// <summary>
+
105 /// decomposes (extracts) the symbols used. this function determines all used
+
106 /// symbols given the entry point.
+
107 /// </summary>
+
108 /// <param name="entry_sym">the entry point symbol name.</param>
+
109 /// <returns>returns an optional pointer to the symbol table. no value in the
+
110 /// optional object on failure.</returns>
+
111 std::optional<recomp::symbol_table_t*> decompose(std::string& entry_sym);
+
112
+
113 private:
+
114 /// <summary>
+
115 /// extracts used symbols from coff files.
+
116 /// </summary>
+
117 /// <param name="entry_sym">the entry point symbol name</param>
+
118 /// <returns>number of symbols used</returns>
+
119 std::uint32_t ext_used_syms(const std::string&& entry_sym);
+
120
+
121 /// <summary>
+
122 /// get symbol meta data by name.
+
123 /// </summary>
+
124 /// <param name="name">symbol name</param>
+
125 /// <returns>optional symbol meta data if it exists.</returns>
+
126 std::optional<sym_data_t> get_symbol(const std::string_view& name);
+
127
+
128 /// <summary>
+
129 /// the next symbol in the section.
+
130 /// </summary>
+
131 /// <param name="img">coff image that contains the symbol.</param>
+
132 /// <param name="hdr">coff section header of the section that contains the
+
133 /// symbol.</param>
+
134 /// <param name="s">symbol in which to get the next one of.</param>
+
135 /// <returns>offset into the section where the next symbol is at.</returns>
+
136 std::uint32_t next_sym(coff::image_t* img,
+
137 coff::section_header_t* hdr,
+
138 coff::symbol_t* s);
+
139
+
140 const std::vector<std::uint8_t> m_lib;
+
141 std::vector<std::vector<std::uint8_t>> m_objs;
+
142 std::vector<routine_t> m_rtns;
+
143 std::set<sym_data_t> m_used_syms;
+
144 std::set<coff::image_t*> m_processed_objs;
+
145 std::map<coff::section_header_t*, std::size_t> m_scn_hash_tbl;
+
146 std::map<std::size_t, std::vector<sym_data_t>> m_lookup_tbl;
+
147 recomp::symbol_table_t* m_syms;
+
148};
+
149} // namespace theo::decomp
+
+ +
+Generated by doxygen 1.9.3 +
+ + diff --git a/doxygen/html/d2/dbb/routine_8cpp.html b/doxygen/html/d2/dbb/routine_8cpp.html index 24de935..398745a 100644 --- a/doxygen/html/d2/dbb/routine_8cpp.html +++ b/doxygen/html/d2/dbb/routine_8cpp.html @@ -2,8 +2,8 @@ - - + + Theodosius: src/decomp/routine.cpp File Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
Namespaces
-
-
routine.cpp File Reference
+
routine.cpp File Reference
-
#include <decomp/routine.hpp>
+
#include <decomp/routine.hpp>
-

Go to the source code of this file.

+

Go to the source code of this file.

- - + - +

+

Namespaces

 theo
namespace  theo
 The outer most encompassing namespace of this project.
 
 theo::decomp
namespace  theo::decomp
 the namespace that contains all of the decomposition related code.
 
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d2/dbb/routine_8cpp_source.html b/doxygen/html/d2/dbb/routine_8cpp_source.html new file mode 100644 index 0000000..bf6ffda --- /dev/null +++ b/doxygen/html/d2/dbb/routine_8cpp_source.html @@ -0,0 +1,255 @@ + + + + + + + +Theodosius: src/decomp/routine.cpp Source File + + + + + + + + + +
+
+ + + + + + + +
+
Theodosius v3.0 +
+
Jit linker, symbol mapper, and obfuscator
+
+
+ + + + + + + + +
+
+ + +
+ +
+ + +
+
+
routine.cpp
+
+
+Go to the documentation of this file.
1// Copyright (c) 2022, _xeroxz
+
2// All rights reserved.
+
3//
+
4// Redistribution and use in source and binary forms, with or without
+
5// modification, are permitted provided that the following conditions are met:
+
6//
+
7// 1. Redistributions of source code must retain the above copyright notice,
+
8// this list of conditions and the following disclaimer.
+
9//
+
10// 2. Redistributions in binary form must reproduce the above copyright notice,
+
11// this list of conditions and the following disclaimer in the documentation
+
12// and/or other materials provided with the distribution.
+
13//
+
14// 3. Neither the name of the copyright holder nor the names of its
+
15// contributors may be used to endorse or promote products derived from
+
16// this software without specific prior written permission.
+
17//
+
18// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+
19// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+
20// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+
21// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+
22// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+
23// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+
24// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+
25// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+
26// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+
27// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+
28// POSSIBILITY OF SUCH DAMAGE.
+
29//
+
30
+
31#include <decomp/routine.hpp>
+
32
+
33namespace theo::decomp {
+
34routine_t::routine_t(coff::symbol_t* sym,
+
35 coff::image_t* img,
+
36 coff::section_header_t* scn,
+
37 std::vector<std::uint8_t>& fn,
+
38 sym_type_t dcmp_type)
+
39 : m_img(img), m_scn(scn), m_data(fn), m_dcmp_type(dcmp_type), m_sym(sym) {}
+
40
+
41std::vector<decomp::symbol_t> routine_t::decompose() {
+
42 std::vector<decomp::symbol_t> result;
+
43
+
44 switch (m_dcmp_type) {
+
45 case function: {
+
46 std::vector<recomp::reloc_t> relocs;
+
47 auto scn_relocs = reinterpret_cast<coff::reloc_t*>(
+
48 m_scn->ptr_relocs + reinterpret_cast<std::uint8_t*>(m_img));
+
49
+
50 for (auto idx = 0u; idx < m_scn->num_relocs; ++idx) {
+
51 auto scn_reloc = &scn_relocs[idx];
+
52 // if the reloc is in the current function...
+
53 if (scn_reloc->virtual_address >= m_sym->value &&
+
54 scn_reloc->virtual_address < m_sym->value + m_data.size()) {
+
55 auto sym_reloc = m_img->get_symbol(scn_relocs[idx].symbol_index);
+
56 auto sym_name = symbol_t::name(m_img, sym_reloc);
+
57 auto sym_hash = decomp::symbol_t::hash(sym_name.data());
+
58 relocs.push_back(
+
59 recomp::reloc_t(scn_reloc->virtual_address - m_sym->value,
+
60 sym_hash, sym_name.data()));
+
61 }
+
62 }
+
63
+
64 result.push_back(decomp::symbol_t(
+
65 m_img, symbol_t::name(m_img, m_sym).data(), m_sym->value, m_data,
+
66 m_scn, m_sym, relocs, sym_type_t::function));
+
67 break;
+
68 }
+
69 case instruction: {
+
70 std::uint32_t offset = {};
+
71 xed_error_enum_t err;
+
72
+
73 xed_decoded_inst_t instr;
+
74 xed_state_t istate{XED_MACHINE_MODE_LONG_64, XED_ADDRESS_WIDTH_64b};
+
75 xed_decoded_inst_zero_set_mode(&instr, &istate);
+
76
+
77 // keep looping over the section, lower the number of bytes each time...
+
78 //
+
79 while ((err = xed_decode(&instr, m_data.data() + offset,
+
80 m_data.size() - offset)) == XED_ERROR_NONE) {
+
81 // symbol name is of the format: symbol@instroffset, I.E: main@11...
+
82 //
+
83 auto new_sym_name = symbol_t::name(m_img, m_sym);
+
84
+
85 // first instruction doesnt need the @offset...
+
86 //
+
87 if (offset)
+
88 new_sym_name.append("@").append(std::to_string(offset));
+
89
+
90 std::vector<recomp::reloc_t> relocs;
+
91 auto scn_relocs = reinterpret_cast<coff::reloc_t*>(
+
92 m_scn->ptr_relocs + reinterpret_cast<std::uint8_t*>(m_img));
+
93
+
94 // find if this instruction has a relocation or not...
+
95 // if so, return the reloc_t...
+
96 //
+
97 auto reloc = std::find_if(
+
98 scn_relocs, scn_relocs + m_scn->num_relocs,
+
99 [&](coff::reloc_t reloc) {
+
100 return reloc.virtual_address >= m_sym->value + offset &&
+
101 reloc.virtual_address <
+
102 m_sym->value + offset +
+
103 xed_decoded_inst_get_length(&instr);
+
104 });
+
105
+
106 // if there is indeed a reloc for this instruction...
+
107 //
+
108 if (reloc != scn_relocs + m_scn->num_relocs) {
+
109 auto sym_reloc = m_img->get_symbol(reloc->symbol_index);
+
110 auto sym_name = symbol_t::name(m_img, sym_reloc);
+
111 auto sym_hash = decomp::symbol_t::hash(sym_name.data());
+
112 auto reloc_offset = reloc->virtual_address - m_sym->value - offset;
+
113
+
114 relocs.push_back(
+
115 recomp::reloc_t(reloc_offset, sym_hash, sym_name.data()));
+
116 }
+
117
+
118 // add a reloc to the next instruction...
+
119 // note that the offset is ZERO... comp_t will understand that
+
120 // relocs with offset ZERO means the next instructions...
+
121 //
+
122 auto next_inst_sym =
+
123 symbol_t::name(m_img, m_sym)
+
124 .append("@")
+
125 .append(std::to_string(offset +
+
126 xed_decoded_inst_get_length(&instr)));
+
127
+
128 relocs.push_back(recomp::reloc_t(
+
129 0, decomp::symbol_t::hash(next_inst_sym), next_inst_sym.data()));
+
130
+
131 // get the instructions bytes
+
132 //
+
133 std::vector<std::uint8_t> inst_bytes(
+
134 m_data.data() + offset,
+
135 m_data.data() + offset + xed_decoded_inst_get_length(&instr));
+
136
+
137 result.push_back(decomp::symbol_t(m_img, new_sym_name, offset,
+
138 inst_bytes, m_scn, m_sym, relocs,
+
139 sym_type_t::instruction));
+
140
+
141 // after creating the symbol and dealing with relocs then print the
+
142 // information we have concluded...
+
143 //
+
144 char buff[255];
+
145 offset += xed_decoded_inst_get_length(&instr);
+
146 xed_format_context(XED_SYNTAX_INTEL, &instr, buff, sizeof buff, NULL,
+
147 NULL, NULL);
+
148
+
149 spdlog::info("{}: {}", new_sym_name, buff);
+
150 // need to set this so that instr can be used to decode again...
+
151 xed_decoded_inst_zero_set_mode(&instr, &istate);
+
152 }
+
153
+
154 // remove the relocation to the next symbol from the last instruction
+
155 //
+
156 auto& last_inst = result.back();
+
157 auto& last_inst_relocs = last_inst.relocs();
+
158 last_inst_relocs.erase(last_inst_relocs.end() - 1);
+
159 break;
+
160 }
+
161 default:
+
162 break;
+
163 }
+
164
+
165 return result;
+
166}
+
167
+
168coff::section_header_t* routine_t::scn() {
+
169 return m_scn;
+
170}
+
171
+
172std::vector<std::uint8_t> routine_t::data() {
+
173 return m_data;
+
174}
+
175} // namespace theo::decomp
+
+ +
+Generated by doxygen 1.9.3 +
+ + diff --git a/doxygen/html/d2/de4/classtheo_1_1recomp_1_1symbol__table__t-members.html b/doxygen/html/d2/de4/classtheo_1_1recomp_1_1symbol__table__t-members.html index 26816b1..2e2ccca 100644 --- a/doxygen/html/d2/de4/classtheo_1_1recomp_1_1symbol__table__t-members.html +++ b/doxygen/html/d2/de4/classtheo_1_1recomp_1_1symbol__table__t-members.html @@ -2,8 +2,8 @@ - - + + Theodosius: Member List @@ -19,10 +19,10 @@
- - + + @@ -31,21 +31,22 @@
-
Theodosius -  v3.0 +
+
Theodosius v3.0
Jit linker, mapper, obfuscator, and mutator
- + +/* @license-end */ +
-
-
theo::recomp::symbol_table_t Member List
+
theo::recomp::symbol_table_t Member List

This is the complete list of members for theo::recomp::symbol_table_t, including all inherited members.

- + - + - + - +
for_each(std::function< void(decomp::symbol_t &sym)> fn)theo::recomp::symbol_table_t
put_symbol(decomp::symbol_t &sym)theo::recomp::symbol_table_t
put_symbol(decomp::symbol_t &sym)theo::recomp::symbol_table_t
put_symbols(std::vector< decomp::symbol_t > &syms)theo::recomp::symbol_table_t
size()theo::recomp::symbol_table_t
size()theo::recomp::symbol_table_t
sym_from_alloc(std::uintptr_t allocated_at)theo::recomp::symbol_table_t
sym_from_hash(std::size_t hash)theo::recomp::symbol_table_t
sym_from_hash(std::size_t hash)theo::recomp::symbol_table_t
symbol_table_t()theo::recomp::symbol_table_tinline
symbol_table_t(const std::vector< decomp::symbol_t > &&syms)theo::recomp::symbol_table_t
symbol_table_t(const std::vector< decomp::symbol_t > &&syms)theo::recomp::symbol_table_t
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d2/df9/jcc__rewrite__pass_8hpp.html b/doxygen/html/d2/df9/jcc__rewrite__pass_8hpp.html index 2e0c3bb..3a3d528 100644 --- a/doxygen/html/d2/df9/jcc__rewrite__pass_8hpp.html +++ b/doxygen/html/d2/df9/jcc__rewrite__pass_8hpp.html @@ -2,8 +2,8 @@ - - + + Theodosius: include/obf/passes/jcc_rewrite_pass.hpp File Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-Classes | +Data Structures | Namespaces
-
-
jcc_rewrite_pass.hpp File Reference
+
jcc_rewrite_pass.hpp File Reference
-
#include <obf/pass.hpp>
+
#include <obf/pass.hpp>
-

Go to the source code of this file.

+

Go to the source code of this file.

- +

-Classes

+Data Structures

class  theo::obf::jcc_rewrite_pass_t
 jcc rewrite pass which rewrites rip relative jcc's so that they are position independent. More...
 
- - + - +

+

Namespaces

 theo
namespace  theo
 The outer most encompassing namespace of this project.
 
 theo::obf
namespace  theo::obf
 this is the main namespace for obfuscation related things.
 
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d2/df9/jcc__rewrite__pass_8hpp_source.html b/doxygen/html/d2/df9/jcc__rewrite__pass_8hpp_source.html new file mode 100644 index 0000000..974a0f1 --- /dev/null +++ b/doxygen/html/d2/df9/jcc__rewrite__pass_8hpp_source.html @@ -0,0 +1,148 @@ + + + + + + + +Theodosius: include/obf/passes/jcc_rewrite_pass.hpp Source File + + + + + + + + + +
+
+ + + + + + + +
+
Theodosius v3.0 +
+
Jit linker, symbol mapper, and obfuscator
+
+
+ + + + + + + + +
+
+ + +
+ +
+ + +
+
+
jcc_rewrite_pass.hpp
+
+
+Go to the documentation of this file.
1// Copyright (c) 2022, _xeroxz
+
2// All rights reserved.
+
3//
+
4// Redistribution and use in source and binary forms, with or without
+
5// modification, are permitted provided that the following conditions are met:
+
6//
+
7// 1. Redistributions of source code must retain the above copyright notice,
+
8// this list of conditions and the following disclaimer.
+
9//
+
10// 2. Redistributions in binary form must reproduce the above copyright notice,
+
11// this list of conditions and the following disclaimer in the documentation
+
12// and/or other materials provided with the distribution.
+
13//
+
14// 3. Neither the name of the copyright holder nor the names of its
+
15// contributors may be used to endorse or promote products derived from
+
16// this software without specific prior written permission.
+
17//
+
18// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+
19// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+
20// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+
21// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+
22// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+
23// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+
24// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+
25// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+
26// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+
27// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+
28// POSSIBILITY OF SUCH DAMAGE.
+
29//
+
30
+
31#pragma once
+
32#include <obf/pass.hpp>
+
33
+
34namespace theo::obf {
+
35/// <summary>
+
36/// jcc rewrite pass which rewrites rip relative jcc's so that they are position
+
37/// independent.
+
38///
+
39/// given the following code:
+
40///
+
41/// jnz label1
+
42/// ; other code goes here
+
43/// label1:
+
44/// ; more code here
+
45///
+
46/// the jnz instruction will be rewritten so that the following code is
+
47/// generated:
+
48///
+
49/// jnz br2
+
50/// br1:
+
51/// jmp [rip] ; address after this instruction contains the address
+
52/// ; of the instruction after the jcc.
+
53/// br2:
+
54/// jmp [rip] ; address after this instruction contains the address of where
+
55/// ; branch 2 is located.
+
56///
+
57/// its important to note that other passes will encrypt (transform) the address
+
58/// of the next instruction. There is actually no jmp [rip] either, push/ret is
+
59/// used.
+
60/// </summary>
+
61class jcc_rewrite_pass_t : public pass_t {
+
62 explicit jcc_rewrite_pass_t() : pass_t(decomp::sym_type_t::instruction) {}
+
63
+
64 public:
+
65 static jcc_rewrite_pass_t* get();
+
66 void run(decomp::symbol_t* sym);
+
67};
+
68} // namespace theo::obf
+
+ +
+Generated by doxygen 1.9.3 +
+ + diff --git a/doxygen/html/d3/daa/classtheo_1_1obf_1_1transform_1_1operation__t-members.html b/doxygen/html/d3/daa/classtheo_1_1obf_1_1transform_1_1operation__t-members.html index a316f68..3b0538e 100644 --- a/doxygen/html/d3/daa/classtheo_1_1obf_1_1transform_1_1operation__t-members.html +++ b/doxygen/html/d3/daa/classtheo_1_1obf_1_1transform_1_1operation__t-members.html @@ -2,8 +2,8 @@ - - + + Theodosius: Member List @@ -19,10 +19,10 @@
- - + + @@ -31,21 +31,22 @@
-
Theodosius -  v3.0 +
+
Theodosius v3.0
Jit linker, mapper, obfuscator, and mutator
- + +/* @license-end */ +
-
-
theo::obf::transform::operation_t Member List
+
theo::obf::transform::operation_t Member List

This is the complete list of members for theo::obf::transform::operation_t, including all inherited members.

- - - - + + + + - +
get_transform()theo::obf::transform::operation_tinline
inverse()theo::obf::transform::operation_tinline
native(const xed_decoded_inst_t *inst, std::uint32_t imm)theo::obf::transform::operation_tinline
operation_t(transform_t op, xed_iclass_enum_t type)theo::obf::transform::operation_tinlineexplicit
get_transform()theo::obf::transform::operation_tinline
inverse()theo::obf::transform::operation_tinline
native(const xed_decoded_inst_t *inst, std::uint32_t imm)theo::obf::transform::operation_tinline
operation_t(transform_t op, xed_iclass_enum_t type)theo::obf::transform::operation_tinlineexplicit
random(std::size_t lowest, std::size_t largest)theo::obf::transform::operation_tinlinestatic
type()theo::obf::transform::operation_tinline
type()theo::obf::transform::operation_tinline
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d3/dd6/classtheo_1_1recomp_1_1reloc__t-members.html b/doxygen/html/d3/dd6/classtheo_1_1recomp_1_1reloc__t-members.html index 4762bb1..7135c6b 100644 --- a/doxygen/html/d3/dd6/classtheo_1_1recomp_1_1reloc__t-members.html +++ b/doxygen/html/d3/dd6/classtheo_1_1recomp_1_1reloc__t-members.html @@ -2,8 +2,8 @@ - - + + Theodosius: Member List @@ -19,10 +19,10 @@
- - + + @@ -31,21 +31,22 @@
-
Theodosius -  v3.0 +
+
Theodosius v3.0
Jit linker, mapper, obfuscator, and mutator
- + +/* @license-end */ +
-
-
theo::recomp::reloc_t Member List
+
theo::recomp::reloc_t Member List

This is the complete list of members for theo::recomp::reloc_t, including all inherited members.

- + - + - +
add_transform(std::pair< obf::transform::transform_t *, std::uint32_t > entry)theo::recomp::reloc_tinline
get_transforms()theo::recomp::reloc_tinline
get_transforms()theo::recomp::reloc_tinline
hash()theo::recomp::reloc_tinline
name()theo::recomp::reloc_tinline
name()theo::recomp::reloc_tinline
offset()theo::recomp::reloc_tinline
offset(std::uint32_t offset)theo::recomp::reloc_tinline
offset(std::uint32_t offset)theo::recomp::reloc_tinline
reloc_t(std::uint32_t offset, std::size_t hash, const std::string &&sym_name)theo::recomp::reloc_tinlineexplicit
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d3/dee/classtheo_1_1obf_1_1reloc__transform__pass__t-members.html b/doxygen/html/d3/dee/classtheo_1_1obf_1_1reloc__transform__pass__t-members.html index d20642f..959afe2 100644 --- a/doxygen/html/d3/dee/classtheo_1_1obf_1_1reloc__transform__pass__t-members.html +++ b/doxygen/html/d3/dee/classtheo_1_1obf_1_1reloc__transform__pass__t-members.html @@ -2,8 +2,8 @@ - - + + Theodosius: Member List @@ -19,10 +19,10 @@
- - + + @@ -31,21 +31,22 @@
-
Theodosius -  v3.0 +
+
Theodosius v3.0
Jit linker, mapper, obfuscator, and mutator
- + +/* @license-end */ +
-
-
theo::obf::reloc_transform_pass_t Member List
+
theo::obf::reloc_transform_pass_t Member List

This is the complete list of members for theo::obf::reloc_transform_pass_t, including all inherited members.

- + - +
get()theo::obf::reloc_transform_pass_tstatic
pass_t(decomp::sym_type_t sym_type)theo::obf::pass_tinlineexplicit
pass_t(decomp::sym_type_t sym_type)theo::obf::pass_tinlineexplicit
run(decomp::symbol_t *sym)theo::obf::reloc_transform_pass_tvirtual
sym_type()theo::obf::pass_tinline
sym_type()theo::obf::pass_tinline
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d4/d3c/classtheo_1_1obf_1_1next__inst__pass__t-members.html b/doxygen/html/d4/d3c/classtheo_1_1obf_1_1next__inst__pass__t-members.html index 9de9c9a..b16d0ef 100644 --- a/doxygen/html/d4/d3c/classtheo_1_1obf_1_1next__inst__pass__t-members.html +++ b/doxygen/html/d4/d3c/classtheo_1_1obf_1_1next__inst__pass__t-members.html @@ -2,8 +2,8 @@ - - + + Theodosius: Member List @@ -19,10 +19,10 @@
- - + + @@ -31,21 +31,22 @@
-
Theodosius -  v3.0 +
+
Theodosius v3.0
Jit linker, mapper, obfuscator, and mutator
- + +/* @license-end */ +
-
-
theo::obf::next_inst_pass_t Member List
+
theo::obf::next_inst_pass_t Member List

This is the complete list of members for theo::obf::next_inst_pass_t, including all inherited members.

- + - +
get()theo::obf::next_inst_pass_tstatic
pass_t(decomp::sym_type_t sym_type)theo::obf::pass_tinlineexplicit
pass_t(decomp::sym_type_t sym_type)theo::obf::pass_tinlineexplicit
run(decomp::symbol_t *sym)theo::obf::next_inst_pass_tvirtual
sym_type()theo::obf::pass_tinline
sym_type()theo::obf::pass_tinline
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d4/d4a/recomp_8hpp.html b/doxygen/html/d4/d4a/recomp_8hpp.html index 290d206..1114817 100644 --- a/doxygen/html/d4/d4a/recomp_8hpp.html +++ b/doxygen/html/d4/d4a/recomp_8hpp.html @@ -2,8 +2,8 @@ - - + + Theodosius: include/recomp/recomp.hpp File Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-Classes | +Data Structures | Namespaces | Typedefs
-
-
recomp.hpp File Reference
+
recomp.hpp File Reference
-
#include <decomp/decomp.hpp>
-#include <obf/engine.hpp>
-#include <recomp/symbol_table.hpp>
+
#include <decomp/decomp.hpp>
+#include <obf/engine.hpp>
+#include <recomp/symbol_table.hpp>
-

Go to the source code of this file.

+

Go to the source code of this file.

- +

-Classes

+Data Structures

class  theo::recomp::recomp_t
 the main class responsible for recomposition More...
 
- - + - +

+

Namespaces

 theo
namespace  theo
 The outer most encompassing namespace of this project.
 
 theo::recomp
namespace  theo::recomp
 this namespace encompasses all recomposition related code.
 
- @@ -111,7 +111,7 @@ Typedefs
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d4/d4a/recomp_8hpp_source.html b/doxygen/html/d4/d4a/recomp_8hpp_source.html new file mode 100644 index 0000000..4b927b0 --- /dev/null +++ b/doxygen/html/d4/d4a/recomp_8hpp_source.html @@ -0,0 +1,207 @@ + + + + + + + +Theodosius: include/recomp/recomp.hpp Source File + + + + + + + + + +
+
+

+

Typedefs

using theo::recomp::resolver_t = std::function< std::uintptr_t(std::string)>
 a function which is called by recomp_t to resolve external symbols More...
+ + + + + + +
+
Theodosius v3.0 +
+
Jit linker, symbol mapper, and obfuscator
+
+
+ + + + + + + + +
+
+ + +
+ +
+ + +
+
+
recomp.hpp
+
+
+Go to the documentation of this file.
1// Copyright (c) 2022, _xeroxz
+
2// All rights reserved.
+
3//
+
4// Redistribution and use in source and binary forms, with or without
+
5// modification, are permitted provided that the following conditions are met:
+
6//
+
7// 1. Redistributions of source code must retain the above copyright notice,
+
8// this list of conditions and the following disclaimer.
+
9//
+
10// 2. Redistributions in binary form must reproduce the above copyright notice,
+
11// this list of conditions and the following disclaimer in the documentation
+
12// and/or other materials provided with the distribution.
+
13//
+
14// 3. Neither the name of the copyright holder nor the names of its
+
15// contributors may be used to endorse or promote products derived from
+
16// this software without specific prior written permission.
+
17//
+
18// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+
19// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+
20// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+
21// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+
22// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+
23// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+
24// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+
25// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+
26// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+
27// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+
28// POSSIBILITY OF SUCH DAMAGE.
+
29//
+
30
+
31#pragma once
+
32#include <decomp/decomp.hpp>
+
33#include <obf/engine.hpp>
+
34#include <recomp/symbol_table.hpp>
+
35
+
36/// <summary>
+
37/// this namespace encompasses all recomposition related code.
+
38/// </summary>
+
39namespace theo::recomp {
+
40
+
41/// <summary>
+
42/// a function which is called by recomp_t to resolve external symbols
+
43/// </summary>
+
44using resolver_t = std::function<std::uintptr_t(std::string)>;
+
45
+
46/// <summary>
+
47/// a function which is called by recomp_t to copy symbols into memory.
+
48/// </summary>
+
49using copier_t = std::function<void(std::uintptr_t, void*, std::uint32_t)>;
+
50
+
51/// <summary>
+
52/// a function which is called to allocate space for a symbol.
+
53///
+
54/// the first param is the size of the symbol, the second param is the
+
55/// characteristics of the section which the symbol is allocated in.
+
56/// </summary>
+
57using allocator_t =
+
58 std::function<std::uintptr_t(std::uint32_t,
+
59 coff::section_characteristics_t)>;
+
60
+
61/// <summary>
+
62/// the main class responsible for recomposition
+
63/// </summary>
+
64class recomp_t {
+
65 public:
+
66 /// <summary>
+
67 /// the explicit constructor for the recomp_t class.
+
68 /// </summary>
+
69 /// <param name="dcmp">pointer to a decomp_t class.</param>
+
70 /// <param name="alloc">lambda function which is used to allocate memory for
+
71 /// symbols.</param> <param name="copy">lambda function used to copy bytes
+
72 /// into allocations.</param> <param name="resolve">lambda function used to
+
73 /// resolve external symbols.</param>
+
74 explicit recomp_t(decomp::decomp_t* dcmp,
+
75 allocator_t alloc,
+
76 copier_t copy,
+
77 resolver_t resolve);
+
78
+
79 /// <summary>
+
80 /// when called, this function allocates space for every symbol.
+
81 /// </summary>
+
82 void allocate();
+
83
+
84 /// <summary>
+
85 /// when called, this function resolves all relocations in every symbol.
+
86 /// </summary>
+
87 void resolve();
+
88
+
89 /// <summary>
+
90 /// when called, this function copies symbols into allocations.
+
91 /// </summary>
+
92 void copy_syms();
+
93
+
94 /// <summary>
+
95 /// setter for the allocater lambda function.
+
96 /// </summary>
+
97 /// <param name="alloc">lambda function which allocates memory for
+
98 /// symbols.</param>
+
99 void allocator(allocator_t alloc);
+
100
+
101 /// <summary>
+
102 /// setter for the copier lambda function.
+
103 /// </summary>
+
104 /// <param name="copy">copier lambda function used to copy bytes into
+
105 /// allocations made by the allocator.</param>
+
106 void copier(copier_t copy);
+
107
+
108 /// <summary>
+
109 /// setter for the resolve lambda function.
+
110 /// </summary>
+
111 /// <param name="resolve">lambda function to resolve external symbols.</param>
+
112 void resolver(resolver_t resolve);
+
113
+
114 /// <summary>
+
115 /// resolves the address of a function given its name.
+
116 /// </summary>
+
117 /// <param name="sym">the name of the symbol to resolve the location
+
118 /// of.</param> <returns>the address of the symbol.</returns>
+
119 std::uintptr_t resolve(const std::string&& sym);
+
120
+
121 private:
+
122 decomp::decomp_t* m_dcmp;
+
123 resolver_t m_resolver;
+
124 copier_t m_copier;
+
125 allocator_t m_allocator;
+
126};
+
127} // namespace theo::recomp
+
+ +
+Generated by doxygen 1.9.3 +
+ + diff --git a/doxygen/html/d4/dab/classtheo_1_1decomp_1_1decomp__t-members.html b/doxygen/html/d4/dab/classtheo_1_1decomp_1_1decomp__t-members.html index ff2bf80..f264415 100644 --- a/doxygen/html/d4/dab/classtheo_1_1decomp_1_1decomp__t-members.html +++ b/doxygen/html/d4/dab/classtheo_1_1decomp_1_1decomp__t-members.html @@ -2,8 +2,8 @@ - - + + Theodosius: Member List @@ -19,10 +19,10 @@
- - + + @@ -31,21 +31,22 @@
-
Theodosius -  v3.0 +
+
Theodosius v3.0
Jit linker, mapper, obfuscator, and mutator
- + +/* @license-end */ +
-
-
theo::decomp::decomp_t Member List
+
theo::decomp::decomp_t Member List

This is the complete list of members for theo::decomp::decomp_t, including all inherited members.

- + - + - +
decomp_t(std::vector< std::uint8_t > &lib, recomp::symbol_table_t *syms)theo::decomp::decomp_texplicit
decompose(std::string &entry_sym)theo::decomp::decomp_t
decompose(std::string &entry_sym)theo::decomp::decomp_t
lib()theo::decomp::decomp_t
objs()theo::decomp::decomp_t
objs()theo::decomp::decomp_t
rtns()theo::decomp::decomp_t
scn_hash_tbl()theo::decomp::decomp_t
scn_hash_tbl()theo::decomp::decomp_t
syms()theo::decomp::decomp_t
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d4/dad/classtheo_1_1obf_1_1pass__t.html b/doxygen/html/d4/dad/classtheo_1_1obf_1_1pass__t.html index aa2e33a..c6f5783 100644 --- a/doxygen/html/d4/dad/classtheo_1_1obf_1_1pass__t.html +++ b/doxygen/html/d4/dad/classtheo_1_1obf_1_1pass__t.html @@ -2,8 +2,8 @@ - - + + Theodosius: theo::obf::pass_t Class Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-Public Member Functions | -List of all members
-
-
theo::obf::pass_t Class Referenceabstract
+Public Member Functions
+
theo::obf::pass_t Class Referenceabstract

the pass_t class is a base clase for all passes made. you must override the pass_t::run virtual function and declare the logic of your pass there. More...

-

#include <pass.hpp>

+

#include "pass.hpp"

Inheritance diagram for theo::obf::pass_t:
@@ -92,7 +91,7 @@ Inheritance diagram for theo::obf::pass_t:
- @@ -105,10 +104,12 @@ Public Member Functions

+

Public Member Functions

 pass_t (decomp::sym_type_t sym_type)
 the explicit constructor of the pass_t base class. More...
 

Detailed Description

-

the pass_t class is a base clase for all passes made. you must override the pass_t::run virtual function and declare the logic of your pass there.

-

in the constructor of your pass you must call the super constructor (the pass_t constructor) and pass it the type of symbol which you are interesting in receiving.

+

the pass_t class is a base clase for all passes made. you must override the pass_t::run virtual function and declare the logic of your pass there.

+

in the constructor of your pass you must call the super constructor (the pass_t constructor) and pass it the type of symbol which you are interesting in receiving.

+ +

Definition at line 55 of file pass.hpp.

Constructor & Destructor Documentation

- +

◆ pass_t()

@@ -139,13 +140,14 @@ Public Member Functions -
63 : m_sym_type(sym_type){};
-
theo::obf::pass_t::sym_type
decomp::sym_type_t sym_type()
gets the passes symbol type.
Definition: pass.hpp:76
+ +

Definition at line 63 of file pass.hpp.

+
63: m_sym_type(sym_type){};

Member Function Documentation

- +

◆ run()

@@ -177,11 +179,11 @@ Public Member Functions -

Implemented in theo::obf::reloc_transform_pass_t, theo::obf::next_inst_pass_t, theo::obf::jcc_rewrite_pass_t, and theo::obf::hello_world_pass_t.

+

Implemented in theo::obf::hello_world_pass_t, theo::obf::jcc_rewrite_pass_t, theo::obf::next_inst_pass_t, and theo::obf::reloc_transform_pass_t.

- +

◆ sym_type()

@@ -206,17 +208,19 @@ Public Member Functions

gets the passes symbol type.

Returns
the passes symbol type.
-
76 { return m_sym_type; }
+ +

Definition at line 76 of file pass.hpp.

+
76{ return m_sym_type; }
The documentation for this class was generated from the following file:
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d5/d05/classtheo_1_1recomp_1_1recomp__t.html b/doxygen/html/d5/d05/classtheo_1_1recomp_1_1recomp__t.html index 670162b..fc0757b 100644 --- a/doxygen/html/d5/d05/classtheo_1_1recomp_1_1recomp__t.html +++ b/doxygen/html/d5/d05/classtheo_1_1recomp_1_1recomp__t.html @@ -2,8 +2,8 @@ - - + + Theodosius: theo::recomp::recomp_t Class Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-Public Member Functions | -List of all members
-
-
theo::recomp::recomp_t Class Reference
+Public Member Functions
+
theo::recomp::recomp_t Class Reference

the main class responsible for recomposition More...

-

#include <recomp.hpp>

+

#include "recomp.hpp"

- @@ -108,9 +107,11 @@ Public Member Functions

+

Public Member Functions

 recomp_t (decomp::decomp_t *dcmp, allocator_t alloc, copier_t copy, resolver_t resolve)
 the explicit constructor for the recomp_t class. More...
 

Detailed Description

-

the main class responsible for recomposition

+

the main class responsible for recomposition

+ +

Definition at line 64 of file recomp.hpp.

Constructor & Destructor Documentation

- +

◆ recomp_t()

@@ -166,13 +167,14 @@ Public Member Functions -
38  : m_dcmp(dcmp), m_allocator(alloc), m_copier(copy), m_resolver(resolve) {}
-
theo::recomp::recomp_t::resolve
void resolve()
when called, this function resolves all relocations in every symbol.
Definition: recomp.cpp:92
+ +

Definition at line 34 of file recomp.cpp.

+
38 : m_dcmp(dcmp), m_allocator(alloc), m_copier(copy), m_resolver(resolve) {}

Member Function Documentation

- +

◆ allocate()

@@ -188,69 +190,67 @@ Public Member Functions

when called, this function allocates space for every symbol.

-
40  {
-
41  // map code & data/rdata/bss sections first...
-
42  //
-
43  m_dcmp->syms()->for_each([&](theo::decomp::symbol_t& sym) {
-
44  switch (sym.type()) {
-
45  case decomp::sym_type_t::section:
-
46  case decomp::sym_type_t::function:
-
47  case decomp::sym_type_t::instruction: {
-
48  sym.allocated_at(m_allocator(sym.size(), sym.scn()->characteristics));
-
49  break;
-
50  }
-
51  default:
-
52  break;
-
53  }
-
54  });
-
55 
-
56  // then map data/rdata/bss symbols to the allocated sections...
-
57  //
-
58  m_dcmp->syms()->for_each([&](theo::decomp::symbol_t& sym) {
-
59  if (sym.type() == decomp::sym_type_t::data) {
-
60  // if the symbol has a section then we will refer to the allocation made
-
61  // for that section...
-
62  //
-
63  if (sym.scn()) {
-
64  auto scn_sym =
-
65  m_dcmp->syms()->sym_from_hash(m_dcmp->scn_hash_tbl()[sym.scn()]);
-
66 
-
67  if (!scn_sym.has_value()) {
-
68  spdlog::error("failed to locate section: {} for symbol: {}",
-
69  sym.scn()->name.to_string(), sym.name());
-
70 
-
71  assert(scn_sym.has_value());
-
72  }
-
73 
-
74  sym.allocated_at(scn_sym.value()->allocated_at() + sym.offset());
-
75  } else { // else if there is no section then we allocate based upon the
-
76  // size of the symbol... this is only done for symbols that are
-
77  // bss...
-
78  //
-
79 
-
80  // bss is read write...
-
81  //
-
82  coff::section_characteristics_t prot = {};
-
83  prot.mem_read = true;
-
84  prot.mem_write = true;
-
85 
-
86  sym.allocated_at(m_allocator(sym.size(), sym.scn()->characteristics));
-
87  }
-
88  }
-
89  });
-
90 }
-
theo::decomp::decomp_t::syms
recomp::symbol_table_t * syms()
gets the symbol table.
Definition: decomp.cpp:293
-
theo::decomp::symbol_t
symbol_t is an abstraction upon the coff symbol. this allows for easier manipulation of the symbol....
Definition: symbol.hpp:59
-
theo::decomp::symbol_t::type
sym_type_t type() const
returns the type of the symbol.
Definition: symbol.cpp:80
-
theo::decomp::symbol_t::scn
coff::section_header_t * scn() const
gets the section header of the section in which the symbol is contained.
Definition: symbol.cpp:64
-
theo::decomp::symbol_t::size
std::uint32_t size() const
returns the size of the symbol.
Definition: symbol.cpp:72
-
theo::decomp::symbol_t::allocated_at
std::uintptr_t allocated_at() const
returns the address where the symbol is allocated.
Definition: symbol.cpp:60
-
theo::recomp::symbol_table_t::for_each
void for_each(std::function< void(decomp::symbol_t &sym)> fn)
this function is a wrapper function that allows you to get at each entry in the symbol table by refer...
Definition: symbol_table.cpp:49
-
theo::decomp::data
@ data
Definition: symbol.hpp:46
+ +

Definition at line 40 of file recomp.cpp.

+
40 {
+
41 // map code & data/rdata/bss sections first...
+
42 //
+
43 m_dcmp->syms()->for_each([&](theo::decomp::symbol_t& sym) {
+
44 switch (sym.type()) {
+
45 case decomp::sym_type_t::section:
+
46 case decomp::sym_type_t::function:
+
47 case decomp::sym_type_t::instruction: {
+
48 sym.allocated_at(m_allocator(sym.size(), sym.scn()->characteristics));
+
49 break;
+
50 }
+
51 default:
+
52 break;
+
53 }
+
54 });
+
55
+
56 // then map data/rdata/bss symbols to the allocated sections...
+
57 //
+
58 m_dcmp->syms()->for_each([&](theo::decomp::symbol_t& sym) {
+
59 if (sym.type() == decomp::sym_type_t::data) {
+
60 // if the symbol has a section then we will refer to the allocation made
+
61 // for that section...
+
62 //
+
63 if (sym.scn()) {
+
64 auto scn_sym =
+
65 m_dcmp->syms()->sym_from_hash(m_dcmp->scn_hash_tbl()[sym.scn()]);
+
66
+
67 if (!scn_sym.has_value()) {
+
68 spdlog::error("failed to locate section: {} for symbol: {}",
+
69 sym.scn()->name.to_string(), sym.name());
+
70
+
71 assert(scn_sym.has_value());
+
72 }
+
73
+
74 sym.allocated_at(scn_sym.value()->allocated_at() + sym.offset());
+
75 } else { // else if there is no section then we allocate based upon the
+
76 // size of the symbol... this is only done for symbols that are
+
77 // bss...
+
78 //
+
79
+
80 // bss is read write...
+
81 //
+
82 coff::section_characteristics_t prot = {};
+
83 prot.mem_read = true;
+
84 prot.mem_write = true;
+
85
+
86 sym.allocated_at(m_allocator(sym.size(), sym.scn()->characteristics));
+
87 }
+
88 }
+
89 });
+
90}
+

References theo::recomp::symbol_table_t::for_each(), theo::decomp::decomp_t::syms(), and theo::decomp::symbol_t::type().

+ +

Referenced by theo::theo_t::compose().

+
- +

◆ allocator()

@@ -273,13 +273,15 @@ Public Member Functions -
163  {
-
164  m_allocator = alloc;
-
165 }
+ +

Definition at line 163 of file recomp.cpp.

+
163 {
+
164 m_allocator = alloc;
+
165}
- +

◆ copier()

@@ -302,13 +304,15 @@ Public Member Functions -
167  {
-
168  m_copier = copy;
-
169 }
+ +

Definition at line 167 of file recomp.cpp.

+
167 {
+
168 m_copier = copy;
+
169}
- +

◆ copy_syms()

@@ -324,18 +328,23 @@ Public Member Functions

when called, this function copies symbols into allocations.

-
155  {
-
156  // copy symbols into memory using the copier supplied...
-
157  //
-
158  m_dcmp->syms()->for_each([&](theo::decomp::symbol_t& sym) {
-
159  m_copier(sym.allocated_at(), sym.data().data(), sym.data().size());
-
160  });
-
161 }
-
theo::decomp::symbol_t::data
std::vector< std::uint8_t > & data()
returns a vector by reference of bytes containing the data of the symbol.
Definition: symbol.cpp:76
+ +

Definition at line 155 of file recomp.cpp.

+
155 {
+
156 // copy symbols into memory using the copier supplied...
+
157 //
+
158 m_dcmp->syms()->for_each([&](theo::decomp::symbol_t& sym) {
+
159 m_copier(sym.allocated_at(), sym.data().data(), sym.data().size());
+
160 });
+
161}
+

References theo::decomp::symbol_t::allocated_at(), and theo::decomp::symbol_t::data().

+ +

Referenced by theo::theo_t::compose().

+
- +

◆ resolve() [1/2]

@@ -351,79 +360,78 @@ Public Member Functions

when called, this function resolves all relocations in every symbol.

-
92  {
-
93  // resolve relocations in all symbols...
-
94  //
-
95  m_dcmp->syms()->for_each([&](theo::decomp::symbol_t& sym) {
-
96  auto& relocs = sym.relocs();
-
97  std::for_each(relocs.begin(), relocs.end(), [&](reloc_t& reloc) {
-
98  if (reloc.offset() > sym.data().size()) {
-
99  spdlog::error(
-
100  "invalid relocation... writing outside of symbol length... offset: "
-
101  "{} sym size: {}",
-
102  sym.offset(), sym.data().size());
-
103 
-
104  assert(reloc.offset() > sym.data().size());
-
105  }
-
106 
-
107  // try and resolve the symbol by refering to the internal symbol table
-
108  // first... if there is no symbol then refer to the resolver...
-
109  //
-
110  auto reloc_sym = m_dcmp->syms()->sym_from_hash(reloc.hash());
-
111  auto allocated_at = reloc_sym.has_value()
-
112  ? reloc_sym.value()->allocated_at()
-
113  : m_resolver(reloc.name());
-
114 
-
115  if (!allocated_at) {
-
116  spdlog::error("failed to resolve reloc from symbol: {} to symbol: {}",
-
117  sym.name(), reloc.name());
-
118 
-
119  assert(allocated_at);
-
120  }
-
121 
-
122  switch (sym.type()) {
-
123  case decomp::sym_type_t::section: {
-
124  auto scn_sym =
-
125  m_dcmp->syms()->sym_from_hash(m_dcmp->scn_hash_tbl()[sym.scn()]);
-
126 
-
127  *reinterpret_cast<std::uintptr_t*>(scn_sym.value()->data().data() +
-
128  reloc.offset()) = allocated_at;
-
129  break;
-
130  }
-
131  case decomp::sym_type_t::function: {
-
132  *reinterpret_cast<std::uintptr_t*>(sym.data().data() +
-
133  reloc.offset()) = allocated_at;
-
134  break;
-
135  }
-
136  case decomp::sym_type_t::instruction: {
-
137  auto& transforms = reloc.get_transforms();
-
138  std::for_each(
-
139  transforms.begin(), transforms.end(),
-
140  [&](std::pair<obf::transform::transform_t*, std::uint32_t>& t) {
-
141  allocated_at = (*t.first)(allocated_at, t.second);
-
142  });
-
143 
-
144  *reinterpret_cast<std::uintptr_t*>(sym.data().data() +
-
145  reloc.offset()) = allocated_at;
-
146  break;
-
147  }
-
148  default:
-
149  break;
-
150  }
-
151  });
-
152  });
-
153 }
-
theo::decomp::decomp_t::scn_hash_tbl
std::map< coff::section_header_t *, std::size_t > & scn_hash_tbl()
gets the section hash table section header --> hash of the section header ptr.
Definition: decomp.cpp:297
-
theo::decomp::symbol_t::name
std::string name() const
gets the name of the symbol.
Definition: symbol.cpp:52
-
theo::decomp::symbol_t::relocs
std::vector< recomp::reloc_t > & relocs()
returns a vector of relocations.
Definition: symbol.cpp:96
-
theo::recomp::symbol_table_t::sym_from_hash
std::optional< decomp::symbol_t * > sym_from_hash(std::size_t hash)
returns an optional pointer to a symbol from the symbol table given the symbols hash (hash of its nam...
Definition: symbol_table.cpp:54
-
theo::decomp::section
@ section
Definition: symbol.hpp:47
-
theo::decomp::instruction
@ instruction
Definition: symbol.hpp:45
-
theo::decomp::function
@ function
Definition: symbol.hpp:44
+ +

Definition at line 92 of file recomp.cpp.

+
92 {
+
93 // resolve relocations in all symbols...
+
94 //
+
95 m_dcmp->syms()->for_each([&](theo::decomp::symbol_t& sym) {
+
96 auto& relocs = sym.relocs();
+
97 std::for_each(relocs.begin(), relocs.end(), [&](reloc_t& reloc) {
+
98 if (reloc.offset() > sym.data().size()) {
+
99 spdlog::error(
+
100 "invalid relocation... writing outside of symbol length... offset: "
+
101 "{} sym size: {}",
+
102 sym.offset(), sym.data().size());
+
103
+
104 assert(reloc.offset() > sym.data().size());
+
105 }
+
106
+
107 // try and resolve the symbol by refering to the internal symbol table
+
108 // first... if there is no symbol then refer to the resolver...
+
109 //
+
110 auto reloc_sym = m_dcmp->syms()->sym_from_hash(reloc.hash());
+
111 auto allocated_at = reloc_sym.has_value()
+
112 ? reloc_sym.value()->allocated_at()
+
113 : m_resolver(reloc.name());
+
114
+
115 if (!allocated_at) {
+
116 spdlog::error("failed to resolve reloc from symbol: {} to symbol: {}",
+
117 sym.name(), reloc.name());
+
118
+
119 assert(allocated_at);
+
120 }
+
121
+
122 switch (sym.type()) {
+
123 case decomp::sym_type_t::section: {
+
124 auto scn_sym =
+
125 m_dcmp->syms()->sym_from_hash(m_dcmp->scn_hash_tbl()[sym.scn()]);
+
126
+
127 *reinterpret_cast<std::uintptr_t*>(scn_sym.value()->data().data() +
+
128 reloc.offset()) = allocated_at;
+
129 break;
+
130 }
+
131 case decomp::sym_type_t::function: {
+
132 *reinterpret_cast<std::uintptr_t*>(sym.data().data() +
+
133 reloc.offset()) = allocated_at;
+
134 break;
+
135 }
+
136 case decomp::sym_type_t::instruction: {
+
137 auto& transforms = reloc.get_transforms();
+
138 std::for_each(
+
139 transforms.begin(), transforms.end(),
+
140 [&](std::pair<obf::transform::transform_t*, std::uint32_t>& t) {
+
141 allocated_at = (*t.first)(allocated_at, t.second);
+
142 });
+
143
+
144 *reinterpret_cast<std::uintptr_t*>(sym.data().data() +
+
145 reloc.offset()) = allocated_at;
+
146 break;
+
147 }
+
148 default:
+
149 break;
+
150 }
+
151 });
+
152 });
+
153}
+

References theo::decomp::symbol_t::data(), theo::decomp::function, theo::recomp::reloc_t::get_transforms(), theo::recomp::reloc_t::hash(), theo::decomp::instruction, theo::recomp::reloc_t::name(), theo::decomp::symbol_t::name(), theo::recomp::reloc_t::offset(), theo::decomp::symbol_t::relocs(), theo::decomp::symbol_t::scn(), theo::decomp::section, and theo::decomp::symbol_t::type().

+ +

Referenced by theo::theo_t::compose().

+
- +

◆ resolve() [2/2]

@@ -447,15 +455,18 @@ Public Member Functions
Returns
the address of the symbol.
-
175  {
-
176  auto res = m_dcmp->syms()->sym_from_hash(decomp::symbol_t::hash(sym));
-
177  return res.has_value() ? res.value()->allocated_at() : 0;
-
178 }
-
theo::decomp::symbol_t::hash
std::size_t hash()
gets the hash of the symbol name.
Definition: symbol.cpp:88
+ +

Definition at line 175 of file recomp.cpp.

+
175 {
+
176 auto res = m_dcmp->syms()->sym_from_hash(decomp::symbol_t::hash(sym));
+
177 return res.has_value() ? res.value()->allocated_at() : 0;
+
178}
+

References theo::decomp::symbol_t::hash().

+
- +

◆ resolver()

@@ -478,20 +489,22 @@ Public Member Functions -
171  {
-
172  m_resolver = resolve;
-
173 }
+ +

Definition at line 171 of file recomp.cpp.

+
171 {
+
172 m_resolver = resolve;
+
173}
The documentation for this class was generated from the following files:
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d5/d08/classtheo_1_1obf_1_1next__inst__pass__t.html b/doxygen/html/d5/d08/classtheo_1_1obf_1_1next__inst__pass__t.html index 93baf41..183aeb1 100644 --- a/doxygen/html/d5/d08/classtheo_1_1obf_1_1next__inst__pass__t.html +++ b/doxygen/html/d5/d08/classtheo_1_1obf_1_1next__inst__pass__t.html @@ -2,8 +2,8 @@ - - + + Theodosius: theo::obf::next_inst_pass_t Class Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ + +
theo::obf::next_inst_pass_t Class Reference

This pass is used to generate transformations and jmp code to change RIP to the next instruction. More...

-

#include <next_inst_pass.hpp>

+

#include "next_inst_pass.hpp"

Inheritance diagram for theo::obf::next_inst_pass_t:
@@ -90,7 +89,7 @@ Inheritance diagram for theo::obf::next_inst_pass_t:
- @@ -99,26 +98,31 @@ Public Member Functions + + +

+

Public Member Functions

void run (decomp::symbol_t *sym)
 virtual method which must be implimented by the pass that inherits this class. More...
 pass_t (decomp::sym_type_t sym_type)
 the explicit constructor of the pass_t base class. More...
 
virtual void run (decomp::symbol_t *sym)=0
 virtual method which must be implimented by the pass that inherits this class. More...
 
decomp::sym_type_t sym_type ()
 gets the passes symbol type. More...
 
-

+

Static Public Member Functions

static next_inst_pass_tget ()
 

Detailed Description

-

This pass is used to generate transformations and jmp code to change RIP to the next instruction.

-

given the following code (get pml4 address from cr3):

-

get_pml4: 0: 48 c7 c0 ff 0f 00 00 mov rax,0xfff 7: 48 f7 d0 not rax a: 0f 20 da mov rdx,cr3 d: 48 21 c2 and rdx,rax 10: b1 00 mov cl,0x0 12: 48 d3 e2 shl rdx,cl 15: 48 89 d0 mov rax,rdx 18: c3 ret

-

this pass will break up each instruction so that it can be anywhere in a linear virtual address space. this pass will not work on rip relative code, however clang will not generate such code when compiled with "-mcmodel=large"

-

get_pml4@0: mov rax, 0xFFF push [next_inst_addr_enc] xor [rsp], 0x3243342 ; a random number of transformations here... ret next_inst_addr_enc: ; encrypted address of the next instruction goes here.

-

get_pml4@7: not rax push [next_inst_addr_enc] xor [rsp], 0x93983498 ; a random number of transformations here... ret next_inst_addr_enc: ; encrypted address of the next instruction goes here.

-

this process is continued for each instruction in the function. the last instruction "ret" will have no code generated for it as there is no next instruction.

-

this pass also only runs at the instruction level, theodosius internally breaks up functions inside of the ".split" section into individual instruction symbols. this process also creates a psuedo relocation which simply tells this pass that there needs to be a relocation to the next symbol. the offset for these psuedo relocations is zero.

+

This pass is used to generate transformations and jmp code to change RIP to the next instruction.

+

given the following code (get pml4 address from cr3):

+

get_pml4: 0: 48 c7 c0 ff 0f 00 00 mov rax,0xfff 7: 48 f7 d0 not rax a: 0f 20 da mov rdx,cr3 d: 48 21 c2 and rdx,rax 10: b1 00 mov cl,0x0 12: 48 d3 e2 shl rdx,cl 15: 48 89 d0 mov rax,rdx 18: c3 ret

+

this pass will break up each instruction so that it can be anywhere in a linear virtual address space. this pass will not work on rip relative code, however clang will not generate such code when compiled with "-mcmodel=large"

+

get_pml4@0: mov rax, 0xFFF push [next_inst_addr_enc] xor [rsp], 0x3243342 ; a random number of transformations here... ret next_inst_addr_enc: ; encrypted address of the next instruction goes here.

+

get_pml4@7: not rax push [next_inst_addr_enc] xor [rsp], 0x93983498 ; a random number of transformations here... ret next_inst_addr_enc: ; encrypted address of the next instruction goes here.

+

this process is continued for each instruction in the function. the last instruction "ret" will have no code generated for it as there is no next instruction.

+

this pass also only runs at the instruction level, theodosius internally breaks up functions inside of the ".split" section into individual instruction symbols. this process also creates a psuedo relocation which simply tells this pass that there needs to be a relocation to the next symbol. the offset for these psuedo relocations is zero.

+ +

Definition at line 85 of file next_inst_pass.hpp.

Member Function Documentation

- +

◆ get()

@@ -140,14 +144,18 @@ Static Public Member Functions
-
34  {
-
35  static next_inst_pass_t obj;
-
36  return &obj;
-
37 }
+ +

Definition at line 34 of file next_inst_pass.cpp.

+
34 {
+
35 static next_inst_pass_t obj;
+
36 return &obj;
+
37}
+

Referenced by main(), and theo::obf::jcc_rewrite_pass_t::run().

+
- +

◆ run()

@@ -180,73 +188,78 @@ Static Public Member Functions

Implements theo::obf::pass_t.

-
38  {
-
39  std::optional<recomp::reloc_t*> reloc;
-
40  if (!(reloc = has_next_inst_reloc(sym)).has_value())
-
41  return;
-
42 
-
43  xed_decoded_inst_t inst = m_tmp_inst;
-
44  std::vector<std::uint8_t> new_inst_bytes =
-
45  transform::generate(&inst, reloc.value(), 3, 6);
-
46 
-
47  // add a push [rip+offset] and update reloc->offset()...
-
48  //
-
49  std::uint32_t inst_len = {};
-
50  std::uint8_t inst_buff[XED_MAX_INSTRUCTION_BYTES];
-
51 
-
52  xed_error_enum_t err;
-
53  xed_encoder_request_t req;
-
54  xed_state_t istate{XED_MACHINE_MODE_LONG_64, XED_ADDRESS_WIDTH_64b};
-
55 
-
56  xed_encoder_request_zero_set_mode(&req, &istate);
-
57  xed_encoder_request_set_effective_operand_width(&req, 64);
-
58  xed_encoder_request_set_iclass(&req, XED_ICLASS_PUSH);
-
59 
-
60  xed_encoder_request_set_mem0(&req);
-
61  xed_encoder_request_set_operand_order(&req, 0, XED_OPERAND_MEM0);
-
62 
-
63  xed_encoder_request_set_base0(&req, XED_REG_RIP);
-
64  xed_encoder_request_set_seg0(&req, XED_REG_INVALID);
-
65  xed_encoder_request_set_index(&req, XED_REG_INVALID);
-
66  xed_encoder_request_set_scale(&req, 0);
-
67 
-
68  xed_encoder_request_set_memory_operand_length(&req, 8);
-
69  xed_encoder_request_set_memory_displacement(&req, new_inst_bytes.size() + 1,
-
70  1);
-
71 
-
72  if ((err = xed_encode(&req, inst_buff, sizeof(inst_buff), &inst_len)) !=
-
73  XED_ERROR_NONE) {
-
74  spdlog::info("failed to encode instruction... reason: {}",
-
75  xed_error_enum_t2str(err));
-
76 
-
77  assert(err == XED_ERROR_NONE);
-
78  }
-
79 
-
80  new_inst_bytes.insert(new_inst_bytes.begin(), inst_buff,
-
81  inst_buff + inst_len);
-
82 
-
83  // put a return instruction at the end of the decrypt instructions...
-
84  //
-
85  new_inst_bytes.push_back(0xC3);
-
86 
-
87  sym->data().insert(sym->data().end(), new_inst_bytes.begin(),
-
88  new_inst_bytes.end());
-
89 
-
90  reloc.value()->offset(sym->data().size());
-
91  sym->data().resize(sym->data().size() + 8);
-
92 }
-
theo::obf::transform::generate
std::vector< std::uint8_t > generate(xed_decoded_inst_t *inst, recomp::reloc_t *reloc, std::uint8_t low, std::uint8_t high)
generate a sequence of transformations given an instruction that has a relocation in it.
Definition: gen.hpp:45
+ +

Definition at line 38 of file next_inst_pass.cpp.

+
38 {
+
39 std::optional<recomp::reloc_t*> reloc;
+
40 if (!(reloc = has_next_inst_reloc(sym)).has_value())
+
41 return;
+
42
+
43 xed_decoded_inst_t inst = m_tmp_inst;
+
44 std::vector<std::uint8_t> new_inst_bytes =
+
45 transform::generate(&inst, reloc.value(), 3, 6);
+
46
+
47 // add a push [rip+offset] and update reloc->offset()...
+
48 //
+
49 std::uint32_t inst_len = {};
+
50 std::uint8_t inst_buff[XED_MAX_INSTRUCTION_BYTES];
+
51
+
52 xed_error_enum_t err;
+
53 xed_encoder_request_t req;
+
54 xed_state_t istate{XED_MACHINE_MODE_LONG_64, XED_ADDRESS_WIDTH_64b};
+
55
+
56 xed_encoder_request_zero_set_mode(&req, &istate);
+
57 xed_encoder_request_set_effective_operand_width(&req, 64);
+
58 xed_encoder_request_set_iclass(&req, XED_ICLASS_PUSH);
+
59
+
60 xed_encoder_request_set_mem0(&req);
+
61 xed_encoder_request_set_operand_order(&req, 0, XED_OPERAND_MEM0);
+
62
+
63 xed_encoder_request_set_base0(&req, XED_REG_RIP);
+
64 xed_encoder_request_set_seg0(&req, XED_REG_INVALID);
+
65 xed_encoder_request_set_index(&req, XED_REG_INVALID);
+
66 xed_encoder_request_set_scale(&req, 0);
+
67
+
68 xed_encoder_request_set_memory_operand_length(&req, 8);
+
69 xed_encoder_request_set_memory_displacement(&req, new_inst_bytes.size() + 1,
+
70 1);
+
71
+
72 if ((err = xed_encode(&req, inst_buff, sizeof(inst_buff), &inst_len)) !=
+
73 XED_ERROR_NONE) {
+
74 spdlog::info("failed to encode instruction... reason: {}",
+
75 xed_error_enum_t2str(err));
+
76
+
77 assert(err == XED_ERROR_NONE);
+
78 }
+
79
+
80 new_inst_bytes.insert(new_inst_bytes.begin(), inst_buff,
+
81 inst_buff + inst_len);
+
82
+
83 // put a return instruction at the end of the decrypt instructions...
+
84 //
+
85 new_inst_bytes.push_back(0xC3);
+
86
+
87 sym->data().insert(sym->data().end(), new_inst_bytes.begin(),
+
88 new_inst_bytes.end());
+
89
+
90 reloc.value()->offset(sym->data().size());
+
91 sym->data().resize(sym->data().size() + 8);
+
92}
+

References theo::decomp::symbol_t::data(), and theo::obf::transform::generate().

+ +

Referenced by theo::obf::jcc_rewrite_pass_t::run().

+
The documentation for this class was generated from the following files:
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d5/d18/gen_8hpp.html b/doxygen/html/d5/d18/gen_8hpp.html index 9ff3188..4fc636a 100644 --- a/doxygen/html/d5/d18/gen_8hpp.html +++ b/doxygen/html/d5/d18/gen_8hpp.html @@ -2,8 +2,8 @@ - - + + Theodosius: include/obf/transform/gen.hpp File Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ + -
-
gen.hpp File Reference
+
gen.hpp File Reference
-
#include <obf/transform/transform.hpp>
-#include <recomp/reloc.hpp>
+
#include <obf/transform/transform.hpp>
+#include <recomp/reloc.hpp>
-

Go to the source code of this file.

+

Go to the source code of this file.

- - + - + - +

+

Namespaces

 theo
namespace  theo
 The outer most encompassing namespace of this project.
 
 theo::obf
namespace  theo::obf
 this is the main namespace for obfuscation related things.
 
 theo::obf::transform
namespace  theo::obf::transform
 this namespace encompasses the code for transforming relocations.
 
- - - - + + +

+

Functions

std::vector< std::uint8_t > theo::obf::transform::generate (xed_decoded_inst_t *inst, recomp::reloc_t *reloc, std::uint8_t low, std::uint8_t high)
 generate a sequence of transformations given an instruction that has a relocation in it. More...
 
std::vector< std::uint8_t > theo::obf::transform::generate (xed_decoded_inst_t *inst, recomp::reloc_t *reloc, std::uint8_t low, std::uint8_t high)
 generate a sequence of transformations given an instruction that has a relocation in it. More...
 
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d5/d18/gen_8hpp_source.html b/doxygen/html/d5/d18/gen_8hpp_source.html new file mode 100644 index 0000000..579f155 --- /dev/null +++ b/doxygen/html/d5/d18/gen_8hpp_source.html @@ -0,0 +1,169 @@ + + + + + + + +Theodosius: include/obf/transform/gen.hpp Source File + + + + + + + + + +
+
+ + + + + + + +
+
Theodosius v3.0 +
+
Jit linker, symbol mapper, and obfuscator
+
+
+ + + + + + + + +
+
+ + +
+ +
+ + +
+
+
gen.hpp
+
+
+Go to the documentation of this file.
1// Copyright (c) 2022, _xeroxz
+
2// All rights reserved.
+
3//
+
4// Redistribution and use in source and binary forms, with or without
+
5// modification, are permitted provided that the following conditions are met:
+
6//
+
7// 1. Redistributions of source code must retain the above copyright notice,
+
8// this list of conditions and the following disclaimer.
+
9//
+
10// 2. Redistributions in binary form must reproduce the above copyright notice,
+
11// this list of conditions and the following disclaimer in the documentation
+
12// and/or other materials provided with the distribution.
+
13//
+
14// 3. Neither the name of the copyright holder nor the names of its
+
15// contributors may be used to endorse or promote products derived from
+
16// this software without specific prior written permission.
+
17//
+
18// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+
19// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+
20// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+
21// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+
22// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+
23// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+
24// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+
25// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+
26// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+
27// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+
28// POSSIBILITY OF SUCH DAMAGE.
+
29//
+
30
+
31#pragma once
+
32#include <obf/transform/transform.hpp>
+
33#include <recomp/reloc.hpp>
+
34
+
35namespace theo::obf::transform {
+
36/// <summary>
+
37/// generate a sequence of transformations given an instruction that has a
+
38/// relocation in it.
+
39/// </summary>
+
40/// <param name="inst">instruction that has a relocation in it.</param>
+
41/// <param name="reloc">meta data relocation object for the instruction.</param>
+
42/// <param name="low">lowest number of transformations to generate.</param>
+
43/// <param name="high">highest number of transformations to generate.</param>
+
44/// <returns></returns>
+
45inline std::vector<std::uint8_t> generate(xed_decoded_inst_t* inst,
+
46 recomp::reloc_t* reloc,
+
47 std::uint8_t low,
+
48 std::uint8_t high) {
+
49 auto num_transforms = transform::operation_t::random(low, high);
+
50 auto num_ops = transform::operations.size();
+
51 std::vector<std::uint8_t> new_inst_bytes;
+
52
+
53 std::uint32_t inst_len = {};
+
54 std::uint8_t inst_buff[XED_MAX_INSTRUCTION_BYTES];
+
55 xed_encoder_request_t req;
+
56
+
57 xed_state_t istate{XED_MACHINE_MODE_LONG_64, XED_ADDRESS_WIDTH_64b};
+
58 xed_encoder_request_zero_set_mode(&req, &istate);
+
59 xed_encoder_request_set_effective_operand_width(&req, 64);
+
60 xed_encoder_request_set_iclass(&req, XED_ICLASS_PUSHFQ);
+
61 xed_encode(&req, inst_buff, sizeof(inst_buff), &inst_len);
+
62 new_inst_bytes.insert(new_inst_bytes.end(), inst_buff, inst_buff + inst_len);
+
63
+
64 for (auto cnt = 0u; cnt < num_transforms; ++cnt) {
+
65 std::uint32_t imm = transform::operation_t::random(
+
66 0, std::numeric_limits<std::int32_t>::max());
+
67
+
68 auto itr = transform::operations.begin();
+
69 std::advance(itr, transform::operation_t::random(0, num_ops - 1));
+
70 auto transform_bytes = itr->second->native(inst, imm);
+
71 new_inst_bytes.insert(new_inst_bytes.end(), transform_bytes.begin(),
+
72 transform_bytes.end());
+
73
+
74 reloc->add_transform(
+
75 {transform::operations[itr->second->inverse()]->get_transform(), imm});
+
76 }
+
77
+
78 xed_encoder_request_zero_set_mode(&req, &istate);
+
79 xed_encoder_request_set_effective_operand_width(&req, 64);
+
80 xed_encoder_request_set_iclass(&req, XED_ICLASS_POPFQ);
+
81 xed_encode(&req, inst_buff, sizeof(inst_buff), &inst_len);
+
82 new_inst_bytes.insert(new_inst_bytes.end(), inst_buff, inst_buff + inst_len);
+
83
+
84 // inverse the order in which the transformations are executed...
+
85 //
+
86 std::reverse(reloc->get_transforms().begin(), reloc->get_transforms().end());
+
87 return new_inst_bytes;
+
88}
+
89} // namespace theo::obf::transform
+
+ +
+Generated by doxygen 1.9.3 +
+ + diff --git a/doxygen/html/d5/d29/classtheo_1_1obf_1_1transform_1_1add__op__t-members.html b/doxygen/html/d5/d29/classtheo_1_1obf_1_1transform_1_1add__op__t-members.html index beb01d2..a986443 100644 --- a/doxygen/html/d5/d29/classtheo_1_1obf_1_1transform_1_1add__op__t-members.html +++ b/doxygen/html/d5/d29/classtheo_1_1obf_1_1transform_1_1add__op__t-members.html @@ -2,8 +2,8 @@ - - + + Theodosius: Member List @@ -19,10 +19,10 @@
- - + + @@ -31,21 +31,22 @@
-
Theodosius -  v3.0 +
+
Theodosius v3.0
Jit linker, mapper, obfuscator, and mutator
- + +/* @license-end */ +
-
-
theo::obf::transform::add_op_t Member List
+
theo::obf::transform::add_op_t Member List

This is the complete list of members for theo::obf::transform::add_op_t, including all inherited members.

- - + + - + - +
get()theo::obf::transform::add_op_tinlinestatic
get_transform()theo::obf::transform::operation_tinline
get()theo::obf::transform::add_op_tinlinestatic
get_transform()theo::obf::transform::operation_tinline
inverse()theo::obf::transform::operation_tinline
native(const xed_decoded_inst_t *inst, std::uint32_t imm)theo::obf::transform::operation_tinline
native(const xed_decoded_inst_t *inst, std::uint32_t imm)theo::obf::transform::operation_tinline
operation_t(transform_t op, xed_iclass_enum_t type)theo::obf::transform::operation_tinlineexplicit
random(std::size_t lowest, std::size_t largest)theo::obf::transform::operation_tinlinestatic
random(std::size_t lowest, std::size_t largest)theo::obf::transform::operation_tinlinestatic
type()theo::obf::transform::operation_tinline
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d5/d54/next__inst__pass_8hpp.html b/doxygen/html/d5/d54/next__inst__pass_8hpp.html index 35f7e83..a832c1c 100644 --- a/doxygen/html/d5/d54/next__inst__pass_8hpp.html +++ b/doxygen/html/d5/d54/next__inst__pass_8hpp.html @@ -2,8 +2,8 @@ - - + + Theodosius: include/obf/passes/next_inst_pass.hpp File Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-Classes | +Data Structures | Namespaces
-
-
next_inst_pass.hpp File Reference
+
next_inst_pass.hpp File Reference
-
#include <obf/pass.hpp>
+
#include <obf/pass.hpp>
-

Go to the source code of this file.

+

Go to the source code of this file.

- +

-Classes

+Data Structures

class  theo::obf::next_inst_pass_t
 This pass is used to generate transformations and jmp code to change RIP to the next instruction. More...
 
- - + - +

+

Namespaces

 theo
namespace  theo
 The outer most encompassing namespace of this project.
 
 theo::obf
namespace  theo::obf
 this is the main namespace for obfuscation related things.
 
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d5/d54/next__inst__pass_8hpp_source.html b/doxygen/html/d5/d54/next__inst__pass_8hpp_source.html new file mode 100644 index 0000000..a088096 --- /dev/null +++ b/doxygen/html/d5/d54/next__inst__pass_8hpp_source.html @@ -0,0 +1,182 @@ + + + + + + + +Theodosius: include/obf/passes/next_inst_pass.hpp Source File + + + + + + + + + +
+
+ + + + + + + +
+
Theodosius v3.0 +
+
Jit linker, symbol mapper, and obfuscator
+
+
+ + + + + + + + +
+
+ + +
+ +
+ + +
+
+
next_inst_pass.hpp
+
+
+Go to the documentation of this file.
1// Copyright (c) 2022, _xeroxz
+
2// All rights reserved.
+
3//
+
4// Redistribution and use in source and binary forms, with or without
+
5// modification, are permitted provided that the following conditions are met:
+
6//
+
7// 1. Redistributions of source code must retain the above copyright notice,
+
8// this list of conditions and the following disclaimer.
+
9//
+
10// 2. Redistributions in binary form must reproduce the above copyright notice,
+
11// this list of conditions and the following disclaimer in the documentation
+
12// and/or other materials provided with the distribution.
+
13//
+
14// 3. Neither the name of the copyright holder nor the names of its
+
15// contributors may be used to endorse or promote products derived from
+
16// this software without specific prior written permission.
+
17//
+
18// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+
19// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+
20// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+
21// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+
22// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+
23// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+
24// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+
25// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+
26// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+
27// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+
28// POSSIBILITY OF SUCH DAMAGE.
+
29//
+
30
+
31#pragma once
+
32#include <obf/pass.hpp>
+
33
+
34namespace theo::obf {
+
35/// <summary>
+
36/// This pass is used to generate transformations and jmp code to change RIP to
+
37/// the next instruction.
+
38///
+
39/// given the following code (get pml4 address from cr3):
+
40///
+
41/// get_pml4:
+
42/// 0: 48 c7 c0 ff 0f 00 00 mov rax,0xfff
+
43/// 7: 48 f7 d0 not rax
+
44/// a: 0f 20 da mov rdx,cr3
+
45/// d: 48 21 c2 and rdx,rax
+
46/// 10: b1 00 mov cl,0x0
+
47/// 12: 48 d3 e2 shl rdx,cl
+
48/// 15: 48 89 d0 mov rax,rdx
+
49/// 18: c3 ret
+
50///
+
51/// this pass will break up each instruction so that it can be anywhere in a
+
52/// linear virtual address space. this pass will not work on rip relative code,
+
53/// however clang will not generate such code when compiled with
+
54/// "-mcmodel=large"
+
55///
+
56/// get_pml4@0:
+
57/// mov rax, 0xFFF
+
58/// push [next_inst_addr_enc]
+
59/// xor [rsp], 0x3243342
+
60/// ; a random number of transformations here...
+
61/// ret
+
62/// next_inst_addr_enc:
+
63/// ; encrypted address of the next instruction goes here.
+
64///
+
65/// get_pml4@7:
+
66/// not rax
+
67/// push [next_inst_addr_enc]
+
68/// xor [rsp], 0x93983498
+
69/// ; a random number of transformations here...
+
70/// ret
+
71/// next_inst_addr_enc:
+
72/// ; encrypted address of the next instruction goes here.
+
73///
+
74/// this process is continued for each instruction in the function. the last
+
75/// instruction "ret" will have no code generated for it as there is no next
+
76/// instruction.
+
77///
+
78///
+
79/// this pass also only runs at the instruction level, theodosius internally
+
80/// breaks up functions inside of the ".split" section into individual
+
81/// instruction symbols. this process also creates a psuedo relocation which
+
82/// simply tells this pass that there needs to be a relocation to the next
+
83/// symbol. the offset for these psuedo relocations is zero.
+
84/// </summary>
+
85class next_inst_pass_t : public pass_t {
+
86 explicit next_inst_pass_t() : pass_t(decomp::sym_type_t::instruction) {
+
87 xed_state_t istate{XED_MACHINE_MODE_LONG_64, XED_ADDRESS_WIDTH_64b};
+
88 xed_decoded_inst_zero_set_mode(&m_tmp_inst, &istate);
+
89 xed_decode(&m_tmp_inst, m_type_inst_bytes, sizeof(m_type_inst_bytes));
+
90 }
+
91
+
92 public:
+
93 static next_inst_pass_t* get();
+
94 void run(decomp::symbol_t* sym);
+
95
+
96 private:
+
97 std::optional<recomp::reloc_t*> has_next_inst_reloc(decomp::symbol_t*);
+
98 xed_decoded_inst_t m_tmp_inst;
+
99 std::uint8_t m_type_inst_bytes[9] = {0x48, 0xC7, 0x44, 0x24, 0x08,
+
100 0x44, 0x33, 0x22, 0x11};
+
101};
+
102} // namespace theo::obf
+
+ +
+Generated by doxygen 1.9.3 +
+ + diff --git a/doxygen/html/d5/d6a/classtheo_1_1obf_1_1hello__world__pass__t.html b/doxygen/html/d5/d6a/classtheo_1_1obf_1_1hello__world__pass__t.html index 0744640..2f1117f 100644 --- a/doxygen/html/d5/d6a/classtheo_1_1obf_1_1hello__world__pass__t.html +++ b/doxygen/html/d5/d6a/classtheo_1_1obf_1_1hello__world__pass__t.html @@ -2,8 +2,8 @@ - - + + Theodosius: theo::obf::hello_world_pass_t Class Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ + +
theo::obf::hello_world_pass_t Class Reference

hello world pass example of how to inherit pass_t. More...

-

#include <hello_world_pass.hpp>

+

#include "hello_world_pass.hpp"

Inheritance diagram for theo::obf::hello_world_pass_t:
@@ -90,7 +89,7 @@ Inheritance diagram for theo::obf::hello_world_pass_t:
- @@ -99,20 +98,25 @@ Public Member Functions + + +

+

Public Member Functions

void run (decomp::symbol_t *sym)
 virtual method which must be implimented by the pass that inherits this class. More...
 pass_t (decomp::sym_type_t sym_type)
 the explicit constructor of the pass_t base class. More...
 
virtual void run (decomp::symbol_t *sym)=0
 virtual method which must be implimented by the pass that inherits this class. More...
 
decomp::sym_type_t sym_type ()
 gets the passes symbol type. More...
 
- - - + +

+

Static Public Member Functions

static hello_world_pass_tget ()
 
static hello_world_pass_tget ()
 

Detailed Description

-

hello world pass example of how to inherit pass_t.

+

hello world pass example of how to inherit pass_t.

+ +

Definition at line 39 of file hello_world_pass.hpp.

Member Function Documentation

- -

◆ get()

+ +

◆ get()

@@ -121,7 +125,7 @@ Static Public Member Functions - + @@ -133,14 +137,18 @@ Static Public Member Functions
static hello_world_pass_t* theo::obf::hello_world_pass_t::get static hello_world_pass_t * theo::obf::hello_world_pass_t::get ( )
-
45  {
-
46  static hello_world_pass_t obj;
-
47  return &obj;
-
48  }
+ +

Definition at line 45 of file hello_world_pass.hpp.

+
45 {
+
46 static hello_world_pass_t obj;
+
47 return &obj;
+
48 }
+

Referenced by main().

+
- +

◆ run()

@@ -173,20 +181,24 @@ Static Public Member Functions

Implements theo::obf::pass_t.

-
50  {
-
51  spdlog::info("[hello_world_pass_t] symbol name: {}, symbol hash: {}",
-
52  sym->name(), sym->hash());
-
53  }
+ +

Definition at line 50 of file hello_world_pass.hpp.

+
50 {
+
51 spdlog::info("[hello_world_pass_t] symbol name: {}, symbol hash: {}",
+
52 sym->name(), sym->hash());
+
53 }
+

References theo::decomp::symbol_t::hash(), and theo::decomp::symbol_t::name().

+
The documentation for this class was generated from the following file:
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d5/d9f/classtheo_1_1obf_1_1transform_1_1add__op__t.html b/doxygen/html/d5/d9f/classtheo_1_1obf_1_1transform_1_1add__op__t.html index d6c6493..b8d0fdd 100644 --- a/doxygen/html/d5/d9f/classtheo_1_1obf_1_1transform_1_1add__op__t.html +++ b/doxygen/html/d5/d9f/classtheo_1_1obf_1_1transform_1_1add__op__t.html @@ -2,8 +2,8 @@ - - + + Theodosius: theo::obf::transform::add_op_t Class Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-Static Public Member Functions | -List of all members
-
-
theo::obf::transform::add_op_t Class Reference
+Static Public Member Functions
+
theo::obf::transform::add_op_t Class Reference
-

#include <add_op.hpp>

+

#include "add_op.hpp"

Inheritance diagram for theo::obf::transform::add_op_t:
@@ -86,38 +85,40 @@ Inheritance diagram for theo::obf::transform::add_op_t:
- - - + +

+

Static Public Member Functions

static add_op_tget ()
 
static add_op_tget ()
 
- Static Public Member Functions inherited from theo::obf::transform::operation_t
static std::size_t random (std::size_t lowest, std::size_t largest)
 generate a random number in a range. More...
 
- - - - + + + - - - + + +

+

Additional Inherited Members

- Public Member Functions inherited from theo::obf::transform::operation_t
 operation_t (transform_t op, xed_iclass_enum_t type)
 explicit constructor for operation_t More...
 
std::vector< std::uint8_t > native (const xed_decoded_inst_t *inst, std::uint32_t imm)
 generates a native transform instruction given an existing instruction. it works like so: More...
 
std::vector< std::uint8_t > native (const xed_decoded_inst_t *inst, std::uint32_t imm)
 generates a native transform instruction given an existing instruction. it works like so: More...
 
xed_iclass_enum_t inverse ()
 gets the inverse operation of the current operation. More...
 
transform_tget_transform ()
 gets a pointer to the lambda function which contains the transform logic. More...
 
transform_tget_transform ()
 gets a pointer to the lambda function which contains the transform logic. More...
 
xed_iclass_enum_t type ()
 gets the operation type. such as XED_ICLASS_ADD, XED_ICLASS_SUB, etc... More...
 

Detailed Description

-

Member Function Documentation

- -

◆ get()

+
+

Definition at line 35 of file add_op.hpp.

+

Member Function Documentation

+ +

◆ get()

@@ -126,7 +127,7 @@ Additional Inherited Members - + @@ -138,20 +139,22 @@ Additional Inherited Members
static add_op_t* theo::obf::transform::add_op_t::get static add_op_t * theo::obf::transform::add_op_t::get ( )
-
42  {
-
43  static add_op_t obj;
-
44  return &obj;
-
45  }
+ +

Definition at line 42 of file add_op.hpp.

+
42 {
+
43 static add_op_t obj;
+
44 return &obj;
+
45 }
The documentation for this class was generated from the following file:
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d5/da4/operation_8hpp.html b/doxygen/html/d5/da4/operation_8hpp.html index 6c1c2ac..1a5b79b 100644 --- a/doxygen/html/d5/da4/operation_8hpp.html +++ b/doxygen/html/d5/da4/operation_8hpp.html @@ -2,8 +2,8 @@ - - + + Theodosius: include/obf/transform/operation.hpp File Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-Classes | +Data Structures | Namespaces | Macros | Typedefs
-
-
operation.hpp File Reference
+
operation.hpp File Reference
#include <spdlog/spdlog.h>
@@ -85,39 +85,39 @@ $(function() { #include <xed-decode.h>
#include <xed-interface.h>
-

Go to the source code of this file.

+

Go to the source code of this file.

- +

-Classes

+Data Structures

class  theo::obf::transform::operation_t
 operation_t is the base class for all types of transformations. classes that inherit this class are singleton and simply call the super constructor (operation_t::operation_t). More...
 
- - + - + - +

+

Namespaces

 theo
namespace  theo
 The outer most encompassing namespace of this project.
 
 theo::obf
namespace  theo::obf
 this is the main namespace for obfuscation related things.
 
 theo::obf::transform
namespace  theo::obf::transform
 this namespace encompasses the code for transforming relocations.
 
-

+

Macros

#define XED_ENCODER
 
-

+

Typedefs

using theo::obf::transform::transform_t = std::function< std::size_t(std::size_t, std::uint32_t)>
 lambda function which takes in a 64bit value (relocation address) and a 32bit value (random value used in transformation). More...
 

Macro Definition Documentation

- +

◆ XED_ENCODER

@@ -129,12 +129,14 @@ Typedefs
+

Definition at line 39 of file operation.hpp.

+
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d5/da4/operation_8hpp_source.html b/doxygen/html/d5/da4/operation_8hpp_source.html new file mode 100644 index 0000000..737c3d1 --- /dev/null +++ b/doxygen/html/d5/da4/operation_8hpp_source.html @@ -0,0 +1,247 @@ + + + + + + + +Theodosius: include/obf/transform/operation.hpp Source File + + + + + + + + + +
+
+ + + + + + + +
+
Theodosius v3.0 +
+
Jit linker, symbol mapper, and obfuscator
+
+
+ + + + + + + + +
+
+ + +
+ +
+ + +
+
+
operation.hpp
+
+
+Go to the documentation of this file.
1// Copyright (c) 2022, _xeroxz
+
2// All rights reserved.
+
3//
+
4// Redistribution and use in source and binary forms, with or without
+
5// modification, are permitted provided that the following conditions are met:
+
6//
+
7// 1. Redistributions of source code must retain the above copyright notice,
+
8// this list of conditions and the following disclaimer.
+
9//
+
10// 2. Redistributions in binary form must reproduce the above copyright notice,
+
11// this list of conditions and the following disclaimer in the documentation
+
12// and/or other materials provided with the distribution.
+
13//
+
14// 3. Neither the name of the copyright holder nor the names of its
+
15// contributors may be used to endorse or promote products derived from
+
16// this software without specific prior written permission.
+
17//
+
18// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+
19// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+
20// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+
21// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+
22// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+
23// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+
24// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+
25// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+
26// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+
27// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+
28// POSSIBILITY OF SUCH DAMAGE.
+
29//
+
30
+
31#pragma once
+
32#include <spdlog/spdlog.h>
+
33#include <bit>
+
34#include <bitset>
+
35#include <functional>
+
36#include <map>
+
37#include <random>
+
38
+
39#define XED_ENCODER
+
40extern "C" {
+
41#include <xed-decode.h>
+
42#include <xed-interface.h>
+
43}
+
44
+
45/// <summary>
+
46/// this namespace encompasses the code for transforming relocations.
+
47/// </summary>
+
48namespace theo::obf::transform {
+
49
+
50/// <summary>
+
51/// lambda function which takes in a 64bit value (relocation address) and a
+
52/// 32bit value (random value used in transformation).
+
53/// </summary>
+
54using transform_t = std::function<std::size_t(std::size_t, std::uint32_t)>;
+
55
+
56/// <summary>
+
57/// operation_t is the base class for all types of transformations. classes that
+
58/// inherit this class are singleton and simply call the super constructor
+
59/// (operation_t::operation_t).
+
60/// </summary>
+
61class operation_t {
+
62 public:
+
63 /// <summary>
+
64 /// explicit constructor for operation_t
+
65 /// </summary>
+
66 /// <param name="op">lambda function when executed applies
+
67 /// transformations.</param> <param name="type">type of transformation, such
+
68 /// as XOR, ADD, SUB, etc...</param>
+
69 explicit operation_t(transform_t op, xed_iclass_enum_t type)
+
70 : m_transform(op), m_type(type) {}
+
71
+
72 /// <summary>
+
73 /// generates a native transform instruction given an existing instruction. it
+
74 /// works like so:
+
75 ///
+
76 /// mov rax, &MessageBoxA ; original instruction with relocation
+
77 ///
+
78 /// ; this function takes the first operand and out of the original
+
79 /// ; instruction and uses it to generate a transformation.
+
80 ///
+
81 /// xor rax, 0x39280928 ; this would be an example output for the xor
+
82 /// ;operation.
+
83 ///
+
84 /// </summary>
+
85 /// <param name="inst">instruction with a relocation to generate a
+
86 /// transformation for.</param> <param name="imm">random 32bit number used in
+
87 /// the generate transform.</param> <returns>returns the bytes of the native
+
88 /// instruction that was encoded.</returns>
+
89 std::vector<std::uint8_t> native(const xed_decoded_inst_t* inst,
+
90 std::uint32_t imm) {
+
91 std::uint32_t inst_len = {};
+
92 std::uint8_t inst_buff[XED_MAX_INSTRUCTION_BYTES];
+
93
+
94 xed_error_enum_t err;
+
95 xed_encoder_request_init_from_decode((xed_decoded_inst_s*)inst);
+
96 xed_encoder_request_t* req = (xed_encoder_request_t*)inst;
+
97
+
98 switch (m_type) {
+
99 case XED_ICLASS_ROR:
+
100 case XED_ICLASS_ROL:
+
101 xed_encoder_request_set_uimm0(req, imm, 1);
+
102 break;
+
103 default:
+
104 xed_encoder_request_set_uimm0(req, imm, 4);
+
105 break;
+
106 }
+
107
+
108 xed_encoder_request_set_iclass(req, m_type);
+
109 xed_encoder_request_set_operand_order(req, 1, XED_OPERAND_IMM0);
+
110
+
111 if ((err = xed_encode(req, inst_buff, sizeof(inst_buff), &inst_len)) !=
+
112 XED_ERROR_NONE) {
+
113 spdlog::error("failed to encode instruction... reason: {}",
+
114 xed_error_enum_t2str(err));
+
115
+
116 assert(err == XED_ERROR_NONE);
+
117 }
+
118
+
119 return std::vector<std::uint8_t>(inst_buff, inst_buff + inst_len);
+
120 }
+
121
+
122 /// <summary>
+
123 /// gets the inverse operation of the current operation.
+
124 /// </summary>
+
125 /// <returns>the inverse operation of the current operation.</returns>
+
126 xed_iclass_enum_t inverse() { return m_inverse_op[m_type]; }
+
127
+
128 /// <summary>
+
129 /// gets a pointer to the lambda function which contains the transform logic.
+
130 /// </summary>
+
131 /// <returns>a pointer to the lambda function which contains the transform
+
132 /// logic.</returns>
+
133 transform_t* get_transform() { return &m_transform; }
+
134
+
135 /// <summary>
+
136 /// gets the operation type. such as XED_ICLASS_ADD, XED_ICLASS_SUB, etc...
+
137 /// </summary>
+
138 /// <returns>the operation type. such as XED_ICLASS_ADD, XED_ICLASS_SUB,
+
139 /// etc...</returns>
+
140 xed_iclass_enum_t type() { return m_type; }
+
141
+
142 /// <summary>
+
143 /// generate a random number in a range.
+
144 /// </summary>
+
145 /// <param name="lowest">lowest value of the range.</param>
+
146 /// <param name="largest">highest value of the range.</param>
+
147 /// <returns>a random value in a range.</returns>
+
148 static std::size_t random(std::size_t lowest, std::size_t largest) {
+
149 std::random_device rd;
+
150 std::mt19937 gen(rd());
+
151 std::uniform_int_distribution<std::size_t> distr(lowest, largest);
+
152 return distr(gen);
+
153 }
+
154
+
155 private:
+
156 transform_t m_transform;
+
157 xed_iclass_enum_t m_type;
+
158
+
159 std::map<xed_iclass_enum_t, xed_iclass_enum_t> m_inverse_op = {
+
160 {XED_ICLASS_ADD, XED_ICLASS_SUB},
+
161 {XED_ICLASS_SUB, XED_ICLASS_ADD},
+
162 {XED_ICLASS_ROL, XED_ICLASS_ROR},
+
163 {XED_ICLASS_ROR, XED_ICLASS_ROL},
+
164 {XED_ICLASS_XOR, XED_ICLASS_XOR}};
+
165};
+
166
+
167} // namespace theo::obf::transform
+
+ +
+Generated by doxygen 1.9.3 +
+ + diff --git a/doxygen/html/d5/da8/namespacetheo_1_1obf.html b/doxygen/html/d5/da8/namespacetheo_1_1obf.html index b55df40..96d0f32 100644 --- a/doxygen/html/d5/da8/namespacetheo_1_1obf.html +++ b/doxygen/html/d5/da8/namespacetheo_1_1obf.html @@ -2,8 +2,8 @@ - - + + Theodosius: theo::obf Namespace Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
Namespaces | -Classes
-
-
theo::obf Namespace Reference
+Data Structures
+
theo::obf Namespace Reference

this is the main namespace for obfuscation related things. More...

- - +

+

Namespaces

 transform
namespace  transform
 this namespace encompasses the code for transforming relocations.
 
- + - - + + @@ -98,19 +98,19 @@ Classes + + + - - -

-Classes

+Data Structures

class  engine_t
 singleton obfuscation engine class. this class is responsible for keeping track of the registered passes and the order in which to execute them. More...
 
class  pass_t
 the pass_t class is a base clase for all passes made. you must override the pass_t::run virtual function and declare the logic of your pass there. More...
class  hello_world_pass_t
 hello world pass example of how to inherit pass_t. More...
 
class  jcc_rewrite_pass_t
 jcc rewrite pass which rewrites rip relative jcc's so that they are position independent. More...
class  next_inst_pass_t
 This pass is used to generate transformations and jmp code to change RIP to the next instruction. More...
 
class  pass_t
 the pass_t class is a base clase for all passes made. you must override the pass_t::run virtual function and declare the logic of your pass there. More...
 
class  reloc_transform_pass_t
 this pass is like the next_inst_pass, however, relocations are encrypted with transformations instead of the address of the next instruction. this pass only runs at the instruction level and appends transformations into the reloc_t object of the instruction symbol. More...
 
class  hello_world_pass_t
 hello world pass example of how to inherit pass_t. More...
 

Detailed Description

-

this is the main namespace for obfuscation related things.

+

this is the main namespace for obfuscation related things.

-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d6/d0e/classtheo_1_1decomp_1_1decomp__t.html b/doxygen/html/d6/d0e/classtheo_1_1decomp_1_1decomp__t.html index 896c007..970e126 100644 --- a/doxygen/html/d6/d0e/classtheo_1_1decomp_1_1decomp__t.html +++ b/doxygen/html/d6/d0e/classtheo_1_1decomp_1_1decomp__t.html @@ -2,8 +2,8 @@ - - + + Theodosius: theo::decomp::decomp_t Class Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-Public Member Functions | -List of all members
-
-
theo::decomp::decomp_t Class Reference
+Public Member Functions
+
theo::decomp::decomp_t Class Reference

the main decomposition class which is responsible for breaking down lib file into coff files, and extracted used symbols from the coff files. More...

-

#include <decomp.hpp>

+

#include "decomp.hpp"

- @@ -105,9 +104,11 @@ Public Member Functions

+

Public Member Functions

 decomp_t (std::vector< std::uint8_t > &lib, recomp::symbol_table_t *syms)
 the explicit constructor for decomp_t More...
 

Detailed Description

-

the main decomposition class which is responsible for breaking down lib file into coff files, and extracted used symbols from the coff files.

+

the main decomposition class which is responsible for breaking down lib file into coff files, and extracted used symbols from the coff files.

+ +

Definition at line 61 of file decomp.hpp.

Constructor & Destructor Documentation

- +

◆ decomp_t()

@@ -149,14 +150,14 @@ Public Member Functions -
35  : m_lib(lib), m_syms(syms) {}
-
theo::decomp::decomp_t::syms
recomp::symbol_table_t * syms()
gets the symbol table.
Definition: decomp.cpp:293
-
theo::decomp::decomp_t::lib
std::vector< std::uint8_t > lib()
gets a vector of bytes consisting of the lib file.
Definition: decomp.cpp:285
+ +

Definition at line 34 of file decomp.cpp.

+
35 : m_lib(lib), m_syms(syms) {}

Member Function Documentation

- +

◆ decompose()

@@ -180,179 +181,181 @@ Public Member Functions
Returns
returns an optional pointer to the symbol table. no value in the optional object on failure.
-
38  {
-
39  // extract obj files from the archive file...
-
40  //
-
41  ar::view<false> lib(m_lib.data(), m_lib.size());
-
42  std::for_each(
-
43  lib.begin(), lib.end(),
-
44  [&](std::pair<std::string_view, ar::entry_t&> itr) {
-
45  // if the entry isnt the symbol table or the string table
-
46  // then we know its an obj file...
-
47  //
-
48  if (!itr.second.is_symbol_table() && !itr.second.is_string_table()) {
-
49  spdlog::info("extracted obj from archive: {}", itr.first);
-
50  std::vector<std::uint8_t> data(itr.second.begin(), itr.second.end());
-
51  m_objs.push_back(data);
-
52  }
-
53  });
-
54 
-
55  std::for_each(
-
56  m_objs.begin(), m_objs.end(), [&](std::vector<std::uint8_t>& img_data) {
-
57  auto img = reinterpret_cast<coff::image_t*>(img_data.data());
-
58  for (auto idx = 0u; idx < img->file_header.num_symbols; ++idx) {
-
59  auto sym = img->get_symbol(idx);
-
60  if (sym->section_index - 1 > img->file_header.num_sections)
-
61  continue;
-
62 
-
63  auto sym_name = symbol_t::name(img, sym);
-
64  if (sym_name.length()) {
-
65  auto sym_hash = symbol_t::hash(sym_name.data());
-
66  auto sym_size =
-
67  sym->has_section()
-
68  ? next_sym(img, img->get_section(sym->section_index - 1),
-
69  sym)
-
70  : 0u;
-
71 
-
72  m_lookup_tbl[sym_hash].emplace_back(img, sym, sym_size);
-
73  }
-
74  }
-
75  });
-
76 
-
77  // extract used symbols from objs and create a nice little set of them so that
-
78  // we can easily decompose them... no need deal with every single symbol...
-
79  spdlog::info("extracted {} symbols being used...",
-
80  ext_used_syms(entry_sym.data()));
-
81 
-
82  // generate symbols, populate section hash table, for each object file
-
83  // extracted from the archive file...
-
84  //
-
85  std::for_each(m_used_syms.begin(), m_used_syms.end(), [&](sym_data_t data) {
-
86  auto [img, sym, size] = data;
-
87 
-
88  // populate section hash table with sections for the img of this
-
89  // symbol... only populate the hash table if its not been populated for
-
90  // this obj before...
-
91  //
-
92  if (m_processed_objs.emplace(img).second) {
-
93  for (auto idx = 0u; idx < img->file_header.num_sections; ++idx) {
-
94  auto scn = img->get_section(idx);
-
95  auto scn_sym_name =
-
96  std::string(scn->name.to_string(img->get_strings()))
-
97  .append("#")
-
98  .append(std::to_string(idx))
-
99  .append("!")
-
100  .append(std::to_string(img->file_header.timedate_stamp));
-
101 
-
102  // hash the name of the section + the index + the timestamp of the
-
103  // obj file it is in...
-
104  //
-
105  m_scn_hash_tbl.insert({scn, decomp::symbol_t::hash(scn_sym_name)});
-
106  }
-
107  }
-
108 
-
109  // if the symbol is a function then we are going to decompose it...
-
110  // data symbols are handled after this...
-
111  //
-
112  if (sym->has_section()) {
-
113  if (sym->derived_type == coff::derived_type_id::function) {
-
114  auto scn = img->get_section(sym->section_index - 1);
-
115  auto dcmp_type =
-
116  scn->name.to_string(img->get_strings()) == INSTR_SPLIT_SECTION_NAME
-
117  ? decomp::sym_type_t::instruction
-
118  : decomp::sym_type_t::function;
-
119 
-
120  auto fn_size = next_sym(img, scn, sym);
-
121  auto fn_bgn = scn->ptr_raw_data + reinterpret_cast<std::uint8_t*>(img) +
-
122  sym->value;
-
123 
-
124  std::vector<std::uint8_t> fn(fn_bgn, fn_bgn + fn_size);
-
125  decomp::routine_t rtn(sym, img, scn, fn, dcmp_type);
-
126 
-
127  auto syms = rtn.decompose();
-
128  m_syms->put_symbols(syms);
-
129  } else if (sym->storage_class == coff::storage_class_id::public_symbol ||
-
130  sym->storage_class == coff::storage_class_id::private_symbol) {
-
131  auto scn = img->get_section(sym->section_index - 1);
-
132  auto scn_sym = m_syms->sym_from_hash(m_scn_hash_tbl[scn]);
-
133 
-
134  // if the section doesnt have a symbol then make one and put it into
-
135  // the symbol table...
-
136  //
-
137  if (!scn_sym.has_value()) {
-
138  auto scn_sym_name =
-
139  std::string(scn->name.to_string(img->get_strings()))
-
140  .append("#")
-
141  .append(std::to_string(sym->section_index - 1))
-
142  .append("!")
-
143  .append(std::to_string(img->file_header.timedate_stamp));
-
144 
-
145  std::vector<std::uint8_t> scn_data(scn->size_raw_data);
-
146  if (scn->characteristics.cnt_uninit_data) {
-
147  scn_data.insert(scn_data.begin(), scn->size_raw_data, 0);
-
148  } else {
-
149  scn_data.insert(
-
150  scn_data.begin(),
-
151  reinterpret_cast<std::uint8_t*>(img) + scn->ptr_raw_data,
-
152  reinterpret_cast<std::uint8_t*>(img) + scn->ptr_raw_data +
-
153  scn->size_raw_data);
-
154  }
-
155 
-
156  std::vector<recomp::reloc_t> relocs;
-
157  auto scn_relocs = reinterpret_cast<coff::reloc_t*>(
-
158  scn->ptr_relocs + reinterpret_cast<std::uint8_t*>(img));
-
159 
-
160  for (auto idx = 0u; idx < scn->num_relocs; ++idx) {
-
161  auto scn_reloc = &scn_relocs[idx];
-
162  auto sym_reloc = img->get_symbol(scn_relocs[idx].symbol_index);
-
163  auto sym_name = symbol_t::name(img, sym_reloc);
-
164  auto sym_hash = decomp::symbol_t::hash(sym_name.data());
-
165  relocs.push_back(
-
166  recomp::reloc_t(scn_reloc->virtual_address - sym->value,
-
167  sym_hash, sym_name.data()));
-
168  }
-
169 
-
170  decomp::symbol_t new_scn_sym(img, scn_sym_name, 0, scn_data, scn, {},
-
171  relocs, sym_type_t::section);
-
172 
-
173  m_syms->put_symbol(new_scn_sym);
-
174  }
-
175 
-
176  // create a symbol for the data...
-
177  //
-
178  decomp::symbol_t new_sym(img, symbol_t::name(img, sym).data(),
-
179  sym->value, {}, scn, sym, {},
-
180  sym_type_t::data);
-
181 
-
182  m_syms->put_symbol(new_sym);
-
183  }
-
184  } else if (sym->storage_class ==
-
185  coff::storage_class_id::
-
186  external_definition) { // else if the symbol has no
-
187  // section... these symbols
-
188  // require the linker to allocate
-
189  // space for them...
-
190 
-
191  std::vector<std::uint8_t> data(sym->value, 0);
-
192  decomp::symbol_t bss_sym(img, symbol_t::name(img, sym).data(), {}, data,
-
193  {}, sym, {}, sym_type_t::data);
-
194 
-
195  m_syms->put_symbol(bss_sym);
-
196  }
-
197  });
-
198 
-
199  // return the extract symbols to the caller...
-
200  //
-
201  return m_syms;
-
202 }
-
theo::decomp::symbol_t::name
std::string name() const
gets the name of the symbol.
Definition: symbol.cpp:52
-
theo::recomp::symbol_table_t::put_symbol
void put_symbol(decomp::symbol_t &sym)
add symbol to m_table
Definition: symbol_table.cpp:40
-
theo::decomp::sym_data_t
std::tuple< coff::image_t *, coff::symbol_t *, std::uint32_t > sym_data_t
meta symbol data. consists of the coff image which contains the coff symbol, the coff symbol itself,...
Definition: decomp.hpp:55
-
theo::decomp::data
@ data
Definition: symbol.hpp:46
+ +

Definition at line 37 of file decomp.cpp.

+
38 {
+
39 // extract obj files from the archive file...
+
40 //
+
41 ar::view<false> lib(m_lib.data(), m_lib.size());
+
42 std::for_each(
+
43 lib.begin(), lib.end(),
+
44 [&](std::pair<std::string_view, ar::entry_t&> itr) {
+
45 // if the entry isnt the symbol table or the string table
+
46 // then we know its an obj file...
+
47 //
+
48 if (!itr.second.is_symbol_table() && !itr.second.is_string_table()) {
+
49 spdlog::info("extracted obj from archive: {}", itr.first);
+
50 std::vector<std::uint8_t> data(itr.second.begin(), itr.second.end());
+
51 m_objs.push_back(data);
+
52 }
+
53 });
+
54
+
55 std::for_each(
+
56 m_objs.begin(), m_objs.end(), [&](std::vector<std::uint8_t>& img_data) {
+
57 auto img = reinterpret_cast<coff::image_t*>(img_data.data());
+
58 for (auto idx = 0u; idx < img->file_header.num_symbols; ++idx) {
+
59 auto sym = img->get_symbol(idx);
+
60 if (sym->section_index - 1 > img->file_header.num_sections)
+
61 continue;
+
62
+
63 auto sym_name = symbol_t::name(img, sym);
+
64 if (sym_name.length()) {
+
65 auto sym_hash = symbol_t::hash(sym_name.data());
+
66 auto sym_size =
+
67 sym->has_section()
+
68 ? next_sym(img, img->get_section(sym->section_index - 1),
+
69 sym)
+
70 : 0u;
+
71
+
72 m_lookup_tbl[sym_hash].emplace_back(img, sym, sym_size);
+
73 }
+
74 }
+
75 });
+
76
+
77 // extract used symbols from objs and create a nice little set of them so that
+
78 // we can easily decompose them... no need deal with every single symbol...
+
79 spdlog::info("extracted {} symbols being used...",
+
80 ext_used_syms(entry_sym.data()));
+
81
+
82 // generate symbols, populate section hash table, for each object file
+
83 // extracted from the archive file...
+
84 //
+
85 std::for_each(m_used_syms.begin(), m_used_syms.end(), [&](sym_data_t data) {
+
86 auto [img, sym, size] = data;
+
87
+
88 // populate section hash table with sections for the img of this
+
89 // symbol... only populate the hash table if its not been populated for
+
90 // this obj before...
+
91 //
+
92 if (m_processed_objs.emplace(img).second) {
+
93 for (auto idx = 0u; idx < img->file_header.num_sections; ++idx) {
+
94 auto scn = img->get_section(idx);
+
95 auto scn_sym_name =
+
96 std::string(scn->name.to_string(img->get_strings()))
+
97 .append("#")
+
98 .append(std::to_string(idx))
+
99 .append("!")
+
100 .append(std::to_string(img->file_header.timedate_stamp));
+
101
+
102 // hash the name of the section + the index + the timestamp of the
+
103 // obj file it is in...
+
104 //
+
105 m_scn_hash_tbl.insert({scn, decomp::symbol_t::hash(scn_sym_name)});
+
106 }
+
107 }
+
108
+
109 // if the symbol is a function then we are going to decompose it...
+
110 // data symbols are handled after this...
+
111 //
+
112 if (sym->has_section()) {
+
113 if (sym->derived_type == coff::derived_type_id::function) {
+
114 auto scn = img->get_section(sym->section_index - 1);
+
115 auto dcmp_type =
+
116 scn->name.to_string(img->get_strings()) == INSTR_SPLIT_SECTION_NAME
+
117 ? decomp::sym_type_t::instruction
+
118 : decomp::sym_type_t::function;
+
119
+
120 auto fn_size = next_sym(img, scn, sym);
+
121 auto fn_bgn = scn->ptr_raw_data + reinterpret_cast<std::uint8_t*>(img) +
+
122 sym->value;
+
123
+
124 std::vector<std::uint8_t> fn(fn_bgn, fn_bgn + fn_size);
+
125 decomp::routine_t rtn(sym, img, scn, fn, dcmp_type);
+
126
+
127 auto syms = rtn.decompose();
+
128 m_syms->put_symbols(syms);
+
129 } else if (sym->storage_class == coff::storage_class_id::public_symbol ||
+
130 sym->storage_class == coff::storage_class_id::private_symbol) {
+
131 auto scn = img->get_section(sym->section_index - 1);
+
132 auto scn_sym = m_syms->sym_from_hash(m_scn_hash_tbl[scn]);
+
133
+
134 // if the section doesnt have a symbol then make one and put it into
+
135 // the symbol table...
+
136 //
+
137 if (!scn_sym.has_value()) {
+
138 auto scn_sym_name =
+
139 std::string(scn->name.to_string(img->get_strings()))
+
140 .append("#")
+
141 .append(std::to_string(sym->section_index - 1))
+
142 .append("!")
+
143 .append(std::to_string(img->file_header.timedate_stamp));
+
144
+
145 std::vector<std::uint8_t> scn_data(scn->size_raw_data);
+
146 if (scn->characteristics.cnt_uninit_data) {
+
147 scn_data.insert(scn_data.begin(), scn->size_raw_data, 0);
+
148 } else {
+
149 scn_data.insert(
+
150 scn_data.begin(),
+
151 reinterpret_cast<std::uint8_t*>(img) + scn->ptr_raw_data,
+
152 reinterpret_cast<std::uint8_t*>(img) + scn->ptr_raw_data +
+
153 scn->size_raw_data);
+
154 }
+
155
+
156 std::vector<recomp::reloc_t> relocs;
+
157 auto scn_relocs = reinterpret_cast<coff::reloc_t*>(
+
158 scn->ptr_relocs + reinterpret_cast<std::uint8_t*>(img));
+
159
+
160 for (auto idx = 0u; idx < scn->num_relocs; ++idx) {
+
161 auto scn_reloc = &scn_relocs[idx];
+
162 auto sym_reloc = img->get_symbol(scn_relocs[idx].symbol_index);
+
163 auto sym_name = symbol_t::name(img, sym_reloc);
+
164 auto sym_hash = decomp::symbol_t::hash(sym_name.data());
+
165 relocs.push_back(
+
166 recomp::reloc_t(scn_reloc->virtual_address - sym->value,
+
167 sym_hash, sym_name.data()));
+
168 }
+
169
+
170 decomp::symbol_t new_scn_sym(img, scn_sym_name, 0, scn_data, scn, {},
+
171 relocs, sym_type_t::section);
+
172
+
173 m_syms->put_symbol(new_scn_sym);
+
174 }
+
175
+
176 // create a symbol for the data...
+
177 //
+
178 decomp::symbol_t new_sym(img, symbol_t::name(img, sym).data(),
+
179 sym->value, {}, scn, sym, {},
+
180 sym_type_t::data);
+
181
+
182 m_syms->put_symbol(new_sym);
+
183 }
+
184 } else if (sym->storage_class ==
+
185 coff::storage_class_id::
+
186 external_definition) { // else if the symbol has no
+
187 // section... these symbols
+
188 // require the linker to allocate
+
189 // space for them...
+
190
+
191 std::vector<std::uint8_t> data(sym->value, 0);
+
192 decomp::symbol_t bss_sym(img, symbol_t::name(img, sym).data(), {}, data,
+
193 {}, sym, {}, sym_type_t::data);
+
194
+
195 m_syms->put_symbol(bss_sym);
+
196 }
+
197 });
+
198
+
199 // return the extract symbols to the caller...
+
200 //
+
201 return m_syms;
+
202}
+

References lib().

+ +

Referenced by theo::theo_t::decompose().

+
- +

◆ lib()

@@ -369,13 +372,17 @@ Public Member Functions

gets a vector of bytes consisting of the lib file.

Returns
a vector of bytes consisting of the lib file.
-
285  {
-
286  return m_lib;
-
287 }
+ +

Definition at line 285 of file decomp.cpp.

+
285 {
+
286 return m_lib;
+
287}
+

Referenced by decompose().

+
- +

◆ objs()

@@ -392,13 +399,15 @@ Public Member Functions

gets all the obj files as a vector of a vector of bytes.

Returns
all the obj files as a vector of a vector of bytes.
-
289  {
-
290  return m_objs;
-
291 }
+ +

Definition at line 289 of file decomp.cpp.

+
289 {
+
290 return m_objs;
+
291}
- +

◆ rtns()

@@ -415,13 +424,15 @@ Public Member Functions

gets all of the routine objects.

Returns
vector of routine objects.
-
281  {
-
282  return m_rtns;
-
283 }
+ +

Definition at line 281 of file decomp.cpp.

+
281 {
+
282 return m_rtns;
+
283}
- +

◆ scn_hash_tbl()

@@ -438,13 +449,15 @@ Public Member Functions

gets the section hash table section header --> hash of the section header ptr.

Returns
the section hash table section header --> hash of the section header ptr.
-
297  {
-
298  return m_scn_hash_tbl;
-
299 }
+ +

Definition at line 297 of file decomp.cpp.

+
297 {
+
298 return m_scn_hash_tbl;
+
299}
- +

◆ syms()

@@ -461,20 +474,24 @@ Public Member Functions

gets the symbol table.

Returns
the symbol table.
-
293  {
-
294  return m_syms;
-
295 }
+ +

Definition at line 293 of file decomp.cpp.

+
293 {
+
294 return m_syms;
+
295}
+

Referenced by theo::recomp::recomp_t::allocate().

+
The documentation for this class was generated from the following files:
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d6/d52/classtheo_1_1obf_1_1transform_1_1rol__op__t.html b/doxygen/html/d6/d52/classtheo_1_1obf_1_1transform_1_1rol__op__t.html index 9fb0086..822fdb2 100644 --- a/doxygen/html/d6/d52/classtheo_1_1obf_1_1transform_1_1rol__op__t.html +++ b/doxygen/html/d6/d52/classtheo_1_1obf_1_1transform_1_1rol__op__t.html @@ -2,8 +2,8 @@ - - + + Theodosius: theo::obf::transform::rol_op_t Class Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-Static Public Member Functions | -List of all members
-
-
theo::obf::transform::rol_op_t Class Reference
+Static Public Member Functions
+
theo::obf::transform::rol_op_t Class Reference
-

#include <rol_op.hpp>

+

#include "rol_op.hpp"

Inheritance diagram for theo::obf::transform::rol_op_t:
@@ -86,38 +85,40 @@ Inheritance diagram for theo::obf::transform::rol_op_t:
- - - + +

+

Static Public Member Functions

static rol_op_tget ()
 
static rol_op_tget ()
 
- Static Public Member Functions inherited from theo::obf::transform::operation_t
static std::size_t random (std::size_t lowest, std::size_t largest)
 generate a random number in a range. More...
 
- - - - + + + - - - + + +

+

Additional Inherited Members

- Public Member Functions inherited from theo::obf::transform::operation_t
 operation_t (transform_t op, xed_iclass_enum_t type)
 explicit constructor for operation_t More...
 
std::vector< std::uint8_t > native (const xed_decoded_inst_t *inst, std::uint32_t imm)
 generates a native transform instruction given an existing instruction. it works like so: More...
 
std::vector< std::uint8_t > native (const xed_decoded_inst_t *inst, std::uint32_t imm)
 generates a native transform instruction given an existing instruction. it works like so: More...
 
xed_iclass_enum_t inverse ()
 gets the inverse operation of the current operation. More...
 
transform_tget_transform ()
 gets a pointer to the lambda function which contains the transform logic. More...
 
transform_tget_transform ()
 gets a pointer to the lambda function which contains the transform logic. More...
 
xed_iclass_enum_t type ()
 gets the operation type. such as XED_ICLASS_ADD, XED_ICLASS_SUB, etc... More...
 

Detailed Description

-

Member Function Documentation

- -

◆ get()

+
+

Definition at line 35 of file rol_op.hpp.

+

Member Function Documentation

+ +

◆ get()

@@ -126,7 +127,7 @@ Additional Inherited Members - + @@ -138,20 +139,22 @@ Additional Inherited Members
static rol_op_t* theo::obf::transform::rol_op_t::get static rol_op_t * theo::obf::transform::rol_op_t::get ( )
-
44  {
-
45  static rol_op_t obj;
-
46  return &obj;
-
47  }
+ +

Definition at line 44 of file rol_op.hpp.

+
44 {
+
45 static rol_op_t obj;
+
46 return &obj;
+
47 }
The documentation for this class was generated from the following file:
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d6/d52/classtheo_1_1obf_1_1transform_1_1sub__op__t.html b/doxygen/html/d6/d52/classtheo_1_1obf_1_1transform_1_1sub__op__t.html index 3596b94..ba9d2d7 100644 --- a/doxygen/html/d6/d52/classtheo_1_1obf_1_1transform_1_1sub__op__t.html +++ b/doxygen/html/d6/d52/classtheo_1_1obf_1_1transform_1_1sub__op__t.html @@ -2,8 +2,8 @@ - - + + Theodosius: theo::obf::transform::sub_op_t Class Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-Static Public Member Functions | -List of all members
-
-
theo::obf::transform::sub_op_t Class Reference
+Static Public Member Functions
+
theo::obf::transform::sub_op_t Class Reference
-

#include <sub_op.hpp>

+

#include "sub_op.hpp"

Inheritance diagram for theo::obf::transform::sub_op_t:
@@ -86,38 +85,40 @@ Inheritance diagram for theo::obf::transform::sub_op_t:
- - - + +

+

Static Public Member Functions

static sub_op_tget ()
 
static sub_op_tget ()
 
- Static Public Member Functions inherited from theo::obf::transform::operation_t
static std::size_t random (std::size_t lowest, std::size_t largest)
 generate a random number in a range. More...
 
- - - - + + + - - - + + +

+

Additional Inherited Members

- Public Member Functions inherited from theo::obf::transform::operation_t
 operation_t (transform_t op, xed_iclass_enum_t type)
 explicit constructor for operation_t More...
 
std::vector< std::uint8_t > native (const xed_decoded_inst_t *inst, std::uint32_t imm)
 generates a native transform instruction given an existing instruction. it works like so: More...
 
std::vector< std::uint8_t > native (const xed_decoded_inst_t *inst, std::uint32_t imm)
 generates a native transform instruction given an existing instruction. it works like so: More...
 
xed_iclass_enum_t inverse ()
 gets the inverse operation of the current operation. More...
 
transform_tget_transform ()
 gets a pointer to the lambda function which contains the transform logic. More...
 
transform_tget_transform ()
 gets a pointer to the lambda function which contains the transform logic. More...
 
xed_iclass_enum_t type ()
 gets the operation type. such as XED_ICLASS_ADD, XED_ICLASS_SUB, etc... More...
 

Detailed Description

-

Member Function Documentation

- -

◆ get()

+
+

Definition at line 35 of file sub_op.hpp.

+

Member Function Documentation

+ +

◆ get()

@@ -126,7 +127,7 @@ Additional Inherited Members - + @@ -138,20 +139,22 @@ Additional Inherited Members
static sub_op_t* theo::obf::transform::sub_op_t::get static sub_op_t * theo::obf::transform::sub_op_t::get ( )
-
42  {
-
43  static sub_op_t obj;
-
44  return &obj;
-
45  }
+ +

Definition at line 42 of file sub_op.hpp.

+
42 {
+
43 static sub_op_t obj;
+
44 return &obj;
+
45 }
The documentation for this class was generated from the following file:
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d6/d62/symbol_8hpp.html b/doxygen/html/d6/d62/symbol_8hpp.html index 231a236..afa62b6 100644 --- a/doxygen/html/d6/d62/symbol_8hpp.html +++ b/doxygen/html/d6/d62/symbol_8hpp.html @@ -2,8 +2,8 @@ - - + + Theodosius: include/decomp/symbol.hpp File Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-Classes | +Data Structures | Namespaces | Enumerations
-
-
symbol.hpp File Reference
+
symbol.hpp File Reference
#include <coff/image.hpp>
#include <cstdint>
-#include <recomp/reloc.hpp>
+#include <recomp/reloc.hpp>
#include <string>
#include <vector>
-

Go to the source code of this file.

+

Go to the source code of this file.

- +

-Classes

+Data Structures

class  theo::decomp::symbol_t
 symbol_t is an abstraction upon the coff symbol. this allows for easier manipulation of the symbol. symbols can be different things, sections, functions, and even instructions (when functions are broken down). More...
 
- - + - +

+

Namespaces

 theo
namespace  theo
 The outer most encompassing namespace of this project.
 
 theo::decomp
namespace  theo::decomp
 the namespace that contains all of the decomposition related code.
 
-
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d6/d62/symbol_8hpp_source.html b/doxygen/html/d6/d62/symbol_8hpp_source.html new file mode 100644 index 0000000..5ae376d --- /dev/null +++ b/doxygen/html/d6/d62/symbol_8hpp_source.html @@ -0,0 +1,279 @@ + + + + + + + +Theodosius: include/decomp/symbol.hpp Source File + + + + + + + + + +
+
+

+

Enumerations

enum  theo::decomp::sym_type_t {
  theo::decomp::function = 0b00000001 @@ -115,7 +115,7 @@ Enumerations
+ + + + + + +
+
Theodosius v3.0 +
+
Jit linker, symbol mapper, and obfuscator
+
+
+ + + + + + + + +
+
+ + +
+ +
+ + +
+
+
symbol.hpp
+
+
+Go to the documentation of this file.
1// Copyright (c) 2022, _xeroxz
+
2// All rights reserved.
+
3//
+
4// Redistribution and use in source and binary forms, with or without
+
5// modification, are permitted provided that the following conditions are met:
+
6//
+
7// 1. Redistributions of source code must retain the above copyright notice,
+
8// this list of conditions and the following disclaimer.
+
9//
+
10// 2. Redistributions in binary form must reproduce the above copyright notice,
+
11// this list of conditions and the following disclaimer in the documentation
+
12// and/or other materials provided with the distribution.
+
13//
+
14// 3. Neither the name of the copyright holder nor the names of its
+
15// contributors may be used to endorse or promote products derived from
+
16// this software without specific prior written permission.
+
17//
+
18// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+
19// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+
20// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+
21// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+
22// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+
23// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+
24// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+
25// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+
26// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+
27// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+
28// POSSIBILITY OF SUCH DAMAGE.
+
29//
+
30
+
31#pragma once
+
32#include <coff/image.hpp>
+
33#include <cstdint>
+
34#include <recomp/reloc.hpp>
+
35#include <string>
+
36#include <vector>
+
37
+
38namespace theo::decomp {
+
39/// <summary>
+
40/// meta symbol type. this is an abstraction upon the coff symbol storage/class
+
41/// type.
+
42/// </summary>
+
43enum sym_type_t {
+
44 function = 0b00000001,
+
45 instruction = 0b00000010,
+
46 data = 0b00000100,
+
47 section = 0b00001000,
+
48 all = section | data | instruction | function
+
49};
+
50
+
51/// <summary>
+
52/// symbol_t is an abstraction upon the coff symbol. this allows for easier
+
53/// manipulation of the symbol. symbols can be different things, sections,
+
54/// functions, and even instructions (when functions are broken down).
+
55///
+
56/// this class is used throughout theodosius and is a keystone of the project.
+
57/// ensure you understand how this class works and what it contains.
+
58/// </summary>
+
59class symbol_t {
+
60 public:
+
61 /// <summary>
+
62 /// the explicit constructor of this symbol.
+
63 /// </summary>
+
64 /// <param name="img">the image in which the symbol is located in.</param>
+
65 /// <param name="name">the name of the symbol.</param>
+
66 /// <param name="offset">offset into the section where this symbol is
+
67 /// located.</param>
+
68 /// <param name="data">the data of the symbol. there can be
+
69 /// no data.</param>
+
70 /// <param name="scn">the section header describing the
+
71 /// section which contains the symbol.</param>
+
72 /// <param name="sym">the coff symbol itself.</param>
+
73 /// <param name="relocs">a vector of relocations this symbol has (if
+
74 /// any).</param>
+
75 /// <param name="dcmp_type">the type of symbol</param>
+
76 explicit symbol_t(coff::image_t* img,
+
77 std::string name,
+
78 std::uintptr_t offset,
+
79 std::vector<std::uint8_t> data,
+
80 coff::section_header_t* scn = {},
+
81 coff::symbol_t* sym = {},
+
82 std::vector<recomp::reloc_t> relocs = {},
+
83 sym_type_t dcmp_type = {});
+
84
+
85 /// <summary>
+
86 /// gets the name of the symbol.
+
87 /// </summary>
+
88 /// <returns>the name of the symbol.</returns>
+
89 std::string name() const;
+
90
+
91 /// <summary>
+
92 /// gets the offset into the section where the symbol is located.
+
93 /// </summary>
+
94 /// <returns>the offset into the section where the symbol is
+
95 /// located.</returns>
+
96 std::uintptr_t offset() const;
+
97
+
98 /// <summary>
+
99 /// returns the address where the symbol is allocated.
+
100 /// </summary>
+
101 /// <returns>the address where the symbol is allocated.</returns>
+
102 std::uintptr_t allocated_at() const;
+
103
+
104 /// <summary>
+
105 /// returns the size of the symbol.
+
106 /// </summary>
+
107 /// <returns>the size of the symbol.</returns>
+
108 std::uint32_t size() const;
+
109
+
110 /// <summary>
+
111 /// gets the section header of the section in which the symbol is contained.
+
112 /// </summary>
+
113 /// <returns>the section header of the section in which the symbol is
+
114 /// contained.</returns>
+
115 coff::section_header_t* scn() const;
+
116
+
117 /// <summary>
+
118 /// gets the imagine in which the symbol is located inside of.
+
119 /// </summary>
+
120 /// <returns>the imagine in which the symbol is located inside of.</returns>
+
121 coff::image_t* img() const;
+
122
+
123 /// <summary>
+
124 /// returns a vector by reference of bytes containing the data of the symbol.
+
125 /// </summary>
+
126 /// <returns>a vector by reference of bytes containing the data of the
+
127 /// symbol.</returns>
+
128 std::vector<std::uint8_t>& data();
+
129
+
130 /// <summary>
+
131 /// returns a pointer to the coff symbol object.
+
132 /// </summary>
+
133 /// <returns>a pointer to the coff symbol object.</returns>
+
134 coff::symbol_t* sym() const;
+
135
+
136 /// <summary>
+
137 /// returns the type of the symbol.
+
138 /// </summary>
+
139 /// <returns>the type of the symbol.</returns>
+
140 sym_type_t type() const;
+
141
+
142 /// <summary>
+
143 /// returns a vector of relocations.
+
144 /// </summary>
+
145 /// <returns>a vector of relocations.</returns>
+
146 std::vector<recomp::reloc_t>& relocs();
+
147
+
148 /// <summary>
+
149 /// set the address where the symbol is allocated at.
+
150 /// </summary>
+
151 /// <param name="allocated_at">where the symbol is allocated at.</param>
+
152 void allocated_at(std::uintptr_t allocated_at);
+
153
+
154 /// <summary>
+
155 /// gets the hash of the symbol name.
+
156 /// </summary>
+
157 /// <returns>the hash of the symbol name.</returns>
+
158 std::size_t hash();
+
159
+
160 /// <summary>
+
161 /// generate a hash given the name of the symbol.
+
162 /// </summary>
+
163 /// <param name="sym">the symbol name to create a hash from.</param>
+
164 /// <returns>the symbol name hash</returns>
+
165 static std::size_t hash(const std::string& sym);
+
166
+
167 /// <summary>
+
168 /// get the name of a symbol. this function will create a symbol name if the
+
169 /// symbol is opaquely named.
+
170 ///
+
171 /// for example in c++ if you define something like this:
+
172 ///
+
173 /// some_struct_t val = { value_one, value_two };
+
174 ///
+
175 /// "val" will be stored in the .data section of the coff file. however the
+
176 /// symbol name will be opaque (the name of the symbol will be ".data"). this
+
177 /// causes issues with theo since each symbol needs its own unqiue name to
+
178 /// generate a unique symbol name hash. for symbols like this, theo will
+
179 /// create a name for it with the following format:
+
180 ///
+
181 /// .data#section_index!coff_file_timestamp+offset_into_section
+
182 ///
+
183 /// </summary>
+
184 /// <param name="img">the coff file containing the symbol.</param>
+
185 /// <param name="sym">the coff symbol itself.</param>
+
186 /// <returns>the name of the symbol, or a created one.</returns>
+
187 static std::string name(const coff::image_t* img, coff::symbol_t* sym);
+
188
+
189 private:
+
190 std::string m_name;
+
191 std::uintptr_t m_offset, m_allocated_at;
+
192 std::vector<std::uint8_t> m_data;
+
193 coff::section_header_t* m_scn;
+
194 std::vector<recomp::reloc_t> m_relocs;
+
195 sym_type_t m_sym_type;
+
196 coff::symbol_t* m_sym;
+
197 coff::image_t* m_img;
+
198};
+
199} // namespace theo::decomp
+
+ +
+Generated by doxygen 1.9.3 +
+ + diff --git a/doxygen/html/d6/d8a/rol__op_8hpp.html b/doxygen/html/d6/d8a/rol__op_8hpp.html index e5aa813..df38ad5 100644 --- a/doxygen/html/d6/d8a/rol__op_8hpp.html +++ b/doxygen/html/d6/d8a/rol__op_8hpp.html @@ -2,8 +2,8 @@ - - + + Theodosius: include/obf/transform/rol_op.hpp File Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-Classes | +Data Structures | Namespaces
-
-
rol_op.hpp File Reference
+
rol_op.hpp File Reference
-
#include <obf/transform/operation.hpp>
+
#include <obf/transform/operation.hpp>
-

Go to the source code of this file.

+

Go to the source code of this file.

- +

-Classes

+Data Structures

class  theo::obf::transform::rol_op_t
 
- - + - + - +

+

Namespaces

 theo
namespace  theo
 The outer most encompassing namespace of this project.
 
 theo::obf
namespace  theo::obf
 this is the main namespace for obfuscation related things.
 
 theo::obf::transform
namespace  theo::obf::transform
 this namespace encompasses the code for transforming relocations.
 
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d6/d8a/rol__op_8hpp_source.html b/doxygen/html/d6/d8a/rol__op_8hpp_source.html new file mode 100644 index 0000000..3c21ea0 --- /dev/null +++ b/doxygen/html/d6/d8a/rol__op_8hpp_source.html @@ -0,0 +1,129 @@ + + + + + + + +Theodosius: include/obf/transform/rol_op.hpp Source File + + + + + + + + + +
+
+ + + + + + + +
+
Theodosius v3.0 +
+
Jit linker, symbol mapper, and obfuscator
+
+
+ + + + + + + + +
+
+ + +
+ +
+ + +
+
+
rol_op.hpp
+
+
+Go to the documentation of this file.
1// Copyright (c) 2022, _xeroxz
+
2// All rights reserved.
+
3//
+
4// Redistribution and use in source and binary forms, with or without
+
5// modification, are permitted provided that the following conditions are met:
+
6//
+
7// 1. Redistributions of source code must retain the above copyright notice,
+
8// this list of conditions and the following disclaimer.
+
9//
+
10// 2. Redistributions in binary form must reproduce the above copyright notice,
+
11// this list of conditions and the following disclaimer in the documentation
+
12// and/or other materials provided with the distribution.
+
13//
+
14// 3. Neither the name of the copyright holder nor the names of its
+
15// contributors may be used to endorse or promote products derived from
+
16// this software without specific prior written permission.
+
17//
+
18// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+
19// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+
20// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+
21// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+
22// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+
23// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+
24// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+
25// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+
26// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+
27// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+
28// POSSIBILITY OF SUCH DAMAGE.
+
29//
+
30
+
31#pragma once
+
32#include <obf/transform/operation.hpp>
+
33
+
34namespace theo::obf::transform {
+
35class rol_op_t : public operation_t {
+
36 explicit rol_op_t()
+
37 : operation_t(
+
38 [&](std::size_t val, std::uint32_t imm) -> std::size_t {
+
39 return std::rotl(val, (std::uint8_t)imm);
+
40 },
+
41 XED_ICLASS_ROL) {}
+
42
+
43 public:
+
44 static rol_op_t* get() {
+
45 static rol_op_t obj;
+
46 return &obj;
+
47 }
+
48};
+
49} // namespace theo::obf::transform
+
+ +
+Generated by doxygen 1.9.3 +
+ + diff --git a/doxygen/html/d6/da4/reloc__transform__pass_8cpp.html b/doxygen/html/d6/da4/reloc__transform__pass_8cpp.html index 466dc0d..f0dae38 100644 --- a/doxygen/html/d6/da4/reloc__transform__pass_8cpp.html +++ b/doxygen/html/d6/da4/reloc__transform__pass_8cpp.html @@ -2,8 +2,8 @@ - - + + Theodosius: src/obf/passes/reloc_transform_pass.cpp File Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
Namespaces
-
-
reloc_transform_pass.cpp File Reference
+
reloc_transform_pass.cpp File Reference
-
#include <obf/passes/reloc_transform_pass.hpp>
+
#include <obf/passes/reloc_transform_pass.hpp>
-

Go to the source code of this file.

+

Go to the source code of this file.

- - + - +

+

Namespaces

 theo
namespace  theo
 The outer most encompassing namespace of this project.
 
 theo::obf
namespace  theo::obf
 this is the main namespace for obfuscation related things.
 
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d6/da4/reloc__transform__pass_8cpp_source.html b/doxygen/html/d6/da4/reloc__transform__pass_8cpp_source.html new file mode 100644 index 0000000..b5251d1 --- /dev/null +++ b/doxygen/html/d6/da4/reloc__transform__pass_8cpp_source.html @@ -0,0 +1,157 @@ + + + + + + + +Theodosius: src/obf/passes/reloc_transform_pass.cpp Source File + + + + + + + + + +
+
+ + + + + + + +
+
Theodosius v3.0 +
+
Jit linker, symbol mapper, and obfuscator
+
+
+ + + + + + + + +
+
+ + +
+ +
+ + +
+
+
reloc_transform_pass.cpp
+
+
+Go to the documentation of this file.
1// Copyright (c) 2022, _xeroxz
+
2// All rights reserved.
+
3//
+
4// Redistribution and use in source and binary forms, with or without
+
5// modification, are permitted provided that the following conditions are met:
+
6//
+
7// 1. Redistributions of source code must retain the above copyright notice,
+
8// this list of conditions and the following disclaimer.
+
9//
+
10// 2. Redistributions in binary form must reproduce the above copyright notice,
+
11// this list of conditions and the following disclaimer in the documentation
+
12// and/or other materials provided with the distribution.
+
13//
+
14// 3. Neither the name of the copyright holder nor the names of its
+
15// contributors may be used to endorse or promote products derived from
+
16// this software without specific prior written permission.
+
17//
+
18// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+
19// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+
20// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+
21// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+
22// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+
23// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+
24// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+
25// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+
26// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+
27// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+
28// POSSIBILITY OF SUCH DAMAGE.
+
29//
+
30
+
31#include <obf/passes/reloc_transform_pass.hpp>
+
32
+
33namespace theo::obf {
+
34reloc_transform_pass_t* reloc_transform_pass_t::get() {
+
35 static reloc_transform_pass_t obj;
+
36 return &obj;
+
37}
+
38
+
39void reloc_transform_pass_t::run(decomp::symbol_t* sym) {
+
40 std::optional<recomp::reloc_t*> reloc;
+
41 if (!(reloc = has_legit_reloc(sym)).has_value())
+
42 return;
+
43
+
44 spdlog::info("adding transformations to relocation in symbol: {}",
+
45 sym->name());
+
46
+
47 xed_error_enum_t err;
+
48 xed_decoded_inst_t inst;
+
49 xed_state_t istate{XED_MACHINE_MODE_LONG_64, XED_ADDRESS_WIDTH_64b};
+
50 xed_decoded_inst_zero_set_mode(&inst, &istate);
+
51
+
52 if ((err = xed_decode(&inst, sym->data().data(), sym->data().size())) !=
+
53 XED_ERROR_NONE) {
+
54 spdlog::error("failed to decode instruction, reason: {} in symbol: {}",
+
55 xed_error_enum_t2str(err), sym->name());
+
56
+
57 assert(err == XED_ERROR_NONE);
+
58 }
+
59
+
60 auto transforms_bytes = transform::generate(&inst, reloc.value(), 3, 6);
+
61 sym->data().insert(sym->data().end(), transforms_bytes.begin(),
+
62 transforms_bytes.end());
+
63};
+
64
+
65std::optional<recomp::reloc_t*> reloc_transform_pass_t::has_legit_reloc(
+
66 decomp::symbol_t* sym) {
+
67 auto res = // see if there are any relocations with offset not equal to
+
68 // zero... relocations with zero mean its a relocation to the next
+
69 // instruction...
+
70 std::find_if(
+
71 sym->relocs().begin(), sym->relocs().end(),
+
72 [&](recomp::reloc_t& reloc) -> bool { return reloc.offset(); });
+
73
+
74 return res != sym->relocs().end() ? &(*res)
+
75 : std::optional<recomp::reloc_t*>();
+
76}
+
77} // namespace theo::obf
+
+ +
+Generated by doxygen 1.9.3 +
+ + diff --git a/doxygen/html/d6/dc1/classtheo_1_1obf_1_1jcc__rewrite__pass__t.html b/doxygen/html/d6/dc1/classtheo_1_1obf_1_1jcc__rewrite__pass__t.html index 9b4c512..5fe355e 100644 --- a/doxygen/html/d6/dc1/classtheo_1_1obf_1_1jcc__rewrite__pass__t.html +++ b/doxygen/html/d6/dc1/classtheo_1_1obf_1_1jcc__rewrite__pass__t.html @@ -2,8 +2,8 @@ - - + + Theodosius: theo::obf::jcc_rewrite_pass_t Class Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ + +
theo::obf::jcc_rewrite_pass_t Class Reference

jcc rewrite pass which rewrites rip relative jcc's so that they are position independent. More...

-

#include <jcc_rewrite_pass.hpp>

+

#include "jcc_rewrite_pass.hpp"

Inheritance diagram for theo::obf::jcc_rewrite_pass_t:
@@ -90,7 +89,7 @@ Inheritance diagram for theo::obf::jcc_rewrite_pass_t:
- @@ -99,25 +98,30 @@ Public Member Functions + + +

+

Public Member Functions

void run (decomp::symbol_t *sym)
 virtual method which must be implimented by the pass that inherits this class. More...
 pass_t (decomp::sym_type_t sym_type)
 the explicit constructor of the pass_t base class. More...
 
virtual void run (decomp::symbol_t *sym)=0
 virtual method which must be implimented by the pass that inherits this class. More...
 
decomp::sym_type_t sym_type ()
 gets the passes symbol type. More...
 
-

+

Static Public Member Functions

static jcc_rewrite_pass_tget ()
 

Detailed Description

-

jcc rewrite pass which rewrites rip relative jcc's so that they are position independent.

-

given the following code: 

jnz label1
+
jcc rewrite pass which rewrites rip relative jcc's so that they are position independent. 

+
given the following code: 
jnz label1
 ; other code goes here
 
 label1: ; more code here

-
the jnz instruction will be rewritten so that the following code is generated: 
jnz br2
+
the jnz instruction will be rewritten so that the following code is generated: 
jnz br2
 
 br1: jmp [rip] ; address after this instruction contains the address ; of the instruction after the jcc. br2: jmp [rip] ; address after this instruction contains the address of where ; branch 2 is located.

-
its important to note that other passes will encrypt (transform) the address of the next instruction. There is actually no jmp [rip] either, push/ret is used.

+
its important to note that other passes will encrypt (transform) the address of the next instruction. There is actually no jmp [rip] either, push/ret is used. 

+
+
Definition at line 61 of file jcc_rewrite_pass.hpp.

 
Member Function Documentation

-
+
 
◆ get()

 
 

@@ -139,14 +143,18 @@ Static Public Member Functions
   
 
 

-
   35                                             {

-
   36   static jcc_rewrite_pass_t obj;

-
   37   return &obj;

-
   38 }

+
+
Definition at line 35 of file jcc_rewrite_pass.cpp.

+
   35                                            {

+
   36  static jcc_rewrite_pass_t obj;

+
   37  return &obj;

+
   38}

 

+
Referenced by main().

+
 

 

-
+
 
◆ run()

 
 

@@ -179,63 +187,64 @@ Static Public Member Functions
 
 
 
Implements theo::obf::pass_t.

-
   40                                                 {

-
   41   std::int32_t disp = {};

-
   42   xed_decoded_inst_t inst;

-
   43   xed_state_t istate{XED_MACHINE_MODE_LONG_64, XED_ADDRESS_WIDTH_64b};

-
   44   xed_decoded_inst_zero_set_mode(&inst, &istate);

-
   45   xed_decode(&inst, sym->data().data(), XED_MAX_INSTRUCTION_BYTES);

-
   46  

-
   47   // if the instruction is branching...

-
   48   if ((disp = xed_decoded_inst_get_branch_displacement(&inst))) {

-
   49     disp += xed_decoded_inst_get_length(&inst);

-
   50  

-
   51     // update displacement...

-
   52     xed_decoded_inst_set_branch_displacement(

-
   53         &inst, sym->data().size() - xed_decoded_inst_get_length(&inst),

-
   54         xed_decoded_inst_get_branch_displacement_width(&inst));

-
   55  

-
   56     xed_encoder_request_init_from_decode(&inst);

-
   57     xed_encoder_request_t* req = &inst;

-
   58  

-
   59     // update jcc in the buffer...

-
   60     std::uint32_t len = {};

-
   61     xed_encode(req, sym->data().data(), xed_decoded_inst_get_length(&inst),

-
   62                &len);

-
   63  

-
   64     // create a relocation to the instruction the branch would normally go

-
   65     // too...

-
   66     auto offset = disp < 0 ? sym->offset() - std::abs(disp)

-
   67                            : sym->offset() + std::abs(disp);

-
   68  

-
   69     auto sym_name =

-
   70         std::string(

-
   71             sym->sym()->name.to_string(sym->img()->get_strings()).data())

-
   72             .append("@")

-
   73             .append(std::to_string(offset));

-
   74  

-
   75     sym->relocs().push_back(

-
   76         recomp::reloc_t(0, decomp::symbol_t::hash(sym_name), sym_name.data()));

-
   77  

-
   78     // run next_inst_pass on this symbol to generate the transformations for the

-
   79     // relocation to the jcc branch dest instruction...

-
   80     next_inst_pass_t::get()->run(sym);

-
   81   }

-
   82 };

-
theo::decomp::symbol_t::hash
std::size_t hash()
gets the hash of the symbol name.
Definition: symbol.cpp:88

-
theo::obf::next_inst_pass_t::get
static next_inst_pass_t * get()
Definition: next_inst_pass.cpp:34

-
theo::obf::next_inst_pass_t::run
void run(decomp::symbol_t *sym)
virtual method which must be implimented by the pass that inherits this class.
Definition: next_inst_pass.cpp:38

+
+
Definition at line 40 of file jcc_rewrite_pass.cpp.

+
   40                                                {

+
   41  std::int32_t disp = {};

+
   42  xed_decoded_inst_t inst;

+
   43  xed_state_t istate{XED_MACHINE_MODE_LONG_64, XED_ADDRESS_WIDTH_64b};

+
   44  xed_decoded_inst_zero_set_mode(&inst, &istate);

+
   45  xed_decode(&inst, sym->data().data(), XED_MAX_INSTRUCTION_BYTES);

+
   46 

+
   47  // if the instruction is branching...

+
   48  if ((disp = xed_decoded_inst_get_branch_displacement(&inst))) {

+
   49    disp += xed_decoded_inst_get_length(&inst);

+
   50 

+
   51    // update displacement...

+
   52    xed_decoded_inst_set_branch_displacement(

+
   53        &inst, sym->data().size() - xed_decoded_inst_get_length(&inst),

+
   54        xed_decoded_inst_get_branch_displacement_width(&inst));

+
   55 

+
   56    xed_encoder_request_init_from_decode(&inst);

+
   57    xed_encoder_request_t* req = &inst;

+
   58 

+
   59    // update jcc in the buffer...

+
   60    std::uint32_t len = {};

+
   61    xed_encode(req, sym->data().data(), xed_decoded_inst_get_length(&inst),

+
   62               &len);

+
   63 

+
   64    // create a relocation to the instruction the branch would normally go

+
   65    // too...

+
   66    auto offset = disp < 0 ? sym->offset() - std::abs(disp)

+
   67                           : sym->offset() + std::abs(disp);

+
   68 

+
   69    auto sym_name =

+
   70        std::string(

+
   71            sym->sym()->name.to_string(sym->img()->get_strings()).data())

+
   72            .append("@")

+
   73            .append(std::to_string(offset));

+
   74 

+
   75    sym->relocs().push_back(

+
   76        recomp::reloc_t(0, decomp::symbol_t::hash(sym_name), sym_name.data()));

+
   77 

+
   78    // run next_inst_pass on this symbol to generate the transformations for the

+
   79    // relocation to the jcc branch dest instruction...

+
   80    next_inst_pass_t::get()->run(sym);

+
   81  }

+
   82};

 

+
References theo::decomp::symbol_t::data(), theo::obf::next_inst_pass_t::get(), theo::decomp::symbol_t::hash(), theo::decomp::symbol_t::img(), theo::decomp::symbol_t::offset(), theo::decomp::symbol_t::relocs(), theo::obf::next_inst_pass_t::run(), and theo::decomp::symbol_t::sym().

+
 

 

 
The documentation for this class was generated from the following files:
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d6/deb/transform_8hpp.html b/doxygen/html/d6/deb/transform_8hpp.html index fe79437..7807af7 100644 --- a/doxygen/html/d6/deb/transform_8hpp.html +++ b/doxygen/html/d6/deb/transform_8hpp.html @@ -2,8 +2,8 @@ - - + + Theodosius: include/obf/transform/transform.hpp File Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ + -
-
transform.hpp File Reference
+
transform.hpp File Reference
-
#include <obf/transform/add_op.hpp>
-#include <obf/transform/rol_op.hpp>
-#include <obf/transform/ror_op.hpp>
-#include <obf/transform/sub_op.hpp>
-#include <obf/transform/xor_op.hpp>
+
#include <obf/transform/add_op.hpp>
+#include <obf/transform/rol_op.hpp>
+#include <obf/transform/ror_op.hpp>
+#include <obf/transform/sub_op.hpp>
+#include <obf/transform/xor_op.hpp>
-

Go to the source code of this file.

+

Go to the source code of this file.

- - + - + - +

+

Namespaces

 theo
namespace  theo
 The outer most encompassing namespace of this project.
 
 theo::obf
namespace  theo::obf
 this is the main namespace for obfuscation related things.
 
 theo::obf::transform
namespace  theo::obf::transform
 this namespace encompasses the code for transforming relocations.
 
- @@ -103,7 +103,7 @@ Variables
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d6/deb/transform_8hpp_source.html b/doxygen/html/d6/deb/transform_8hpp_source.html new file mode 100644 index 0000000..e306df2 --- /dev/null +++ b/doxygen/html/d6/deb/transform_8hpp_source.html @@ -0,0 +1,128 @@ + + + + + + + +Theodosius: include/obf/transform/transform.hpp Source File + + + + + + + + + +
+
+

+

Variables

std::map< xed_iclass_enum_t, operation_t * > theo::obf::transform::operations
 map of all of the operations and their type. More...
+ + + + + + +
+
Theodosius v3.0 +
+
Jit linker, symbol mapper, and obfuscator
+
+
+ + + + + + + + +
+
+ + +
+ +
+ + +
+
+
transform.hpp
+
+
+Go to the documentation of this file.
1// Copyright (c) 2022, _xeroxz
+
2// All rights reserved.
+
3//
+
4// Redistribution and use in source and binary forms, with or without
+
5// modification, are permitted provided that the following conditions are met:
+
6//
+
7// 1. Redistributions of source code must retain the above copyright notice,
+
8// this list of conditions and the following disclaimer.
+
9//
+
10// 2. Redistributions in binary form must reproduce the above copyright notice,
+
11// this list of conditions and the following disclaimer in the documentation
+
12// and/or other materials provided with the distribution.
+
13//
+
14// 3. Neither the name of the copyright holder nor the names of its
+
15// contributors may be used to endorse or promote products derived from
+
16// this software without specific prior written permission.
+
17//
+
18// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+
19// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+
20// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+
21// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+
22// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+
23// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+
24// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+
25// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+
26// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+
27// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+
28// POSSIBILITY OF SUCH DAMAGE.
+
29//
+
30
+
31#pragma once
+
32#include <obf/transform/add_op.hpp>
+
33#include <obf/transform/rol_op.hpp>
+
34#include <obf/transform/ror_op.hpp>
+
35#include <obf/transform/sub_op.hpp>
+
36#include <obf/transform/xor_op.hpp>
+
37
+
38namespace theo::obf::transform {
+
39/// <summary>
+
40/// map of all of the operations and their type.
+
41/// </summary>
+
42inline std::map<xed_iclass_enum_t, operation_t*> operations = {
+
43 {XED_ICLASS_ADD, add_op_t::get()},
+
44 {XED_ICLASS_SUB, sub_op_t::get()},
+
45 {XED_ICLASS_ROL, rol_op_t::get()},
+
46 {XED_ICLASS_ROR, ror_op_t::get()},
+
47 {XED_ICLASS_XOR, xor_op_t::get()}};
+
48} // namespace theo::obf::transform
+
+ +
+Generated by doxygen 1.9.3 +
+ + diff --git a/doxygen/html/d6/df6/classtheo_1_1obf_1_1transform_1_1rol__op__t-members.html b/doxygen/html/d6/df6/classtheo_1_1obf_1_1transform_1_1rol__op__t-members.html index 58de897..d676438 100644 --- a/doxygen/html/d6/df6/classtheo_1_1obf_1_1transform_1_1rol__op__t-members.html +++ b/doxygen/html/d6/df6/classtheo_1_1obf_1_1transform_1_1rol__op__t-members.html @@ -2,8 +2,8 @@ - - + + Theodosius: Member List @@ -19,10 +19,10 @@
- - + + @@ -31,21 +31,22 @@
-
Theodosius -  v3.0 +
+
Theodosius v3.0
Jit linker, mapper, obfuscator, and mutator
- + +/* @license-end */ +
-
-
theo::obf::transform::rol_op_t Member List
+
theo::obf::transform::rol_op_t Member List

This is the complete list of members for theo::obf::transform::rol_op_t, including all inherited members.

- - + + - + - +
get()theo::obf::transform::rol_op_tinlinestatic
get_transform()theo::obf::transform::operation_tinline
get()theo::obf::transform::rol_op_tinlinestatic
get_transform()theo::obf::transform::operation_tinline
inverse()theo::obf::transform::operation_tinline
native(const xed_decoded_inst_t *inst, std::uint32_t imm)theo::obf::transform::operation_tinline
native(const xed_decoded_inst_t *inst, std::uint32_t imm)theo::obf::transform::operation_tinline
operation_t(transform_t op, xed_iclass_enum_t type)theo::obf::transform::operation_tinlineexplicit
random(std::size_t lowest, std::size_t largest)theo::obf::transform::operation_tinlinestatic
random(std::size_t lowest, std::size_t largest)theo::obf::transform::operation_tinlinestatic
type()theo::obf::transform::operation_tinline
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d7/d74/classtheo_1_1obf_1_1hello__world__pass__t-members.html b/doxygen/html/d7/d74/classtheo_1_1obf_1_1hello__world__pass__t-members.html index d3592b7..ca8683e 100644 --- a/doxygen/html/d7/d74/classtheo_1_1obf_1_1hello__world__pass__t-members.html +++ b/doxygen/html/d7/d74/classtheo_1_1obf_1_1hello__world__pass__t-members.html @@ -2,8 +2,8 @@ - - + + Theodosius: Member List @@ -19,10 +19,10 @@
- - + + @@ -31,21 +31,22 @@
-
Theodosius -  v3.0 +
+
Theodosius v3.0
Jit linker, mapper, obfuscator, and mutator
- + +/* @license-end */ +
-
-
theo::obf::hello_world_pass_t Member List
+
theo::obf::hello_world_pass_t Member List

This is the complete list of members for theo::obf::hello_world_pass_t, including all inherited members.

- - + + - +
get()theo::obf::hello_world_pass_tinlinestatic
pass_t(decomp::sym_type_t sym_type)theo::obf::pass_tinlineexplicit
get()theo::obf::hello_world_pass_tinlinestatic
pass_t(decomp::sym_type_t sym_type)theo::obf::pass_tinlineexplicit
run(decomp::symbol_t *sym)theo::obf::hello_world_pass_tinlinevirtual
sym_type()theo::obf::pass_tinline
sym_type()theo::obf::pass_tinline
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d7/d85/classtheo_1_1decomp_1_1symbol__t-members.html b/doxygen/html/d7/d85/classtheo_1_1decomp_1_1symbol__t-members.html index dbd1b99..a00c794 100644 --- a/doxygen/html/d7/d85/classtheo_1_1decomp_1_1symbol__t-members.html +++ b/doxygen/html/d7/d85/classtheo_1_1decomp_1_1symbol__t-members.html @@ -2,8 +2,8 @@ - - + + Theodosius: Member List @@ -19,10 +19,10 @@
- - + + @@ -31,21 +31,22 @@
-
Theodosius -  v3.0 +
+
Theodosius v3.0
Jit linker, mapper, obfuscator, and mutator
- + +/* @license-end */ +
-
-
theo::decomp::symbol_t Member List
+
theo::decomp::symbol_t Member List

This is the complete list of members for theo::decomp::symbol_t, including all inherited members.

- + - + - + - + - + - + - +
allocated_at() consttheo::decomp::symbol_t
allocated_at(std::uintptr_t allocated_at)theo::decomp::symbol_t
allocated_at(std::uintptr_t allocated_at)theo::decomp::symbol_t
data()theo::decomp::symbol_t
hash()theo::decomp::symbol_t
hash()theo::decomp::symbol_t
hash(const std::string &sym)theo::decomp::symbol_tstatic
img() consttheo::decomp::symbol_t
img() consttheo::decomp::symbol_t
name() consttheo::decomp::symbol_t
name(const coff::image_t *img, coff::symbol_t *sym)theo::decomp::symbol_tstatic
name(const coff::image_t *img, coff::symbol_t *sym)theo::decomp::symbol_tstatic
offset() consttheo::decomp::symbol_t
relocs()theo::decomp::symbol_t
relocs()theo::decomp::symbol_t
scn() consttheo::decomp::symbol_t
size() consttheo::decomp::symbol_t
size() consttheo::decomp::symbol_t
sym() consttheo::decomp::symbol_t
symbol_t(coff::image_t *img, std::string name, std::uintptr_t offset, std::vector< std::uint8_t > data, coff::section_header_t *scn={}, coff::symbol_t *sym={}, std::vector< recomp::reloc_t > relocs={}, sym_type_t dcmp_type={})theo::decomp::symbol_texplicit
symbol_t(coff::image_t *img, std::string name, std::uintptr_t offset, std::vector< std::uint8_t > data, coff::section_header_t *scn={}, coff::symbol_t *sym={}, std::vector< recomp::reloc_t > relocs={}, sym_type_t dcmp_type={})theo::decomp::symbol_texplicit
type() consttheo::decomp::symbol_t
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d7/dbd/classtheo_1_1obf_1_1jcc__rewrite__pass__t-members.html b/doxygen/html/d7/dbd/classtheo_1_1obf_1_1jcc__rewrite__pass__t-members.html index efa96e0..27619f3 100644 --- a/doxygen/html/d7/dbd/classtheo_1_1obf_1_1jcc__rewrite__pass__t-members.html +++ b/doxygen/html/d7/dbd/classtheo_1_1obf_1_1jcc__rewrite__pass__t-members.html @@ -2,8 +2,8 @@ - - + + Theodosius: Member List @@ -19,10 +19,10 @@
- - + + @@ -31,21 +31,22 @@
-
Theodosius -  v3.0 +
+
Theodosius v3.0
Jit linker, mapper, obfuscator, and mutator
- + +/* @license-end */ +
-
-
theo::obf::jcc_rewrite_pass_t Member List
+
theo::obf::jcc_rewrite_pass_t Member List

This is the complete list of members for theo::obf::jcc_rewrite_pass_t, including all inherited members.

- + - +
get()theo::obf::jcc_rewrite_pass_tstatic
pass_t(decomp::sym_type_t sym_type)theo::obf::pass_tinlineexplicit
pass_t(decomp::sym_type_t sym_type)theo::obf::pass_tinlineexplicit
run(decomp::symbol_t *sym)theo::obf::jcc_rewrite_pass_tvirtual
sym_type()theo::obf::pass_tinline
sym_type()theo::obf::pass_tinline
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d7/de2/classtheo_1_1obf_1_1transform_1_1operation__t.html b/doxygen/html/d7/de2/classtheo_1_1obf_1_1transform_1_1operation__t.html index a2db721..e4aba0f 100644 --- a/doxygen/html/d7/de2/classtheo_1_1obf_1_1transform_1_1operation__t.html +++ b/doxygen/html/d7/de2/classtheo_1_1obf_1_1transform_1_1operation__t.html @@ -2,8 +2,8 @@ - - + + Theodosius: theo::obf::transform::operation_t Class Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ + +
theo::obf::transform::operation_t Class Reference

operation_t is the base class for all types of transformations. classes that inherit this class are singleton and simply call the super constructor (operation_t::operation_t). More...

-

#include <operation.hpp>

+

#include "operation.hpp"

Inheritance diagram for theo::obf::transform::operation_t:
@@ -94,34 +93,36 @@ Inheritance diagram for theo::obf::transform::operation_t:
- - - - + + + - - - + + +

+

Public Member Functions

 operation_t (transform_t op, xed_iclass_enum_t type)
 explicit constructor for operation_t More...
 
std::vector< std::uint8_t > native (const xed_decoded_inst_t *inst, std::uint32_t imm)
 generates a native transform instruction given an existing instruction. it works like so: More...
 
std::vector< std::uint8_t > native (const xed_decoded_inst_t *inst, std::uint32_t imm)
 generates a native transform instruction given an existing instruction. it works like so: More...
 
xed_iclass_enum_t inverse ()
 gets the inverse operation of the current operation. More...
 
transform_tget_transform ()
 gets a pointer to the lambda function which contains the transform logic. More...
 
transform_tget_transform ()
 gets a pointer to the lambda function which contains the transform logic. More...
 
xed_iclass_enum_t type ()
 gets the operation type. such as XED_ICLASS_ADD, XED_ICLASS_SUB, etc... More...
 
-

+

Static Public Member Functions

static std::size_t random (std::size_t lowest, std::size_t largest)
 generate a random number in a range. More...
 

Detailed Description

-

operation_t is the base class for all types of transformations. classes that inherit this class are singleton and simply call the super constructor (operation_t::operation_t).

+

operation_t is the base class for all types of transformations. classes that inherit this class are singleton and simply call the super constructor (operation_t::operation_t).

+ +

Definition at line 61 of file operation.hpp.

Constructor & Destructor Documentation

- +

◆ operation_t()

@@ -163,14 +164,15 @@ Static Public Member Functions -
70  : m_transform(op), m_type(type) {}
-
theo::obf::transform::operation_t::type
xed_iclass_enum_t type()
gets the operation type. such as XED_ICLASS_ADD, XED_ICLASS_SUB, etc...
Definition: operation.hpp:140
+ +

Definition at line 69 of file operation.hpp.

+
70 : m_transform(op), m_type(type) {}

Member Function Documentation

- -

◆ get_transform()

+ +

◆ get_transform()

@@ -179,7 +181,7 @@ Static Public Member Functions - + @@ -194,11 +196,13 @@ Static Public Member Functions

gets a pointer to the lambda function which contains the transform logic.

Returns
a pointer to the lambda function which contains the transform logic.
-
133 { return &m_transform; }
+ +

Definition at line 133 of file operation.hpp.

+
133{ return &m_transform; }
- +

◆ inverse()

@@ -223,12 +227,14 @@ Static Public Member Functions

gets the inverse operation of the current operation.

Returns
the inverse operation of the current operation.
-
126 { return m_inverse_op[m_type]; }
+ +

Definition at line 126 of file operation.hpp.

+
126{ return m_inverse_op[m_type]; }
- -

◆ native()

+ +

◆ native()

@@ -237,7 +243,7 @@ Static Public Member Functions
transform_t* theo::obf::transform::operation_t::get_transform transform_t * theo::obf::transform::operation_t::get_transform ( )
- + @@ -262,9 +268,9 @@ Static Public Member Functions

generates a native transform instruction given an existing instruction. it works like so:

-

mov rax, &MessageBoxA ; original instruction with relocation

-

; this function takes the first operand and out of the original ; instruction and uses it to generate a transformation.

-

xor rax, 0x39280928 ; this would be an example output for the xor ;operation.

+

mov rax, &MessageBoxA ; original instruction with relocation

+

; this function takes the first operand and out of the original ; instruction and uses it to generate a transformation.

+

xor rax, 0x39280928 ; this would be an example output for the xor ;operation.

Parameters
std::vector<std::uint8_t> theo::obf::transform::operation_t::native std::vector< std::uint8_t > theo::obf::transform::operation_t::native ( const xed_decoded_inst_t *  inst,
@@ -273,41 +279,43 @@ Static Public Member Functions
Returns
returns the bytes of the native instruction that was encoded.
-
90  {
-
91  std::uint32_t inst_len = {};
-
92  std::uint8_t inst_buff[XED_MAX_INSTRUCTION_BYTES];
-
93 
-
94  xed_error_enum_t err;
-
95  xed_encoder_request_init_from_decode((xed_decoded_inst_s*)inst);
-
96  xed_encoder_request_t* req = (xed_encoder_request_t*)inst;
-
97 
-
98  switch (m_type) {
-
99  case XED_ICLASS_ROR:
-
100  case XED_ICLASS_ROL:
-
101  xed_encoder_request_set_uimm0(req, imm, 1);
-
102  break;
-
103  default:
-
104  xed_encoder_request_set_uimm0(req, imm, 4);
-
105  break;
-
106  }
-
107 
-
108  xed_encoder_request_set_iclass(req, m_type);
-
109  xed_encoder_request_set_operand_order(req, 1, XED_OPERAND_IMM0);
-
110 
-
111  if ((err = xed_encode(req, inst_buff, sizeof(inst_buff), &inst_len)) !=
-
112  XED_ERROR_NONE) {
-
113  spdlog::error("failed to encode instruction... reason: {}",
-
114  xed_error_enum_t2str(err));
-
115 
-
116  assert(err == XED_ERROR_NONE);
-
117  }
-
118 
-
119  return std::vector<std::uint8_t>(inst_buff, inst_buff + inst_len);
-
120  }
+ +

Definition at line 89 of file operation.hpp.

+
90 {
+
91 std::uint32_t inst_len = {};
+
92 std::uint8_t inst_buff[XED_MAX_INSTRUCTION_BYTES];
+
93
+
94 xed_error_enum_t err;
+
95 xed_encoder_request_init_from_decode((xed_decoded_inst_s*)inst);
+
96 xed_encoder_request_t* req = (xed_encoder_request_t*)inst;
+
97
+
98 switch (m_type) {
+
99 case XED_ICLASS_ROR:
+
100 case XED_ICLASS_ROL:
+
101 xed_encoder_request_set_uimm0(req, imm, 1);
+
102 break;
+
103 default:
+
104 xed_encoder_request_set_uimm0(req, imm, 4);
+
105 break;
+
106 }
+
107
+
108 xed_encoder_request_set_iclass(req, m_type);
+
109 xed_encoder_request_set_operand_order(req, 1, XED_OPERAND_IMM0);
+
110
+
111 if ((err = xed_encode(req, inst_buff, sizeof(inst_buff), &inst_len)) !=
+
112 XED_ERROR_NONE) {
+
113 spdlog::error("failed to encode instruction... reason: {}",
+
114 xed_error_enum_t2str(err));
+
115
+
116 assert(err == XED_ERROR_NONE);
+
117 }
+
118
+
119 return std::vector<std::uint8_t>(inst_buff, inst_buff + inst_len);
+
120 }
- +

◆ random()

@@ -350,16 +358,20 @@ Static Public Member Functions
Returns
a random value in a range.
-
148  {
-
149  std::random_device rd;
-
150  std::mt19937 gen(rd());
-
151  std::uniform_int_distribution<std::size_t> distr(lowest, largest);
-
152  return distr(gen);
-
153  }
+ +

Definition at line 148 of file operation.hpp.

+
148 {
+
149 std::random_device rd;
+
150 std::mt19937 gen(rd());
+
151 std::uniform_int_distribution<std::size_t> distr(lowest, largest);
+
152 return distr(gen);
+
153 }
+

Referenced by theo::obf::transform::generate().

+
- +

◆ type()

@@ -384,17 +396,19 @@ Static Public Member Functions

gets the operation type. such as XED_ICLASS_ADD, XED_ICLASS_SUB, etc...

Returns
the operation type. such as XED_ICLASS_ADD, XED_ICLASS_SUB, etc...
-
140 { return m_type; }
+ +

Definition at line 140 of file operation.hpp.

+
140{ return m_type; }
The documentation for this class was generated from the following file:
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d8/d5a/pass_8hpp.html b/doxygen/html/d8/d5a/pass_8hpp.html index 6ea6dbc..cc3be78 100644 --- a/doxygen/html/d8/d5a/pass_8hpp.html +++ b/doxygen/html/d8/d5a/pass_8hpp.html @@ -2,8 +2,8 @@ - - + +Theodosius: include/obf/pass.hpp File Reference @@ -19,33 +19,34 @@
instinstruction with a relocation to generate a transformation for.
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-Classes | +Data Structures | Namespaces | Macros
-
-
pass.hpp File Reference
+
pass.hpp File Reference
#include <spdlog/spdlog.h>
-#include <decomp/symbol.hpp>
-#include <obf/transform/gen.hpp>
+#include <decomp/symbol.hpp>
+#include <obf/transform/gen.hpp>
#include <xed-decode.h>
#include <xed-interface.h>
-

Go to the source code of this file.

+

Go to the source code of this file.

- +

-Classes

+Data Structures

class  theo::obf::pass_t
 the pass_t class is a base clase for all passes made. you must override the pass_t::run virtual function and declare the logic of your pass there. More...
 
- - + - +

+

Namespaces

 theo
namespace  theo
 The outer most encompassing namespace of this project.
 
 theo::obf
namespace  theo::obf
 this is the main namespace for obfuscation related things.
 
-

+

Macros

#define XED_ENCODER
 

Macro Definition Documentation

- +

◆ XED_ENCODER

@@ -116,12 +116,14 @@ Macros
+

Definition at line 36 of file pass.hpp.

+
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d8/d5a/pass_8hpp_source.html b/doxygen/html/d8/d5a/pass_8hpp_source.html new file mode 100644 index 0000000..9dbafbd --- /dev/null +++ b/doxygen/html/d8/d5a/pass_8hpp_source.html @@ -0,0 +1,161 @@ + + + + + + + +Theodosius: include/obf/pass.hpp Source File + + + + + + + + + +
+
+ + + + + + + +
+
Theodosius v3.0 +
+
Jit linker, symbol mapper, and obfuscator
+
+
+ + + + + + + + +
+
+ + +
+ +
+ + +
+
+
pass.hpp
+
+
+Go to the documentation of this file.
1// Copyright (c) 2022, _xeroxz
+
2// All rights reserved.
+
3//
+
4// Redistribution and use in source and binary forms, with or without
+
5// modification, are permitted provided that the following conditions are met:
+
6//
+
7// 1. Redistributions of source code must retain the above copyright notice,
+
8// this list of conditions and the following disclaimer.
+
9//
+
10// 2. Redistributions in binary form must reproduce the above copyright notice,
+
11// this list of conditions and the following disclaimer in the documentation
+
12// and/or other materials provided with the distribution.
+
13//
+
14// 3. Neither the name of the copyright holder nor the names of its
+
15// contributors may be used to endorse or promote products derived from
+
16// this software without specific prior written permission.
+
17//
+
18// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+
19// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+
20// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+
21// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+
22// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+
23// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+
24// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+
25// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+
26// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+
27// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+
28// POSSIBILITY OF SUCH DAMAGE.
+
29//
+
30
+
31#pragma once
+
32#include <spdlog/spdlog.h>
+
33#include <decomp/symbol.hpp>
+
34#include <obf/transform/gen.hpp>
+
35
+
36#define XED_ENCODER
+
37extern "C" {
+
38#include <xed-decode.h>
+
39#include <xed-interface.h>
+
40}
+
41
+
42/// <summary>
+
43/// this is the main namespace for obfuscation related things.
+
44/// </summary>
+
45namespace theo::obf {
+
46
+
47/// <summary>
+
48/// the pass_t class is a base clase for all passes made. you must override the
+
49/// pass_t::run virtual function and declare the logic of your pass there.
+
50///
+
51/// in the constructor of your pass you must call the super constructor (the
+
52/// pass_t constructor) and pass it the type of symbol which you are interesting
+
53/// in receiving.
+
54/// </summary>
+
55class pass_t {
+
56 public:
+
57 /// <summary>
+
58 /// the explicit constructor of the pass_t base class.
+
59 /// </summary>
+
60 /// <param name="sym_type">the type of symbol in which the pass will run on.
+
61 /// every symbol passed to the virtual "run" instruction will be of this
+
62 /// type.</param>
+
63 explicit pass_t(decomp::sym_type_t sym_type) : m_sym_type(sym_type){};
+
64
+
65 /// <summary>
+
66 /// virtual method which must be implimented by the pass that inherits this
+
67 /// class.
+
68 /// </summary>
+
69 /// <param name="sym">a symbol of the same type of m_sym_type.</param>
+
70 virtual void run(decomp::symbol_t* sym) = 0;
+
71
+
72 /// <summary>
+
73 /// gets the passes symbol type.
+
74 /// </summary>
+
75 /// <returns>the passes symbol type.</returns>
+
76 decomp::sym_type_t sym_type() { return m_sym_type; }
+
77
+
78 private:
+
79 decomp::sym_type_t m_sym_type;
+
80};
+
81} // namespace theo::obf
+
+ +
+Generated by doxygen 1.9.3 +
+ + diff --git a/doxygen/html/d8/d67/symbol_8cpp.html b/doxygen/html/d8/d67/symbol_8cpp.html index 498acfa..2a16995 100644 --- a/doxygen/html/d8/d67/symbol_8cpp.html +++ b/doxygen/html/d8/d67/symbol_8cpp.html @@ -2,8 +2,8 @@ - - + + Theodosius: src/decomp/symbol.cpp File Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
Namespaces
-
-
symbol.cpp File Reference
+
symbol.cpp File Reference
-
#include <decomp/symbol.hpp>
+
#include <decomp/symbol.hpp>
-

Go to the source code of this file.

+

Go to the source code of this file.

- - + - +

+

Namespaces

 theo
namespace  theo
 The outer most encompassing namespace of this project.
 
 theo::decomp
namespace  theo::decomp
 the namespace that contains all of the decomposition related code.
 
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d8/d67/symbol_8cpp_source.html b/doxygen/html/d8/d67/symbol_8cpp_source.html new file mode 100644 index 0000000..12ff212 --- /dev/null +++ b/doxygen/html/d8/d67/symbol_8cpp_source.html @@ -0,0 +1,201 @@ + + + + + + + +Theodosius: src/decomp/symbol.cpp Source File + + + + + + + + + +
+
+ + + + + + + +
+
Theodosius v3.0 +
+
Jit linker, symbol mapper, and obfuscator
+
+
+ + + + + + + + +
+
+ + +
+ +
+ + +
+
+
symbol.cpp
+
+
+Go to the documentation of this file.
1// Copyright (c) 2022, _xeroxz
+
2// All rights reserved.
+
3//
+
4// Redistribution and use in source and binary forms, with or without
+
5// modification, are permitted provided that the following conditions are met:
+
6//
+
7// 1. Redistributions of source code must retain the above copyright notice,
+
8// this list of conditions and the following disclaimer.
+
9//
+
10// 2. Redistributions in binary form must reproduce the above copyright notice,
+
11// this list of conditions and the following disclaimer in the documentation
+
12// and/or other materials provided with the distribution.
+
13//
+
14// 3. Neither the name of the copyright holder nor the names of its
+
15// contributors may be used to endorse or promote products derived from
+
16// this software without specific prior written permission.
+
17//
+
18// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+
19// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+
20// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+
21// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+
22// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+
23// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+
24// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+
25// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+
26// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+
27// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+
28// POSSIBILITY OF SUCH DAMAGE.
+
29//
+
30
+
31#include <decomp/symbol.hpp>
+
32
+
33namespace theo::decomp {
+
34symbol_t::symbol_t(coff::image_t* img,
+
35 std::string name,
+
36 std::uintptr_t offset,
+
37 std::vector<std::uint8_t> data,
+
38 coff::section_header_t* scn,
+
39 coff::symbol_t* sym,
+
40 std::vector<recomp::reloc_t> relocs,
+
41 sym_type_t dcmp_type)
+
42 : m_name(name),
+
43 m_offset(offset),
+
44 m_data(data),
+
45 m_scn(scn),
+
46 m_relocs(relocs),
+
47 m_sym_type(dcmp_type),
+
48 m_sym(sym),
+
49 m_img(img),
+
50 m_allocated_at(0) {}
+
51
+
52std::string symbol_t::name() const {
+
53 return m_name;
+
54}
+
55
+
56std::uintptr_t symbol_t::offset() const {
+
57 return m_offset;
+
58}
+
59
+
60std::uintptr_t symbol_t::allocated_at() const {
+
61 return m_allocated_at;
+
62}
+
63
+
64coff::section_header_t* symbol_t::scn() const {
+
65 return m_scn;
+
66}
+
67
+
68coff::image_t* symbol_t::img() const {
+
69 return m_img;
+
70}
+
71
+
72std::uint32_t symbol_t::size() const {
+
73 return m_data.size();
+
74}
+
75
+
76std::vector<std::uint8_t>& symbol_t::data() {
+
77 return m_data;
+
78}
+
79
+
80sym_type_t symbol_t::type() const {
+
81 return m_sym_type;
+
82}
+
83
+
84void symbol_t::allocated_at(std::uintptr_t allocated_at) {
+
85 m_allocated_at = allocated_at;
+
86}
+
87
+
88std::size_t symbol_t::hash() {
+
89 return hash(m_name);
+
90}
+
91
+
92coff::symbol_t* symbol_t::sym() const {
+
93 return m_sym;
+
94}
+
95
+
96std::vector<recomp::reloc_t>& symbol_t::relocs() {
+
97 return m_relocs;
+
98}
+
99
+
100std::size_t symbol_t::hash(const std::string& sym) {
+
101 return std::hash<std::string>{}(sym);
+
102}
+
103
+
104std::string symbol_t::name(const coff::image_t* img, coff::symbol_t* sym) {
+
105 if (sym->has_section() &&
+
106 sym->storage_class == coff::storage_class_id::private_symbol &&
+
107 sym->derived_type == coff::derived_type_id::none) {
+
108 auto scn = img->get_section(sym->section_index - 1);
+
109 auto res = std::string(scn->name.to_string(img->get_strings()).data())
+
110 .append("#")
+
111 .append(std::to_string(sym->section_index))
+
112 .append("!")
+
113 .append(std::to_string(img->file_header.timedate_stamp))
+
114 .append("+")
+
115 .append(std::to_string(sym->value));
+
116
+
117 return res;
+
118 }
+
119 return std::string(sym->name.to_string(img->get_strings()));
+
120}
+
121} // namespace theo::decomp
+
+ +
+Generated by doxygen 1.9.3 +
+ + diff --git a/doxygen/html/d8/d82/namespacetheo_1_1obf_1_1transform.html b/doxygen/html/d8/d82/namespacetheo_1_1obf_1_1transform.html index 3206361..b4ed9bf 100644 --- a/doxygen/html/d8/d82/namespacetheo_1_1obf_1_1transform.html +++ b/doxygen/html/d8/d82/namespacetheo_1_1obf_1_1transform.html @@ -2,8 +2,8 @@ - - + + Theodosius: theo::obf::transform Namespace Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-Classes | +Data Structures | Typedefs | Functions | Variables
-
-
theo::obf::transform Namespace Reference
+
theo::obf::transform Namespace Reference

this namespace encompasses the code for transforming relocations. More...

- + @@ -96,28 +96,28 @@ Classes

-Classes

+Data Structures

class  add_op_t
 
class  operation_t
class  xor_op_t
 
-

+

Typedefs

using transform_t = std::function< std::size_t(std::size_t, std::uint32_t)>
 lambda function which takes in a 64bit value (relocation address) and a 32bit value (random value used in transformation). More...
 
- - - - + + +

+

Functions

std::vector< std::uint8_t > generate (xed_decoded_inst_t *inst, recomp::reloc_t *reloc, std::uint8_t low, std::uint8_t high)
 generate a sequence of transformations given an instruction that has a relocation in it. More...
 
std::vector< std::uint8_t > generate (xed_decoded_inst_t *inst, recomp::reloc_t *reloc, std::uint8_t low, std::uint8_t high)
 generate a sequence of transformations given an instruction that has a relocation in it. More...
 
-

+

Variables

std::map< xed_iclass_enum_t, operation_t * > operations
 map of all of the operations and their type. More...
 

Detailed Description

-

this namespace encompasses the code for transforming relocations.

+

this namespace encompasses the code for transforming relocations.

Typedef Documentation

- +

◆ transform_t

@@ -131,11 +131,13 @@ Variables

lambda function which takes in a 64bit value (relocation address) and a 32bit value (random value used in transformation).

+

Definition at line 54 of file operation.hpp.

+

Function Documentation

- -

◆ generate()

+ +

◆ generate()

@@ -144,7 +146,7 @@ Variables - + @@ -191,53 +193,58 @@ Variables
Returns
-
48  {
-
49  auto num_transforms = transform::operation_t::random(low, high);
-
50  auto num_ops = transform::operations.size();
-
51  std::vector<std::uint8_t> new_inst_bytes;
-
52 
-
53  std::uint32_t inst_len = {};
-
54  std::uint8_t inst_buff[XED_MAX_INSTRUCTION_BYTES];
-
55  xed_encoder_request_t req;
-
56 
-
57  xed_state_t istate{XED_MACHINE_MODE_LONG_64, XED_ADDRESS_WIDTH_64b};
-
58  xed_encoder_request_zero_set_mode(&req, &istate);
-
59  xed_encoder_request_set_effective_operand_width(&req, 64);
-
60  xed_encoder_request_set_iclass(&req, XED_ICLASS_PUSHFQ);
-
61  xed_encode(&req, inst_buff, sizeof(inst_buff), &inst_len);
-
62  new_inst_bytes.insert(new_inst_bytes.end(), inst_buff, inst_buff + inst_len);
-
63 
-
64  for (auto cnt = 0u; cnt < num_transforms; ++cnt) {
-
65  std::uint32_t imm = transform::operation_t::random(
-
66  0, std::numeric_limits<std::int32_t>::max());
-
67 
-
68  auto itr = transform::operations.begin();
-
69  std::advance(itr, transform::operation_t::random(0, num_ops - 1));
-
70  auto transform_bytes = itr->second->native(inst, imm);
-
71  new_inst_bytes.insert(new_inst_bytes.end(), transform_bytes.begin(),
-
72  transform_bytes.end());
-
73 
-
74  reloc->add_transform(
-
75  {transform::operations[itr->second->inverse()]->get_transform(), imm});
-
76  }
-
77 
-
78  xed_encoder_request_zero_set_mode(&req, &istate);
-
79  xed_encoder_request_set_effective_operand_width(&req, 64);
-
80  xed_encoder_request_set_iclass(&req, XED_ICLASS_POPFQ);
-
81  xed_encode(&req, inst_buff, sizeof(inst_buff), &inst_len);
-
82  new_inst_bytes.insert(new_inst_bytes.end(), inst_buff, inst_buff + inst_len);
-
83 
-
84  // inverse the order in which the transformations are executed...
-
85  //
-
86  std::reverse(reloc->get_transforms().begin(), reloc->get_transforms().end());
-
87  return new_inst_bytes;
-
88 }
-
theo::obf::transform::operations
std::map< xed_iclass_enum_t, operation_t * > operations
map of all of the operations and their type.
Definition: transform.hpp:42
+ +

Definition at line 45 of file gen.hpp.

+
48 {
+
49 auto num_transforms = transform::operation_t::random(low, high);
+
50 auto num_ops = transform::operations.size();
+
51 std::vector<std::uint8_t> new_inst_bytes;
+
52
+
53 std::uint32_t inst_len = {};
+
54 std::uint8_t inst_buff[XED_MAX_INSTRUCTION_BYTES];
+
55 xed_encoder_request_t req;
+
56
+
57 xed_state_t istate{XED_MACHINE_MODE_LONG_64, XED_ADDRESS_WIDTH_64b};
+
58 xed_encoder_request_zero_set_mode(&req, &istate);
+
59 xed_encoder_request_set_effective_operand_width(&req, 64);
+
60 xed_encoder_request_set_iclass(&req, XED_ICLASS_PUSHFQ);
+
61 xed_encode(&req, inst_buff, sizeof(inst_buff), &inst_len);
+
62 new_inst_bytes.insert(new_inst_bytes.end(), inst_buff, inst_buff + inst_len);
+
63
+
64 for (auto cnt = 0u; cnt < num_transforms; ++cnt) {
+
65 std::uint32_t imm = transform::operation_t::random(
+
66 0, std::numeric_limits<std::int32_t>::max());
+
67
+
68 auto itr = transform::operations.begin();
+
69 std::advance(itr, transform::operation_t::random(0, num_ops - 1));
+
70 auto transform_bytes = itr->second->native(inst, imm);
+
71 new_inst_bytes.insert(new_inst_bytes.end(), transform_bytes.begin(),
+
72 transform_bytes.end());
+
73
+
74 reloc->add_transform(
+
75 {transform::operations[itr->second->inverse()]->get_transform(), imm});
+
76 }
+
77
+
78 xed_encoder_request_zero_set_mode(&req, &istate);
+
79 xed_encoder_request_set_effective_operand_width(&req, 64);
+
80 xed_encoder_request_set_iclass(&req, XED_ICLASS_POPFQ);
+
81 xed_encode(&req, inst_buff, sizeof(inst_buff), &inst_len);
+
82 new_inst_bytes.insert(new_inst_bytes.end(), inst_buff, inst_buff + inst_len);
+
83
+
84 // inverse the order in which the transformations are executed...
+
85 //
+
86 std::reverse(reloc->get_transforms().begin(), reloc->get_transforms().end());
+
87 return new_inst_bytes;
+
88}
+

References theo::recomp::reloc_t::add_transform(), theo::recomp::reloc_t::get_transforms(), operations, and theo::obf::transform::operation_t::random().

+ +

Referenced by theo::obf::next_inst_pass_t::run(), and theo::obf::reloc_transform_pass_t::run().

+

Variable Documentation

- +

◆ operations

@@ -265,12 +272,16 @@ Variables

map of all of the operations and their type.

+

Definition at line 42 of file transform.hpp.

+ +

Referenced by generate().

+
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d8/da9/sub__op_8hpp.html b/doxygen/html/d8/da9/sub__op_8hpp.html index 91e3892..900677a 100644 --- a/doxygen/html/d8/da9/sub__op_8hpp.html +++ b/doxygen/html/d8/da9/sub__op_8hpp.html @@ -2,8 +2,8 @@ - - + +Theodosius: include/obf/transform/sub_op.hpp File Reference @@ -19,33 +19,34 @@
std::vector<std::uint8_t> theo::obf::transform::generate std::vector< std::uint8_t > theo::obf::transform::generate ( xed_decoded_inst_t *  inst,
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-Classes | +Data Structures | Namespaces
-
-
sub_op.hpp File Reference
+
sub_op.hpp File Reference
-
#include <obf/transform/operation.hpp>
+
#include <obf/transform/operation.hpp>
-

Go to the source code of this file.

+

Go to the source code of this file.

- +

-Classes

+Data Structures

class  theo::obf::transform::sub_op_t
 
- - + - + - +

+

Namespaces

 theo
namespace  theo
 The outer most encompassing namespace of this project.
 
 theo::obf
namespace  theo::obf
 this is the main namespace for obfuscation related things.
 
 theo::obf::transform
namespace  theo::obf::transform
 this namespace encompasses the code for transforming relocations.
 
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d8/da9/sub__op_8hpp_source.html b/doxygen/html/d8/da9/sub__op_8hpp_source.html new file mode 100644 index 0000000..af41e8c --- /dev/null +++ b/doxygen/html/d8/da9/sub__op_8hpp_source.html @@ -0,0 +1,127 @@ + + + + + + + +Theodosius: include/obf/transform/sub_op.hpp Source File + + + + + + + + + +
+
+ + + + + + + +
+
Theodosius v3.0 +
+
Jit linker, symbol mapper, and obfuscator
+
+
+ + + + + + + + +
+
+ + +
+ +
+ + +
+
+
sub_op.hpp
+
+
+Go to the documentation of this file.
1// Copyright (c) 2022, _xeroxz
+
2// All rights reserved.
+
3//
+
4// Redistribution and use in source and binary forms, with or without
+
5// modification, are permitted provided that the following conditions are met:
+
6//
+
7// 1. Redistributions of source code must retain the above copyright notice,
+
8// this list of conditions and the following disclaimer.
+
9//
+
10// 2. Redistributions in binary form must reproduce the above copyright notice,
+
11// this list of conditions and the following disclaimer in the documentation
+
12// and/or other materials provided with the distribution.
+
13//
+
14// 3. Neither the name of the copyright holder nor the names of its
+
15// contributors may be used to endorse or promote products derived from
+
16// this software without specific prior written permission.
+
17//
+
18// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+
19// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+
20// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+
21// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+
22// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+
23// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+
24// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+
25// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+
26// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+
27// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+
28// POSSIBILITY OF SUCH DAMAGE.
+
29//
+
30
+
31#pragma once
+
32#include <obf/transform/operation.hpp>
+
33
+
34namespace theo::obf::transform {
+
35class sub_op_t : public operation_t {
+
36 explicit sub_op_t()
+
37 : operation_t([&](std::size_t val,
+
38 std::uint32_t imm) -> std::size_t { return val - imm; },
+
39 XED_ICLASS_SUB) {}
+
40
+
41 public:
+
42 static sub_op_t* get() {
+
43 static sub_op_t obj;
+
44 return &obj;
+
45 }
+
46};
+
47} // namespace theo::obf::transform
+
+ +
+Generated by doxygen 1.9.3 +
+ + diff --git a/doxygen/html/d8/dce/classtheo_1_1obf_1_1transform_1_1xor__op__t-members.html b/doxygen/html/d8/dce/classtheo_1_1obf_1_1transform_1_1xor__op__t-members.html index 7de9211..02e0406 100644 --- a/doxygen/html/d8/dce/classtheo_1_1obf_1_1transform_1_1xor__op__t-members.html +++ b/doxygen/html/d8/dce/classtheo_1_1obf_1_1transform_1_1xor__op__t-members.html @@ -2,8 +2,8 @@ - - + + Theodosius: Member List @@ -19,10 +19,10 @@
- - + + @@ -31,21 +31,22 @@
-
Theodosius -  v3.0 +
+
Theodosius v3.0
Jit linker, mapper, obfuscator, and mutator
- + +/* @license-end */ +
-
-
theo::obf::transform::xor_op_t Member List
+
theo::obf::transform::xor_op_t Member List

This is the complete list of members for theo::obf::transform::xor_op_t, including all inherited members.

- - + + - + - +
get()theo::obf::transform::xor_op_tinlinestatic
get_transform()theo::obf::transform::operation_tinline
get()theo::obf::transform::xor_op_tinlinestatic
get_transform()theo::obf::transform::operation_tinline
inverse()theo::obf::transform::operation_tinline
native(const xed_decoded_inst_t *inst, std::uint32_t imm)theo::obf::transform::operation_tinline
native(const xed_decoded_inst_t *inst, std::uint32_t imm)theo::obf::transform::operation_tinline
operation_t(transform_t op, xed_iclass_enum_t type)theo::obf::transform::operation_tinlineexplicit
random(std::size_t lowest, std::size_t largest)theo::obf::transform::operation_tinlinestatic
random(std::size_t lowest, std::size_t largest)theo::obf::transform::operation_tinlinestatic
type()theo::obf::transform::operation_tinline
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d9/d18/classtheo_1_1obf_1_1engine__t.html b/doxygen/html/d9/d18/classtheo_1_1obf_1_1engine__t.html index aef86cf..c9205cf 100644 --- a/doxygen/html/d9/d18/classtheo_1_1obf_1_1engine__t.html +++ b/doxygen/html/d9/d18/classtheo_1_1obf_1_1engine__t.html @@ -2,8 +2,8 @@ - - + + Theodosius: theo::obf::engine_t Class Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ + +
theo::obf::engine_t Class Reference

singleton obfuscation engine class. this class is responsible for keeping track of the registered passes and the order in which to execute them. More...

-

#include <engine.hpp>

+

#include "engine.hpp"

- @@ -90,16 +89,18 @@ Public Member Functions

+

Public Member Functions

void add_pass (pass_t *pass)
 add a pass to the engine. the order in which you call this function matters as the underlying data structure that contains the passes is a vector. More...
 run all the passes on the symbol. this function will only run a pass if the symbol is the same type as the pass requires. More...
 
-

+

Static Public Member Functions

static engine_tget ()
 get the singleton object of this class. More...
 

Detailed Description

-

singleton obfuscation engine class. this class is responsible for keeping track of the registered passes and the order in which to execute them.

+

singleton obfuscation engine class. this class is responsible for keeping track of the registered passes and the order in which to execute them.

+ +

Definition at line 42 of file engine.hpp.

Member Function Documentation

- +

◆ add_pass()

@@ -122,13 +123,15 @@ Static Public Member Functions -
39  {
-
40  passes.push_back(pass);
-
41 }
+ +

Definition at line 39 of file engine.cpp.

+
39 {
+
40 passes.push_back(pass);
+
41}
- +

◆ get()

@@ -153,14 +156,18 @@ Static Public Member Functions

get the singleton object of this class.

Returns
the singleton object of this class.
-
34  {
-
35  static engine_t obj;
-
36  return &obj;
-
37 }
+ +

Definition at line 34 of file engine.cpp.

+
34 {
+
35 static engine_t obj;
+
36 return &obj;
+
37}
+

Referenced by theo::theo_t::compose(), and main().

+
- +

◆ run()

@@ -183,23 +190,25 @@ Static Public Member Functions -
43  {
-
44  std::for_each(passes.begin(), passes.end(), [&](pass_t* pass) {
-
45  if (sym->type() & pass->sym_type())
-
46  pass->run(sym);
-
47  });
-
48 }
+ +

Definition at line 43 of file engine.cpp.

+
43 {
+
44 std::for_each(passes.begin(), passes.end(), [&](pass_t* pass) {
+
45 if (sym->type() & pass->sym_type())
+
46 pass->run(sym);
+
47 });
+
48}
The documentation for this class was generated from the following files:
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d9/d27/classtheo_1_1recomp_1_1recomp__t-members.html b/doxygen/html/d9/d27/classtheo_1_1recomp_1_1recomp__t-members.html index 76551a1..9a499b4 100644 --- a/doxygen/html/d9/d27/classtheo_1_1recomp_1_1recomp__t-members.html +++ b/doxygen/html/d9/d27/classtheo_1_1recomp_1_1recomp__t-members.html @@ -2,8 +2,8 @@ - - + + Theodosius: Member List @@ -19,10 +19,10 @@
- - + + @@ -31,21 +31,22 @@
-
Theodosius -  v3.0 +
+
Theodosius v3.0
Jit linker, mapper, obfuscator, and mutator
- + +/* @license-end */ +
-
-
theo::recomp::recomp_t Member List
+
theo::recomp::recomp_t Member List

This is the complete list of members for theo::recomp::recomp_t, including all inherited members.

- + - + - + - +
allocate()theo::recomp::recomp_t
allocator(allocator_t alloc)theo::recomp::recomp_t
allocator(allocator_t alloc)theo::recomp::recomp_t
copier(copier_t copy)theo::recomp::recomp_t
copy_syms()theo::recomp::recomp_t
copy_syms()theo::recomp::recomp_t
recomp_t(decomp::decomp_t *dcmp, allocator_t alloc, copier_t copy, resolver_t resolve)theo::recomp::recomp_texplicit
resolve()theo::recomp::recomp_t
resolve()theo::recomp::recomp_t
resolve(const std::string &&sym)theo::recomp::recomp_t
resolver(resolver_t resolve)theo::recomp::recomp_t
resolver(resolver_t resolve)theo::recomp::recomp_t
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d9/db4/jcc__rewrite__pass_8cpp.html b/doxygen/html/d9/db4/jcc__rewrite__pass_8cpp.html index 31bd34e..8c01efe 100644 --- a/doxygen/html/d9/db4/jcc__rewrite__pass_8cpp.html +++ b/doxygen/html/d9/db4/jcc__rewrite__pass_8cpp.html @@ -2,8 +2,8 @@ - - + + Theodosius: src/obf/passes/jcc_rewrite_pass.cpp File Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
Namespaces
-
-
jcc_rewrite_pass.cpp File Reference
+
jcc_rewrite_pass.cpp File Reference
-
#include <obf/passes/jcc_rewrite_pass.hpp>
-#include <obf/passes/next_inst_pass.hpp>
+
#include <obf/passes/jcc_rewrite_pass.hpp>
+#include <obf/passes/next_inst_pass.hpp>
-

Go to the source code of this file.

+

Go to the source code of this file.

- - + - +

+

Namespaces

 theo
namespace  theo
 The outer most encompassing namespace of this project.
 
 theo::obf
namespace  theo::obf
 this is the main namespace for obfuscation related things.
 
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d9/db4/jcc__rewrite__pass_8cpp_source.html b/doxygen/html/d9/db4/jcc__rewrite__pass_8cpp_source.html new file mode 100644 index 0000000..f5698ba --- /dev/null +++ b/doxygen/html/d9/db4/jcc__rewrite__pass_8cpp_source.html @@ -0,0 +1,163 @@ + + + + + + + +Theodosius: src/obf/passes/jcc_rewrite_pass.cpp Source File + + + + + + + + + +
+
+ + + + + + + +
+
Theodosius v3.0 +
+
Jit linker, symbol mapper, and obfuscator
+
+
+ + + + + + + + +
+
+ + +
+ +
+ + +
+
+
jcc_rewrite_pass.cpp
+
+
+Go to the documentation of this file.
1// Copyright (c) 2022, _xeroxz
+
2// All rights reserved.
+
3//
+
4// Redistribution and use in source and binary forms, with or without
+
5// modification, are permitted provided that the following conditions are met:
+
6//
+
7// 1. Redistributions of source code must retain the above copyright notice,
+
8// this list of conditions and the following disclaimer.
+
9//
+
10// 2. Redistributions in binary form must reproduce the above copyright notice,
+
11// this list of conditions and the following disclaimer in the documentation
+
12// and/or other materials provided with the distribution.
+
13//
+
14// 3. Neither the name of the copyright holder nor the names of its
+
15// contributors may be used to endorse or promote products derived from
+
16// this software without specific prior written permission.
+
17//
+
18// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+
19// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+
20// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+
21// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+
22// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+
23// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+
24// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+
25// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+
26// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+
27// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+
28// POSSIBILITY OF SUCH DAMAGE.
+
29//
+
30
+
31#include <obf/passes/jcc_rewrite_pass.hpp>
+
32#include <obf/passes/next_inst_pass.hpp>
+
33
+
34namespace theo::obf {
+
35jcc_rewrite_pass_t* jcc_rewrite_pass_t::get() {
+
36 static jcc_rewrite_pass_t obj;
+
37 return &obj;
+
38}
+
39
+
40void jcc_rewrite_pass_t::run(decomp::symbol_t* sym) {
+
41 std::int32_t disp = {};
+
42 xed_decoded_inst_t inst;
+
43 xed_state_t istate{XED_MACHINE_MODE_LONG_64, XED_ADDRESS_WIDTH_64b};
+
44 xed_decoded_inst_zero_set_mode(&inst, &istate);
+
45 xed_decode(&inst, sym->data().data(), XED_MAX_INSTRUCTION_BYTES);
+
46
+
47 // if the instruction is branching...
+
48 if ((disp = xed_decoded_inst_get_branch_displacement(&inst))) {
+
49 disp += xed_decoded_inst_get_length(&inst);
+
50
+
51 // update displacement...
+
52 xed_decoded_inst_set_branch_displacement(
+
53 &inst, sym->data().size() - xed_decoded_inst_get_length(&inst),
+
54 xed_decoded_inst_get_branch_displacement_width(&inst));
+
55
+
56 xed_encoder_request_init_from_decode(&inst);
+
57 xed_encoder_request_t* req = &inst;
+
58
+
59 // update jcc in the buffer...
+
60 std::uint32_t len = {};
+
61 xed_encode(req, sym->data().data(), xed_decoded_inst_get_length(&inst),
+
62 &len);
+
63
+
64 // create a relocation to the instruction the branch would normally go
+
65 // too...
+
66 auto offset = disp < 0 ? sym->offset() - std::abs(disp)
+
67 : sym->offset() + std::abs(disp);
+
68
+
69 auto sym_name =
+
70 std::string(
+
71 sym->sym()->name.to_string(sym->img()->get_strings()).data())
+
72 .append("@")
+
73 .append(std::to_string(offset));
+
74
+
75 sym->relocs().push_back(
+
76 recomp::reloc_t(0, decomp::symbol_t::hash(sym_name), sym_name.data()));
+
77
+
78 // run next_inst_pass on this symbol to generate the transformations for the
+
79 // relocation to the jcc branch dest instruction...
+
80 next_inst_pass_t::get()->run(sym);
+
81 }
+
82};
+
83} // namespace theo::obf
+
+ +
+Generated by doxygen 1.9.3 +
+ + diff --git a/doxygen/html/d9/dbc/classtheo_1_1theo__t.html b/doxygen/html/d9/dbc/classtheo_1_1theo__t.html index fdaf8aa..386cad9 100644 --- a/doxygen/html/d9/dbc/classtheo_1_1theo__t.html +++ b/doxygen/html/d9/dbc/classtheo_1_1theo__t.html @@ -2,8 +2,8 @@ - - + + Theodosius: theo::theo_t Class Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-Public Member Functions | -List of all members
-
-
theo::theo_t Class Reference
+Public Member Functions
+
theo::theo_t Class Reference

the main class which encapsulates a symbol table, decomp, and recomp objects. This class is a bridge that connects all three: decomp, obf, recomp. More...

-

#include <theo.hpp>

+

#include "theo.hpp"

- @@ -96,10 +95,12 @@ Public Member Functions

+

Public Member Functions

 theo_t (std::vector< std::uint8_t > &lib, lnk_fns_t lnkr_fns, const std::string &&entry_sym)
 explicit constructor for theo class. More...
 

Detailed Description

-

the main class which encapsulates a symbol table, decomp, and recomp objects. This class is a bridge that connects all three: decomp, obf, recomp.

-

You will create an object of this type when using theo.

+

the main class which encapsulates a symbol table, decomp, and recomp objects. This class is a bridge that connects all three: decomp, obf, recomp.

+

You will create an object of this type when using theo.

+ +

Definition at line 70 of file theo.hpp.

Constructor & Destructor Documentation

- +

◆ theo_t()

@@ -148,21 +149,20 @@ Public Member Functions -
37  : m_dcmp(lib, &m_sym_tbl),
-
38  m_recmp(&m_dcmp, {}, {}, {}),
-
39  m_entry_sym(entry_sym) {
-
40  m_recmp.allocator(std::get<0>(lnkr_fns));
-
41  m_recmp.copier(std::get<1>(lnkr_fns));
-
42  m_recmp.resolver(std::get<2>(lnkr_fns));
-
43 }
-
theo::recomp::recomp_t::allocator
void allocator(allocator_t alloc)
setter for the allocater lambda function.
Definition: recomp.cpp:163
-
theo::recomp::recomp_t::resolver
void resolver(resolver_t resolve)
setter for the resolve lambda function.
Definition: recomp.cpp:171
-
theo::recomp::recomp_t::copier
void copier(copier_t copy)
setter for the copier lambda function.
Definition: recomp.cpp:167
+ +

Definition at line 34 of file theo.cpp.

+
37 : m_dcmp(lib, &m_sym_tbl),
+
38 m_recmp(&m_dcmp, {}, {}, {}),
+
39 m_entry_sym(entry_sym) {
+
40 m_recmp.allocator(std::get<0>(lnkr_fns));
+
41 m_recmp.copier(std::get<1>(lnkr_fns));
+
42 m_recmp.resolver(std::get<2>(lnkr_fns));
+
43}

Member Function Documentation

- +

◆ compose()

@@ -179,26 +179,27 @@ Public Member Functions

compose the decomposed module. This will run obfuscation passes, the map and resolve symbols to each other.

Returns
returns the address of the entry point symbol
-
56  {
-
57  // run obfuscation engine on all symbols...
-
58  //
-
59  auto engine = obf::engine_t::get();
-
60  m_sym_tbl.for_each([&](decomp::symbol_t& sym) { engine->run(&sym); });
-
61 
-
62  m_recmp.allocate();
-
63  m_recmp.resolve();
-
64  m_recmp.copy_syms();
-
65  return m_recmp.resolve(m_entry_sym.data());
-
66 }
-
theo::obf::engine_t::get
static engine_t * get()
get the singleton object of this class.
Definition: engine.cpp:34
-
theo::recomp::recomp_t::copy_syms
void copy_syms()
when called, this function copies symbols into allocations.
Definition: recomp.cpp:155
-
theo::recomp::recomp_t::resolve
void resolve()
when called, this function resolves all relocations in every symbol.
Definition: recomp.cpp:92
-
theo::recomp::recomp_t::allocate
void allocate()
when called, this function allocates space for every symbol.
Definition: recomp.cpp:40
-
theo::recomp::symbol_table_t::for_each
void for_each(std::function< void(decomp::symbol_t &sym)> fn)
this function is a wrapper function that allows you to get at each entry in the symbol table by refer...
Definition: symbol_table.cpp:49
+ +

Definition at line 56 of file theo.cpp.

+
56 {
+
57 // run obfuscation engine on all symbols...
+
58 //
+
59 auto engine = obf::engine_t::get();
+
60 m_sym_tbl.for_each([&](decomp::symbol_t& sym) { engine->run(&sym); });
+
61
+
62 m_recmp.allocate();
+
63 m_recmp.resolve();
+
64 m_recmp.copy_syms();
+
65 return m_recmp.resolve(m_entry_sym.data());
+
66}
+

References theo::recomp::recomp_t::allocate(), theo::recomp::recomp_t::copy_syms(), theo::recomp::symbol_table_t::for_each(), theo::obf::engine_t::get(), and theo::recomp::recomp_t::resolve().

+ +

Referenced by main().

+
- +

◆ decompose()

@@ -215,21 +216,26 @@ Public Member Functions

decomposes the lib file and return the number of symbols that are used.

Returns
optional amount of symbols that are used. no value if decomposition fails.
-
45  {
-
46  auto res = m_dcmp.decompose(m_entry_sym);
-
47  if (!res.has_value()) {
-
48  spdlog::error("failed to decompose...\n");
-
49  return {};
-
50  }
-
51 
-
52  spdlog::info("decompose successful... {} symbols", res.value()->size());
-
53  return res.value()->size();
-
54 }
-
theo::decomp::decomp_t::decompose
std::optional< recomp::symbol_table_t * > decompose(std::string &entry_sym)
decomposes (extracts) the symbols used. this function determines all used symbols given the entry poi...
Definition: decomp.cpp:37
+ +

Definition at line 45 of file theo.cpp.

+
45 {
+
46 auto res = m_dcmp.decompose(m_entry_sym);
+
47 if (!res.has_value()) {
+
48 spdlog::error("failed to decompose...\n");
+
49 return {};
+
50 }
+
51
+
52 spdlog::info("decompose successful... {} symbols", res.value()->size());
+
53 return res.value()->size();
+
54}
+

References theo::decomp::decomp_t::decompose().

+ +

Referenced by main().

+
- +

◆ resolve()

@@ -253,26 +259,28 @@ Public Member Functions
Returns
the address of the symbol
-
68  {
-
69  auto val = m_sym_tbl.sym_from_hash(decomp::symbol_t::hash(sym));
-
70  if (!val.has_value())
-
71  return {};
-
72 
-
73  return val.value()->allocated_at();
-
74 }
-
theo::decomp::symbol_t::hash
std::size_t hash()
gets the hash of the symbol name.
Definition: symbol.cpp:88
-
theo::recomp::symbol_table_t::sym_from_hash
std::optional< decomp::symbol_t * > sym_from_hash(std::size_t hash)
returns an optional pointer to a symbol from the symbol table given the symbols hash (hash of its nam...
Definition: symbol_table.cpp:54
+ +

Definition at line 68 of file theo.cpp.

+
68 {
+
69 auto val = m_sym_tbl.sym_from_hash(decomp::symbol_t::hash(sym));
+
70 if (!val.has_value())
+
71 return {};
+
72
+
73 return val.value()->allocated_at();
+
74}
+

References theo::decomp::symbol_t::hash(), and theo::recomp::symbol_table_t::sym_from_hash().

+
The documentation for this class was generated from the following files:
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d9/dbd/namespacetheo_1_1decomp.html b/doxygen/html/d9/dbd/namespacetheo_1_1decomp.html index fa61e9b..79b448b 100644 --- a/doxygen/html/d9/dbd/namespacetheo_1_1decomp.html +++ b/doxygen/html/d9/dbd/namespacetheo_1_1decomp.html @@ -2,8 +2,8 @@ - - + + Theodosius: theo::decomp Namespace Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-Classes | +Data Structures | Typedefs | Enumerations
-
-
theo::decomp Namespace Reference
+
theo::decomp Namespace Reference

the namespace that contains all of the decomposition related code. More...

- + @@ -91,13 +91,13 @@ Classes

-Classes

+Data Structures

class  decomp_t
 the main decomposition class which is responsible for breaking down lib file into coff files, and extracted used symbols from the coff files. More...
 
 symbol_t is an abstraction upon the coff symbol. this allows for easier manipulation of the symbol. symbols can be different things, sections, functions, and even instructions (when functions are broken down). More...
 
-

+

Typedefs

using sym_data_t = std::tuple< coff::image_t *, coff::symbol_t *, std::uint32_t >
 meta symbol data. consists of the coff image which contains the coff symbol, the coff symbol itself, and the size (if any) of the symbol. More...
 
-

+

Enumerations

enum  sym_type_t {
  function = 0b00000001 @@ -112,9 +112,9 @@ Enumerations
 

Detailed Description

-

the namespace that contains all of the decomposition related code.

+

the namespace that contains all of the decomposition related code.

Typedef Documentation

- +

◆ sym_data_t

@@ -128,10 +128,12 @@ Enumerations

meta symbol data. consists of the coff image which contains the coff symbol, the coff symbol itself, and the size (if any) of the symbol.

+

Definition at line 55 of file decomp.hpp.

+

Enumeration Type Documentation

- +

◆ sym_type_t

@@ -145,30 +147,28 @@ Enumerations

meta symbol type. this is an abstraction upon the coff symbol storage/class type.

- - - - - + + + + +
Enumerator
function 
instruction 
data 
section 
all 
Enumerator
function 
instruction 
data 
section 
all 
-
43  {
-
44  function = 0b00000001,
-
45  instruction = 0b00000010,
-
46  data = 0b00000100,
-
47  section = 0b00001000,
-
48  all = section | data | instruction | function
-
49 };
-
theo::decomp::section
@ section
Definition: symbol.hpp:47
-
theo::decomp::instruction
@ instruction
Definition: symbol.hpp:45
-
theo::decomp::all
@ all
Definition: symbol.hpp:48
-
theo::decomp::data
@ data
Definition: symbol.hpp:46
+ +

Definition at line 43 of file symbol.hpp.

+
43 {
+
44 function = 0b00000001,
+
45 instruction = 0b00000010,
+
46 data = 0b00000100,
+
47 section = 0b00001000,
+
48 all = section | data | instruction | function
+
49};
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d9/dd5/classtheo_1_1decomp_1_1symbol__t.html b/doxygen/html/d9/dd5/classtheo_1_1decomp_1_1symbol__t.html index 20f4e15..bd62725 100644 --- a/doxygen/html/d9/dd5/classtheo_1_1decomp_1_1symbol__t.html +++ b/doxygen/html/d9/dd5/classtheo_1_1decomp_1_1symbol__t.html @@ -2,8 +2,8 @@ - - + + Theodosius: theo::decomp::symbol_t Class Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ + +
theo::decomp::symbol_t Class Reference

symbol_t is an abstraction upon the coff symbol. this allows for easier manipulation of the symbol. symbols can be different things, sections, functions, and even instructions (when functions are broken down). More...

-

#include <symbol.hpp>

+

#include "symbol.hpp"

- @@ -123,7 +122,7 @@ Public Member Functions

+

Public Member Functions

 symbol_t (coff::image_t *img, std::string name, std::uintptr_t offset, std::vector< std::uint8_t > data, coff::section_header_t *scn={}, coff::symbol_t *sym={}, std::vector< recomp::reloc_t > relocs={}, sym_type_t dcmp_type={})
 the explicit constructor of this symbol. More...
 gets the hash of the symbol name. More...
 
- @@ -133,10 +132,12 @@ Static Public Member Functions

+

Static Public Member Functions

static std::size_t hash (const std::string &sym)
 generate a hash given the name of the symbol. More...
 

Detailed Description

-

symbol_t is an abstraction upon the coff symbol. this allows for easier manipulation of the symbol. symbols can be different things, sections, functions, and even instructions (when functions are broken down).

-

this class is used throughout theodosius and is a keystone of the project. ensure you understand how this class works and what it contains.

+

symbol_t is an abstraction upon the coff symbol. this allows for easier manipulation of the symbol. symbols can be different things, sections, functions, and even instructions (when functions are broken down).

+

this class is used throughout theodosius and is a keystone of the project. ensure you understand how this class works and what it contains.

+ +

Definition at line 59 of file symbol.hpp.

Constructor & Destructor Documentation

- +

◆ symbol_t()

@@ -220,27 +221,22 @@ Static Public Member Functions -
42  : m_name(name),
-
43  m_offset(offset),
-
44  m_data(data),
-
45  m_scn(scn),
-
46  m_relocs(relocs),
-
47  m_sym_type(dcmp_type),
-
48  m_sym(sym),
-
49  m_img(img),
-
50  m_allocated_at(0) {}
-
theo::decomp::symbol_t::sym
coff::symbol_t * sym() const
returns a pointer to the coff symbol object.
Definition: symbol.cpp:92
-
theo::decomp::symbol_t::scn
coff::section_header_t * scn() const
gets the section header of the section in which the symbol is contained.
Definition: symbol.cpp:64
-
theo::decomp::symbol_t::offset
std::uintptr_t offset() const
gets the offset into the section where the symbol is located.
Definition: symbol.cpp:56
-
theo::decomp::symbol_t::name
std::string name() const
gets the name of the symbol.
Definition: symbol.cpp:52
-
theo::decomp::symbol_t::data
std::vector< std::uint8_t > & data()
returns a vector by reference of bytes containing the data of the symbol.
Definition: symbol.cpp:76
-
theo::decomp::symbol_t::relocs
std::vector< recomp::reloc_t > & relocs()
returns a vector of relocations.
Definition: symbol.cpp:96
-
theo::decomp::symbol_t::img
coff::image_t * img() const
gets the imagine in which the symbol is located inside of.
Definition: symbol.cpp:68
+ +

Definition at line 34 of file symbol.cpp.

+
42 : m_name(name),
+
43 m_offset(offset),
+
44 m_data(data),
+
45 m_scn(scn),
+
46 m_relocs(relocs),
+
47 m_sym_type(dcmp_type),
+
48 m_sym(sym),
+
49 m_img(img),
+
50 m_allocated_at(0) {}

Member Function Documentation

- +

◆ allocated_at() [1/2]

@@ -257,13 +253,17 @@ Static Public Member Functions

returns the address where the symbol is allocated.

Returns
the address where the symbol is allocated.
-
60  {
-
61  return m_allocated_at;
-
62 }
+ +

Definition at line 60 of file symbol.cpp.

+
60 {
+
61 return m_allocated_at;
+
62}
+

Referenced by allocated_at(), and theo::recomp::recomp_t::copy_syms().

+
- +

◆ allocated_at() [2/2]

@@ -286,14 +286,17 @@ Static Public Member Functions -
84  {
-
85  m_allocated_at = allocated_at;
-
86 }
-
theo::decomp::symbol_t::allocated_at
std::uintptr_t allocated_at() const
returns the address where the symbol is allocated.
Definition: symbol.cpp:60
+ +

Definition at line 84 of file symbol.cpp.

+
84 {
+
85 m_allocated_at = allocated_at;
+
86}
+

References allocated_at().

+
- +

◆ data()

@@ -310,13 +313,17 @@ Static Public Member Functions

returns a vector by reference of bytes containing the data of the symbol.

Returns
a vector by reference of bytes containing the data of the symbol.
-
76  {
-
77  return m_data;
-
78 }
+ +

Definition at line 76 of file symbol.cpp.

+
76 {
+
77 return m_data;
+
78}
+

Referenced by theo::recomp::recomp_t::copy_syms(), theo::recomp::recomp_t::resolve(), theo::obf::jcc_rewrite_pass_t::run(), theo::obf::next_inst_pass_t::run(), and theo::obf::reloc_transform_pass_t::run().

+
- +

◆ hash() [1/2]

@@ -333,14 +340,19 @@ Static Public Member Functions

gets the hash of the symbol name.

Returns
the hash of the symbol name.
-
88  {
-
89  return hash(m_name);
-
90 }
-
theo::decomp::symbol_t::hash
std::size_t hash()
gets the hash of the symbol name.
Definition: symbol.cpp:88
+ +

Definition at line 88 of file symbol.cpp.

+
88 {
+
89 return hash(m_name);
+
90}
+

References hash().

+ +

Referenced by theo::decomp::routine_t::decompose(), hash(), theo::recomp::symbol_table_t::put_symbol(), theo::recomp::recomp_t::resolve(), theo::theo_t::resolve(), theo::obf::hello_world_pass_t::run(), and theo::obf::jcc_rewrite_pass_t::run().

+
- +

◆ hash() [2/2]

@@ -372,13 +384,17 @@ Static Public Member Functions
Returns
the symbol name hash
-
100  {
-
101  return std::hash<std::string>{}(sym);
-
102 }
+ +

Definition at line 100 of file symbol.cpp.

+
100 {
+
101 return std::hash<std::string>{}(sym);
+
102}
+

References sym().

+
- +

◆ img()

@@ -395,13 +411,17 @@ Static Public Member Functions

gets the imagine in which the symbol is located inside of.

Returns
the imagine in which the symbol is located inside of.
-
68  {
-
69  return m_img;
-
70 }
+ +

Definition at line 68 of file symbol.cpp.

+
68 {
+
69 return m_img;
+
70}
+

Referenced by name(), and theo::obf::jcc_rewrite_pass_t::run().

+
- +

◆ name() [1/2]

@@ -418,13 +438,17 @@ Static Public Member Functions

gets the name of the symbol.

Returns
the name of the symbol.
-
52  {
-
53  return m_name;
-
54 }
+ +

Definition at line 52 of file symbol.cpp.

+
52 {
+
53 return m_name;
+
54}
+

Referenced by theo::decomp::routine_t::decompose(), theo::recomp::recomp_t::resolve(), theo::obf::hello_world_pass_t::run(), and theo::obf::reloc_transform_pass_t::run().

+
- +

◆ name() [2/2]

@@ -459,10 +483,10 @@ Static Public Member Functions

get the name of a symbol. this function will create a symbol name if the symbol is opaquely named.

-

for example in c++ if you define something like this:

-

some_struct_t val = { value_one, value_two };

-

"val" will be stored in the .data section of the coff file. however the symbol name will be opaque (the name of the symbol will be ".data"). this causes issues with theo since each symbol needs its own unqiue name to generate a unique symbol name hash. for symbols like this, theo will create a name for it with the following format:

-

.data::section_index!coff_file_timestamp+offset_into_section

+

for example in c++ if you define something like this:

+

some_struct_t val = { value_one, value_two };

+

"val" will be stored in the .data section of the coff file. however the symbol name will be opaque (the name of the symbol will be ".data"). this causes issues with theo since each symbol needs its own unqiue name to generate a unique symbol name hash. for symbols like this, theo will create a name for it with the following format:

+

.data::section_index!coff_file_timestamp+offset_into_section

Parameters
@@ -471,27 +495,31 @@ Static Public Member Functions
Returns
the name of the symbol, or a created one.
-
104  {
-
105  if (sym->has_section() &&
-
106  sym->storage_class == coff::storage_class_id::private_symbol &&
-
107  sym->derived_type == coff::derived_type_id::none) {
-
108  auto scn = img->get_section(sym->section_index - 1);
-
109  auto res = std::string(scn->name.to_string(img->get_strings()).data())
-
110  .append("#")
-
111  .append(std::to_string(sym->section_index))
-
112  .append("!")
-
113  .append(std::to_string(img->file_header.timedate_stamp))
-
114  .append("+")
-
115  .append(std::to_string(sym->value));
-
116 
-
117  return res;
-
118  }
-
119  return std::string(sym->name.to_string(img->get_strings()));
-
120 }
+ +

Definition at line 104 of file symbol.cpp.

+
104 {
+
105 if (sym->has_section() &&
+
106 sym->storage_class == coff::storage_class_id::private_symbol &&
+
107 sym->derived_type == coff::derived_type_id::none) {
+
108 auto scn = img->get_section(sym->section_index - 1);
+
109 auto res = std::string(scn->name.to_string(img->get_strings()).data())
+
110 .append("#")
+
111 .append(std::to_string(sym->section_index))
+
112 .append("!")
+
113 .append(std::to_string(img->file_header.timedate_stamp))
+
114 .append("+")
+
115 .append(std::to_string(sym->value));
+
116
+
117 return res;
+
118 }
+
119 return std::string(sym->name.to_string(img->get_strings()));
+
120}
+

References img(), scn(), and sym().

+
- +

◆ offset()

@@ -508,13 +536,17 @@ Static Public Member Functions

gets the offset into the section where the symbol is located.

Returns
the offset into the section where the symbol is located.
-
56  {
-
57  return m_offset;
-
58 }
+ +

Definition at line 56 of file symbol.cpp.

+
56 {
+
57 return m_offset;
+
58}
+

Referenced by theo::obf::jcc_rewrite_pass_t::run().

+
- +

◆ relocs()

@@ -531,13 +563,17 @@ Static Public Member Functions

returns a vector of relocations.

Returns
a vector of relocations.
-
96  {
-
97  return m_relocs;
-
98 }
+ +

Definition at line 96 of file symbol.cpp.

+
96 {
+
97 return m_relocs;
+
98}
+

Referenced by theo::recomp::recomp_t::resolve(), and theo::obf::jcc_rewrite_pass_t::run().

+
- +

◆ scn()

@@ -554,13 +590,17 @@ Static Public Member Functions

gets the section header of the section in which the symbol is contained.

Returns
the section header of the section in which the symbol is contained.
-
64  {
-
65  return m_scn;
-
66 }
+ +

Definition at line 64 of file symbol.cpp.

+
64 {
+
65 return m_scn;
+
66}
+

Referenced by name(), and theo::recomp::recomp_t::resolve().

+
- +

◆ size()

@@ -577,13 +617,15 @@ Static Public Member Functions

returns the size of the symbol.

Returns
the size of the symbol.
-
72  {
-
73  return m_data.size();
-
74 }
+ +

Definition at line 72 of file symbol.cpp.

+
72 {
+
73 return m_data.size();
+
74}
- +

◆ sym()

@@ -600,13 +642,17 @@ Static Public Member Functions

returns a pointer to the coff symbol object.

Returns
a pointer to the coff symbol object.
-
92  {
-
93  return m_sym;
-
94 }
+ +

Definition at line 92 of file symbol.cpp.

+
92 {
+
93 return m_sym;
+
94}
+

Referenced by hash(), name(), and theo::obf::jcc_rewrite_pass_t::run().

+
- +

◆ type()

@@ -623,20 +669,24 @@ Static Public Member Functions

returns the type of the symbol.

Returns
the type of the symbol.
-
80  {
-
81  return m_sym_type;
-
82 }
+ +

Definition at line 80 of file symbol.cpp.

+
80 {
+
81 return m_sym_type;
+
82}
+

Referenced by theo::recomp::recomp_t::allocate(), and theo::recomp::recomp_t::resolve().

+
The documentation for this class was generated from the following files:
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/d9/dd6/_r_e_a_d_m_e_8md.html b/doxygen/html/d9/dd6/_r_e_a_d_m_e_8md.html index e7f411f..017a5de 100644 --- a/doxygen/html/d9/dd6/_r_e_a_d_m_e_8md.html +++ b/doxygen/html/d9/dd6/_r_e_a_d_m_e_8md.html @@ -2,8 +2,8 @@ - - + +Theodosius: README.md File Reference @@ -19,33 +19,34 @@
imgthe coff file containing the symbol.
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-
-
README.md File Reference
+
README.md File Reference
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/da/d0c/symbol__table_8cpp.html b/doxygen/html/da/d0c/symbol__table_8cpp.html index b948a40..31ce31d 100644 --- a/doxygen/html/da/d0c/symbol__table_8cpp.html +++ b/doxygen/html/da/d0c/symbol__table_8cpp.html @@ -2,8 +2,8 @@ - - + + Theodosius: src/recomp/symbol_table.cpp File Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
Namespaces
-
-
symbol_table.cpp File Reference
+
symbol_table.cpp File Reference
-
#include <recomp/symbol_table.hpp>
+
#include <recomp/symbol_table.hpp>
-

Go to the source code of this file.

+

Go to the source code of this file.

- - + - +

+

Namespaces

 theo
namespace  theo
 The outer most encompassing namespace of this project.
 
 theo::recomp
namespace  theo::recomp
 this namespace encompasses all recomposition related code.
 
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/da/d0c/symbol__table_8cpp_source.html b/doxygen/html/da/d0c/symbol__table_8cpp_source.html new file mode 100644 index 0000000..491fc75 --- /dev/null +++ b/doxygen/html/da/d0c/symbol__table_8cpp_source.html @@ -0,0 +1,155 @@ + + + + + + + +Theodosius: src/recomp/symbol_table.cpp Source File + + + + + + + + + +
+
+ + + + + + + +
+
Theodosius v3.0 +
+
Jit linker, symbol mapper, and obfuscator
+
+
+ + + + + + + + +
+
+ + +
+ +
+ + +
+
+
symbol_table.cpp
+
+
+Go to the documentation of this file.
1// Copyright (c) 2022, _xeroxz
+
2// All rights reserved.
+
3//
+
4// Redistribution and use in source and binary forms, with or without
+
5// modification, are permitted provided that the following conditions are met:
+
6//
+
7// 1. Redistributions of source code must retain the above copyright notice,
+
8// this list of conditions and the following disclaimer.
+
9//
+
10// 2. Redistributions in binary form must reproduce the above copyright notice,
+
11// this list of conditions and the following disclaimer in the documentation
+
12// and/or other materials provided with the distribution.
+
13//
+
14// 3. Neither the name of the copyright holder nor the names of its
+
15// contributors may be used to endorse or promote products derived from
+
16// this software without specific prior written permission.
+
17//
+
18// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+
19// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+
20// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+
21// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+
22// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+
23// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+
24// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+
25// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+
26// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+
27// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+
28// POSSIBILITY OF SUCH DAMAGE.
+
29//
+
30
+
31#include <recomp/symbol_table.hpp>
+
32
+
33namespace theo::recomp {
+
34symbol_table_t::symbol_table_t(const std::vector<decomp::symbol_t>&& syms) {
+
35 std::for_each(syms.begin(), syms.end(), [&](decomp::symbol_t sym) {
+
36 m_table.insert({sym.hash(), sym});
+
37 });
+
38}
+
39
+
40void symbol_table_t::put_symbol(decomp::symbol_t& sym) {
+
41 m_table.insert({sym.hash(), sym});
+
42}
+
43
+
44void symbol_table_t::put_symbols(std::vector<decomp::symbol_t>& syms) {
+
45 std::for_each(syms.begin(), syms.end(),
+
46 [&](decomp::symbol_t sym) { put_symbol(sym); });
+
47}
+
48
+
49void symbol_table_t::for_each(std::function<void(decomp::symbol_t& sym)> fn) {
+
50 for (auto itr = m_table.begin(); itr != m_table.end(); ++itr)
+
51 fn(itr->second);
+
52}
+
53
+
54std::optional<decomp::symbol_t*> symbol_table_t::sym_from_hash(
+
55 std::size_t hash) {
+
56 return m_table.count(hash) ? &m_table.at(hash)
+
57 : std::optional<decomp::symbol_t*>{};
+
58}
+
59
+
60std::optional<decomp::symbol_t*> symbol_table_t::sym_from_alloc(
+
61 std::uintptr_t allocated_at) {
+
62 auto res =
+
63 std::find_if(m_table.begin(), m_table.end(),
+
64 [&](std::pair<const std::size_t, decomp::symbol_t> itr) {
+
65 return itr.second.allocated_at() == allocated_at;
+
66 });
+
67
+
68 return res != m_table.end() ? &res->second
+
69 : std::optional<decomp::symbol_t*>{};
+
70}
+
71
+
72std::uint32_t symbol_table_t::size() {
+
73 return m_table.size();
+
74}
+
75} // namespace theo::recomp
+
+ +
+Generated by doxygen 1.9.3 +
+ + diff --git a/doxygen/html/da/d34/ror__op_8hpp.html b/doxygen/html/da/d34/ror__op_8hpp.html index 3ad389d..84a5be7 100644 --- a/doxygen/html/da/d34/ror__op_8hpp.html +++ b/doxygen/html/da/d34/ror__op_8hpp.html @@ -2,8 +2,8 @@ - - + + Theodosius: include/obf/transform/ror_op.hpp File Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-Classes | +Data Structures | Namespaces
-
-
ror_op.hpp File Reference
+
ror_op.hpp File Reference
-
#include <obf/transform/operation.hpp>
+
#include <obf/transform/operation.hpp>
-

Go to the source code of this file.

+

Go to the source code of this file.

- +

-Classes

+Data Structures

class  theo::obf::transform::ror_op_t
 
- - + - + - +

+

Namespaces

 theo
namespace  theo
 The outer most encompassing namespace of this project.
 
 theo::obf
namespace  theo::obf
 this is the main namespace for obfuscation related things.
 
 theo::obf::transform
namespace  theo::obf::transform
 this namespace encompasses the code for transforming relocations.
 
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/da/d34/ror__op_8hpp_source.html b/doxygen/html/da/d34/ror__op_8hpp_source.html new file mode 100644 index 0000000..a187a2a --- /dev/null +++ b/doxygen/html/da/d34/ror__op_8hpp_source.html @@ -0,0 +1,129 @@ + + + + + + + +Theodosius: include/obf/transform/ror_op.hpp Source File + + + + + + + + + +
+
+ + + + + + + +
+
Theodosius v3.0 +
+
Jit linker, symbol mapper, and obfuscator
+
+
+ + + + + + + + +
+
+ + +
+ +
+ + +
+
+
ror_op.hpp
+
+
+Go to the documentation of this file.
1// Copyright (c) 2022, _xeroxz
+
2// All rights reserved.
+
3//
+
4// Redistribution and use in source and binary forms, with or without
+
5// modification, are permitted provided that the following conditions are met:
+
6//
+
7// 1. Redistributions of source code must retain the above copyright notice,
+
8// this list of conditions and the following disclaimer.
+
9//
+
10// 2. Redistributions in binary form must reproduce the above copyright notice,
+
11// this list of conditions and the following disclaimer in the documentation
+
12// and/or other materials provided with the distribution.
+
13//
+
14// 3. Neither the name of the copyright holder nor the names of its
+
15// contributors may be used to endorse or promote products derived from
+
16// this software without specific prior written permission.
+
17//
+
18// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+
19// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+
20// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+
21// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+
22// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+
23// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+
24// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+
25// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+
26// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+
27// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+
28// POSSIBILITY OF SUCH DAMAGE.
+
29//
+
30
+
31#pragma once
+
32#include <obf/transform/operation.hpp>
+
33
+
34namespace theo::obf::transform {
+
35class ror_op_t : public operation_t {
+
36 explicit ror_op_t()
+
37 : operation_t(
+
38 [&](std::size_t val, std::uint32_t imm) -> std::size_t {
+
39 return std::rotr(val, (std::uint8_t)imm);
+
40 },
+
41 XED_ICLASS_ROR) {}
+
42
+
43 public:
+
44 static ror_op_t* get() {
+
45 static ror_op_t obj;
+
46 return &obj;
+
47 }
+
48};
+
49} // namespace theo::obf::transform
+
+ +
+Generated by doxygen 1.9.3 +
+ + diff --git a/doxygen/html/da/d5c/engine_8cpp.html b/doxygen/html/da/d5c/engine_8cpp.html index 8a1a79d..8df39e8 100644 --- a/doxygen/html/da/d5c/engine_8cpp.html +++ b/doxygen/html/da/d5c/engine_8cpp.html @@ -2,8 +2,8 @@ - - + + Theodosius: src/obf/engine.cpp File Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
Namespaces
-
-
engine.cpp File Reference
+
engine.cpp File Reference
-
#include <obf/engine.hpp>
+
#include <obf/engine.hpp>
-

Go to the source code of this file.

+

Go to the source code of this file.

- - + - +

+

Namespaces

 theo
namespace  theo
 The outer most encompassing namespace of this project.
 
 theo::obf
namespace  theo::obf
 this is the main namespace for obfuscation related things.
 
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/da/d5c/engine_8cpp_source.html b/doxygen/html/da/d5c/engine_8cpp_source.html new file mode 100644 index 0000000..c4dc004 --- /dev/null +++ b/doxygen/html/da/d5c/engine_8cpp_source.html @@ -0,0 +1,130 @@ + + + + + + + +Theodosius: src/obf/engine.cpp Source File + + + + + + + + + +
+
+ + + + + + + +
+
Theodosius v3.0 +
+
Jit linker, symbol mapper, and obfuscator
+
+
+ + + + + + + + +
+
+ + +
+ +
+ + +
+
+
engine.cpp
+
+
+Go to the documentation of this file.
1// Copyright (c) 2022, _xeroxz
+
2// All rights reserved.
+
3//
+
4// Redistribution and use in source and binary forms, with or without
+
5// modification, are permitted provided that the following conditions are met:
+
6//
+
7// 1. Redistributions of source code must retain the above copyright notice,
+
8// this list of conditions and the following disclaimer.
+
9//
+
10// 2. Redistributions in binary form must reproduce the above copyright notice,
+
11// this list of conditions and the following disclaimer in the documentation
+
12// and/or other materials provided with the distribution.
+
13//
+
14// 3. Neither the name of the copyright holder nor the names of its
+
15// contributors may be used to endorse or promote products derived from
+
16// this software without specific prior written permission.
+
17//
+
18// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+
19// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+
20// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+
21// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+
22// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+
23// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+
24// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+
25// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+
26// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+
27// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+
28// POSSIBILITY OF SUCH DAMAGE.
+
29//
+
30
+
31#include <obf/engine.hpp>
+
32
+
33namespace theo::obf {
+
34engine_t* engine_t::get() {
+
35 static engine_t obj;
+
36 return &obj;
+
37}
+
38
+
39void engine_t::add_pass(pass_t* pass) {
+
40 passes.push_back(pass);
+
41}
+
42
+
43void engine_t::run(decomp::symbol_t* sym) {
+
44 std::for_each(passes.begin(), passes.end(), [&](pass_t* pass) {
+
45 if (sym->type() & pass->sym_type())
+
46 pass->run(sym);
+
47 });
+
48}
+
49
+
50} // namespace theo::obf
+
+ +
+Generated by doxygen 1.9.3 +
+ + diff --git a/doxygen/html/da/d69/classtheo_1_1obf_1_1transform_1_1sub__op__t-members.html b/doxygen/html/da/d69/classtheo_1_1obf_1_1transform_1_1sub__op__t-members.html index 64a4721..2d3410c 100644 --- a/doxygen/html/da/d69/classtheo_1_1obf_1_1transform_1_1sub__op__t-members.html +++ b/doxygen/html/da/d69/classtheo_1_1obf_1_1transform_1_1sub__op__t-members.html @@ -2,8 +2,8 @@ - - + + Theodosius: Member List @@ -19,10 +19,10 @@
- - + + @@ -31,21 +31,22 @@
-
Theodosius -  v3.0 +
+
Theodosius v3.0
Jit linker, mapper, obfuscator, and mutator
- + +/* @license-end */ +
-
-
theo::obf::transform::sub_op_t Member List
+
theo::obf::transform::sub_op_t Member List

This is the complete list of members for theo::obf::transform::sub_op_t, including all inherited members.

- - + + - + - +
get()theo::obf::transform::sub_op_tinlinestatic
get_transform()theo::obf::transform::operation_tinline
get()theo::obf::transform::sub_op_tinlinestatic
get_transform()theo::obf::transform::operation_tinline
inverse()theo::obf::transform::operation_tinline
native(const xed_decoded_inst_t *inst, std::uint32_t imm)theo::obf::transform::operation_tinline
native(const xed_decoded_inst_t *inst, std::uint32_t imm)theo::obf::transform::operation_tinline
operation_t(transform_t op, xed_iclass_enum_t type)theo::obf::transform::operation_tinlineexplicit
random(std::size_t lowest, std::size_t largest)theo::obf::transform::operation_tinlinestatic
random(std::size_t lowest, std::size_t largest)theo::obf::transform::operation_tinlinestatic
type()theo::obf::transform::operation_tinline
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/da/db7/classtheo_1_1obf_1_1transform_1_1xor__op__t.html b/doxygen/html/da/db7/classtheo_1_1obf_1_1transform_1_1xor__op__t.html index e684c38..1861b23 100644 --- a/doxygen/html/da/db7/classtheo_1_1obf_1_1transform_1_1xor__op__t.html +++ b/doxygen/html/da/db7/classtheo_1_1obf_1_1transform_1_1xor__op__t.html @@ -2,8 +2,8 @@ - - + + Theodosius: theo::obf::transform::xor_op_t Class Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-Static Public Member Functions | -List of all members
-
-
theo::obf::transform::xor_op_t Class Reference
+Static Public Member Functions
+
theo::obf::transform::xor_op_t Class Reference
-

#include <xor_op.hpp>

+

#include "xor_op.hpp"

Inheritance diagram for theo::obf::transform::xor_op_t:
@@ -86,38 +85,40 @@ Inheritance diagram for theo::obf::transform::xor_op_t:
- - - + +

+

Static Public Member Functions

static xor_op_tget ()
 
static xor_op_tget ()
 
- Static Public Member Functions inherited from theo::obf::transform::operation_t
static std::size_t random (std::size_t lowest, std::size_t largest)
 generate a random number in a range. More...
 
- - - - + + + - - - + + +

+

Additional Inherited Members

- Public Member Functions inherited from theo::obf::transform::operation_t
 operation_t (transform_t op, xed_iclass_enum_t type)
 explicit constructor for operation_t More...
 
std::vector< std::uint8_t > native (const xed_decoded_inst_t *inst, std::uint32_t imm)
 generates a native transform instruction given an existing instruction. it works like so: More...
 
std::vector< std::uint8_t > native (const xed_decoded_inst_t *inst, std::uint32_t imm)
 generates a native transform instruction given an existing instruction. it works like so: More...
 
xed_iclass_enum_t inverse ()
 gets the inverse operation of the current operation. More...
 
transform_tget_transform ()
 gets a pointer to the lambda function which contains the transform logic. More...
 
transform_tget_transform ()
 gets a pointer to the lambda function which contains the transform logic. More...
 
xed_iclass_enum_t type ()
 gets the operation type. such as XED_ICLASS_ADD, XED_ICLASS_SUB, etc... More...
 

Detailed Description

-

Member Function Documentation

- -

◆ get()

+
+

Definition at line 35 of file xor_op.hpp.

+

Member Function Documentation

+ +

◆ get()

@@ -126,7 +127,7 @@ Additional Inherited Members - + @@ -138,20 +139,22 @@ Additional Inherited Members
static xor_op_t* theo::obf::transform::xor_op_t::get static xor_op_t * theo::obf::transform::xor_op_t::get ( )
-
42  {
-
43  static xor_op_t obj;
-
44  return &obj;
-
45  }
+ +

Definition at line 42 of file xor_op.hpp.

+
42 {
+
43 static xor_op_t obj;
+
44 return &obj;
+
45 }
The documentation for this class was generated from the following file:
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/da/dbd/namespacetheo_1_1recomp.html b/doxygen/html/da/dbd/namespacetheo_1_1recomp.html index 74a8cf0..4dd42ea 100644 --- a/doxygen/html/da/dbd/namespacetheo_1_1recomp.html +++ b/doxygen/html/da/dbd/namespacetheo_1_1recomp.html @@ -2,8 +2,8 @@ - - + + Theodosius: theo::recomp Namespace Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-Classes | +Data Structures | Typedefs
-
-
theo::recomp Namespace Reference
+
theo::recomp Namespace Reference

this namespace encompasses all recomposition related code. More...

- + @@ -90,7 +90,7 @@ Classes

-Classes

+Data Structures

class  recomp_t
 the main class responsible for recomposition More...
 
 this class is a high level wrapper for a hashmap that contains decomp::symbol_t values. the symbol values are references by a hashcode. More...
 
- @@ -103,9 +103,9 @@ Typedefs

+

Typedefs

using resolver_t = std::function< std::uintptr_t(std::string)>
 a function which is called by recomp_t to resolve external symbols More...
 

Detailed Description

-

this namespace encompasses all recomposition related code.

+

this namespace encompasses all recomposition related code.

Typedef Documentation

- +

◆ allocator_t

@@ -118,11 +118,13 @@ Typedefs

a function which is called to allocate space for a symbol.

-

the first param is the size of the symbol, the second param is the characteristics of the section which the symbol is allocated in.

+

the first param is the size of the symbol, the second param is the characteristics of the section which the symbol is allocated in.

+ +

Definition at line 57 of file recomp.hpp.

- +

◆ copier_t

@@ -136,9 +138,11 @@ Typedefs

a function which is called by recomp_t to copy symbols into memory.

+

Definition at line 49 of file recomp.hpp.

+
- +

◆ resolver_t

@@ -152,12 +156,14 @@ Typedefs

a function which is called by recomp_t to resolve external symbols

+

Definition at line 44 of file recomp.hpp.

+
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/da/de6/namespacetheo.html b/doxygen/html/da/de6/namespacetheo.html index 589f54c..b374a41 100644 --- a/doxygen/html/da/de6/namespacetheo.html +++ b/doxygen/html/da/de6/namespacetheo.html @@ -2,8 +2,8 @@ - - + + Theodosius: theo Namespace Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
Namespaces | -Classes | +Data Structures | Typedefs
-
-
theo Namespace Reference
+
theo Namespace Reference

The outer most encompassing namespace of this project. More...

- - + - + - +

+

Namespaces

 decomp
namespace  decomp
 the namespace that contains all of the decomposition related code.
 
 obf
namespace  obf
 this is the main namespace for obfuscation related things.
 
 recomp
namespace  recomp
 this namespace encompasses all recomposition related code.
 
- +

-Classes

+Data Structures

class  theo_t
 the main class which encapsulates a symbol table, decomp, and recomp objects. This class is a bridge that connects all three: decomp, obf, recomp. More...
 
-

+

Typedefs

using lnk_fns_t = std::tuple< recomp::allocator_t, recomp::copier_t, recomp::resolver_t >
 tuple of functions used by theo to allocate, copy, and resolve symbols. More...
 

Detailed Description

-

The outer most encompassing namespace of this project.

+

The outer most encompassing namespace of this project.

Typedef Documentation

- +

◆ lnk_fns_t

@@ -116,12 +116,14 @@ Typedefs

tuple of functions used by theo to allocate, copy, and resolve symbols.

+

Definition at line 60 of file theo.hpp.

+
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/db/d55/recomp_8cpp.html b/doxygen/html/db/d55/recomp_8cpp.html index 4d4fad4..f105642 100644 --- a/doxygen/html/db/d55/recomp_8cpp.html +++ b/doxygen/html/db/d55/recomp_8cpp.html @@ -2,8 +2,8 @@ - - + + Theodosius: src/recomp/recomp.cpp File Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
Namespaces
-
-
recomp.cpp File Reference
+
recomp.cpp File Reference
-
#include <recomp/recomp.hpp>
+
#include <recomp/recomp.hpp>
-

Go to the source code of this file.

+

Go to the source code of this file.

- - + - +

+

Namespaces

 theo
namespace  theo
 The outer most encompassing namespace of this project.
 
 theo::recomp
namespace  theo::recomp
 this namespace encompasses all recomposition related code.
 
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/db/d55/recomp_8cpp_source.html b/doxygen/html/db/d55/recomp_8cpp_source.html new file mode 100644 index 0000000..15c71e9 --- /dev/null +++ b/doxygen/html/db/d55/recomp_8cpp_source.html @@ -0,0 +1,259 @@ + + + + + + + +Theodosius: src/recomp/recomp.cpp Source File + + + + + + + + + +
+
+ + + + + + + +
+
Theodosius v3.0 +
+
Jit linker, symbol mapper, and obfuscator
+
+
+ + + + + + + + +
+
+ + +
+ +
+ + +
+
+
recomp.cpp
+
+
+Go to the documentation of this file.
1// Copyright (c) 2022, _xeroxz
+
2// All rights reserved.
+
3//
+
4// Redistribution and use in source and binary forms, with or without
+
5// modification, are permitted provided that the following conditions are met:
+
6//
+
7// 1. Redistributions of source code must retain the above copyright notice,
+
8// this list of conditions and the following disclaimer.
+
9//
+
10// 2. Redistributions in binary form must reproduce the above copyright notice,
+
11// this list of conditions and the following disclaimer in the documentation
+
12// and/or other materials provided with the distribution.
+
13//
+
14// 3. Neither the name of the copyright holder nor the names of its
+
15// contributors may be used to endorse or promote products derived from
+
16// this software without specific prior written permission.
+
17//
+
18// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+
19// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+
20// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+
21// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+
22// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+
23// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+
24// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+
25// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+
26// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+
27// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+
28// POSSIBILITY OF SUCH DAMAGE.
+
29//
+
30
+
31#include <recomp/recomp.hpp>
+
32
+
33namespace theo::recomp {
+
34recomp_t::recomp_t(decomp::decomp_t* dcmp,
+
35 allocator_t alloc,
+
36 copier_t copy,
+
37 resolver_t resolve)
+
38 : m_dcmp(dcmp), m_allocator(alloc), m_copier(copy), m_resolver(resolve) {}
+
39
+
40void recomp_t::allocate() {
+
41 // map code & data/rdata/bss sections first...
+
42 //
+
43 m_dcmp->syms()->for_each([&](theo::decomp::symbol_t& sym) {
+
44 switch (sym.type()) {
+
45 case decomp::sym_type_t::section:
+
46 case decomp::sym_type_t::function:
+
47 case decomp::sym_type_t::instruction: {
+
48 sym.allocated_at(m_allocator(sym.size(), sym.scn()->characteristics));
+
49 break;
+
50 }
+
51 default:
+
52 break;
+
53 }
+
54 });
+
55
+
56 // then map data/rdata/bss symbols to the allocated sections...
+
57 //
+
58 m_dcmp->syms()->for_each([&](theo::decomp::symbol_t& sym) {
+
59 if (sym.type() == decomp::sym_type_t::data) {
+
60 // if the symbol has a section then we will refer to the allocation made
+
61 // for that section...
+
62 //
+
63 if (sym.scn()) {
+
64 auto scn_sym =
+
65 m_dcmp->syms()->sym_from_hash(m_dcmp->scn_hash_tbl()[sym.scn()]);
+
66
+
67 if (!scn_sym.has_value()) {
+
68 spdlog::error("failed to locate section: {} for symbol: {}",
+
69 sym.scn()->name.to_string(), sym.name());
+
70
+
71 assert(scn_sym.has_value());
+
72 }
+
73
+
74 sym.allocated_at(scn_sym.value()->allocated_at() + sym.offset());
+
75 } else { // else if there is no section then we allocate based upon the
+
76 // size of the symbol... this is only done for symbols that are
+
77 // bss...
+
78 //
+
79
+
80 // bss is read write...
+
81 //
+
82 coff::section_characteristics_t prot = {};
+
83 prot.mem_read = true;
+
84 prot.mem_write = true;
+
85
+
86 sym.allocated_at(m_allocator(sym.size(), sym.scn()->characteristics));
+
87 }
+
88 }
+
89 });
+
90}
+
91
+
92void recomp_t::resolve() {
+
93 // resolve relocations in all symbols...
+
94 //
+
95 m_dcmp->syms()->for_each([&](theo::decomp::symbol_t& sym) {
+
96 auto& relocs = sym.relocs();
+
97 std::for_each(relocs.begin(), relocs.end(), [&](reloc_t& reloc) {
+
98 if (reloc.offset() > sym.data().size()) {
+
99 spdlog::error(
+
100 "invalid relocation... writing outside of symbol length... offset: "
+
101 "{} sym size: {}",
+
102 sym.offset(), sym.data().size());
+
103
+
104 assert(reloc.offset() > sym.data().size());
+
105 }
+
106
+
107 // try and resolve the symbol by refering to the internal symbol table
+
108 // first... if there is no symbol then refer to the resolver...
+
109 //
+
110 auto reloc_sym = m_dcmp->syms()->sym_from_hash(reloc.hash());
+
111 auto allocated_at = reloc_sym.has_value()
+
112 ? reloc_sym.value()->allocated_at()
+
113 : m_resolver(reloc.name());
+
114
+
115 if (!allocated_at) {
+
116 spdlog::error("failed to resolve reloc from symbol: {} to symbol: {}",
+
117 sym.name(), reloc.name());
+
118
+
119 assert(allocated_at);
+
120 }
+
121
+
122 switch (sym.type()) {
+
123 case decomp::sym_type_t::section: {
+
124 auto scn_sym =
+
125 m_dcmp->syms()->sym_from_hash(m_dcmp->scn_hash_tbl()[sym.scn()]);
+
126
+
127 *reinterpret_cast<std::uintptr_t*>(scn_sym.value()->data().data() +
+
128 reloc.offset()) = allocated_at;
+
129 break;
+
130 }
+
131 case decomp::sym_type_t::function: {
+
132 *reinterpret_cast<std::uintptr_t*>(sym.data().data() +
+
133 reloc.offset()) = allocated_at;
+
134 break;
+
135 }
+
136 case decomp::sym_type_t::instruction: {
+
137 auto& transforms = reloc.get_transforms();
+
138 std::for_each(
+
139 transforms.begin(), transforms.end(),
+
140 [&](std::pair<obf::transform::transform_t*, std::uint32_t>& t) {
+
141 allocated_at = (*t.first)(allocated_at, t.second);
+
142 });
+
143
+
144 *reinterpret_cast<std::uintptr_t*>(sym.data().data() +
+
145 reloc.offset()) = allocated_at;
+
146 break;
+
147 }
+
148 default:
+
149 break;
+
150 }
+
151 });
+
152 });
+
153}
+
154
+
155void recomp_t::copy_syms() {
+
156 // copy symbols into memory using the copier supplied...
+
157 //
+
158 m_dcmp->syms()->for_each([&](theo::decomp::symbol_t& sym) {
+
159 m_copier(sym.allocated_at(), sym.data().data(), sym.data().size());
+
160 });
+
161}
+
162
+
163void recomp_t::allocator(allocator_t alloc) {
+
164 m_allocator = alloc;
+
165}
+
166
+
167void recomp_t::copier(copier_t copy) {
+
168 m_copier = copy;
+
169}
+
170
+
171void recomp_t::resolver(resolver_t resolve) {
+
172 m_resolver = resolve;
+
173}
+
174
+
175std::uintptr_t recomp_t::resolve(const std::string&& sym) {
+
176 auto res = m_dcmp->syms()->sym_from_hash(decomp::symbol_t::hash(sym));
+
177 return res.has_value() ? res.value()->allocated_at() : 0;
+
178}
+
179} // namespace theo::recomp
+
+ +
+Generated by doxygen 1.9.3 +
+ + diff --git a/doxygen/html/db/d77/classtheo_1_1recomp_1_1symbol__table__t.html b/doxygen/html/db/d77/classtheo_1_1recomp_1_1symbol__table__t.html index e21ef9c..4e356b2 100644 --- a/doxygen/html/db/d77/classtheo_1_1recomp_1_1symbol__table__t.html +++ b/doxygen/html/db/d77/classtheo_1_1recomp_1_1symbol__table__t.html @@ -2,8 +2,8 @@ - - + + Theodosius: theo::recomp::symbol_table_t Class Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-Public Member Functions | -List of all members
-
-
theo::recomp::symbol_table_t Class Reference
+Public Member Functions
+
theo::recomp::symbol_table_t Class Reference

this class is a high level wrapper for a hashmap that contains decomp::symbol_t values. the symbol values are references by a hashcode. More...

-

#include <symbol_table.hpp>

+

#include "symbol_table.hpp"

- @@ -108,9 +107,11 @@ Public Member Functions

+

Public Member Functions

 symbol_table_t ()
 default constructor. does nothing. More...
 

Detailed Description

-

this class is a high level wrapper for a hashmap that contains decomp::symbol_t values. the symbol values are references by a hashcode.

+

this class is a high level wrapper for a hashmap that contains decomp::symbol_t values. the symbol values are references by a hashcode.

+ +

Definition at line 45 of file symbol_table.hpp.

Constructor & Destructor Documentation

- +

◆ symbol_table_t() [1/2]

@@ -134,11 +135,13 @@ Public Member Functions

default constructor. does nothing.

-
50 {}
+ +

Definition at line 50 of file symbol_table.hpp.

+
50{}
- +

◆ symbol_table_t() [2/2]

@@ -161,16 +164,18 @@ Public Member Functions -
34  {
-
35  std::for_each(syms.begin(), syms.end(), [&](decomp::symbol_t sym) {
-
36  m_table.insert({sym.hash(), sym});
-
37  });
-
38 }
+ +

Definition at line 34 of file symbol_table.cpp.

+
34 {
+
35 std::for_each(syms.begin(), syms.end(), [&](decomp::symbol_t sym) {
+
36 m_table.insert({sym.hash(), sym});
+
37 });
+
38}

Member Function Documentation

- +

◆ for_each()

@@ -193,14 +198,18 @@ Public Member Functions -
49  {
-
50  for (auto itr = m_table.begin(); itr != m_table.end(); ++itr)
-
51  fn(itr->second);
-
52 }
+ +

Definition at line 49 of file symbol_table.cpp.

+
49 {
+
50 for (auto itr = m_table.begin(); itr != m_table.end(); ++itr)
+
51 fn(itr->second);
+
52}
+

Referenced by theo::recomp::recomp_t::allocate(), and theo::theo_t::compose().

+
- +

◆ put_symbol()

@@ -223,13 +232,17 @@ Public Member Functions -
40  {
-
41  m_table.insert({sym.hash(), sym});
-
42 }
+ +

Definition at line 40 of file symbol_table.cpp.

+
40 {
+
41 m_table.insert({sym.hash(), sym});
+
42}
+

References theo::decomp::symbol_t::hash().

+
- +

◆ put_symbols()

@@ -252,14 +265,16 @@ Public Member Functions -
44  {
-
45  std::for_each(syms.begin(), syms.end(),
-
46  [&](decomp::symbol_t sym) { put_symbol(sym); });
-
47 }
+ +

Definition at line 44 of file symbol_table.cpp.

+
44 {
+
45 std::for_each(syms.begin(), syms.end(),
+
46 [&](decomp::symbol_t sym) { put_symbol(sym); });
+
47}
- +

◆ size()

@@ -276,13 +291,15 @@ Public Member Functions

returns the size of the symbol table.

Returns
returns the size of the symbol table.
-
72  {
-
73  return m_table.size();
-
74 }
+ +

Definition at line 72 of file symbol_table.cpp.

+
72 {
+
73 return m_table.size();
+
74}
- +

◆ sym_from_alloc()

@@ -306,20 +323,22 @@ Public Member Functions
Returns
returns an optional pointer to a theo::decomp::symbol_t
-
61  {
-
62  auto res =
-
63  std::find_if(m_table.begin(), m_table.end(),
-
64  [&](std::pair<const std::size_t, decomp::symbol_t> itr) {
-
65  return itr.second.allocated_at() == allocated_at;
-
66  });
-
67 
-
68  return res != m_table.end() ? &res->second
-
69  : std::optional<decomp::symbol_t*>{};
-
70 }
+ +

Definition at line 60 of file symbol_table.cpp.

+
61 {
+
62 auto res =
+
63 std::find_if(m_table.begin(), m_table.end(),
+
64 [&](std::pair<const std::size_t, decomp::symbol_t> itr) {
+
65 return itr.second.allocated_at() == allocated_at;
+
66 });
+
67
+
68 return res != m_table.end() ? &res->second
+
69 : std::optional<decomp::symbol_t*>{};
+
70}
- +

◆ sym_from_hash()

@@ -343,21 +362,25 @@ Public Member Functions
Returns
returns an optional pointer to a theo::decomp::symbol_t
-
55  {
-
56  return m_table.count(hash) ? &m_table.at(hash)
-
57  : std::optional<decomp::symbol_t*>{};
-
58 }
+ +

Definition at line 54 of file symbol_table.cpp.

+
55 {
+
56 return m_table.count(hash) ? &m_table.at(hash)
+
57 : std::optional<decomp::symbol_t*>{};
+
58}
+

Referenced by theo::theo_t::resolve().

+
The documentation for this class was generated from the following files:
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/db/d8f/classtheo_1_1obf_1_1transform_1_1ror__op__t.html b/doxygen/html/db/d8f/classtheo_1_1obf_1_1transform_1_1ror__op__t.html index 60e85a3..a685c0e 100644 --- a/doxygen/html/db/d8f/classtheo_1_1obf_1_1transform_1_1ror__op__t.html +++ b/doxygen/html/db/d8f/classtheo_1_1obf_1_1transform_1_1ror__op__t.html @@ -2,8 +2,8 @@ - - + + Theodosius: theo::obf::transform::ror_op_t Class Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-Static Public Member Functions | -List of all members
-
-
theo::obf::transform::ror_op_t Class Reference
+Static Public Member Functions
+
theo::obf::transform::ror_op_t Class Reference
-

#include <ror_op.hpp>

+

#include "ror_op.hpp"

Inheritance diagram for theo::obf::transform::ror_op_t:
@@ -86,38 +85,40 @@ Inheritance diagram for theo::obf::transform::ror_op_t:
- - - + +

+

Static Public Member Functions

static ror_op_tget ()
 
static ror_op_tget ()
 
- Static Public Member Functions inherited from theo::obf::transform::operation_t
static std::size_t random (std::size_t lowest, std::size_t largest)
 generate a random number in a range. More...
 
- - - - + + + - - - + + +

+

Additional Inherited Members

- Public Member Functions inherited from theo::obf::transform::operation_t
 operation_t (transform_t op, xed_iclass_enum_t type)
 explicit constructor for operation_t More...
 
std::vector< std::uint8_t > native (const xed_decoded_inst_t *inst, std::uint32_t imm)
 generates a native transform instruction given an existing instruction. it works like so: More...
 
std::vector< std::uint8_t > native (const xed_decoded_inst_t *inst, std::uint32_t imm)
 generates a native transform instruction given an existing instruction. it works like so: More...
 
xed_iclass_enum_t inverse ()
 gets the inverse operation of the current operation. More...
 
transform_tget_transform ()
 gets a pointer to the lambda function which contains the transform logic. More...
 
transform_tget_transform ()
 gets a pointer to the lambda function which contains the transform logic. More...
 
xed_iclass_enum_t type ()
 gets the operation type. such as XED_ICLASS_ADD, XED_ICLASS_SUB, etc... More...
 

Detailed Description

-

Member Function Documentation

- -

◆ get()

+
+

Definition at line 35 of file ror_op.hpp.

+

Member Function Documentation

+ +

◆ get()

@@ -126,7 +127,7 @@ Additional Inherited Members - + @@ -138,20 +139,22 @@ Additional Inherited Members
static ror_op_t* theo::obf::transform::ror_op_t::get static ror_op_t * theo::obf::transform::ror_op_t::get ( )
-
44  {
-
45  static ror_op_t obj;
-
46  return &obj;
-
47  }
+ +

Definition at line 44 of file ror_op.hpp.

+
44 {
+
45 static ror_op_t obj;
+
46 return &obj;
+
47 }
The documentation for this class was generated from the following file:
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/db/dae/hello__world__pass_8hpp.html b/doxygen/html/db/dae/hello__world__pass_8hpp.html index 2cd9ed4..e1749ef 100644 --- a/doxygen/html/db/dae/hello__world__pass_8hpp.html +++ b/doxygen/html/db/dae/hello__world__pass_8hpp.html @@ -2,8 +2,8 @@ - - + + Theodosius: examples/demo/hello_world_pass.hpp File Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-Classes | +Data Structures | Namespaces
-
-
hello_world_pass.hpp File Reference
+
hello_world_pass.hpp File Reference
#include <spdlog/spdlog.h>
-#include <obf/pass.hpp>
+#include <obf/pass.hpp>
-

Go to the source code of this file.

+

Go to the source code of this file.

- +

-Classes

+Data Structures

class  theo::obf::hello_world_pass_t
 hello world pass example of how to inherit pass_t. More...
 
- - + - +

+

Namespaces

 theo
namespace  theo
 The outer most encompassing namespace of this project.
 
 theo::obf
namespace  theo::obf
 this is the main namespace for obfuscation related things.
 
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/db/dae/hello__world__pass_8hpp_source.html b/doxygen/html/db/dae/hello__world__pass_8hpp_source.html new file mode 100644 index 0000000..ad37bc2 --- /dev/null +++ b/doxygen/html/db/dae/hello__world__pass_8hpp_source.html @@ -0,0 +1,135 @@ + + + + + + + +Theodosius: examples/demo/hello_world_pass.hpp Source File + + + + + + + + + +
+
+ + + + + + + +
+
Theodosius v3.0 +
+
Jit linker, symbol mapper, and obfuscator
+
+
+ + + + + + + + +
+
+ + +
+ +
+ + +
+
+
hello_world_pass.hpp
+
+
+Go to the documentation of this file.
1// Copyright (c) 2022, _xeroxz
+
2// All rights reserved.
+
3//
+
4// Redistribution and use in source and binary forms, with or without
+
5// modification, are permitted provided that the following conditions are met:
+
6//
+
7// 1. Redistributions of source code must retain the above copyright notice,
+
8// this list of conditions and the following disclaimer.
+
9//
+
10// 2. Redistributions in binary form must reproduce the above copyright notice,
+
11// this list of conditions and the following disclaimer in the documentation
+
12// and/or other materials provided with the distribution.
+
13//
+
14// 3. Neither the name of the copyright holder nor the names of its
+
15// contributors may be used to endorse or promote products derived from
+
16// this software without specific prior written permission.
+
17//
+
18// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+
19// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+
20// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+
21// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+
22// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+
23// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+
24// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+
25// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+
26// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+
27// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+
28// POSSIBILITY OF SUCH DAMAGE.
+
29//
+
30
+
31#pragma once
+
32#include <spdlog/spdlog.h>
+
33#include <obf/pass.hpp>
+
34
+
35namespace theo::obf {
+
36/// <summary>
+
37/// hello world pass example of how to inherit pass_t.
+
38/// </summary>
+
39class hello_world_pass_t : public pass_t {
+
40 hello_world_pass_t() : pass_t(decomp::sym_type_t::all) {
+
41 spdlog::info("created hello world pass...");
+
42 }
+
43
+
44 public:
+
45 static hello_world_pass_t* get() {
+
46 static hello_world_pass_t obj;
+
47 return &obj;
+
48 }
+
49
+
50 void run(decomp::symbol_t* sym) {
+
51 spdlog::info("[hello_world_pass_t] symbol name: {}, symbol hash: {}",
+
52 sym->name(), sym->hash());
+
53 }
+
54};
+
55} // namespace theo::obf
+
+ +
+Generated by doxygen 1.9.3 +
+ + diff --git a/doxygen/html/dc/d39/classtheo_1_1obf_1_1reloc__transform__pass__t.html b/doxygen/html/dc/d39/classtheo_1_1obf_1_1reloc__transform__pass__t.html index 8817752..c3197b9 100644 --- a/doxygen/html/dc/d39/classtheo_1_1obf_1_1reloc__transform__pass__t.html +++ b/doxygen/html/dc/d39/classtheo_1_1obf_1_1reloc__transform__pass__t.html @@ -2,8 +2,8 @@ - - + + Theodosius: theo::obf::reloc_transform_pass_t Class Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ + +
theo::obf::reloc_transform_pass_t Class Reference

this pass is like the next_inst_pass, however, relocations are encrypted with transformations instead of the address of the next instruction. this pass only runs at the instruction level and appends transformations into the reloc_t object of the instruction symbol. More...

-

#include <reloc_transform_pass.hpp>

+

#include "reloc_transform_pass.hpp"

Inheritance diagram for theo::obf::reloc_transform_pass_t:
@@ -90,7 +89,7 @@ Inheritance diagram for theo::obf::reloc_transform_pass_t:
- @@ -99,24 +98,29 @@ Public Member Functions + + +

+

Public Member Functions

void run (decomp::symbol_t *sym)
 virtual method which must be implimented by the pass that inherits this class. More...
 pass_t (decomp::sym_type_t sym_type)
 the explicit constructor of the pass_t base class. More...
 
virtual void run (decomp::symbol_t *sym)=0
 virtual method which must be implimented by the pass that inherits this class. More...
 
decomp::sym_type_t sym_type ()
 gets the passes symbol type. More...
 
-

+

Static Public Member Functions

static reloc_transform_pass_tget ()
 

Detailed Description

-

this pass is like the next_inst_pass, however, relocations are encrypted with transformations instead of the address of the next instruction. this pass only runs at the instruction level and appends transformations into the reloc_t object of the instruction symbol.

-

given the following code: 

mov rax, &MessageBoxA
+
this pass is like the next_inst_pass, however, relocations are encrypted with transformations instead of the address of the next instruction. this pass only runs at the instruction level and appends transformations into the reloc_t object of the instruction symbol. 

+
given the following code: 
mov rax, &MessageBoxA
 
 this pass will generate a random number of transformations to encrypt the address of "MessageBoxA". These transformations will then be applied by theodosius internally when resolving relocations. 
mov rax, enc_MessageBoxA
 xor rax, 0x389284324
 add rax, 0x345332567
 ror rax, 0x5353
-
Member Function Documentation

-
+
+

Definition at line 56 of file reloc_transform_pass.hpp.

+

Member Function Documentation

+

◆ get()

@@ -138,14 +142,18 @@ ror rax, 0x5353
-
34  {
-
35  static reloc_transform_pass_t obj;
-
36  return &obj;
-
37 }
+ +

Definition at line 34 of file reloc_transform_pass.cpp.

+
34 {
+
35 static reloc_transform_pass_t obj;
+
36 return &obj;
+
37}
+

Referenced by main().

+
- +

◆ run()

@@ -178,43 +186,46 @@ ror rax, 0x5353

Implements theo::obf::pass_t.

-
39  {
-
40  std::optional<recomp::reloc_t*> reloc;
-
41  if (!(reloc = has_legit_reloc(sym)).has_value())
-
42  return;
-
43 
-
44  spdlog::info("adding transformations to relocation in symbol: {}",
-
45  sym->name());
-
46 
-
47  xed_error_enum_t err;
-
48  xed_decoded_inst_t inst;
-
49  xed_state_t istate{XED_MACHINE_MODE_LONG_64, XED_ADDRESS_WIDTH_64b};
-
50  xed_decoded_inst_zero_set_mode(&inst, &istate);
-
51 
-
52  if ((err = xed_decode(&inst, sym->data().data(), sym->data().size())) !=
-
53  XED_ERROR_NONE) {
-
54  spdlog::error("failed to decode instruction, reason: {} in symbol: {}",
-
55  xed_error_enum_t2str(err), sym->name());
-
56 
-
57  assert(err == XED_ERROR_NONE);
-
58  }
-
59 
-
60  auto transforms_bytes = transform::generate(&inst, reloc.value(), 3, 6);
-
61  sym->data().insert(sym->data().end(), transforms_bytes.begin(),
-
62  transforms_bytes.end());
-
63 };
-
theo::obf::transform::generate
std::vector< std::uint8_t > generate(xed_decoded_inst_t *inst, recomp::reloc_t *reloc, std::uint8_t low, std::uint8_t high)
generate a sequence of transformations given an instruction that has a relocation in it.
Definition: gen.hpp:45
+ +

Definition at line 39 of file reloc_transform_pass.cpp.

+
39 {
+
40 std::optional<recomp::reloc_t*> reloc;
+
41 if (!(reloc = has_legit_reloc(sym)).has_value())
+
42 return;
+
43
+
44 spdlog::info("adding transformations to relocation in symbol: {}",
+
45 sym->name());
+
46
+
47 xed_error_enum_t err;
+
48 xed_decoded_inst_t inst;
+
49 xed_state_t istate{XED_MACHINE_MODE_LONG_64, XED_ADDRESS_WIDTH_64b};
+
50 xed_decoded_inst_zero_set_mode(&inst, &istate);
+
51
+
52 if ((err = xed_decode(&inst, sym->data().data(), sym->data().size())) !=
+
53 XED_ERROR_NONE) {
+
54 spdlog::error("failed to decode instruction, reason: {} in symbol: {}",
+
55 xed_error_enum_t2str(err), sym->name());
+
56
+
57 assert(err == XED_ERROR_NONE);
+
58 }
+
59
+
60 auto transforms_bytes = transform::generate(&inst, reloc.value(), 3, 6);
+
61 sym->data().insert(sym->data().end(), transforms_bytes.begin(),
+
62 transforms_bytes.end());
+
63};
+

References theo::decomp::symbol_t::data(), theo::obf::transform::generate(), and theo::decomp::symbol_t::name().

+
The documentation for this class was generated from the following files:
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/dc/d83/decomp_8cpp.html b/doxygen/html/dc/d83/decomp_8cpp.html index 021f25a..4473949 100644 --- a/doxygen/html/dc/d83/decomp_8cpp.html +++ b/doxygen/html/dc/d83/decomp_8cpp.html @@ -2,8 +2,8 @@ - - + + Theodosius: src/decomp/decomp.cpp File Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
Namespaces
-
-
decomp.cpp File Reference
+
decomp.cpp File Reference
-
#include <decomp/decomp.hpp>
+
#include <decomp/decomp.hpp>
-

Go to the source code of this file.

+

Go to the source code of this file.

- - + - +

+

Namespaces

 theo
namespace  theo
 The outer most encompassing namespace of this project.
 
 theo::decomp
namespace  theo::decomp
 the namespace that contains all of the decomposition related code.
 
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/dc/d83/decomp_8cpp_source.html b/doxygen/html/dc/d83/decomp_8cpp_source.html new file mode 100644 index 0000000..e9062c7 --- /dev/null +++ b/doxygen/html/dc/d83/decomp_8cpp_source.html @@ -0,0 +1,380 @@ + + + + + + + +Theodosius: src/decomp/decomp.cpp Source File + + + + + + + + + +
+
+ + + + + + + +
+
Theodosius v3.0 +
+
Jit linker, symbol mapper, and obfuscator
+
+
+ + + + + + + + +
+
+ + +
+ +
+ + +
+
+
decomp.cpp
+
+
+Go to the documentation of this file.
1// Copyright (c) 2022, _xeroxz
+
2// All rights reserved.
+
3//
+
4// Redistribution and use in source and binary forms, with or without
+
5// modification, are permitted provided that the following conditions are met:
+
6//
+
7// 1. Redistributions of source code must retain the above copyright notice,
+
8// this list of conditions and the following disclaimer.
+
9//
+
10// 2. Redistributions in binary form must reproduce the above copyright notice,
+
11// this list of conditions and the following disclaimer in the documentation
+
12// and/or other materials provided with the distribution.
+
13//
+
14// 3. Neither the name of the copyright holder nor the names of its
+
15// contributors may be used to endorse or promote products derived from
+
16// this software without specific prior written permission.
+
17//
+
18// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+
19// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+
20// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+
21// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+
22// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+
23// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+
24// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+
25// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+
26// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+
27// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+
28// POSSIBILITY OF SUCH DAMAGE.
+
29//
+
30
+
31#include <decomp/decomp.hpp>
+
32
+
33namespace theo::decomp {
+
34decomp_t::decomp_t(std::vector<std::uint8_t>& lib, recomp::symbol_table_t* syms)
+
35 : m_lib(lib), m_syms(syms) {}
+
36
+
37std::optional<recomp::symbol_table_t*> decomp_t::decompose(
+
38 std::string& entry_sym) {
+
39 // extract obj files from the archive file...
+
40 //
+
41 ar::view<false> lib(m_lib.data(), m_lib.size());
+
42 std::for_each(
+
43 lib.begin(), lib.end(),
+
44 [&](std::pair<std::string_view, ar::entry_t&> itr) {
+
45 // if the entry isnt the symbol table or the string table
+
46 // then we know its an obj file...
+
47 //
+
48 if (!itr.second.is_symbol_table() && !itr.second.is_string_table()) {
+
49 spdlog::info("extracted obj from archive: {}", itr.first);
+
50 std::vector<std::uint8_t> data(itr.second.begin(), itr.second.end());
+
51 m_objs.push_back(data);
+
52 }
+
53 });
+
54
+
55 std::for_each(
+
56 m_objs.begin(), m_objs.end(), [&](std::vector<std::uint8_t>& img_data) {
+
57 auto img = reinterpret_cast<coff::image_t*>(img_data.data());
+
58 for (auto idx = 0u; idx < img->file_header.num_symbols; ++idx) {
+
59 auto sym = img->get_symbol(idx);
+
60 if (sym->section_index - 1 > img->file_header.num_sections)
+
61 continue;
+
62
+
63 auto sym_name = symbol_t::name(img, sym);
+
64 if (sym_name.length()) {
+
65 auto sym_hash = symbol_t::hash(sym_name.data());
+
66 auto sym_size =
+
67 sym->has_section()
+
68 ? next_sym(img, img->get_section(sym->section_index - 1),
+
69 sym)
+
70 : 0u;
+
71
+
72 m_lookup_tbl[sym_hash].emplace_back(img, sym, sym_size);
+
73 }
+
74 }
+
75 });
+
76
+
77 // extract used symbols from objs and create a nice little set of them so that
+
78 // we can easily decompose them... no need deal with every single symbol...
+
79 spdlog::info("extracted {} symbols being used...",
+
80 ext_used_syms(entry_sym.data()));
+
81
+
82 // generate symbols, populate section hash table, for each object file
+
83 // extracted from the archive file...
+
84 //
+
85 std::for_each(m_used_syms.begin(), m_used_syms.end(), [&](sym_data_t data) {
+
86 auto [img, sym, size] = data;
+
87
+
88 // populate section hash table with sections for the img of this
+
89 // symbol... only populate the hash table if its not been populated for
+
90 // this obj before...
+
91 //
+
92 if (m_processed_objs.emplace(img).second) {
+
93 for (auto idx = 0u; idx < img->file_header.num_sections; ++idx) {
+
94 auto scn = img->get_section(idx);
+
95 auto scn_sym_name =
+
96 std::string(scn->name.to_string(img->get_strings()))
+
97 .append("#")
+
98 .append(std::to_string(idx))
+
99 .append("!")
+
100 .append(std::to_string(img->file_header.timedate_stamp));
+
101
+
102 // hash the name of the section + the index + the timestamp of the
+
103 // obj file it is in...
+
104 //
+
105 m_scn_hash_tbl.insert({scn, decomp::symbol_t::hash(scn_sym_name)});
+
106 }
+
107 }
+
108
+
109 // if the symbol is a function then we are going to decompose it...
+
110 // data symbols are handled after this...
+
111 //
+
112 if (sym->has_section()) {
+
113 if (sym->derived_type == coff::derived_type_id::function) {
+
114 auto scn = img->get_section(sym->section_index - 1);
+
115 auto dcmp_type =
+
116 scn->name.to_string(img->get_strings()) == INSTR_SPLIT_SECTION_NAME
+
117 ? decomp::sym_type_t::instruction
+
118 : decomp::sym_type_t::function;
+
119
+
120 auto fn_size = next_sym(img, scn, sym);
+
121 auto fn_bgn = scn->ptr_raw_data + reinterpret_cast<std::uint8_t*>(img) +
+
122 sym->value;
+
123
+
124 std::vector<std::uint8_t> fn(fn_bgn, fn_bgn + fn_size);
+
125 decomp::routine_t rtn(sym, img, scn, fn, dcmp_type);
+
126
+
127 auto syms = rtn.decompose();
+
128 m_syms->put_symbols(syms);
+
129 } else if (sym->storage_class == coff::storage_class_id::public_symbol ||
+
130 sym->storage_class == coff::storage_class_id::private_symbol) {
+
131 auto scn = img->get_section(sym->section_index - 1);
+
132 auto scn_sym = m_syms->sym_from_hash(m_scn_hash_tbl[scn]);
+
133
+
134 // if the section doesnt have a symbol then make one and put it into
+
135 // the symbol table...
+
136 //
+
137 if (!scn_sym.has_value()) {
+
138 auto scn_sym_name =
+
139 std::string(scn->name.to_string(img->get_strings()))
+
140 .append("#")
+
141 .append(std::to_string(sym->section_index - 1))
+
142 .append("!")
+
143 .append(std::to_string(img->file_header.timedate_stamp));
+
144
+
145 std::vector<std::uint8_t> scn_data(scn->size_raw_data);
+
146 if (scn->characteristics.cnt_uninit_data) {
+
147 scn_data.insert(scn_data.begin(), scn->size_raw_data, 0);
+
148 } else {
+
149 scn_data.insert(
+
150 scn_data.begin(),
+
151 reinterpret_cast<std::uint8_t*>(img) + scn->ptr_raw_data,
+
152 reinterpret_cast<std::uint8_t*>(img) + scn->ptr_raw_data +
+
153 scn->size_raw_data);
+
154 }
+
155
+
156 std::vector<recomp::reloc_t> relocs;
+
157 auto scn_relocs = reinterpret_cast<coff::reloc_t*>(
+
158 scn->ptr_relocs + reinterpret_cast<std::uint8_t*>(img));
+
159
+
160 for (auto idx = 0u; idx < scn->num_relocs; ++idx) {
+
161 auto scn_reloc = &scn_relocs[idx];
+
162 auto sym_reloc = img->get_symbol(scn_relocs[idx].symbol_index);
+
163 auto sym_name = symbol_t::name(img, sym_reloc);
+
164 auto sym_hash = decomp::symbol_t::hash(sym_name.data());
+
165 relocs.push_back(
+
166 recomp::reloc_t(scn_reloc->virtual_address - sym->value,
+
167 sym_hash, sym_name.data()));
+
168 }
+
169
+
170 decomp::symbol_t new_scn_sym(img, scn_sym_name, 0, scn_data, scn, {},
+
171 relocs, sym_type_t::section);
+
172
+
173 m_syms->put_symbol(new_scn_sym);
+
174 }
+
175
+
176 // create a symbol for the data...
+
177 //
+
178 decomp::symbol_t new_sym(img, symbol_t::name(img, sym).data(),
+
179 sym->value, {}, scn, sym, {},
+
180 sym_type_t::data);
+
181
+
182 m_syms->put_symbol(new_sym);
+
183 }
+
184 } else if (sym->storage_class ==
+
185 coff::storage_class_id::
+
186 external_definition) { // else if the symbol has no
+
187 // section... these symbols
+
188 // require the linker to allocate
+
189 // space for them...
+
190
+
191 std::vector<std::uint8_t> data(sym->value, 0);
+
192 decomp::symbol_t bss_sym(img, symbol_t::name(img, sym).data(), {}, data,
+
193 {}, sym, {}, sym_type_t::data);
+
194
+
195 m_syms->put_symbol(bss_sym);
+
196 }
+
197 });
+
198
+
199 // return the extract symbols to the caller...
+
200 //
+
201 return m_syms;
+
202}
+
203
+
204std::uint32_t decomp_t::next_sym(coff::image_t* img,
+
205 coff::section_header_t* hdr,
+
206 coff::symbol_t* s) {
+
207 // loop over all symbols in this object...
+
208 // find the next symbol inside of the same section...
+
209 // if there is no next symbol then we use the end of the section...
+
210 std::uint32_t res = hdr->size_raw_data;
+
211 for (auto idx = 0u; idx < img->file_header.num_symbols; ++idx) {
+
212 auto q = img->get_symbol(idx);
+
213 if (q->derived_type == coff::derived_type_id::function &&
+
214 q->section_index == s->section_index && q != s)
+
215 if (q->value > s->value && q->value < res)
+
216 res = q->value;
+
217 }
+
218 return res;
+
219}
+
220
+
221std::uint32_t decomp_t::ext_used_syms(const std::string&& entry_sym) {
+
222 std::optional<sym_data_t> entry = get_symbol(entry_sym.data());
+
223 if (!entry.has_value())
+
224 return 0u;
+
225
+
226 std::set<coff::symbol_t*> cache;
+
227 const auto finding_syms = [&]() -> bool {
+
228 for (auto itr = m_used_syms.begin(); itr != m_used_syms.end(); ++itr) {
+
229 auto [img, sym, size] = *itr;
+
230 if (sym->has_section() && !cache.count(sym) && size) {
+
231 auto scn = img->get_section(sym->section_index - 1);
+
232 auto num_relocs = scn->num_relocs;
+
233 auto relocs = reinterpret_cast<coff::reloc_t*>(
+
234 scn->ptr_relocs + reinterpret_cast<std::uint8_t*>(img));
+
235
+
236 for (auto idx = 0u; idx < num_relocs; ++idx) {
+
237 auto reloc = &relocs[idx];
+
238 // if the reloc is inside of the current symbol...
+
239 if (reloc->virtual_address >= sym->value &&
+
240 reloc->virtual_address < sym->value + size) {
+
241 auto reloc_sym = img->get_symbol(reloc->symbol_index);
+
242 auto sym_name = symbol_t::name(img, reloc_sym);
+
243 entry = get_symbol(sym_name);
+
244 if (m_used_syms.emplace(entry.value()).second)
+
245 return true;
+
246 }
+
247 }
+
248 cache.emplace(sym);
+
249 }
+
250 }
+
251 return false;
+
252 };
+
253
+
254 m_used_syms.emplace(entry.value());
+
255 for (m_used_syms.emplace(entry.value()); finding_syms();)
+
256 ;
+
257
+
258 return m_used_syms.size();
+
259}
+
260
+
261std::optional<sym_data_t> decomp_t::get_symbol(const std::string_view& name) {
+
262 coff::image_t* img = {};
+
263 coff::symbol_t* sym = {};
+
264 std::uint32_t size = {};
+
265
+
266 auto& syms = m_lookup_tbl[symbol_t::hash(name.data())];
+
267 for (auto idx = 0u; idx < syms.size(); ++idx) {
+
268 img = std::get<0>(syms[idx]);
+
269 sym = std::get<1>(syms[idx]);
+
270 size = std::get<2>(syms[idx]);
+
271 if (sym->has_section())
+
272 return {{img, sym, size}};
+
273 }
+
274
+
275 if (img && sym)
+
276 return {{img, sym, size}};
+
277
+
278 return {};
+
279}
+
280
+
281std::vector<routine_t> decomp_t::rtns() {
+
282 return m_rtns;
+
283}
+
284
+
285std::vector<std::uint8_t> decomp_t::lib() {
+
286 return m_lib;
+
287}
+
288
+
289std::vector<std::vector<std::uint8_t>> decomp_t::objs() {
+
290 return m_objs;
+
291}
+
292
+
293recomp::symbol_table_t* decomp_t::syms() {
+
294 return m_syms;
+
295}
+
296
+
297std::map<coff::section_header_t*, std::size_t>& decomp_t::scn_hash_tbl() {
+
298 return m_scn_hash_tbl;
+
299}
+
300} // namespace theo::decomp
+
+ +
+Generated by doxygen 1.9.3 +
+ + diff --git a/doxygen/html/dd/d37/classtheo_1_1recomp_1_1reloc__t.html b/doxygen/html/dd/d37/classtheo_1_1recomp_1_1reloc__t.html index eee27d9..5dba20e 100644 --- a/doxygen/html/dd/d37/classtheo_1_1recomp_1_1reloc__t.html +++ b/doxygen/html/dd/d37/classtheo_1_1recomp_1_1reloc__t.html @@ -2,8 +2,8 @@ - - + + Theodosius: theo::recomp::reloc_t Class Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-Public Member Functions | -List of all members
-
-
theo::recomp::reloc_t Class Reference
+Public Member Functions
+
theo::recomp::reloc_t Class Reference

meta data about a relocation for a symbol More...

-

#include <reloc.hpp>

+

#include "reloc.hpp"

- @@ -100,14 +99,16 @@ Public Member Functions - - - + + +

+

Public Member Functions

 reloc_t (std::uint32_t offset, std::size_t hash, const std::string &&sym_name)
 explicit constructor for this class. More...
void add_transform (std::pair< obf::transform::transform_t *, std::uint32_t > entry)
 adds a transformation to be applied to the relocation prior to writing it into the symbol. More...
 
std::vector< std::pair< obf::transform::transform_t *, std::uint32_t > > & get_transforms ()
 gets the vector of transformation. More...
 
std::vector< std::pair< obf::transform::transform_t *, std::uint32_t > > & get_transforms ()
 gets the vector of transformation. More...
 

Detailed Description

-

meta data about a relocation for a symbol

+

meta data about a relocation for a symbol

+ +

Definition at line 41 of file reloc.hpp.

Constructor & Destructor Documentation

- +

◆ reloc_t()

@@ -156,14 +157,14 @@ Public Member Functions -
55  : m_offset(offset), m_hash(hash), m_sym_name(sym_name) {}
-
theo::recomp::reloc_t::offset
std::uint32_t offset()
returns the offset into the symbol to which the relocation will be applied. the offset is in bytes....
Definition: reloc.hpp:75
-
theo::recomp::reloc_t::hash
std::size_t hash()
returns the hash of the relocation symbol.
Definition: reloc.hpp:61
+ +

Definition at line 52 of file reloc.hpp.

+
55 : m_offset(offset), m_hash(hash), m_sym_name(sym_name) {}

Member Function Documentation

- +

◆ add_transform()

@@ -194,14 +195,18 @@ Public Member Functions -
92  {
-
93  m_transforms.push_back(entry);
-
94  }
+ +

Definition at line 91 of file reloc.hpp.

+
92 {
+
93 m_transforms.push_back(entry);
+
94 }
+

Referenced by theo::obf::transform::generate().

+
- -

◆ get_transforms()

+ +

◆ get_transforms()

@@ -210,7 +215,7 @@ Public Member Functions - + @@ -225,13 +230,17 @@ Public Member Functions

gets the vector of transformation.

Returns
returns the vector of transformations.
-
101  {
-
102  return m_transforms;
-
103  }
+ +

Definition at line 101 of file reloc.hpp.

+
101 {
+
102 return m_transforms;
+
103 }
+

Referenced by theo::obf::transform::generate(), and theo::recomp::recomp_t::resolve().

+
- +

◆ hash()

@@ -256,11 +265,15 @@ Public Member Functions

returns the hash of the relocation symbol.

Returns
hash of the relocation symbol
-
61 { return m_hash; }
+ +

Definition at line 61 of file reloc.hpp.

+
61{ return m_hash; }
+

Referenced by theo::recomp::recomp_t::resolve().

+
- +

◆ name()

@@ -285,11 +298,15 @@ Public Member Functions

returns the name of the relocation symbol.

Returns
returns the name of the relocation symbol.
-
67 { return m_sym_name; }
+ +

Definition at line 67 of file reloc.hpp.

+
67{ return m_sym_name; }
+

Referenced by theo::recomp::recomp_t::resolve().

+
- +

◆ offset() [1/2]

@@ -314,11 +331,15 @@ Public Member Functions

returns the offset into the symbol to which the relocation will be applied. the offset is in bytes. zero based.

Returns
returns the offset into the symbol to which the relocation will be applied. the offset is in bytes. zero based.
-
75 { return m_offset; }
+ +

Definition at line 75 of file reloc.hpp.

+
75{ return m_offset; }
+

Referenced by theo::recomp::recomp_t::resolve().

+
- +

◆ offset() [2/2]

@@ -349,17 +370,23 @@ Public Member Functions
std::vector<std::pair<obf::transform::transform_t*, std::uint32_t> >& theo::recomp::reloc_t::get_transforms std::vector< std::pair< obf::transform::transform_t *, std::uint32_t > > & theo::recomp::reloc_t::get_transforms ( )
-
82 { m_offset = offset; }
+ +

Definition at line 82 of file reloc.hpp.

+
82{ m_offset = offset; }
+

References offset().

+ +

Referenced by offset().

+
The documentation for this class was generated from the following file:
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/dd/d60/classtheo_1_1theo__t-members.html b/doxygen/html/dd/d60/classtheo_1_1theo__t-members.html index 1daf757..8d316ef 100644 --- a/doxygen/html/dd/d60/classtheo_1_1theo__t-members.html +++ b/doxygen/html/dd/d60/classtheo_1_1theo__t-members.html @@ -2,8 +2,8 @@ - - + + Theodosius: Member List @@ -19,10 +19,10 @@
- - + + @@ -31,21 +31,22 @@
-
Theodosius -  v3.0 +
+
Theodosius v3.0
Jit linker, mapper, obfuscator, and mutator
- + +/* @license-end */ +
-
-
theo::theo_t Member List
+
theo::theo_t Member List

This is the complete list of members for theo::theo_t, including all inherited members.

- + - +
compose()theo::theo_t
decompose()theo::theo_t
decompose()theo::theo_t
resolve(const std::string &&sym)theo::theo_t
theo_t(std::vector< std::uint8_t > &lib, lnk_fns_t lnkr_fns, const std::string &&entry_sym)theo::theo_texplicit
theo_t(std::vector< std::uint8_t > &lib, lnk_fns_t lnkr_fns, const std::string &&entry_sym)theo::theo_texplicit
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/dd/d70/md_examples_demo__demo__example__using__theo.html b/doxygen/html/dd/d70/md_examples_demo__demo__example__using__theo.html index eba0c10..3e093cf 100644 --- a/doxygen/html/dd/d70/md_examples_demo__demo__example__using__theo.html +++ b/doxygen/html/dd/d70/md_examples_demo__demo__example__using__theo.html @@ -2,8 +2,8 @@ - - + + Theodosius: Demo Example Using Theo @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-
-
-
Demo Example Using Theo
+
+
Demo Example Using Theo
-

Example run using demolib.lib as the target lib. Note the hello_world_pass_t output. Refer to main.cpp for more information.

+

Example run using demolib.lib as the target lib. Note the hello_world_pass_t output. Refer to main.cpp for more information.

[2022-04-22 15:44:21.680] [info] created hello world pass...
enter the name of the entry point: EntryPoint
[2022-04-22 15:44:28.547] [info] extracted obj from archive: ../demolib.dir/Debug/main.obj
@@ -155,7 +155,7 @@ $(function() {
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/dd/d93/classtheo_1_1obf_1_1transform_1_1ror__op__t-members.html b/doxygen/html/dd/d93/classtheo_1_1obf_1_1transform_1_1ror__op__t-members.html index ad54762..82e4f07 100644 --- a/doxygen/html/dd/d93/classtheo_1_1obf_1_1transform_1_1ror__op__t-members.html +++ b/doxygen/html/dd/d93/classtheo_1_1obf_1_1transform_1_1ror__op__t-members.html @@ -2,8 +2,8 @@ - - + + Theodosius: Member List @@ -19,10 +19,10 @@
- - + + @@ -31,21 +31,22 @@
-
Theodosius -  v3.0 +
+
Theodosius v3.0
Jit linker, mapper, obfuscator, and mutator
- + +/* @license-end */ +
-
-
theo::obf::transform::ror_op_t Member List
+
theo::obf::transform::ror_op_t Member List

This is the complete list of members for theo::obf::transform::ror_op_t, including all inherited members.

- - + + - + - +
get()theo::obf::transform::ror_op_tinlinestatic
get_transform()theo::obf::transform::operation_tinline
get()theo::obf::transform::ror_op_tinlinestatic
get_transform()theo::obf::transform::operation_tinline
inverse()theo::obf::transform::operation_tinline
native(const xed_decoded_inst_t *inst, std::uint32_t imm)theo::obf::transform::operation_tinline
native(const xed_decoded_inst_t *inst, std::uint32_t imm)theo::obf::transform::operation_tinline
operation_t(transform_t op, xed_iclass_enum_t type)theo::obf::transform::operation_tinlineexplicit
random(std::size_t lowest, std::size_t largest)theo::obf::transform::operation_tinlinestatic
random(std::size_t lowest, std::size_t largest)theo::obf::transform::operation_tinlinestatic
type()theo::obf::transform::operation_tinline
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/de/d46/engine_8hpp.html b/doxygen/html/de/d46/engine_8hpp.html index 0ead8e3..5360a8c 100644 --- a/doxygen/html/de/d46/engine_8hpp.html +++ b/doxygen/html/de/d46/engine_8hpp.html @@ -2,8 +2,8 @@ - - + + Theodosius: include/obf/engine.hpp File Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-Classes | +Data Structures | Namespaces
-
-
engine.hpp File Reference
+
engine.hpp File Reference
#include <algorithm>
-#include <obf/pass.hpp>
+#include <obf/pass.hpp>
#include <vector>
-

Go to the source code of this file.

+

Go to the source code of this file.

- +

-Classes

+Data Structures

class  theo::obf::engine_t
 singleton obfuscation engine class. this class is responsible for keeping track of the registered passes and the order in which to execute them. More...
 
- - + - +

+

Namespaces

 theo
namespace  theo
 The outer most encompassing namespace of this project.
 
 theo::obf
namespace  theo::obf
 this is the main namespace for obfuscation related things.
 
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/de/d46/engine_8hpp_source.html b/doxygen/html/de/d46/engine_8hpp_source.html new file mode 100644 index 0000000..39e5b8e --- /dev/null +++ b/doxygen/html/de/d46/engine_8hpp_source.html @@ -0,0 +1,151 @@ + + + + + + + +Theodosius: include/obf/engine.hpp Source File + + + + + + + + + +
+
+ + + + + + + +
+
Theodosius v3.0 +
+
Jit linker, symbol mapper, and obfuscator
+
+
+ + + + + + + + +
+
+ + +
+ +
+ + +
+
+
engine.hpp
+
+
+Go to the documentation of this file.
1// Copyright (c) 2022, _xeroxz
+
2// All rights reserved.
+
3//
+
4// Redistribution and use in source and binary forms, with or without
+
5// modification, are permitted provided that the following conditions are met:
+
6//
+
7// 1. Redistributions of source code must retain the above copyright notice,
+
8// this list of conditions and the following disclaimer.
+
9//
+
10// 2. Redistributions in binary form must reproduce the above copyright notice,
+
11// this list of conditions and the following disclaimer in the documentation
+
12// and/or other materials provided with the distribution.
+
13//
+
14// 3. Neither the name of the copyright holder nor the names of its
+
15// contributors may be used to endorse or promote products derived from
+
16// this software without specific prior written permission.
+
17//
+
18// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+
19// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+
20// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+
21// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+
22// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+
23// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+
24// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+
25// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+
26// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+
27// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+
28// POSSIBILITY OF SUCH DAMAGE.
+
29//
+
30
+
31#pragma once
+
32#include <algorithm>
+
33#include <obf/pass.hpp>
+
34#include <vector>
+
35
+
36namespace theo::obf {
+
37
+
38/// <summary>
+
39/// singleton obfuscation engine class. this class is responsible for keeping
+
40/// track of the registered passes and the order in which to execute them.
+
41/// </summary>
+
42class engine_t {
+
43 explicit engine_t(){};
+
44
+
45 public:
+
46 /// <summary>
+
47 /// get the singleton object of this class.
+
48 /// </summary>
+
49 /// <returns>the singleton object of this class.</returns>
+
50 static engine_t* get();
+
51
+
52 /// <summary>
+
53 /// add a pass to the engine. the order in which you call this function
+
54 /// matters as the underlying data structure that contains the passes is a
+
55 /// vector.
+
56 /// </summary>
+
57 /// <param name="pass">a pointer to the pass in which to add to the
+
58 /// engine.</param>
+
59 void add_pass(pass_t* pass);
+
60
+
61 /// <summary>
+
62 /// run all the passes on the symbol. this function will only run a pass if
+
63 /// the symbol is the same type as the pass requires.
+
64 /// </summary>
+
65 /// <param name="sym">symbol to run all passes on.</param>
+
66 void run(decomp::symbol_t* sym);
+
67
+
68 private:
+
69 std::vector<pass_t*> passes;
+
70};
+
71} // namespace theo::obf
+
+ +
+Generated by doxygen 1.9.3 +
+ + diff --git a/doxygen/html/de/d64/reloc__transform__pass_8hpp.html b/doxygen/html/de/d64/reloc__transform__pass_8hpp.html index f916003..502d422 100644 --- a/doxygen/html/de/d64/reloc__transform__pass_8hpp.html +++ b/doxygen/html/de/d64/reloc__transform__pass_8hpp.html @@ -2,8 +2,8 @@ - - + + Theodosius: include/obf/passes/reloc_transform_pass.hpp File Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-Classes | +Data Structures | Namespaces
-
-
reloc_transform_pass.hpp File Reference
+
reloc_transform_pass.hpp File Reference
-
#include <obf/pass.hpp>
-#include <obf/transform/operation.hpp>
-#include <obf/transform/transform.hpp>
+
#include <obf/pass.hpp>
+#include <obf/transform/operation.hpp>
+#include <obf/transform/transform.hpp>
-

Go to the source code of this file.

+

Go to the source code of this file.

- +

-Classes

+Data Structures

class  theo::obf::reloc_transform_pass_t
 this pass is like the next_inst_pass, however, relocations are encrypted with transformations instead of the address of the next instruction. this pass only runs at the instruction level and appends transformations into the reloc_t object of the instruction symbol. More...
 
- - + - +

+

Namespaces

 theo
namespace  theo
 The outer most encompassing namespace of this project.
 
 theo::obf
namespace  theo::obf
 this is the main namespace for obfuscation related things.
 
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/de/d64/reloc__transform__pass_8hpp_source.html b/doxygen/html/de/d64/reloc__transform__pass_8hpp_source.html new file mode 100644 index 0000000..912bf37 --- /dev/null +++ b/doxygen/html/de/d64/reloc__transform__pass_8hpp_source.html @@ -0,0 +1,146 @@ + + + + + + + +Theodosius: include/obf/passes/reloc_transform_pass.hpp Source File + + + + + + + + + +
+
+ + + + + + + +
+
Theodosius v3.0 +
+
Jit linker, symbol mapper, and obfuscator
+
+
+ + + + + + + + +
+
+ + +
+ +
+ + +
+
+
reloc_transform_pass.hpp
+
+
+Go to the documentation of this file.
1// Copyright (c) 2022, _xeroxz
+
2// All rights reserved.
+
3//
+
4// Redistribution and use in source and binary forms, with or without
+
5// modification, are permitted provided that the following conditions are met:
+
6//
+
7// 1. Redistributions of source code must retain the above copyright notice,
+
8// this list of conditions and the following disclaimer.
+
9//
+
10// 2. Redistributions in binary form must reproduce the above copyright notice,
+
11// this list of conditions and the following disclaimer in the documentation
+
12// and/or other materials provided with the distribution.
+
13//
+
14// 3. Neither the name of the copyright holder nor the names of its
+
15// contributors may be used to endorse or promote products derived from
+
16// this software without specific prior written permission.
+
17//
+
18// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+
19// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+
20// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+
21// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+
22// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+
23// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+
24// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+
25// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+
26// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+
27// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+
28// POSSIBILITY OF SUCH DAMAGE.
+
29//
+
30
+
31#pragma once
+
32#include <obf/pass.hpp>
+
33#include <obf/transform/operation.hpp>
+
34#include <obf/transform/transform.hpp>
+
35
+
36namespace theo::obf {
+
37/// <summary>
+
38/// this pass is like the next_inst_pass, however, relocations are encrypted
+
39/// with transformations instead of the address of the next instruction. this
+
40/// pass only runs at the instruction level and appends transformations into the
+
41/// reloc_t object of the instruction symbol.
+
42///
+
43/// given the following code:
+
44///
+
45/// mov rax, &MessageBoxA
+
46///
+
47/// this pass will generate a random number of transformations to encrypt the
+
48/// address of "MessageBoxA". These transformations will then be applied by
+
49/// theodosius internally when resolving relocations.
+
50///
+
51/// mov rax, enc_MessageBoxA
+
52/// xor rax, 0x389284324
+
53/// add rax, 0x345332567
+
54/// ror rax, 0x5353
+
55/// </summary>
+
56class reloc_transform_pass_t : public pass_t {
+
57 explicit reloc_transform_pass_t() : pass_t(decomp::sym_type_t::instruction) {}
+
58
+
59 public:
+
60 static reloc_transform_pass_t* get();
+
61 void run(decomp::symbol_t* sym);
+
62
+
63 private:
+
64 std::optional<recomp::reloc_t*> has_legit_reloc(decomp::symbol_t* sym);
+
65};
+
66} // namespace theo::obf
+
+ +
+Generated by doxygen 1.9.3 +
+ + diff --git a/doxygen/html/de/df5/routine_8hpp.html b/doxygen/html/de/df5/routine_8hpp.html index bbe66a1..1ffe78a 100644 --- a/doxygen/html/de/df5/routine_8hpp.html +++ b/doxygen/html/de/df5/routine_8hpp.html @@ -2,8 +2,8 @@ - - + + Theodosius: include/decomp/routine.hpp File Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-Classes | +Data Structures | Namespaces | Macros
-
-
routine.hpp File Reference
+
routine.hpp File Reference
#include <map>
#include <string>
#include <vector>
#include <spdlog/spdlog.h>
-#include <decomp/symbol.hpp>
+#include <decomp/symbol.hpp>
#include <xed-decode.h>
#include <xed-interface.h>
-

Go to the source code of this file.

+

Go to the source code of this file.

- +

-Classes

+Data Structures

class  theo::decomp::routine_t
 the routine class which is responsible for creating symbols for routines. if the routine is located inside a section with the name ".split" it will break functions into instruction symbols. More...
 
- - + - +

+

Namespaces

 theo
namespace  theo
 The outer most encompassing namespace of this project.
 
 theo::decomp
namespace  theo::decomp
 the namespace that contains all of the decomposition related code.
 
- @@ -108,7 +108,7 @@ Macros

+

Macros

#define XED_ENCODER
 
 

Macro Definition Documentation

- +

◆ INSTR_SPLIT_SECTION_NAME

@@ -120,9 +120,11 @@ Macros
+

Definition at line 45 of file routine.hpp.

+
- +

◆ XED_ENCODER

@@ -134,12 +136,14 @@ Macros
+

Definition at line 39 of file routine.hpp.

+
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/de/df5/routine_8hpp_source.html b/doxygen/html/de/df5/routine_8hpp_source.html new file mode 100644 index 0000000..04e7c11 --- /dev/null +++ b/doxygen/html/de/df5/routine_8hpp_source.html @@ -0,0 +1,178 @@ + + + + + + + +Theodosius: include/decomp/routine.hpp Source File + + + + + + + + + +
+
+ + + + + + + +
+
Theodosius v3.0 +
+
Jit linker, symbol mapper, and obfuscator
+
+
+ + + + + + + + +
+
+ + +
+ +
+ + +
+
+
routine.hpp
+
+
+Go to the documentation of this file.
1// Copyright (c) 2022, _xeroxz
+
2// All rights reserved.
+
3//
+
4// Redistribution and use in source and binary forms, with or without
+
5// modification, are permitted provided that the following conditions are met:
+
6//
+
7// 1. Redistributions of source code must retain the above copyright notice,
+
8// this list of conditions and the following disclaimer.
+
9//
+
10// 2. Redistributions in binary form must reproduce the above copyright notice,
+
11// this list of conditions and the following disclaimer in the documentation
+
12// and/or other materials provided with the distribution.
+
13//
+
14// 3. Neither the name of the copyright holder nor the names of its
+
15// contributors may be used to endorse or promote products derived from
+
16// this software without specific prior written permission.
+
17//
+
18// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+
19// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+
20// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+
21// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+
22// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+
23// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+
24// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+
25// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+
26// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+
27// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+
28// POSSIBILITY OF SUCH DAMAGE.
+
29//
+
30
+
31#pragma once
+
32#include <map>
+
33#include <string>
+
34#include <vector>
+
35
+
36#include <spdlog/spdlog.h>
+
37#include <decomp/symbol.hpp>
+
38
+
39#define XED_ENCODER
+
40extern "C" {
+
41#include <xed-decode.h>
+
42#include <xed-interface.h>
+
43}
+
44
+
45#define INSTR_SPLIT_SECTION_NAME ".obf"
+
46
+
47namespace theo::decomp {
+
48/// <summary>
+
49/// the routine class which is responsible for creating symbols for routines. if
+
50/// the routine is located inside a section with the name ".split" it will break
+
51/// functions into instruction symbols.
+
52/// </summary>
+
53class routine_t {
+
54 public:
+
55 /// <summary>
+
56 /// the explicit constructor for routine_t.
+
57 /// </summary>
+
58 /// <param name="sym">the coff symbol for the routine.</param>
+
59 /// <param name="img">the coff image which contains the symbol.</param>
+
60 /// <param name="scn">the section header of the section that contains the
+
61 /// symbol.</param>
+
62 /// <param name="fn">the data (bytes) of the function.</param>
+
63 /// <param name="dcmp_type">the type of decomp to do. if this is
+
64 /// sym_type_t::function then this class wont split the function up into
+
65 /// individual instructions.</param>
+
66 explicit routine_t(coff::symbol_t* sym,
+
67 coff::image_t* img,
+
68 coff::section_header_t* scn,
+
69 std::vector<std::uint8_t>& fn,
+
70 sym_type_t dcmp_type);
+
71
+
72 /// <summary>
+
73 /// decompose the function into symbol(s).
+
74 /// </summary>
+
75 /// <returns>symbol(s) of the function.</returns>
+
76 std::vector<decomp::symbol_t> decompose();
+
77
+
78 /// <summary>
+
79 /// gets the section header of the section in which the symbol is located in.
+
80 /// </summary>
+
81 /// <returns>the section header of the section in which the symbol is located
+
82 /// in.</returns>
+
83 coff::section_header_t* scn();
+
84
+
85 /// <summary>
+
86 /// gets the function bytes.
+
87 /// </summary>
+
88 /// <returns>the function bytes.</returns>
+
89 std::vector<std::uint8_t> data();
+
90
+
91 private:
+
92 coff::symbol_t* m_sym;
+
93 std::vector<std::uint8_t> m_data;
+
94 coff::image_t* m_img;
+
95 coff::section_header_t* m_scn;
+
96 sym_type_t m_dcmp_type;
+
97};
+
98} // namespace theo::decomp
+
+ +
+Generated by doxygen 1.9.3 +
+ + diff --git a/doxygen/html/df/d0a/main_8cpp.html b/doxygen/html/df/d0a/main_8cpp.html index 8e87cee..2ae1d94 100644 --- a/doxygen/html/df/d0a/main_8cpp.html +++ b/doxygen/html/df/d0a/main_8cpp.html @@ -2,8 +2,8 @@ - - + + Theodosius: examples/demo/main.cpp File Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
Functions
-
-
main.cpp File Reference
+
main.cpp File Reference
#include <Windows.h>
@@ -79,23 +79,23 @@ $(function() { #include <fstream>
#include <iostream>
#include <spdlog/spdlog.h>
-#include <theo.hpp>
-#include <obf/engine.hpp>
-#include <obf/passes/jcc_rewrite_pass.hpp>
-#include <obf/passes/next_inst_pass.hpp>
-#include <obf/passes/reloc_transform_pass.hpp>
-#include "hello_world_pass.hpp"
+#include <theo.hpp>
+#include <obf/engine.hpp>
+#include <obf/passes/jcc_rewrite_pass.hpp>
+#include <obf/passes/next_inst_pass.hpp>
+#include <obf/passes/reloc_transform_pass.hpp>
+#include "hello_world_pass.hpp"
-

Go to the source code of this file.

+

Go to the source code of this file.

-

+

Functions

int main (int argc, char *argv[])
 example usage of how to interface with theo. please refer to the source code of this function for details. More...
 

Function Documentation

- +

◆ main()

@@ -130,117 +130,112 @@ Functions
Returns
-
57  {
-
58  if (argc < 2)
-
59  return -1;
-
60 
-
61  // read in lib file...
-
62  std::ifstream f(argv[1], std::ios::binary);
-
63  auto fsize = fs::file_size(fs::path(argv[1]));
-
64  std::vector<std::uint8_t> fdata;
-
65  fdata.resize(fsize);
-
66  f.read((char*)fdata.data(), fsize);
-
67 
-
68  LoadLibraryA("user32.dll");
-
69  LoadLibraryA("win32u.dll");
-
70 
-
71  // declare your allocator, resolver, and copier lambda functions.
-
72  //
-
73 
-
74  theo::recomp::allocator_t allocator =
-
75  [&](std::uint32_t size,
-
76  coff::section_characteristics_t section_type) -> std::uintptr_t {
-
77  return reinterpret_cast<std::uintptr_t>(VirtualAlloc(
-
78  NULL, size, MEM_COMMIT | MEM_RESERVE,
-
79  section_type.mem_execute ? PAGE_EXECUTE_READWRITE : PAGE_READWRITE));
-
80  };
-
81 
-
82  theo::recomp::copier_t copier = [&](std::uintptr_t ptr, void* buff,
-
83  std::uint32_t size) {
-
84  std::memcpy((void*)ptr, buff, size);
-
85  };
-
86 
-
87  theo::recomp::resolver_t resolver = [&](std::string sym) -> std::uintptr_t {
-
88  auto loaded_modules = std::make_unique<HMODULE[]>(64);
-
89  std::uintptr_t result = 0u, loaded_module_sz = 0u;
-
90  if (!EnumProcessModules(GetCurrentProcess(), loaded_modules.get(), 512,
-
91  (PDWORD)&loaded_module_sz))
-
92  return {};
-
93 
-
94  for (auto i = 0u; i < loaded_module_sz / 8u; i++) {
-
95  wchar_t file_name[MAX_PATH] = L"";
-
96  if (!GetModuleFileNameExW(GetCurrentProcess(), loaded_modules.get()[i],
-
97  file_name, _countof(file_name)))
-
98  continue;
-
99 
-
100  if ((result = reinterpret_cast<std::uintptr_t>(
-
101  GetProcAddress(LoadLibraryW(file_name), sym.c_str()))))
-
102  break;
-
103  }
-
104  return result;
-
105  };
-
106 
-
107  // init enc/dec tables only once... important that this is done before adding
-
108  // obfuscation passes to the engine...
-
109  //
-
110  xed_tables_init();
-
111 
-
112  // order matters, the order in which the pass is added is the order they
-
113  // will be executed!
-
114  //
-
115  auto engine = theo::obf::engine_t::get();
-
116 
-
117  // add in our hello world pass here
-
118  //
-
119  engine->add_pass(theo::obf::hello_world_pass_t::get());
-
120 
-
121  // add the rest of the passes in this order. this order is important.
-
122  //
-
123  engine->add_pass(theo::obf::reloc_transform_pass_t::get());
-
124  engine->add_pass(theo::obf::next_inst_pass_t::get());
-
125  engine->add_pass(theo::obf::jcc_rewrite_pass_t::get());
-
126 
-
127  std::string entry_name;
-
128  std::cout << "enter the name of the entry point: ";
-
129  std::cin >> entry_name;
-
130 
-
131  // create a theo object and pass in the lib, your allocator, copier, and
-
132  // resolver functions, as well as the entry point symbol name.
-
133  //
-
134  theo::theo_t t(fdata, {allocator, copier, resolver}, entry_name.data());
-
135 
-
136  // call the decompose method to decompose the lib into coff files and extract
-
137  // the symbols that are used. the result of this call will be an optional
-
138  // value containing the number of symbols extracted.
-
139  //
-
140  auto res = t.decompose();
-
141 
-
142  if (!res.has_value()) {
-
143  spdlog::error("decomposition failed...\n");
-
144  return -1;
-
145  }
-
146 
-
147  spdlog::info("decomposed {} symbols...", res.value());
-
148  auto entry_pnt = t.compose();
-
149  spdlog::info("entry point address: {:X}", entry_pnt);
-
150  reinterpret_cast<void (*)()>(entry_pnt)();
-
151 }
-
theo::obf::engine_t::get
static engine_t * get()
get the singleton object of this class.
Definition: engine.cpp:34
-
theo::obf::hello_world_pass_t::get
static hello_world_pass_t * get()
Definition: hello_world_pass.hpp:45
-
theo::obf::jcc_rewrite_pass_t::get
static jcc_rewrite_pass_t * get()
Definition: jcc_rewrite_pass.cpp:35
-
theo::obf::next_inst_pass_t::get
static next_inst_pass_t * get()
Definition: next_inst_pass.cpp:34
-
theo::obf::reloc_transform_pass_t::get
static reloc_transform_pass_t * get()
Definition: reloc_transform_pass.cpp:34
-
theo::theo_t
the main class which encapsulates a symbol table, decomp, and recomp objects. This class is a bridge ...
Definition: theo.hpp:70
-
theo::recomp::copier_t
std::function< void(std::uintptr_t, void *, std::uint32_t)> copier_t
a function which is called by recomp_t to copy symbols into memory.
Definition: recomp.hpp:49
-
theo::recomp::resolver_t
std::function< std::uintptr_t(std::string)> resolver_t
a function which is called by recomp_t to resolve external symbols
Definition: recomp.hpp:44
-
theo::recomp::allocator_t
std::function< std::uintptr_t(std::uint32_t, coff::section_characteristics_t)> allocator_t
a function which is called to allocate space for a symbol.
Definition: recomp.hpp:59
+ +

Definition at line 57 of file main.cpp.

+
57 {
+
58 if (argc < 2)
+
59 return -1;
+
60
+
61 // read in lib file...
+
62 std::ifstream f(argv[1], std::ios::binary);
+
63 auto fsize = fs::file_size(fs::path(argv[1]));
+
64 std::vector<std::uint8_t> fdata;
+
65 fdata.resize(fsize);
+
66 f.read((char*)fdata.data(), fsize);
+
67
+
68 LoadLibraryA("user32.dll");
+
69 LoadLibraryA("win32u.dll");
+
70
+
71 // declare your allocator, resolver, and copier lambda functions.
+
72 //
+
73
+
74 theo::recomp::allocator_t allocator =
+
75 [&](std::uint32_t size,
+
76 coff::section_characteristics_t section_type) -> std::uintptr_t {
+
77 return reinterpret_cast<std::uintptr_t>(VirtualAlloc(
+
78 NULL, size, MEM_COMMIT | MEM_RESERVE,
+
79 section_type.mem_execute ? PAGE_EXECUTE_READWRITE : PAGE_READWRITE));
+
80 };
+
81
+
82 theo::recomp::copier_t copier = [&](std::uintptr_t ptr, void* buff,
+
83 std::uint32_t size) {
+
84 std::memcpy((void*)ptr, buff, size);
+
85 };
+
86
+
87 theo::recomp::resolver_t resolver = [&](std::string sym) -> std::uintptr_t {
+
88 auto loaded_modules = std::make_unique<HMODULE[]>(64);
+
89 std::uintptr_t result = 0u, loaded_module_sz = 0u;
+
90 if (!EnumProcessModules(GetCurrentProcess(), loaded_modules.get(), 512,
+
91 (PDWORD)&loaded_module_sz))
+
92 return {};
+
93
+
94 for (auto i = 0u; i < loaded_module_sz / 8u; i++) {
+
95 wchar_t file_name[MAX_PATH] = L"";
+
96 if (!GetModuleFileNameExW(GetCurrentProcess(), loaded_modules.get()[i],
+
97 file_name, _countof(file_name)))
+
98 continue;
+
99
+
100 if ((result = reinterpret_cast<std::uintptr_t>(
+
101 GetProcAddress(LoadLibraryW(file_name), sym.c_str()))))
+
102 break;
+
103 }
+
104 return result;
+
105 };
+
106
+
107 // init enc/dec tables only once... important that this is done before adding
+
108 // obfuscation passes to the engine...
+
109 //
+
110 xed_tables_init();
+
111
+
112 // order matters, the order in which the pass is added is the order they
+
113 // will be executed!
+
114 //
+
115 auto engine = theo::obf::engine_t::get();
+
116
+
117 // add in our hello world pass here
+
118 //
+
119 engine->add_pass(theo::obf::hello_world_pass_t::get());
+
120
+
121 // add the rest of the passes in this order. this order is important.
+
122 //
+
123 engine->add_pass(theo::obf::reloc_transform_pass_t::get());
+
124 engine->add_pass(theo::obf::next_inst_pass_t::get());
+
125 engine->add_pass(theo::obf::jcc_rewrite_pass_t::get());
+
126
+
127 std::string entry_name;
+
128 std::cout << "enter the name of the entry point: ";
+
129 std::cin >> entry_name;
+
130
+
131 // create a theo object and pass in the lib, your allocator, copier, and
+
132 // resolver functions, as well as the entry point symbol name.
+
133 //
+
134 theo::theo_t t(fdata, {allocator, copier, resolver}, entry_name.data());
+
135
+
136 // call the decompose method to decompose the lib into coff files and extract
+
137 // the symbols that are used. the result of this call will be an optional
+
138 // value containing the number of symbols extracted.
+
139 //
+
140 auto res = t.decompose();
+
141
+
142 if (!res.has_value()) {
+
143 spdlog::error("decomposition failed...\n");
+
144 return -1;
+
145 }
+
146
+
147 spdlog::info("decomposed {} symbols...", res.value());
+
148 auto entry_pnt = t.compose();
+
149 spdlog::info("entry point address: {:X}", entry_pnt);
+
150 reinterpret_cast<void (*)()>(entry_pnt)();
+
151}
+

References theo::theo_t::compose(), theo::theo_t::decompose(), theo::obf::hello_world_pass_t::get(), theo::obf::engine_t::get(), theo::obf::jcc_rewrite_pass_t::get(), theo::obf::next_inst_pass_t::get(), and theo::obf::reloc_transform_pass_t::get().

+
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/df/d0a/main_8cpp_source.html b/doxygen/html/df/d0a/main_8cpp_source.html new file mode 100644 index 0000000..1b30e03 --- /dev/null +++ b/doxygen/html/df/d0a/main_8cpp_source.html @@ -0,0 +1,231 @@ + + + + + + + +Theodosius: examples/demo/main.cpp Source File + + + + + + + + + +
+
+ + + + + + + +
+
Theodosius v3.0 +
+
Jit linker, symbol mapper, and obfuscator
+
+
+ + + + + + + + +
+
+ + +
+ +
+ + +
+
+
main.cpp
+
+
+Go to the documentation of this file.
1// Copyright (c) 2022, _xeroxz
+
2// All rights reserved.
+
3//
+
4// Redistribution and use in source and binary forms, with or without
+
5// modification, are permitted provided that the following conditions are met:
+
6//
+
7// 1. Redistributions of source code must retain the above copyright notice,
+
8// this list of conditions and the following disclaimer.
+
9//
+
10// 2. Redistributions in binary form must reproduce the above copyright notice,
+
11// this list of conditions and the following disclaimer in the documentation
+
12// and/or other materials provided with the distribution.
+
13//
+
14// 3. Neither the name of the copyright holder nor the names of its
+
15// contributors may be used to endorse or promote products derived from
+
16// this software without specific prior written permission.
+
17//
+
18// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+
19// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+
20// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+
21// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+
22// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+
23// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+
24// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+
25// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+
26// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+
27// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+
28// POSSIBILITY OF SUCH DAMAGE.
+
29//
+
30
+
31#include <Windows.h>
+
32#include <psapi.h>
+
33
+
34#include <filesystem>
+
35#include <fstream>
+
36#include <iostream>
+
37
+
38#include <spdlog/spdlog.h>
+
39#include <theo.hpp>
+
40
+
41#include <obf/engine.hpp>
+
42#include <obf/passes/jcc_rewrite_pass.hpp>
+
43#include <obf/passes/next_inst_pass.hpp>
+
44#include <obf/passes/reloc_transform_pass.hpp>
+
45
+
46#include "hello_world_pass.hpp"
+
47
+
48namespace fs = std::filesystem;
+
49
+
50/// <summary>
+
51/// example usage of how to interface with theo. please refer to the source code
+
52/// of this function for details.
+
53/// </summary>
+
54/// <param name="argc"></param>
+
55/// <param name="argv"></param>
+
56/// <returns></returns>
+
57int main(int argc, char* argv[]) {
+
58 if (argc < 2)
+
59 return -1;
+
60
+
61 // read in lib file...
+
62 std::ifstream f(argv[1], std::ios::binary);
+
63 auto fsize = fs::file_size(fs::path(argv[1]));
+
64 std::vector<std::uint8_t> fdata;
+
65 fdata.resize(fsize);
+
66 f.read((char*)fdata.data(), fsize);
+
67
+
68 LoadLibraryA("user32.dll");
+
69 LoadLibraryA("win32u.dll");
+
70
+
71 // declare your allocator, resolver, and copier lambda functions.
+
72 //
+
73
+
74 theo::recomp::allocator_t allocator =
+
75 [&](std::uint32_t size,
+
76 coff::section_characteristics_t section_type) -> std::uintptr_t {
+
77 return reinterpret_cast<std::uintptr_t>(VirtualAlloc(
+
78 NULL, size, MEM_COMMIT | MEM_RESERVE,
+
79 section_type.mem_execute ? PAGE_EXECUTE_READWRITE : PAGE_READWRITE));
+
80 };
+
81
+
82 theo::recomp::copier_t copier = [&](std::uintptr_t ptr, void* buff,
+
83 std::uint32_t size) {
+
84 std::memcpy((void*)ptr, buff, size);
+
85 };
+
86
+
87 theo::recomp::resolver_t resolver = [&](std::string sym) -> std::uintptr_t {
+
88 auto loaded_modules = std::make_unique<HMODULE[]>(64);
+
89 std::uintptr_t result = 0u, loaded_module_sz = 0u;
+
90 if (!EnumProcessModules(GetCurrentProcess(), loaded_modules.get(), 512,
+
91 (PDWORD)&loaded_module_sz))
+
92 return {};
+
93
+
94 for (auto i = 0u; i < loaded_module_sz / 8u; i++) {
+
95 wchar_t file_name[MAX_PATH] = L"";
+
96 if (!GetModuleFileNameExW(GetCurrentProcess(), loaded_modules.get()[i],
+
97 file_name, _countof(file_name)))
+
98 continue;
+
99
+
100 if ((result = reinterpret_cast<std::uintptr_t>(
+
101 GetProcAddress(LoadLibraryW(file_name), sym.c_str()))))
+
102 break;
+
103 }
+
104 return result;
+
105 };
+
106
+
107 // init enc/dec tables only once... important that this is done before adding
+
108 // obfuscation passes to the engine...
+
109 //
+
110 xed_tables_init();
+
111
+
112 // order matters, the order in which the pass is added is the order they
+
113 // will be executed!
+
114 //
+
115 auto engine = theo::obf::engine_t::get();
+
116
+
117 // add in our hello world pass here
+
118 //
+
119 engine->add_pass(theo::obf::hello_world_pass_t::get());
+
120
+
121 // add the rest of the passes in this order. this order is important.
+
122 //
+
123 engine->add_pass(theo::obf::reloc_transform_pass_t::get());
+
124 engine->add_pass(theo::obf::next_inst_pass_t::get());
+
125 engine->add_pass(theo::obf::jcc_rewrite_pass_t::get());
+
126
+
127 std::string entry_name;
+
128 std::cout << "enter the name of the entry point: ";
+
129 std::cin >> entry_name;
+
130
+
131 // create a theo object and pass in the lib, your allocator, copier, and
+
132 // resolver functions, as well as the entry point symbol name.
+
133 //
+
134 theo::theo_t t(fdata, {allocator, copier, resolver}, entry_name.data());
+
135
+
136 // call the decompose method to decompose the lib into coff files and extract
+
137 // the symbols that are used. the result of this call will be an optional
+
138 // value containing the number of symbols extracted.
+
139 //
+
140 auto res = t.decompose();
+
141
+
142 if (!res.has_value()) {
+
143 spdlog::error("decomposition failed...\n");
+
144 return -1;
+
145 }
+
146
+
147 spdlog::info("decomposed {} symbols...", res.value());
+
148 auto entry_pnt = t.compose();
+
149 spdlog::info("entry point address: {:X}", entry_pnt);
+
150 reinterpret_cast<void (*)()>(entry_pnt)();
+
151}
+
+ +
+Generated by doxygen 1.9.3 +
+ + diff --git a/doxygen/html/df/d7d/next__inst__pass_8cpp.html b/doxygen/html/df/d7d/next__inst__pass_8cpp.html index 4a4d646..5722aa6 100644 --- a/doxygen/html/df/d7d/next__inst__pass_8cpp.html +++ b/doxygen/html/df/d7d/next__inst__pass_8cpp.html @@ -2,8 +2,8 @@ - - + + Theodosius: src/obf/passes/next_inst_pass.cpp File Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
Namespaces
-
-
next_inst_pass.cpp File Reference
+
next_inst_pass.cpp File Reference
-
#include <obf/passes/next_inst_pass.hpp>
+
#include <obf/passes/next_inst_pass.hpp>
-

Go to the source code of this file.

+

Go to the source code of this file.

- - + - +

+

Namespaces

 theo
namespace  theo
 The outer most encompassing namespace of this project.
 
 theo::obf
namespace  theo::obf
 this is the main namespace for obfuscation related things.
 
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/df/d7d/next__inst__pass_8cpp_source.html b/doxygen/html/df/d7d/next__inst__pass_8cpp_source.html new file mode 100644 index 0000000..f21c143 --- /dev/null +++ b/doxygen/html/df/d7d/next__inst__pass_8cpp_source.html @@ -0,0 +1,183 @@ + + + + + + + +Theodosius: src/obf/passes/next_inst_pass.cpp Source File + + + + + + + + + +
+
+ + + + + + + +
+
Theodosius v3.0 +
+
Jit linker, symbol mapper, and obfuscator
+
+
+ + + + + + + + +
+
+ + +
+ +
+ + +
+
+
next_inst_pass.cpp
+
+
+Go to the documentation of this file.
1// Copyright (c) 2022, _xeroxz
+
2// All rights reserved.
+
3//
+
4// Redistribution and use in source and binary forms, with or without
+
5// modification, are permitted provided that the following conditions are met:
+
6//
+
7// 1. Redistributions of source code must retain the above copyright notice,
+
8// this list of conditions and the following disclaimer.
+
9//
+
10// 2. Redistributions in binary form must reproduce the above copyright notice,
+
11// this list of conditions and the following disclaimer in the documentation
+
12// and/or other materials provided with the distribution.
+
13//
+
14// 3. Neither the name of the copyright holder nor the names of its
+
15// contributors may be used to endorse or promote products derived from
+
16// this software without specific prior written permission.
+
17//
+
18// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+
19// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+
20// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+
21// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+
22// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+
23// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+
24// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+
25// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+
26// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+
27// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+
28// POSSIBILITY OF SUCH DAMAGE.
+
29//
+
30
+
31#include <obf/passes/next_inst_pass.hpp>
+
32
+
33namespace theo::obf {
+
34next_inst_pass_t* next_inst_pass_t::get() {
+
35 static next_inst_pass_t obj;
+
36 return &obj;
+
37}
+
38void next_inst_pass_t::run(decomp::symbol_t* sym) {
+
39 std::optional<recomp::reloc_t*> reloc;
+
40 if (!(reloc = has_next_inst_reloc(sym)).has_value())
+
41 return;
+
42
+
43 xed_decoded_inst_t inst = m_tmp_inst;
+
44 std::vector<std::uint8_t> new_inst_bytes =
+
45 transform::generate(&inst, reloc.value(), 3, 6);
+
46
+
47 // add a push [rip+offset] and update reloc->offset()...
+
48 //
+
49 std::uint32_t inst_len = {};
+
50 std::uint8_t inst_buff[XED_MAX_INSTRUCTION_BYTES];
+
51
+
52 xed_error_enum_t err;
+
53 xed_encoder_request_t req;
+
54 xed_state_t istate{XED_MACHINE_MODE_LONG_64, XED_ADDRESS_WIDTH_64b};
+
55
+
56 xed_encoder_request_zero_set_mode(&req, &istate);
+
57 xed_encoder_request_set_effective_operand_width(&req, 64);
+
58 xed_encoder_request_set_iclass(&req, XED_ICLASS_PUSH);
+
59
+
60 xed_encoder_request_set_mem0(&req);
+
61 xed_encoder_request_set_operand_order(&req, 0, XED_OPERAND_MEM0);
+
62
+
63 xed_encoder_request_set_base0(&req, XED_REG_RIP);
+
64 xed_encoder_request_set_seg0(&req, XED_REG_INVALID);
+
65 xed_encoder_request_set_index(&req, XED_REG_INVALID);
+
66 xed_encoder_request_set_scale(&req, 0);
+
67
+
68 xed_encoder_request_set_memory_operand_length(&req, 8);
+
69 xed_encoder_request_set_memory_displacement(&req, new_inst_bytes.size() + 1,
+
70 1);
+
71
+
72 if ((err = xed_encode(&req, inst_buff, sizeof(inst_buff), &inst_len)) !=
+
73 XED_ERROR_NONE) {
+
74 spdlog::info("failed to encode instruction... reason: {}",
+
75 xed_error_enum_t2str(err));
+
76
+
77 assert(err == XED_ERROR_NONE);
+
78 }
+
79
+
80 new_inst_bytes.insert(new_inst_bytes.begin(), inst_buff,
+
81 inst_buff + inst_len);
+
82
+
83 // put a return instruction at the end of the decrypt instructions...
+
84 //
+
85 new_inst_bytes.push_back(0xC3);
+
86
+
87 sym->data().insert(sym->data().end(), new_inst_bytes.begin(),
+
88 new_inst_bytes.end());
+
89
+
90 reloc.value()->offset(sym->data().size());
+
91 sym->data().resize(sym->data().size() + 8);
+
92}
+
93
+
94std::optional<recomp::reloc_t*> next_inst_pass_t::has_next_inst_reloc(
+
95 decomp::symbol_t* sym) {
+
96 auto res = std::find_if(
+
97 sym->relocs().begin(), sym->relocs().end(),
+
98 [&](recomp::reloc_t& reloc) -> bool { return !reloc.offset(); });
+
99
+
100 return res != sym->relocs().end() ? &(*res)
+
101 : std::optional<recomp::reloc_t*>();
+
102}
+
103} // namespace theo::obf
+
+ +
+Generated by doxygen 1.9.3 +
+ + diff --git a/doxygen/html/df/db4/classtheo_1_1decomp_1_1routine__t.html b/doxygen/html/df/db4/classtheo_1_1decomp_1_1routine__t.html index 3810c34..8b404b5 100644 --- a/doxygen/html/df/db4/classtheo_1_1decomp_1_1routine__t.html +++ b/doxygen/html/df/db4/classtheo_1_1decomp_1_1routine__t.html @@ -2,8 +2,8 @@ - - + + Theodosius: theo::decomp::routine_t Class Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-Public Member Functions | -List of all members
-
-
theo::decomp::routine_t Class Reference
+Public Member Functions
+
theo::decomp::routine_t Class Reference

the routine class which is responsible for creating symbols for routines. if the routine is located inside a section with the name ".split" it will break functions into instruction symbols. More...

-

#include <routine.hpp>

+

#include "routine.hpp"

- @@ -96,9 +95,11 @@ Public Member Functions

+

Public Member Functions

 routine_t (coff::symbol_t *sym, coff::image_t *img, coff::section_header_t *scn, std::vector< std::uint8_t > &fn, sym_type_t dcmp_type)
 the explicit constructor for routine_t. More...
 

Detailed Description

-

the routine class which is responsible for creating symbols for routines. if the routine is located inside a section with the name ".split" it will break functions into instruction symbols.

+

the routine class which is responsible for creating symbols for routines. if the routine is located inside a section with the name ".split" it will break functions into instruction symbols.

+ +

Definition at line 53 of file routine.hpp.

Constructor & Destructor Documentation

- +

◆ routine_t()

@@ -161,13 +162,14 @@ Public Member Functions -
39  : m_img(img), m_scn(scn), m_data(fn), m_dcmp_type(dcmp_type), m_sym(sym) {}
-
theo::decomp::routine_t::scn
coff::section_header_t * scn()
gets the section header of the section in which the symbol is located in.
Definition: routine.cpp:168
+ +

Definition at line 34 of file routine.cpp.

+
39 : m_img(img), m_scn(scn), m_data(fn), m_dcmp_type(dcmp_type), m_sym(sym) {}

Member Function Documentation

- +

◆ data()

@@ -184,13 +186,17 @@ Public Member Functions

gets the function bytes.

Returns
the function bytes.
-
172  {
-
173  return m_data;
-
174 }
+ +

Definition at line 172 of file routine.cpp.

+
172 {
+
173 return m_data;
+
174}
+

Referenced by decompose().

+
- +

◆ decompose()

@@ -207,141 +213,140 @@ Public Member Functions

decompose the function into symbol(s).

Returns
symbol(s) of the function.
-
41  {
-
42  std::vector<decomp::symbol_t> result;
-
43 
-
44  switch (m_dcmp_type) {
-
45  case function: {
-
46  std::vector<recomp::reloc_t> relocs;
-
47  auto scn_relocs = reinterpret_cast<coff::reloc_t*>(
-
48  m_scn->ptr_relocs + reinterpret_cast<std::uint8_t*>(m_img));
-
49 
-
50  for (auto idx = 0u; idx < m_scn->num_relocs; ++idx) {
-
51  auto scn_reloc = &scn_relocs[idx];
-
52  // if the reloc is in the current function...
-
53  if (scn_reloc->virtual_address >= m_sym->value &&
-
54  scn_reloc->virtual_address < m_sym->value + m_data.size()) {
-
55  auto sym_reloc = m_img->get_symbol(scn_relocs[idx].symbol_index);
-
56  auto sym_name = symbol_t::name(m_img, sym_reloc);
-
57  auto sym_hash = decomp::symbol_t::hash(sym_name.data());
-
58  relocs.push_back(
-
59  recomp::reloc_t(scn_reloc->virtual_address - m_sym->value,
-
60  sym_hash, sym_name.data()));
-
61  }
-
62  }
-
63 
-
64  result.push_back(decomp::symbol_t(
-
65  m_img, symbol_t::name(m_img, m_sym).data(), m_sym->value, m_data,
-
66  m_scn, m_sym, relocs, sym_type_t::function));
-
67  break;
-
68  }
-
69  case instruction: {
-
70  std::uint32_t offset = {};
-
71  xed_error_enum_t err;
-
72 
-
73  xed_decoded_inst_t instr;
-
74  xed_state_t istate{XED_MACHINE_MODE_LONG_64, XED_ADDRESS_WIDTH_64b};
-
75  xed_decoded_inst_zero_set_mode(&instr, &istate);
-
76 
-
77  // keep looping over the section, lower the number of bytes each time...
-
78  //
-
79  while ((err = xed_decode(&instr, m_data.data() + offset,
-
80  m_data.size() - offset)) == XED_ERROR_NONE) {
-
81  // symbol name is of the format: symbol@instroffset, I.E: main@11...
-
82  //
-
83  auto new_sym_name = symbol_t::name(m_img, m_sym);
-
84 
-
85  // first instruction doesnt need the @offset...
-
86  //
-
87  if (offset)
-
88  new_sym_name.append("@").append(std::to_string(offset));
-
89 
-
90  std::vector<recomp::reloc_t> relocs;
-
91  auto scn_relocs = reinterpret_cast<coff::reloc_t*>(
-
92  m_scn->ptr_relocs + reinterpret_cast<std::uint8_t*>(m_img));
-
93 
-
94  // find if this instruction has a relocation or not...
-
95  // if so, return the reloc_t...
-
96  //
-
97  auto reloc = std::find_if(
-
98  scn_relocs, scn_relocs + m_scn->num_relocs,
-
99  [&](coff::reloc_t reloc) {
-
100  return reloc.virtual_address >= m_sym->value + offset &&
-
101  reloc.virtual_address <
-
102  m_sym->value + offset +
-
103  xed_decoded_inst_get_length(&instr);
-
104  });
-
105 
-
106  // if there is indeed a reloc for this instruction...
-
107  //
-
108  if (reloc != scn_relocs + m_scn->num_relocs) {
-
109  auto sym_reloc = m_img->get_symbol(reloc->symbol_index);
-
110  auto sym_name = symbol_t::name(m_img, sym_reloc);
-
111  auto sym_hash = decomp::symbol_t::hash(sym_name.data());
-
112  auto reloc_offset = reloc->virtual_address - m_sym->value - offset;
-
113 
-
114  relocs.push_back(
-
115  recomp::reloc_t(reloc_offset, sym_hash, sym_name.data()));
-
116  }
-
117 
-
118  // add a reloc to the next instruction...
-
119  // note that the offset is ZERO... comp_t will understand that
-
120  // relocs with offset ZERO means the next instructions...
-
121  //
-
122  auto next_inst_sym =
-
123  symbol_t::name(m_img, m_sym)
-
124  .append("@")
-
125  .append(std::to_string(offset +
-
126  xed_decoded_inst_get_length(&instr)));
-
127 
-
128  relocs.push_back(recomp::reloc_t(
-
129  0, decomp::symbol_t::hash(next_inst_sym), next_inst_sym.data()));
-
130 
-
131  // get the instructions bytes
-
132  //
-
133  std::vector<std::uint8_t> inst_bytes(
-
134  m_data.data() + offset,
-
135  m_data.data() + offset + xed_decoded_inst_get_length(&instr));
-
136 
-
137  result.push_back(decomp::symbol_t(m_img, new_sym_name, offset,
-
138  inst_bytes, m_scn, m_sym, relocs,
-
139  sym_type_t::instruction));
-
140 
-
141  // after creating the symbol and dealing with relocs then print the
-
142  // information we have concluded...
-
143  //
-
144  char buff[255];
-
145  offset += xed_decoded_inst_get_length(&instr);
-
146  xed_format_context(XED_SYNTAX_INTEL, &instr, buff, sizeof buff, NULL,
-
147  NULL, NULL);
-
148 
-
149  spdlog::info("{}: {}", new_sym_name, buff);
-
150  // need to set this so that instr can be used to decode again...
-
151  xed_decoded_inst_zero_set_mode(&instr, &istate);
-
152  }
-
153 
-
154  // remove the relocation to the next symbol from the last instruction
-
155  //
-
156  auto& last_inst = result.back();
-
157  auto& last_inst_relocs = last_inst.relocs();
-
158  last_inst_relocs.erase(last_inst_relocs.end() - 1);
-
159  break;
-
160  }
-
161  default:
-
162  break;
-
163  }
-
164 
-
165  return result;
-
166 }
-
theo::decomp::routine_t::data
std::vector< std::uint8_t > data()
gets the function bytes.
Definition: routine.cpp:172
-
theo::decomp::symbol_t::name
std::string name() const
gets the name of the symbol.
Definition: symbol.cpp:52
-
theo::decomp::symbol_t::hash
std::size_t hash()
gets the hash of the symbol name.
Definition: symbol.cpp:88
-
theo::decomp::instruction
@ instruction
Definition: symbol.hpp:45
-
theo::decomp::function
@ function
Definition: symbol.hpp:44
+ +

Definition at line 41 of file routine.cpp.

+
41 {
+
42 std::vector<decomp::symbol_t> result;
+
43
+
44 switch (m_dcmp_type) {
+
45 case function: {
+
46 std::vector<recomp::reloc_t> relocs;
+
47 auto scn_relocs = reinterpret_cast<coff::reloc_t*>(
+
48 m_scn->ptr_relocs + reinterpret_cast<std::uint8_t*>(m_img));
+
49
+
50 for (auto idx = 0u; idx < m_scn->num_relocs; ++idx) {
+
51 auto scn_reloc = &scn_relocs[idx];
+
52 // if the reloc is in the current function...
+
53 if (scn_reloc->virtual_address >= m_sym->value &&
+
54 scn_reloc->virtual_address < m_sym->value + m_data.size()) {
+
55 auto sym_reloc = m_img->get_symbol(scn_relocs[idx].symbol_index);
+
56 auto sym_name = symbol_t::name(m_img, sym_reloc);
+
57 auto sym_hash = decomp::symbol_t::hash(sym_name.data());
+
58 relocs.push_back(
+
59 recomp::reloc_t(scn_reloc->virtual_address - m_sym->value,
+
60 sym_hash, sym_name.data()));
+
61 }
+
62 }
+
63
+
64 result.push_back(decomp::symbol_t(
+
65 m_img, symbol_t::name(m_img, m_sym).data(), m_sym->value, m_data,
+
66 m_scn, m_sym, relocs, sym_type_t::function));
+
67 break;
+
68 }
+
69 case instruction: {
+
70 std::uint32_t offset = {};
+
71 xed_error_enum_t err;
+
72
+
73 xed_decoded_inst_t instr;
+
74 xed_state_t istate{XED_MACHINE_MODE_LONG_64, XED_ADDRESS_WIDTH_64b};
+
75 xed_decoded_inst_zero_set_mode(&instr, &istate);
+
76
+
77 // keep looping over the section, lower the number of bytes each time...
+
78 //
+
79 while ((err = xed_decode(&instr, m_data.data() + offset,
+
80 m_data.size() - offset)) == XED_ERROR_NONE) {
+
81 // symbol name is of the format: symbol@instroffset, I.E: main@11...
+
82 //
+
83 auto new_sym_name = symbol_t::name(m_img, m_sym);
+
84
+
85 // first instruction doesnt need the @offset...
+
86 //
+
87 if (offset)
+
88 new_sym_name.append("@").append(std::to_string(offset));
+
89
+
90 std::vector<recomp::reloc_t> relocs;
+
91 auto scn_relocs = reinterpret_cast<coff::reloc_t*>(
+
92 m_scn->ptr_relocs + reinterpret_cast<std::uint8_t*>(m_img));
+
93
+
94 // find if this instruction has a relocation or not...
+
95 // if so, return the reloc_t...
+
96 //
+
97 auto reloc = std::find_if(
+
98 scn_relocs, scn_relocs + m_scn->num_relocs,
+
99 [&](coff::reloc_t reloc) {
+
100 return reloc.virtual_address >= m_sym->value + offset &&
+
101 reloc.virtual_address <
+
102 m_sym->value + offset +
+
103 xed_decoded_inst_get_length(&instr);
+
104 });
+
105
+
106 // if there is indeed a reloc for this instruction...
+
107 //
+
108 if (reloc != scn_relocs + m_scn->num_relocs) {
+
109 auto sym_reloc = m_img->get_symbol(reloc->symbol_index);
+
110 auto sym_name = symbol_t::name(m_img, sym_reloc);
+
111 auto sym_hash = decomp::symbol_t::hash(sym_name.data());
+
112 auto reloc_offset = reloc->virtual_address - m_sym->value - offset;
+
113
+
114 relocs.push_back(
+
115 recomp::reloc_t(reloc_offset, sym_hash, sym_name.data()));
+
116 }
+
117
+
118 // add a reloc to the next instruction...
+
119 // note that the offset is ZERO... comp_t will understand that
+
120 // relocs with offset ZERO means the next instructions...
+
121 //
+
122 auto next_inst_sym =
+
123 symbol_t::name(m_img, m_sym)
+
124 .append("@")
+
125 .append(std::to_string(offset +
+
126 xed_decoded_inst_get_length(&instr)));
+
127
+
128 relocs.push_back(recomp::reloc_t(
+
129 0, decomp::symbol_t::hash(next_inst_sym), next_inst_sym.data()));
+
130
+
131 // get the instructions bytes
+
132 //
+
133 std::vector<std::uint8_t> inst_bytes(
+
134 m_data.data() + offset,
+
135 m_data.data() + offset + xed_decoded_inst_get_length(&instr));
+
136
+
137 result.push_back(decomp::symbol_t(m_img, new_sym_name, offset,
+
138 inst_bytes, m_scn, m_sym, relocs,
+
139 sym_type_t::instruction));
+
140
+
141 // after creating the symbol and dealing with relocs then print the
+
142 // information we have concluded...
+
143 //
+
144 char buff[255];
+
145 offset += xed_decoded_inst_get_length(&instr);
+
146 xed_format_context(XED_SYNTAX_INTEL, &instr, buff, sizeof buff, NULL,
+
147 NULL, NULL);
+
148
+
149 spdlog::info("{}: {}", new_sym_name, buff);
+
150 // need to set this so that instr can be used to decode again...
+
151 xed_decoded_inst_zero_set_mode(&instr, &istate);
+
152 }
+
153
+
154 // remove the relocation to the next symbol from the last instruction
+
155 //
+
156 auto& last_inst = result.back();
+
157 auto& last_inst_relocs = last_inst.relocs();
+
158 last_inst_relocs.erase(last_inst_relocs.end() - 1);
+
159 break;
+
160 }
+
161 default:
+
162 break;
+
163 }
+
164
+
165 return result;
+
166}
+

References data(), theo::decomp::function, theo::decomp::symbol_t::hash(), theo::decomp::instruction, and theo::decomp::symbol_t::name().

+
- +

◆ scn()

@@ -358,20 +363,22 @@ Public Member Functions

gets the section header of the section in which the symbol is located in.

Returns
the section header of the section in which the symbol is located in.
-
168  {
-
169  return m_scn;
-
170 }
+ +

Definition at line 168 of file routine.cpp.

+
168 {
+
169 return m_scn;
+
170}
The documentation for this class was generated from the following files:
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/dir_13fb3109ea9f625158dab961edf6214d.html b/doxygen/html/dir_13fb3109ea9f625158dab961edf6214d.html index 664c92f..d2a86f7 100644 --- a/doxygen/html/dir_13fb3109ea9f625158dab961edf6214d.html +++ b/doxygen/html/dir_13fb3109ea9f625158dab961edf6214d.html @@ -2,8 +2,8 @@ - - + + Theodosius: include/obf/passes Directory Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-
-
passes Directory Reference
+
passes Directory Reference
- - + - + - +

+

Files

file  jcc_rewrite_pass.hpp [code]
file  jcc_rewrite_pass.hpp [code]
 
file  next_inst_pass.hpp [code]
file  next_inst_pass.hpp [code]
 
file  reloc_transform_pass.hpp [code]
file  reloc_transform_pass.hpp [code]
 
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/dir_1a96c2bb8e6464c69de5f985611044b4.html b/doxygen/html/dir_1a96c2bb8e6464c69de5f985611044b4.html index cb12e33..d20ad12 100644 --- a/doxygen/html/dir_1a96c2bb8e6464c69de5f985611044b4.html +++ b/doxygen/html/dir_1a96c2bb8e6464c69de5f985611044b4.html @@ -2,8 +2,8 @@ - - + + Theodosius: src/decomp Directory Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-
-
decomp Directory Reference
+
decomp Directory Reference
- - + - + - +

+

Files

file  decomp.cpp [code]
file  decomp.cpp [code]
 
file  routine.cpp [code]
file  routine.cpp [code]
 
file  symbol.cpp [code]
file  symbol.cpp [code]
 
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/dir_2ff93ba14c434dbcd5d31be832ec37b1.html b/doxygen/html/dir_2ff93ba14c434dbcd5d31be832ec37b1.html index 9e39607..8c81d9a 100644 --- a/doxygen/html/dir_2ff93ba14c434dbcd5d31be832ec37b1.html +++ b/doxygen/html/dir_2ff93ba14c434dbcd5d31be832ec37b1.html @@ -2,8 +2,8 @@ - - + + Theodosius: include/decomp Directory Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-
-
decomp Directory Reference
+
decomp Directory Reference
- - + - + - +

+

Files

file  decomp.hpp [code]
file  decomp.hpp [code]
 
file  routine.hpp [code]
file  routine.hpp [code]
 
file  symbol.hpp [code]
file  symbol.hpp [code]
 
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/dir_68267d1309a1af8e8297ef4c3efbcdba.html b/doxygen/html/dir_68267d1309a1af8e8297ef4c3efbcdba.html index 4bffd54..4e5169a 100644 --- a/doxygen/html/dir_68267d1309a1af8e8297ef4c3efbcdba.html +++ b/doxygen/html/dir_68267d1309a1af8e8297ef4c3efbcdba.html @@ -2,8 +2,8 @@ - - + + Theodosius: src Directory Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-
-
src Directory Reference
+
src Directory Reference
- - + - + - +

+

Directories

directory  decomp
directory  decomp
 
directory  obf
directory  obf
 
directory  recomp
directory  recomp
 
- - +

+

Files

file  theo.cpp [code]
file  theo.cpp [code]
 
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/dir_84420232f7d21f2837bd8f918b6fc033.html b/doxygen/html/dir_84420232f7d21f2837bd8f918b6fc033.html index fc51cc5..c6d7997 100644 --- a/doxygen/html/dir_84420232f7d21f2837bd8f918b6fc033.html +++ b/doxygen/html/dir_84420232f7d21f2837bd8f918b6fc033.html @@ -2,8 +2,8 @@ - - + + Theodosius: src/obf Directory Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-
-
obf Directory Reference
+
obf Directory Reference
- - +

+

Directories

directory  passes
directory  passes
 
- - +

+

Files

file  engine.cpp [code]
file  engine.cpp [code]
 
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/dir_d28a4824dc47e487b107a5db32ef43c4.html b/doxygen/html/dir_d28a4824dc47e487b107a5db32ef43c4.html index 818827c..547ccf3 100644 --- a/doxygen/html/dir_d28a4824dc47e487b107a5db32ef43c4.html +++ b/doxygen/html/dir_d28a4824dc47e487b107a5db32ef43c4.html @@ -2,8 +2,8 @@ - - + + Theodosius: examples Directory Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-
-
examples Directory Reference
+
examples Directory Reference
- - +

+

Directories

directory  demo
directory  demo
 
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/dir_d44c64559bbebec7f509842c48db8b23.html b/doxygen/html/dir_d44c64559bbebec7f509842c48db8b23.html index d54bd86..cc9c20d 100644 --- a/doxygen/html/dir_d44c64559bbebec7f509842c48db8b23.html +++ b/doxygen/html/dir_d44c64559bbebec7f509842c48db8b23.html @@ -2,8 +2,8 @@ - - + + Theodosius: include Directory Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-
-
include Directory Reference
+
include Directory Reference
- - + - + - +

+

Directories

directory  decomp
directory  decomp
 
directory  obf
directory  obf
 
directory  recomp
directory  recomp
 
- - +

+

Files

file  theo.hpp [code]
file  theo.hpp [code]
 
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/dir_d92462d752f7a277bbc0245a347b2579.html b/doxygen/html/dir_d92462d752f7a277bbc0245a347b2579.html index 57c12cd..e9f5d19 100644 --- a/doxygen/html/dir_d92462d752f7a277bbc0245a347b2579.html +++ b/doxygen/html/dir_d92462d752f7a277bbc0245a347b2579.html @@ -2,8 +2,8 @@ - - + + Theodosius: include/recomp Directory Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-
-
recomp Directory Reference
+
recomp Directory Reference
- - + - + - +

+

Files

file  recomp.hpp [code]
file  recomp.hpp [code]
 
file  reloc.hpp [code]
file  reloc.hpp [code]
 
file  symbol_table.hpp [code]
file  symbol_table.hpp [code]
 
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/dir_dca6cbf37515070a04f03d98baa5bc62.html b/doxygen/html/dir_dca6cbf37515070a04f03d98baa5bc62.html index 21984dd..9cb4de4 100644 --- a/doxygen/html/dir_dca6cbf37515070a04f03d98baa5bc62.html +++ b/doxygen/html/dir_dca6cbf37515070a04f03d98baa5bc62.html @@ -2,8 +2,8 @@ - - + + Theodosius: src/obf/passes Directory Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-
-
passes Directory Reference
+
passes Directory Reference
- - + - + - +

+

Files

file  jcc_rewrite_pass.cpp [code]
file  jcc_rewrite_pass.cpp [code]
 
file  next_inst_pass.cpp [code]
file  next_inst_pass.cpp [code]
 
file  reloc_transform_pass.cpp [code]
file  reloc_transform_pass.cpp [code]
 
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/dir_e05ad14af1d92d65b2ce06383c709496.html b/doxygen/html/dir_e05ad14af1d92d65b2ce06383c709496.html index b1607e3..7dc69b8 100644 --- a/doxygen/html/dir_e05ad14af1d92d65b2ce06383c709496.html +++ b/doxygen/html/dir_e05ad14af1d92d65b2ce06383c709496.html @@ -2,8 +2,8 @@ - - + + Theodosius: examples/demo Directory Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-
-
demo Directory Reference
+
demo Directory Reference
- - + - +

+

Files

file  hello_world_pass.hpp [code]
file  hello_world_pass.hpp [code]
 
file  main.cpp [code]
file  main.cpp [code]
 
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/dir_e9c14650d9055e552e1edadf0640c741.html b/doxygen/html/dir_e9c14650d9055e552e1edadf0640c741.html index 05c4ead..dfc1c97 100644 --- a/doxygen/html/dir_e9c14650d9055e552e1edadf0640c741.html +++ b/doxygen/html/dir_e9c14650d9055e552e1edadf0640c741.html @@ -2,8 +2,8 @@ - - + + Theodosius: src/recomp Directory Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-
-
recomp Directory Reference
+
recomp Directory Reference
- - + - +

+

Files

file  recomp.cpp [code]
file  recomp.cpp [code]
 
file  symbol_table.cpp [code]
file  symbol_table.cpp [code]
 
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/dir_ef99456410776b930b88f5850437ce61.html b/doxygen/html/dir_ef99456410776b930b88f5850437ce61.html index a899f40..5a07010 100644 --- a/doxygen/html/dir_ef99456410776b930b88f5850437ce61.html +++ b/doxygen/html/dir_ef99456410776b930b88f5850437ce61.html @@ -2,8 +2,8 @@ - - + + Theodosius: include/obf Directory Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-
-
obf Directory Reference
+
obf Directory Reference
- - + - +

+

Directories

directory  passes
directory  passes
 
directory  transform
directory  transform
 
- - + - +

+

Files

file  engine.hpp [code]
file  engine.hpp [code]
 
file  pass.hpp [code]
file  pass.hpp [code]
 
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/dir_fa1ee7704f0ab8e5fd961a68bf21be50.html b/doxygen/html/dir_fa1ee7704f0ab8e5fd961a68bf21be50.html index 6cf3616..5ed50cb 100644 --- a/doxygen/html/dir_fa1ee7704f0ab8e5fd961a68bf21be50.html +++ b/doxygen/html/dir_fa1ee7704f0ab8e5fd961a68bf21be50.html @@ -2,8 +2,8 @@ - - + + Theodosius: include/obf/transform Directory Reference @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
-
-
transform Directory Reference
+
transform Directory Reference
- - + - + - + - + - + - + - + - +

+

Files

file  add_op.hpp [code]
file  add_op.hpp [code]
 
file  gen.hpp [code]
file  gen.hpp [code]
 
file  operation.hpp [code]
file  operation.hpp [code]
 
file  rol_op.hpp [code]
file  rol_op.hpp [code]
 
file  ror_op.hpp [code]
file  ror_op.hpp [code]
 
file  sub_op.hpp [code]
file  sub_op.hpp [code]
 
file  transform.hpp [code]
file  transform.hpp [code]
 
file  xor_op.hpp [code]
file  xor_op.hpp [code]
 
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/doxygen.css b/doxygen/html/doxygen.css index ffbff02..9036737 100644 --- a/doxygen/html/doxygen.css +++ b/doxygen/html/doxygen.css @@ -1,4 +1,4 @@ -/* The standard CSS for doxygen 1.9.1 */ +/* The standard CSS for doxygen 1.9.3 */ body, table, div, p, dl { font: 400 14px/22px Roboto,sans-serif; @@ -228,6 +228,33 @@ a.codeRef, a.codeRef:visited, a.lineRef, a.lineRef:visited { color: #4665A2; } +a.code.hl_class { /* style for links to class names in code snippets */ } +a.code.hl_struct { /* style for links to struct names in code snippets */ } +a.code.hl_union { /* style for links to union names in code snippets */ } +a.code.hl_interface { /* style for links to interface names in code snippets */ } +a.code.hl_protocol { /* style for links to protocol names in code snippets */ } +a.code.hl_category { /* style for links to category names in code snippets */ } +a.code.hl_exception { /* style for links to exception names in code snippets */ } +a.code.hl_service { /* style for links to service names in code snippets */ } +a.code.hl_singleton { /* style for links to singleton names in code snippets */ } +a.code.hl_concept { /* style for links to concept names in code snippets */ } +a.code.hl_namespace { /* style for links to namespace names in code snippets */ } +a.code.hl_package { /* style for links to package names in code snippets */ } +a.code.hl_define { /* style for links to macro names in code snippets */ } +a.code.hl_function { /* style for links to function names in code snippets */ } +a.code.hl_variable { /* style for links to variable names in code snippets */ } +a.code.hl_typedef { /* style for links to typedef names in code snippets */ } +a.code.hl_enumvalue { /* style for links to enum value names in code snippets */ } +a.code.hl_enumeration { /* style for links to enumeration names in code snippets */ } +a.code.hl_signal { /* style for links to Qt signal names in code snippets */ } +a.code.hl_slot { /* style for links to Qt slot names in code snippets */ } +a.code.hl_friend { /* style for links to friend names in code snippets */ } +a.code.hl_dcop { /* style for links to KDE3 DCOP names in code snippets */ } +a.code.hl_property { /* style for links to property names in code snippets */ } +a.code.hl_event { /* style for links to event names in code snippets */ } +a.code.hl_sequence { /* style for links to sequence names in code snippets */ } +a.code.hl_dictionary { /* style for links to dictionary names in code snippets */ } + /* @end */ dl.el { @@ -235,7 +262,7 @@ dl.el { } ul { - overflow: hidden; /*Fixed: list item bullets overlap floating elements*/ + overflow: visible; } #side-nav ul { @@ -313,6 +340,7 @@ div.line.glow { span.lineno { padding-right: 4px; + margin-right: 9px; text-align: right; border-right: 2px solid #0F0; background-color: #E8E8E8; @@ -439,6 +467,12 @@ img.footer { vertical-align: middle; } +.compoundTemplParams { + color: #4665A2; + font-size: 80%; + line-height: 120%; +} + /* @group Code Colorization */ span.keyword { @@ -1322,6 +1356,11 @@ dl.section dd { } +#projectrow +{ + height: 56px; +} + #projectlogo { text-align: center; @@ -1337,18 +1376,19 @@ dl.section dd { #projectalign { vertical-align: middle; + padding-left: 0.5em; } #projectname { - font: 300% Tahoma, Arial,sans-serif; + font: 200% Tahoma, Arial,sans-serif; margin: 0px; padding: 2px 0px; } #projectbrief { - font: 120% Tahoma, Arial,sans-serif; + font: 90% Tahoma, Arial,sans-serif; margin: 0px; padding: 0px; } @@ -1487,6 +1527,10 @@ span.emoji { */ } +span.obfuscator { + display: none; +} + .PageDocRTL-title div.toc li.level1 { margin-left: 0 !important; margin-right: 0; @@ -1541,7 +1585,7 @@ tr.heading h2 { #powerTip { cursor: default; - white-space: nowrap; + /*white-space: nowrap;*/ background-color: white; border: 1px solid gray; border-radius: 4px 4px 4px 4px; @@ -1780,6 +1824,10 @@ table.DocNodeLTR { margin-left: 0; } +code.JavaDocCode + direction:ltr; +} + tt, code, kbd, samp { display: inline-block; diff --git a/doxygen/html/dynsections.js b/doxygen/html/dynsections.js index 88f2c27..3174bd7 100644 --- a/doxygen/html/dynsections.js +++ b/doxygen/html/dynsections.js @@ -119,10 +119,3 @@ function toggleInherit(id) } } /* @license-end */ - -$(document).ready(function() { - $('.code,.codeRef').each(function() { - $(this).data('powertip',$('#a'+$(this).attr('href').replace(/.*\//,'').replace(/[^a-z_A-Z0-9]/g,'_')).html()); - $(this).powerTip({ placement: 's', smartPlacement: true, mouseOnToPopup: true }); - }); -}); diff --git a/doxygen/html/files.html b/doxygen/html/files.html index ff64585..dcd8da5 100644 --- a/doxygen/html/files.html +++ b/doxygen/html/files.html @@ -2,8 +2,8 @@ - - + + Theodosius: File List @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
@@ -63,63 +64,62 @@ $(function() {
-
-
File List
+
File List
Here is a list of all files with brief descriptions:
[detail level 1234]
- - + + - - - + + + - - - + + + - - - - - - - - - - + + + + + + + + + + - - - - + + + + - - - + + + - - - - + + + + - - - + + +
  examples
  demo
 hello_world_pass.hpp
 main.cpp
 hello_world_pass.hpp
 main.cpp
  include
  decomp
 decomp.hpp
 routine.hpp
 symbol.hpp
 decomp.hpp
 routine.hpp
 symbol.hpp
  obf
  passes
 jcc_rewrite_pass.hpp
 next_inst_pass.hpp
 reloc_transform_pass.hpp
 jcc_rewrite_pass.hpp
 next_inst_pass.hpp
 reloc_transform_pass.hpp
  transform
 add_op.hpp
 gen.hpp
 operation.hpp
 rol_op.hpp
 ror_op.hpp
 sub_op.hpp
 transform.hpp
 xor_op.hpp
 engine.hpp
 pass.hpp
 add_op.hpp
 gen.hpp
 operation.hpp
 rol_op.hpp
 ror_op.hpp
 sub_op.hpp
 transform.hpp
 xor_op.hpp
 engine.hpp
 pass.hpp
  recomp
 recomp.hpp
 reloc.hpp
 symbol_table.hpp
 theo.hpp
 recomp.hpp
 reloc.hpp
 symbol_table.hpp
 theo.hpp
  src
  decomp
 decomp.cpp
 routine.cpp
 symbol.cpp
 decomp.cpp
 routine.cpp
 symbol.cpp
  obf
  passes
 jcc_rewrite_pass.cpp
 next_inst_pass.cpp
 reloc_transform_pass.cpp
 engine.cpp
 jcc_rewrite_pass.cpp
 next_inst_pass.cpp
 reloc_transform_pass.cpp
 engine.cpp
  recomp
 recomp.cpp
 symbol_table.cpp
 theo.cpp
 recomp.cpp
 symbol_table.cpp
 theo.cpp
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/functions.html b/doxygen/html/functions.html index 1038d9f..db6cdb4 100644 --- a/doxygen/html/functions.html +++ b/doxygen/html/functions.html @@ -2,10 +2,10 @@ - - + + -Theodosius: Class Members +Theodosius: Data Fields @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
@@ -63,234 +64,114 @@ $(function() {
-
Here is a list of all class members with links to the classes they belong to:
- -

- a -

-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/functions_func.html b/doxygen/html/functions_func.html index f626088..a791533 100644 --- a/doxygen/html/functions_func.html +++ b/doxygen/html/functions_func.html @@ -2,10 +2,10 @@ - - + + -Theodosius: Class Members - Functions +Theodosius: Data Fields - Functions @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
@@ -65,232 +66,112 @@ $(function() {
  -

- a -

-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/globals.html b/doxygen/html/globals.html index 5783ada..ea0e64b 100644 --- a/doxygen/html/globals.html +++ b/doxygen/html/globals.html @@ -2,10 +2,10 @@ - - + + -Theodosius: File Members +Theodosius: Globals @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
@@ -63,24 +64,15 @@ $(function() {
-
Here is a list of all file members with links to the files they belong to:
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/globals_defs.html b/doxygen/html/globals_defs.html index 8854954..d444c58 100644 --- a/doxygen/html/globals_defs.html +++ b/doxygen/html/globals_defs.html @@ -2,10 +2,10 @@ - - + + -Theodosius: File Members +Theodosius: Globals @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
@@ -64,20 +65,13 @@ $(function() {
 
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/globals_func.html b/doxygen/html/globals_func.html index cb2ddcb..2cf5038 100644 --- a/doxygen/html/globals_func.html +++ b/doxygen/html/globals_func.html @@ -2,10 +2,10 @@ - - + + -Theodosius: File Members +Theodosius: Globals @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
@@ -64,14 +65,12 @@ $(function() {
 
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/hierarchy.html b/doxygen/html/hierarchy.html index fa747e8..98c0196 100644 --- a/doxygen/html/hierarchy.html +++ b/doxygen/html/hierarchy.html @@ -2,8 +2,8 @@ - - + + Theodosius: Class Hierarchy @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
@@ -63,37 +64,36 @@ $(function() {
-
-
Class Hierarchy
+
Class Hierarchy
This inheritance list is sorted roughly, but not completely, alphabetically:
[detail level 12]
- - - + + + - + - + - +
 Ctheo::decomp::decomp_tthe main decomposition class which is responsible for breaking down lib file into coff files, and extracted used symbols from the coff files
 Ctheo::obf::engine_tsingleton obfuscation engine class. this class is responsible for keeping track of the registered passes and the order in which to execute them
 Ctheo::obf::transform::operation_toperation_t is the base class for all types of transformations. classes that inherit this class are singleton and simply call the super constructor (operation_t::operation_t)
 Ctheo::decomp::decomp_tthe main decomposition class which is responsible for breaking down lib file into coff files, and extracted used symbols from the coff files.
 Ctheo::obf::engine_tsingleton obfuscation engine class. this class is responsible for keeping track of the registered passes and the order in which to execute them.
 Ctheo::obf::transform::operation_toperation_t is the base class for all types of transformations. classes that inherit this class are singleton and simply call the super constructor (operation_t::operation_t).
 Ctheo::obf::transform::add_op_t
 Ctheo::obf::transform::rol_op_t
 Ctheo::obf::transform::ror_op_t
 Ctheo::obf::transform::sub_op_t
 Ctheo::obf::transform::xor_op_t
 Ctheo::obf::pass_tthe pass_t class is a base clase for all passes made. you must override the pass_t::run virtual function and declare the logic of your pass there
 Ctheo::obf::hello_world_pass_thello world pass example of how to inherit pass_t
 Ctheo::obf::hello_world_pass_thello world pass example of how to inherit pass_t.
 Ctheo::obf::jcc_rewrite_pass_tjcc rewrite pass which rewrites rip relative jcc's so that they are position independent
 Ctheo::obf::next_inst_pass_tThis pass is used to generate transformations and jmp code to change RIP to the next instruction
 Ctheo::obf::reloc_transform_pass_tthis pass is like the next_inst_pass, however, relocations are encrypted with transformations instead of the address of the next instruction. this pass only runs at the instruction level and appends transformations into the reloc_t object of the instruction symbol
 Ctheo::recomp::recomp_tthe main class responsible for recomposition
 Ctheo::recomp::reloc_tmeta data about a relocation for a symbol
 Ctheo::decomp::routine_tthe routine class which is responsible for creating symbols for routines. if the routine is located inside a section with the name ".split" it will break functions into instruction symbols
 Ctheo::decomp::routine_tthe routine class which is responsible for creating symbols for routines. if the routine is located inside a section with the name ".split" it will break functions into instruction symbols.
 Ctheo::decomp::symbol_tsymbol_t is an abstraction upon the coff symbol. this allows for easier manipulation of the symbol. symbols can be different things, sections, functions, and even instructions (when functions are broken down)
 Ctheo::recomp::symbol_table_tthis class is a high level wrapper for a hashmap that contains decomp::symbol_t values. the symbol values are references by a hashcode
 Ctheo::recomp::symbol_table_tthis class is a high level wrapper for a hashmap that contains decomp::symbol_t values. the symbol values are references by a hashcode.
 Ctheo::theo_tthe main class which encapsulates a symbol table, decomp, and recomp objects. This class is a bridge that connects all three: decomp, obf, recomp
-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/icon.png b/doxygen/html/icon.png new file mode 100644 index 0000000..507d65d Binary files /dev/null and b/doxygen/html/icon.png differ diff --git a/doxygen/html/index.html b/doxygen/html/index.html index fb4535f..b2fb004 100644 --- a/doxygen/html/index.html +++ b/doxygen/html/index.html @@ -2,8 +2,8 @@ - - + + Theodosius: Theodosius - Jit linker, Mapper, Mutator, and Obfuscator @@ -19,33 +19,34 @@
- - + +
-
Theodosius -  v3.0 +
+
Theodosius v3.0
-
Jit linker, mapper, obfuscator, and mutator
+
Jit linker, symbol mapper, and obfuscator
- + +/* @license-end */ +
@@ -62,12 +63,11 @@ $(function() {
-
-
-
Theodosius - Jit linker, Mapper, Mutator, and Obfuscator
+
+
Theodosius - Jit linker, Mapper, Mutator, and Obfuscator
-

Theodosius (Theo for short) is a jit linker created for obfuscation. The project is extremely modular in design and supports both kernel and usermode projects.

+

Theodosius (Theo for short) is a jit linker created for obfuscation. The project is extremely modular in design and supports both kernel and usermode projects. Theo works with static libraries rather than completely compiled binaries. This allows it to easily position, obfuscate, and scatter symbols anywhere as the project takes the place of the linker.

Table Of Contents

    @@ -107,33 +107,33 @@ Credit And Dependencies

Building

-

Download and install cmake on your system, then execute the following command in the root dir of this project:

+

Download and install cmake on your system, then execute the following command in the root dir of this project:

  • cmake -B build
-

Then navigate into dependencies/xed/ and run python3 mfile.py. Building XED can be tricky on windows, I suggest you use the visual studios console since it has env vars to everything needed to build XED. linux seems to build it just fine...

+

Then navigate into dependencies/xed/ and run python3 mfile.py. Building XED can be tricky on windows, I suggest you use the visual studios console since it has env vars to everything needed to build XED. linux seems to build it just fine...

Linking - Dynamic And Static

What Is A Linker

-

A linker is a program which takes object files produces by a compiler and generates a final executable native to the operating system. A linker interfaces with not only object files but also static libraries, "lib" files. What is a "lib" file? Well a lib file is just an archive of obj's. You can invision it as a zip/rar without any compression, just concatination of said object files.

-

Theo is a jit linker, which means it will link objs together and map them into memory all at once. For usability however, instead of handling object files, Theo can parse entire lib files and extract the objects out of the lib.

+

A linker is a program which takes object files produces by a compiler and generates a final executable native to the operating system. A linker interfaces with not only object files but also static libraries, "lib" files. What is a "lib" file? Well a lib file is just an archive of obj's. You can invision it as a zip/rar without any compression, just concatination of said object files.

+

Theo is a jit linker, which means it will link objs together and map them into memory all at once. For usability however, instead of handling object files, Theo can parse entire lib files and extract the objects out of the lib.

Object Files

-

If you define a c++ file called "main.cpp" the compiler will generate an object file by the name of "main.obj". When you refer to data or code defined in another c/c++ file, the linker uses a symbol table to resolve the address of said code/data. In this situation I am the linker and I resolve all of your symbols :).

+

If you define a c++ file called "main.cpp" the compiler will generate an object file by the name of "main.obj". When you refer to data or code defined in another c/c++ file, the linker uses a symbol table to resolve the address of said code/data. In this situation I am the linker and I resolve all of your symbols :).

Static Linking

-

Static linking is when the linker links entire routines not created by you, into your code. Say memcpy (if its not inlined), will be staticlly linked with the CRT. Static linking also allows for your code to be more independant as all the code you need you bring with you. However, with Theo, you cannot link static libraries which are not compiled with mcmodel=large. Theo supports actual static linking, in other words, using multiple static libraries at the same time.

+

Static linking is when the linker links entire routines not created by you, into your code. Say memcpy (if its not inlined), will be staticlly linked with the CRT. Static linking also allows for your code to be more independant as all the code you need you bring with you. However, with Theo, you cannot link static libraries which are not compiled with mcmodel=large. Theo supports actual static linking, in other words, using multiple static libraries at the same time.

Dynamic Linking

-

Dynamic linking is when external symbols are resolved at runtime. This is done by imports and exports in DLL's (dynamiclly linked libraries). Theo supports "dynamic linking", or in better terms, linking against exported routines. You can see examples of this inside of both usermode and kernelmode examples.

+

Dynamic linking is when external symbols are resolved at runtime. This is done by imports and exports in DLL's (dynamiclly linked libraries). Theo supports "dynamic linking", or in better terms, linking against exported routines. You can see examples of this inside of both usermode and kernelmode examples.

Usage - Using Theodosius

Integrating Clang

-

For integration with visual studios please open install llvm2019 extension, or llvm2017 extension. Once installed, create or open a visual studio project which you want to use with LLVM-Obfuscator and Theo. Open Properties --> Configuration Properties —> General, then set Platform Toolset to LLVM.

-

Once LLVM is selected, under the LLVM tab change the clang-cl location to the place where you extracted clang-cl.rar. Finally under Additional Compiler Options (same LLVM tab), set the following: -Xclang -std=c++1z -Xclang -mcode-model -Xclang large -Xclang -fno-jump-tables -mllvm -split -mllvm -split_num=4 -mllvm -sub_loop=4.

-

Please refer to the LLVM-Obfuscator Wiki for more information on commandline arguments.

+

For integration with visual studios please open install llvm2019 extension, or llvm2017 extension. Once installed, create or open a visual studio project which you want to use with LLVM-Obfuscator and Theo. Open Properties --> Configuration Properties —> General, then set Platform Toolset to LLVM.

+

Once LLVM is selected, under the LLVM tab change the clang-cl location to the place where you extracted clang-cl.rar. Finally under Additional Compiler Options (same LLVM tab), set the following: -Xclang -std=c++1z -Xclang -mcode-model -Xclang large -Xclang -fno-jump-tables -mllvm -split -mllvm -split_num=4 -mllvm -sub_loop=4.

+

Please refer to the LLVM-Obfuscator Wiki for more information on commandline arguments.

Requirements

    @@ -151,7 +151,7 @@ Requirements

RIP Relative Addressing

-

In order to allow for a routine to be scattered throughout a 64bit address space, RIP relative addressing must not be used. In order to facilitate this, a very special version of clang-cl is used which can use mcmodel=large. This will generate instructions which do not use RIP relative addressing when referencing symbols outside of the routine in which the instruction itself resides. The only exception to this is JCC instructions, (besides call) also known as branching instructions. Take this c++ code for an example:

+

In order to allow for a routine to be scattered throughout a 64bit address space, RIP relative addressing must not be used. In order to facilitate this, a very special version of clang-cl is used which can use mcmodel=large. This will generate instructions which do not use RIP relative addressing when referencing symbols outside of the routine in which the instruction itself resides. The only exception to this is JCC instructions, (besides call) also known as branching instructions. Take this c++ code for an example:

ObfuscateRoutine
extern "C" int ModuleEntry()
{
@@ -159,7 +159,7 @@ RIP Relative Addressing
UsermodeMutateDemo();
UsermodeNoObfuscation();
}
-

This c++ function, compiled by clang-cl with mcmodel=large, will generate a routine with the following instructions:

+

This c++ function, compiled by clang-cl with mcmodel=large, will generate a routine with the following instructions:

0x00: ; void UsermodeNoObfuscation(void)
0x00: public ?UsermodeNoObfuscation@@YAXXZ
0x00: ?UsermodeNoObfuscation@@YAXXZ proc near ; CODE XREF: ModuleEntry+42↓p
@@ -184,26 +184,26 @@ RIP Relative Addressing
0x4F: 48 83 C4 28 add rsp, 28h
0x53: C3 retn
0x53: ?UsermodeNoObfuscation@@YAXXZ endp
-

As you can see from the code above, (sorry for the terrible syntax highlighting), references to strings and calls to functions are done by first loading the address of the symbol into a register and then interfacing with the symbol.

+

As you can see from the code above, (sorry for the terrible syntax highlighting), references to strings and calls to functions are done by first loading the address of the symbol into a register and then interfacing with the symbol.

0x2D: 48 B8 A0 01 00 00 00 00 00 00 mov rax, offset MessageBoxA
; ...
0x3D: FF D0 call rax ; MessageBoxA
-

Each of these instructions can be anywhere in virtual memory and it would not effect code execution one bit.

+

Each of these instructions can be anywhere in virtual memory and it would not effect code execution one bit.

BSD 3-Clause License

-

Copyright (c) 2022, _xeroxz All rights reserved.

-

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

+

Copyright (c) 2022, _xeroxz All rights reserved.

+

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

  1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
  2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
  3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
-

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

+

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

-Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
diff --git a/doxygen/html/jquery.js b/doxygen/html/jquery.js index 103c32d..c9ed3d9 100644 --- a/doxygen/html/jquery.js +++ b/doxygen/html/jquery.js @@ -1,5 +1,5 @@ -/*! jQuery v3.4.1 | (c) JS Foundation and other contributors | jquery.org/license */ -!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],E=C.document,r=Object.getPrototypeOf,s=t.slice,g=t.concat,u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},x=function(e){return null!=e&&e===e.window},c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"object"==typeof e||"function"==typeof e?n[o.call(e)]||"object":typeof e}var f="3.4.1",k=function(e,t){return new k.fn.init(e,t)},p=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g;function d(e){var t=!!e&&"length"in e&&e.length,n=w(e);return!m(e)&&!x(e)&&("array"===n||0===t||"number"==typeof t&&0+~]|"+M+")"+M+"*"),U=new RegExp(M+"|>"),X=new RegExp($),V=new RegExp("^"+I+"$"),G={ID:new RegExp("^#("+I+")"),CLASS:new RegExp("^\\.("+I+")"),TAG:new RegExp("^("+I+"|[*])"),ATTR:new RegExp("^"+W),PSEUDO:new RegExp("^"+$),CHILD:new RegExp("^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\("+M+"*(even|odd|(([+-]|)(\\d*)n|)"+M+"*(?:([+-]|)"+M+"*(\\d+)|))"+M+"*\\)|)","i"),bool:new RegExp("^(?:"+R+")$","i"),needsContext:new RegExp("^"+M+"*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\("+M+"*((?:-\\d)?\\d*)"+M+"*\\)|)(?=[^-]|$)","i")},Y=/HTML$/i,Q=/^(?:input|select|textarea|button)$/i,J=/^h\d$/i,K=/^[^{]+\{\s*\[native \w/,Z=/^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/,ee=/[+~]/,te=new RegExp("\\\\([\\da-f]{1,6}"+M+"?|("+M+")|.)","ig"),ne=function(e,t,n){var r="0x"+t-65536;return r!=r||n?t:r<0?String.fromCharCode(r+65536):String.fromCharCode(r>>10|55296,1023&r|56320)},re=/([\0-\x1f\x7f]|^-?\d)|^-$|[^\0-\x1f\x7f-\uFFFF\w-]/g,ie=function(e,t){return t?"\0"===e?"\ufffd":e.slice(0,-1)+"\\"+e.charCodeAt(e.length-1).toString(16)+" ":"\\"+e},oe=function(){T()},ae=be(function(e){return!0===e.disabled&&"fieldset"===e.nodeName.toLowerCase()},{dir:"parentNode",next:"legend"});try{H.apply(t=O.call(m.childNodes),m.childNodes),t[m.childNodes.length].nodeType}catch(e){H={apply:t.length?function(e,t){L.apply(e,O.call(t))}:function(e,t){var n=e.length,r=0;while(e[n++]=t[r++]);e.length=n-1}}}function se(t,e,n,r){var i,o,a,s,u,l,c,f=e&&e.ownerDocument,p=e?e.nodeType:9;if(n=n||[],"string"!=typeof t||!t||1!==p&&9!==p&&11!==p)return n;if(!r&&((e?e.ownerDocument||e:m)!==C&&T(e),e=e||C,E)){if(11!==p&&(u=Z.exec(t)))if(i=u[1]){if(9===p){if(!(a=e.getElementById(i)))return n;if(a.id===i)return n.push(a),n}else if(f&&(a=f.getElementById(i))&&y(e,a)&&a.id===i)return n.push(a),n}else{if(u[2])return H.apply(n,e.getElementsByTagName(t)),n;if((i=u[3])&&d.getElementsByClassName&&e.getElementsByClassName)return H.apply(n,e.getElementsByClassName(i)),n}if(d.qsa&&!A[t+" "]&&(!v||!v.test(t))&&(1!==p||"object"!==e.nodeName.toLowerCase())){if(c=t,f=e,1===p&&U.test(t)){(s=e.getAttribute("id"))?s=s.replace(re,ie):e.setAttribute("id",s=k),o=(l=h(t)).length;while(o--)l[o]="#"+s+" "+xe(l[o]);c=l.join(","),f=ee.test(t)&&ye(e.parentNode)||e}try{return H.apply(n,f.querySelectorAll(c)),n}catch(e){A(t,!0)}finally{s===k&&e.removeAttribute("id")}}}return g(t.replace(B,"$1"),e,n,r)}function ue(){var r=[];return function e(t,n){return r.push(t+" ")>b.cacheLength&&delete e[r.shift()],e[t+" "]=n}}function le(e){return e[k]=!0,e}function ce(e){var t=C.createElement("fieldset");try{return!!e(t)}catch(e){return!1}finally{t.parentNode&&t.parentNode.removeChild(t),t=null}}function fe(e,t){var n=e.split("|"),r=n.length;while(r--)b.attrHandle[n[r]]=t}function pe(e,t){var n=t&&e,r=n&&1===e.nodeType&&1===t.nodeType&&e.sourceIndex-t.sourceIndex;if(r)return r;if(n)while(n=n.nextSibling)if(n===t)return-1;return e?1:-1}function de(t){return function(e){return"input"===e.nodeName.toLowerCase()&&e.type===t}}function he(n){return function(e){var t=e.nodeName.toLowerCase();return("input"===t||"button"===t)&&e.type===n}}function ge(t){return function(e){return"form"in e?e.parentNode&&!1===e.disabled?"label"in e?"label"in e.parentNode?e.parentNode.disabled===t:e.disabled===t:e.isDisabled===t||e.isDisabled!==!t&&ae(e)===t:e.disabled===t:"label"in e&&e.disabled===t}}function ve(a){return le(function(o){return o=+o,le(function(e,t){var n,r=a([],e.length,o),i=r.length;while(i--)e[n=r[i]]&&(e[n]=!(t[n]=e[n]))})})}function ye(e){return e&&"undefined"!=typeof e.getElementsByTagName&&e}for(e in d=se.support={},i=se.isXML=function(e){var t=e.namespaceURI,n=(e.ownerDocument||e).documentElement;return!Y.test(t||n&&n.nodeName||"HTML")},T=se.setDocument=function(e){var t,n,r=e?e.ownerDocument||e:m;return r!==C&&9===r.nodeType&&r.documentElement&&(a=(C=r).documentElement,E=!i(C),m!==C&&(n=C.defaultView)&&n.top!==n&&(n.addEventListener?n.addEventListener("unload",oe,!1):n.attachEvent&&n.attachEvent("onunload",oe)),d.attributes=ce(function(e){return e.className="i",!e.getAttribute("className")}),d.getElementsByTagName=ce(function(e){return e.appendChild(C.createComment("")),!e.getElementsByTagName("*").length}),d.getElementsByClassName=K.test(C.getElementsByClassName),d.getById=ce(function(e){return a.appendChild(e).id=k,!C.getElementsByName||!C.getElementsByName(k).length}),d.getById?(b.filter.ID=function(e){var t=e.replace(te,ne);return function(e){return e.getAttribute("id")===t}},b.find.ID=function(e,t){if("undefined"!=typeof t.getElementById&&E){var n=t.getElementById(e);return n?[n]:[]}}):(b.filter.ID=function(e){var n=e.replace(te,ne);return function(e){var t="undefined"!=typeof e.getAttributeNode&&e.getAttributeNode("id");return t&&t.value===n}},b.find.ID=function(e,t){if("undefined"!=typeof t.getElementById&&E){var n,r,i,o=t.getElementById(e);if(o){if((n=o.getAttributeNode("id"))&&n.value===e)return[o];i=t.getElementsByName(e),r=0;while(o=i[r++])if((n=o.getAttributeNode("id"))&&n.value===e)return[o]}return[]}}),b.find.TAG=d.getElementsByTagName?function(e,t){return"undefined"!=typeof t.getElementsByTagName?t.getElementsByTagName(e):d.qsa?t.querySelectorAll(e):void 0}:function(e,t){var n,r=[],i=0,o=t.getElementsByTagName(e);if("*"===e){while(n=o[i++])1===n.nodeType&&r.push(n);return r}return o},b.find.CLASS=d.getElementsByClassName&&function(e,t){if("undefined"!=typeof t.getElementsByClassName&&E)return t.getElementsByClassName(e)},s=[],v=[],(d.qsa=K.test(C.querySelectorAll))&&(ce(function(e){a.appendChild(e).innerHTML="",e.querySelectorAll("[msallowcapture^='']").length&&v.push("[*^$]="+M+"*(?:''|\"\")"),e.querySelectorAll("[selected]").length||v.push("\\["+M+"*(?:value|"+R+")"),e.querySelectorAll("[id~="+k+"-]").length||v.push("~="),e.querySelectorAll(":checked").length||v.push(":checked"),e.querySelectorAll("a#"+k+"+*").length||v.push(".#.+[+~]")}),ce(function(e){e.innerHTML="";var t=C.createElement("input");t.setAttribute("type","hidden"),e.appendChild(t).setAttribute("name","D"),e.querySelectorAll("[name=d]").length&&v.push("name"+M+"*[*^$|!~]?="),2!==e.querySelectorAll(":enabled").length&&v.push(":enabled",":disabled"),a.appendChild(e).disabled=!0,2!==e.querySelectorAll(":disabled").length&&v.push(":enabled",":disabled"),e.querySelectorAll("*,:x"),v.push(",.*:")})),(d.matchesSelector=K.test(c=a.matches||a.webkitMatchesSelector||a.mozMatchesSelector||a.oMatchesSelector||a.msMatchesSelector))&&ce(function(e){d.disconnectedMatch=c.call(e,"*"),c.call(e,"[s!='']:x"),s.push("!=",$)}),v=v.length&&new RegExp(v.join("|")),s=s.length&&new RegExp(s.join("|")),t=K.test(a.compareDocumentPosition),y=t||K.test(a.contains)?function(e,t){var n=9===e.nodeType?e.documentElement:e,r=t&&t.parentNode;return e===r||!(!r||1!==r.nodeType||!(n.contains?n.contains(r):e.compareDocumentPosition&&16&e.compareDocumentPosition(r)))}:function(e,t){if(t)while(t=t.parentNode)if(t===e)return!0;return!1},D=t?function(e,t){if(e===t)return l=!0,0;var n=!e.compareDocumentPosition-!t.compareDocumentPosition;return n||(1&(n=(e.ownerDocument||e)===(t.ownerDocument||t)?e.compareDocumentPosition(t):1)||!d.sortDetached&&t.compareDocumentPosition(e)===n?e===C||e.ownerDocument===m&&y(m,e)?-1:t===C||t.ownerDocument===m&&y(m,t)?1:u?P(u,e)-P(u,t):0:4&n?-1:1)}:function(e,t){if(e===t)return l=!0,0;var n,r=0,i=e.parentNode,o=t.parentNode,a=[e],s=[t];if(!i||!o)return e===C?-1:t===C?1:i?-1:o?1:u?P(u,e)-P(u,t):0;if(i===o)return pe(e,t);n=e;while(n=n.parentNode)a.unshift(n);n=t;while(n=n.parentNode)s.unshift(n);while(a[r]===s[r])r++;return r?pe(a[r],s[r]):a[r]===m?-1:s[r]===m?1:0}),C},se.matches=function(e,t){return se(e,null,null,t)},se.matchesSelector=function(e,t){if((e.ownerDocument||e)!==C&&T(e),d.matchesSelector&&E&&!A[t+" "]&&(!s||!s.test(t))&&(!v||!v.test(t)))try{var n=c.call(e,t);if(n||d.disconnectedMatch||e.document&&11!==e.document.nodeType)return n}catch(e){A(t,!0)}return 0":{dir:"parentNode",first:!0}," ":{dir:"parentNode"},"+":{dir:"previousSibling",first:!0},"~":{dir:"previousSibling"}},preFilter:{ATTR:function(e){return e[1]=e[1].replace(te,ne),e[3]=(e[3]||e[4]||e[5]||"").replace(te,ne),"~="===e[2]&&(e[3]=" "+e[3]+" "),e.slice(0,4)},CHILD:function(e){return e[1]=e[1].toLowerCase(),"nth"===e[1].slice(0,3)?(e[3]||se.error(e[0]),e[4]=+(e[4]?e[5]+(e[6]||1):2*("even"===e[3]||"odd"===e[3])),e[5]=+(e[7]+e[8]||"odd"===e[3])):e[3]&&se.error(e[0]),e},PSEUDO:function(e){var t,n=!e[6]&&e[2];return G.CHILD.test(e[0])?null:(e[3]?e[2]=e[4]||e[5]||"":n&&X.test(n)&&(t=h(n,!0))&&(t=n.indexOf(")",n.length-t)-n.length)&&(e[0]=e[0].slice(0,t),e[2]=n.slice(0,t)),e.slice(0,3))}},filter:{TAG:function(e){var t=e.replace(te,ne).toLowerCase();return"*"===e?function(){return!0}:function(e){return e.nodeName&&e.nodeName.toLowerCase()===t}},CLASS:function(e){var t=p[e+" "];return t||(t=new RegExp("(^|"+M+")"+e+"("+M+"|$)"))&&p(e,function(e){return t.test("string"==typeof e.className&&e.className||"undefined"!=typeof e.getAttribute&&e.getAttribute("class")||"")})},ATTR:function(n,r,i){return function(e){var t=se.attr(e,n);return null==t?"!="===r:!r||(t+="","="===r?t===i:"!="===r?t!==i:"^="===r?i&&0===t.indexOf(i):"*="===r?i&&-1:\x20\t\r\n\f]*)[\x20\t\r\n\f]*\/?>(?:<\/\1>|)$/i;function j(e,n,r){return m(n)?k.grep(e,function(e,t){return!!n.call(e,t,e)!==r}):n.nodeType?k.grep(e,function(e){return e===n!==r}):"string"!=typeof n?k.grep(e,function(e){return-1)[^>]*|#([\w-]+))$/;(k.fn.init=function(e,t,n){var r,i;if(!e)return this;if(n=n||q,"string"==typeof e){if(!(r="<"===e[0]&&">"===e[e.length-1]&&3<=e.length?[null,e,null]:L.exec(e))||!r[1]&&t)return!t||t.jquery?(t||n).find(e):this.constructor(t).find(e);if(r[1]){if(t=t instanceof k?t[0]:t,k.merge(this,k.parseHTML(r[1],t&&t.nodeType?t.ownerDocument||t:E,!0)),D.test(r[1])&&k.isPlainObject(t))for(r in t)m(this[r])?this[r](t[r]):this.attr(r,t[r]);return this}return(i=E.getElementById(r[2]))&&(this[0]=i,this.length=1),this}return e.nodeType?(this[0]=e,this.length=1,this):m(e)?void 0!==n.ready?n.ready(e):e(k):k.makeArray(e,this)}).prototype=k.fn,q=k(E);var H=/^(?:parents|prev(?:Until|All))/,O={children:!0,contents:!0,next:!0,prev:!0};function P(e,t){while((e=e[t])&&1!==e.nodeType);return e}k.fn.extend({has:function(e){var t=k(e,this),n=t.length;return this.filter(function(){for(var e=0;e\x20\t\r\n\f]*)/i,he=/^$|^module$|\/(?:java|ecma)script/i,ge={option:[1,""],thead:[1,"","
"],col:[2,"","
"],tr:[2,"","
"],td:[3,"","
"],_default:[0,"",""]};function ve(e,t){var n;return n="undefined"!=typeof e.getElementsByTagName?e.getElementsByTagName(t||"*"):"undefined"!=typeof e.querySelectorAll?e.querySelectorAll(t||"*"):[],void 0===t||t&&A(e,t)?k.merge([e],n):n}function ye(e,t){for(var n=0,r=e.length;nx",y.noCloneChecked=!!me.cloneNode(!0).lastChild.defaultValue;var Te=/^key/,Ce=/^(?:mouse|pointer|contextmenu|drag|drop)|click/,Ee=/^([^.]*)(?:\.(.+)|)/;function ke(){return!0}function Se(){return!1}function Ne(e,t){return e===function(){try{return E.activeElement}catch(e){}}()==("focus"===t)}function Ae(e,t,n,r,i,o){var a,s;if("object"==typeof t){for(s in"string"!=typeof n&&(r=r||n,n=void 0),t)Ae(e,s,n,r,t[s],o);return e}if(null==r&&null==i?(i=n,r=n=void 0):null==i&&("string"==typeof n?(i=r,r=void 0):(i=r,r=n,n=void 0)),!1===i)i=Se;else if(!i)return e;return 1===o&&(a=i,(i=function(e){return k().off(e),a.apply(this,arguments)}).guid=a.guid||(a.guid=k.guid++)),e.each(function(){k.event.add(this,t,i,r,n)})}function De(e,i,o){o?(Q.set(e,i,!1),k.event.add(e,i,{namespace:!1,handler:function(e){var t,n,r=Q.get(this,i);if(1&e.isTrigger&&this[i]){if(r.length)(k.event.special[i]||{}).delegateType&&e.stopPropagation();else if(r=s.call(arguments),Q.set(this,i,r),t=o(this,i),this[i](),r!==(n=Q.get(this,i))||t?Q.set(this,i,!1):n={},r!==n)return e.stopImmediatePropagation(),e.preventDefault(),n.value}else r.length&&(Q.set(this,i,{value:k.event.trigger(k.extend(r[0],k.Event.prototype),r.slice(1),this)}),e.stopImmediatePropagation())}})):void 0===Q.get(e,i)&&k.event.add(e,i,ke)}k.event={global:{},add:function(t,e,n,r,i){var o,a,s,u,l,c,f,p,d,h,g,v=Q.get(t);if(v){n.handler&&(n=(o=n).handler,i=o.selector),i&&k.find.matchesSelector(ie,i),n.guid||(n.guid=k.guid++),(u=v.events)||(u=v.events={}),(a=v.handle)||(a=v.handle=function(e){return"undefined"!=typeof k&&k.event.triggered!==e.type?k.event.dispatch.apply(t,arguments):void 0}),l=(e=(e||"").match(R)||[""]).length;while(l--)d=g=(s=Ee.exec(e[l])||[])[1],h=(s[2]||"").split(".").sort(),d&&(f=k.event.special[d]||{},d=(i?f.delegateType:f.bindType)||d,f=k.event.special[d]||{},c=k.extend({type:d,origType:g,data:r,handler:n,guid:n.guid,selector:i,needsContext:i&&k.expr.match.needsContext.test(i),namespace:h.join(".")},o),(p=u[d])||((p=u[d]=[]).delegateCount=0,f.setup&&!1!==f.setup.call(t,r,h,a)||t.addEventListener&&t.addEventListener(d,a)),f.add&&(f.add.call(t,c),c.handler.guid||(c.handler.guid=n.guid)),i?p.splice(p.delegateCount++,0,c):p.push(c),k.event.global[d]=!0)}},remove:function(e,t,n,r,i){var o,a,s,u,l,c,f,p,d,h,g,v=Q.hasData(e)&&Q.get(e);if(v&&(u=v.events)){l=(t=(t||"").match(R)||[""]).length;while(l--)if(d=g=(s=Ee.exec(t[l])||[])[1],h=(s[2]||"").split(".").sort(),d){f=k.event.special[d]||{},p=u[d=(r?f.delegateType:f.bindType)||d]||[],s=s[2]&&new RegExp("(^|\\.)"+h.join("\\.(?:.*\\.|)")+"(\\.|$)"),a=o=p.length;while(o--)c=p[o],!i&&g!==c.origType||n&&n.guid!==c.guid||s&&!s.test(c.namespace)||r&&r!==c.selector&&("**"!==r||!c.selector)||(p.splice(o,1),c.selector&&p.delegateCount--,f.remove&&f.remove.call(e,c));a&&!p.length&&(f.teardown&&!1!==f.teardown.call(e,h,v.handle)||k.removeEvent(e,d,v.handle),delete u[d])}else for(d in u)k.event.remove(e,d+t[l],n,r,!0);k.isEmptyObject(u)&&Q.remove(e,"handle events")}},dispatch:function(e){var t,n,r,i,o,a,s=k.event.fix(e),u=new Array(arguments.length),l=(Q.get(this,"events")||{})[s.type]||[],c=k.event.special[s.type]||{};for(u[0]=s,t=1;t\x20\t\r\n\f]*)[^>]*)\/>/gi,qe=/\s*$/g;function Oe(e,t){return A(e,"table")&&A(11!==t.nodeType?t:t.firstChild,"tr")&&k(e).children("tbody")[0]||e}function Pe(e){return e.type=(null!==e.getAttribute("type"))+"/"+e.type,e}function Re(e){return"true/"===(e.type||"").slice(0,5)?e.type=e.type.slice(5):e.removeAttribute("type"),e}function Me(e,t){var n,r,i,o,a,s,u,l;if(1===t.nodeType){if(Q.hasData(e)&&(o=Q.access(e),a=Q.set(t,o),l=o.events))for(i in delete a.handle,a.events={},l)for(n=0,r=l[i].length;n")},clone:function(e,t,n){var r,i,o,a,s,u,l,c=e.cloneNode(!0),f=oe(e);if(!(y.noCloneChecked||1!==e.nodeType&&11!==e.nodeType||k.isXMLDoc(e)))for(a=ve(c),r=0,i=(o=ve(e)).length;r").attr(n.scriptAttrs||{}).prop({charset:n.scriptCharset,src:n.url}).on("load error",i=function(e){r.remove(),i=null,e&&t("error"===e.type?404:200,e.type)}),E.head.appendChild(r[0])},abort:function(){i&&i()}}});var Vt,Gt=[],Yt=/(=)\?(?=&|$)|\?\?/;k.ajaxSetup({jsonp:"callback",jsonpCallback:function(){var e=Gt.pop()||k.expando+"_"+kt++;return this[e]=!0,e}}),k.ajaxPrefilter("json jsonp",function(e,t,n){var r,i,o,a=!1!==e.jsonp&&(Yt.test(e.url)?"url":"string"==typeof e.data&&0===(e.contentType||"").indexOf("application/x-www-form-urlencoded")&&Yt.test(e.data)&&"data");if(a||"jsonp"===e.dataTypes[0])return r=e.jsonpCallback=m(e.jsonpCallback)?e.jsonpCallback():e.jsonpCallback,a?e[a]=e[a].replace(Yt,"$1"+r):!1!==e.jsonp&&(e.url+=(St.test(e.url)?"&":"?")+e.jsonp+"="+r),e.converters["script json"]=function(){return o||k.error(r+" was not called"),o[0]},e.dataTypes[0]="json",i=C[r],C[r]=function(){o=arguments},n.always(function(){void 0===i?k(C).removeProp(r):C[r]=i,e[r]&&(e.jsonpCallback=t.jsonpCallback,Gt.push(r)),o&&m(i)&&i(o[0]),o=i=void 0}),"script"}),y.createHTMLDocument=((Vt=E.implementation.createHTMLDocument("").body).innerHTML="
",2===Vt.childNodes.length),k.parseHTML=function(e,t,n){return"string"!=typeof e?[]:("boolean"==typeof t&&(n=t,t=!1),t||(y.createHTMLDocument?((r=(t=E.implementation.createHTMLDocument("")).createElement("base")).href=E.location.href,t.head.appendChild(r)):t=E),o=!n&&[],(i=D.exec(e))?[t.createElement(i[1])]:(i=we([e],t,o),o&&o.length&&k(o).remove(),k.merge([],i.childNodes)));var r,i,o},k.fn.load=function(e,t,n){var r,i,o,a=this,s=e.indexOf(" ");return-1").append(k.parseHTML(e)).find(r):e)}).always(n&&function(e,t){a.each(function(){n.apply(this,o||[e.responseText,t,e])})}),this},k.each(["ajaxStart","ajaxStop","ajaxComplete","ajaxError","ajaxSuccess","ajaxSend"],function(e,t){k.fn[t]=function(e){return this.on(t,e)}}),k.expr.pseudos.animated=function(t){return k.grep(k.timers,function(e){return t===e.elem}).length},k.offset={setOffset:function(e,t,n){var r,i,o,a,s,u,l=k.css(e,"position"),c=k(e),f={};"static"===l&&(e.style.position="relative"),s=c.offset(),o=k.css(e,"top"),u=k.css(e,"left"),("absolute"===l||"fixed"===l)&&-1<(o+u).indexOf("auto")?(a=(r=c.position()).top,i=r.left):(a=parseFloat(o)||0,i=parseFloat(u)||0),m(t)&&(t=t.call(e,n,k.extend({},s))),null!=t.top&&(f.top=t.top-s.top+a),null!=t.left&&(f.left=t.left-s.left+i),"using"in t?t.using.call(e,f):c.css(f)}},k.fn.extend({offset:function(t){if(arguments.length)return void 0===t?this:this.each(function(e){k.offset.setOffset(this,t,e)});var e,n,r=this[0];return r?r.getClientRects().length?(e=r.getBoundingClientRect(),n=r.ownerDocument.defaultView,{top:e.top+n.pageYOffset,left:e.left+n.pageXOffset}):{top:0,left:0}:void 0},position:function(){if(this[0]){var e,t,n,r=this[0],i={top:0,left:0};if("fixed"===k.css(r,"position"))t=r.getBoundingClientRect();else{t=this.offset(),n=r.ownerDocument,e=r.offsetParent||n.documentElement;while(e&&(e===n.body||e===n.documentElement)&&"static"===k.css(e,"position"))e=e.parentNode;e&&e!==r&&1===e.nodeType&&((i=k(e).offset()).top+=k.css(e,"borderTopWidth",!0),i.left+=k.css(e,"borderLeftWidth",!0))}return{top:t.top-i.top-k.css(r,"marginTop",!0),left:t.left-i.left-k.css(r,"marginLeft",!0)}}},offsetParent:function(){return this.map(function(){var e=this.offsetParent;while(e&&"static"===k.css(e,"position"))e=e.offsetParent;return e||ie})}}),k.each({scrollLeft:"pageXOffset",scrollTop:"pageYOffset"},function(t,i){var o="pageYOffset"===i;k.fn[t]=function(e){return _(this,function(e,t,n){var r;if(x(e)?r=e:9===e.nodeType&&(r=e.defaultView),void 0===n)return r?r[i]:e[t];r?r.scrollTo(o?r.pageXOffset:n,o?n:r.pageYOffset):e[t]=n},t,e,arguments.length)}}),k.each(["top","left"],function(e,n){k.cssHooks[n]=ze(y.pixelPosition,function(e,t){if(t)return t=_e(e,n),$e.test(t)?k(e).position()[n]+"px":t})}),k.each({Height:"height",Width:"width"},function(a,s){k.each({padding:"inner"+a,content:s,"":"outer"+a},function(r,o){k.fn[o]=function(e,t){var n=arguments.length&&(r||"boolean"!=typeof e),i=r||(!0===e||!0===t?"margin":"border");return _(this,function(e,t,n){var r;return x(e)?0===o.indexOf("outer")?e["inner"+a]:e.document.documentElement["client"+a]:9===e.nodeType?(r=e.documentElement,Math.max(e.body["scroll"+a],r["scroll"+a],e.body["offset"+a],r["offset"+a],r["client"+a])):void 0===n?k.css(e,t,i):k.style(e,t,n,i)},s,n?e:void 0,n)}})}),k.each("blur focus focusin focusout resize scroll click dblclick mousedown mouseup mousemove mouseover mouseout mouseenter mouseleave change select submit keydown keypress keyup contextmenu".split(" "),function(e,n){k.fn[n]=function(e,t){return 0+~]|"+M+")"+M+"*"),U=new RegExp(M+"|>"),X=new RegExp(F),V=new RegExp("^"+I+"$"),G={ID:new RegExp("^#("+I+")"),CLASS:new RegExp("^\\.("+I+")"),TAG:new RegExp("^("+I+"|[*])"),ATTR:new RegExp("^"+W),PSEUDO:new RegExp("^"+F),CHILD:new RegExp("^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\("+M+"*(even|odd|(([+-]|)(\\d*)n|)"+M+"*(?:([+-]|)"+M+"*(\\d+)|))"+M+"*\\)|)","i"),bool:new RegExp("^(?:"+R+")$","i"),needsContext:new RegExp("^"+M+"*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\("+M+"*((?:-\\d)?\\d*)"+M+"*\\)|)(?=[^-]|$)","i")},Y=/HTML$/i,Q=/^(?:input|select|textarea|button)$/i,J=/^h\d$/i,K=/^[^{]+\{\s*\[native \w/,Z=/^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/,ee=/[+~]/,te=new RegExp("\\\\[\\da-fA-F]{1,6}"+M+"?|\\\\([^\\r\\n\\f])","g"),ne=function(e,t){var n="0x"+e.slice(1)-65536;return t||(n<0?String.fromCharCode(n+65536):String.fromCharCode(n>>10|55296,1023&n|56320))},re=/([\0-\x1f\x7f]|^-?\d)|^-$|[^\0-\x1f\x7f-\uFFFF\w-]/g,ie=function(e,t){return t?"\0"===e?"\ufffd":e.slice(0,-1)+"\\"+e.charCodeAt(e.length-1).toString(16)+" ":"\\"+e},oe=function(){T()},ae=be(function(e){return!0===e.disabled&&"fieldset"===e.nodeName.toLowerCase()},{dir:"parentNode",next:"legend"});try{H.apply(t=O.call(p.childNodes),p.childNodes),t[p.childNodes.length].nodeType}catch(e){H={apply:t.length?function(e,t){L.apply(e,O.call(t))}:function(e,t){var n=e.length,r=0;while(e[n++]=t[r++]);e.length=n-1}}}function se(t,e,n,r){var i,o,a,s,u,l,c,f=e&&e.ownerDocument,p=e?e.nodeType:9;if(n=n||[],"string"!=typeof t||!t||1!==p&&9!==p&&11!==p)return n;if(!r&&(T(e),e=e||C,E)){if(11!==p&&(u=Z.exec(t)))if(i=u[1]){if(9===p){if(!(a=e.getElementById(i)))return n;if(a.id===i)return n.push(a),n}else if(f&&(a=f.getElementById(i))&&y(e,a)&&a.id===i)return n.push(a),n}else{if(u[2])return H.apply(n,e.getElementsByTagName(t)),n;if((i=u[3])&&d.getElementsByClassName&&e.getElementsByClassName)return H.apply(n,e.getElementsByClassName(i)),n}if(d.qsa&&!N[t+" "]&&(!v||!v.test(t))&&(1!==p||"object"!==e.nodeName.toLowerCase())){if(c=t,f=e,1===p&&(U.test(t)||z.test(t))){(f=ee.test(t)&&ye(e.parentNode)||e)===e&&d.scope||((s=e.getAttribute("id"))?s=s.replace(re,ie):e.setAttribute("id",s=S)),o=(l=h(t)).length;while(o--)l[o]=(s?"#"+s:":scope")+" "+xe(l[o]);c=l.join(",")}try{return H.apply(n,f.querySelectorAll(c)),n}catch(e){N(t,!0)}finally{s===S&&e.removeAttribute("id")}}}return g(t.replace($,"$1"),e,n,r)}function ue(){var r=[];return function e(t,n){return r.push(t+" ")>b.cacheLength&&delete e[r.shift()],e[t+" "]=n}}function le(e){return e[S]=!0,e}function ce(e){var t=C.createElement("fieldset");try{return!!e(t)}catch(e){return!1}finally{t.parentNode&&t.parentNode.removeChild(t),t=null}}function fe(e,t){var n=e.split("|"),r=n.length;while(r--)b.attrHandle[n[r]]=t}function pe(e,t){var n=t&&e,r=n&&1===e.nodeType&&1===t.nodeType&&e.sourceIndex-t.sourceIndex;if(r)return r;if(n)while(n=n.nextSibling)if(n===t)return-1;return e?1:-1}function de(t){return function(e){return"input"===e.nodeName.toLowerCase()&&e.type===t}}function he(n){return function(e){var t=e.nodeName.toLowerCase();return("input"===t||"button"===t)&&e.type===n}}function ge(t){return function(e){return"form"in e?e.parentNode&&!1===e.disabled?"label"in e?"label"in e.parentNode?e.parentNode.disabled===t:e.disabled===t:e.isDisabled===t||e.isDisabled!==!t&&ae(e)===t:e.disabled===t:"label"in e&&e.disabled===t}}function ve(a){return le(function(o){return o=+o,le(function(e,t){var n,r=a([],e.length,o),i=r.length;while(i--)e[n=r[i]]&&(e[n]=!(t[n]=e[n]))})})}function ye(e){return e&&"undefined"!=typeof e.getElementsByTagName&&e}for(e in d=se.support={},i=se.isXML=function(e){var t=e&&e.namespaceURI,n=e&&(e.ownerDocument||e).documentElement;return!Y.test(t||n&&n.nodeName||"HTML")},T=se.setDocument=function(e){var t,n,r=e?e.ownerDocument||e:p;return r!=C&&9===r.nodeType&&r.documentElement&&(a=(C=r).documentElement,E=!i(C),p!=C&&(n=C.defaultView)&&n.top!==n&&(n.addEventListener?n.addEventListener("unload",oe,!1):n.attachEvent&&n.attachEvent("onunload",oe)),d.scope=ce(function(e){return a.appendChild(e).appendChild(C.createElement("div")),"undefined"!=typeof e.querySelectorAll&&!e.querySelectorAll(":scope fieldset div").length}),d.attributes=ce(function(e){return e.className="i",!e.getAttribute("className")}),d.getElementsByTagName=ce(function(e){return e.appendChild(C.createComment("")),!e.getElementsByTagName("*").length}),d.getElementsByClassName=K.test(C.getElementsByClassName),d.getById=ce(function(e){return a.appendChild(e).id=S,!C.getElementsByName||!C.getElementsByName(S).length}),d.getById?(b.filter.ID=function(e){var t=e.replace(te,ne);return function(e){return e.getAttribute("id")===t}},b.find.ID=function(e,t){if("undefined"!=typeof t.getElementById&&E){var n=t.getElementById(e);return n?[n]:[]}}):(b.filter.ID=function(e){var n=e.replace(te,ne);return function(e){var t="undefined"!=typeof e.getAttributeNode&&e.getAttributeNode("id");return t&&t.value===n}},b.find.ID=function(e,t){if("undefined"!=typeof t.getElementById&&E){var n,r,i,o=t.getElementById(e);if(o){if((n=o.getAttributeNode("id"))&&n.value===e)return[o];i=t.getElementsByName(e),r=0;while(o=i[r++])if((n=o.getAttributeNode("id"))&&n.value===e)return[o]}return[]}}),b.find.TAG=d.getElementsByTagName?function(e,t){return"undefined"!=typeof t.getElementsByTagName?t.getElementsByTagName(e):d.qsa?t.querySelectorAll(e):void 0}:function(e,t){var n,r=[],i=0,o=t.getElementsByTagName(e);if("*"===e){while(n=o[i++])1===n.nodeType&&r.push(n);return r}return o},b.find.CLASS=d.getElementsByClassName&&function(e,t){if("undefined"!=typeof t.getElementsByClassName&&E)return t.getElementsByClassName(e)},s=[],v=[],(d.qsa=K.test(C.querySelectorAll))&&(ce(function(e){var t;a.appendChild(e).innerHTML="",e.querySelectorAll("[msallowcapture^='']").length&&v.push("[*^$]="+M+"*(?:''|\"\")"),e.querySelectorAll("[selected]").length||v.push("\\["+M+"*(?:value|"+R+")"),e.querySelectorAll("[id~="+S+"-]").length||v.push("~="),(t=C.createElement("input")).setAttribute("name",""),e.appendChild(t),e.querySelectorAll("[name='']").length||v.push("\\["+M+"*name"+M+"*="+M+"*(?:''|\"\")"),e.querySelectorAll(":checked").length||v.push(":checked"),e.querySelectorAll("a#"+S+"+*").length||v.push(".#.+[+~]"),e.querySelectorAll("\\\f"),v.push("[\\r\\n\\f]")}),ce(function(e){e.innerHTML="";var t=C.createElement("input");t.setAttribute("type","hidden"),e.appendChild(t).setAttribute("name","D"),e.querySelectorAll("[name=d]").length&&v.push("name"+M+"*[*^$|!~]?="),2!==e.querySelectorAll(":enabled").length&&v.push(":enabled",":disabled"),a.appendChild(e).disabled=!0,2!==e.querySelectorAll(":disabled").length&&v.push(":enabled",":disabled"),e.querySelectorAll("*,:x"),v.push(",.*:")})),(d.matchesSelector=K.test(c=a.matches||a.webkitMatchesSelector||a.mozMatchesSelector||a.oMatchesSelector||a.msMatchesSelector))&&ce(function(e){d.disconnectedMatch=c.call(e,"*"),c.call(e,"[s!='']:x"),s.push("!=",F)}),v=v.length&&new RegExp(v.join("|")),s=s.length&&new RegExp(s.join("|")),t=K.test(a.compareDocumentPosition),y=t||K.test(a.contains)?function(e,t){var n=9===e.nodeType?e.documentElement:e,r=t&&t.parentNode;return e===r||!(!r||1!==r.nodeType||!(n.contains?n.contains(r):e.compareDocumentPosition&&16&e.compareDocumentPosition(r)))}:function(e,t){if(t)while(t=t.parentNode)if(t===e)return!0;return!1},j=t?function(e,t){if(e===t)return l=!0,0;var n=!e.compareDocumentPosition-!t.compareDocumentPosition;return n||(1&(n=(e.ownerDocument||e)==(t.ownerDocument||t)?e.compareDocumentPosition(t):1)||!d.sortDetached&&t.compareDocumentPosition(e)===n?e==C||e.ownerDocument==p&&y(p,e)?-1:t==C||t.ownerDocument==p&&y(p,t)?1:u?P(u,e)-P(u,t):0:4&n?-1:1)}:function(e,t){if(e===t)return l=!0,0;var n,r=0,i=e.parentNode,o=t.parentNode,a=[e],s=[t];if(!i||!o)return e==C?-1:t==C?1:i?-1:o?1:u?P(u,e)-P(u,t):0;if(i===o)return pe(e,t);n=e;while(n=n.parentNode)a.unshift(n);n=t;while(n=n.parentNode)s.unshift(n);while(a[r]===s[r])r++;return r?pe(a[r],s[r]):a[r]==p?-1:s[r]==p?1:0}),C},se.matches=function(e,t){return se(e,null,null,t)},se.matchesSelector=function(e,t){if(T(e),d.matchesSelector&&E&&!N[t+" "]&&(!s||!s.test(t))&&(!v||!v.test(t)))try{var n=c.call(e,t);if(n||d.disconnectedMatch||e.document&&11!==e.document.nodeType)return n}catch(e){N(t,!0)}return 0":{dir:"parentNode",first:!0}," ":{dir:"parentNode"},"+":{dir:"previousSibling",first:!0},"~":{dir:"previousSibling"}},preFilter:{ATTR:function(e){return e[1]=e[1].replace(te,ne),e[3]=(e[3]||e[4]||e[5]||"").replace(te,ne),"~="===e[2]&&(e[3]=" "+e[3]+" "),e.slice(0,4)},CHILD:function(e){return e[1]=e[1].toLowerCase(),"nth"===e[1].slice(0,3)?(e[3]||se.error(e[0]),e[4]=+(e[4]?e[5]+(e[6]||1):2*("even"===e[3]||"odd"===e[3])),e[5]=+(e[7]+e[8]||"odd"===e[3])):e[3]&&se.error(e[0]),e},PSEUDO:function(e){var t,n=!e[6]&&e[2];return G.CHILD.test(e[0])?null:(e[3]?e[2]=e[4]||e[5]||"":n&&X.test(n)&&(t=h(n,!0))&&(t=n.indexOf(")",n.length-t)-n.length)&&(e[0]=e[0].slice(0,t),e[2]=n.slice(0,t)),e.slice(0,3))}},filter:{TAG:function(e){var t=e.replace(te,ne).toLowerCase();return"*"===e?function(){return!0}:function(e){return e.nodeName&&e.nodeName.toLowerCase()===t}},CLASS:function(e){var t=m[e+" "];return t||(t=new RegExp("(^|"+M+")"+e+"("+M+"|$)"))&&m(e,function(e){return t.test("string"==typeof e.className&&e.className||"undefined"!=typeof e.getAttribute&&e.getAttribute("class")||"")})},ATTR:function(n,r,i){return function(e){var t=se.attr(e,n);return null==t?"!="===r:!r||(t+="","="===r?t===i:"!="===r?t!==i:"^="===r?i&&0===t.indexOf(i):"*="===r?i&&-1:\x20\t\r\n\f]*)[\x20\t\r\n\f]*\/?>(?:<\/\1>|)$/i;function j(e,n,r){return m(n)?S.grep(e,function(e,t){return!!n.call(e,t,e)!==r}):n.nodeType?S.grep(e,function(e){return e===n!==r}):"string"!=typeof n?S.grep(e,function(e){return-1)[^>]*|#([\w-]+))$/;(S.fn.init=function(e,t,n){var r,i;if(!e)return this;if(n=n||D,"string"==typeof e){if(!(r="<"===e[0]&&">"===e[e.length-1]&&3<=e.length?[null,e,null]:q.exec(e))||!r[1]&&t)return!t||t.jquery?(t||n).find(e):this.constructor(t).find(e);if(r[1]){if(t=t instanceof S?t[0]:t,S.merge(this,S.parseHTML(r[1],t&&t.nodeType?t.ownerDocument||t:E,!0)),N.test(r[1])&&S.isPlainObject(t))for(r in t)m(this[r])?this[r](t[r]):this.attr(r,t[r]);return this}return(i=E.getElementById(r[2]))&&(this[0]=i,this.length=1),this}return e.nodeType?(this[0]=e,this.length=1,this):m(e)?void 0!==n.ready?n.ready(e):e(S):S.makeArray(e,this)}).prototype=S.fn,D=S(E);var L=/^(?:parents|prev(?:Until|All))/,H={children:!0,contents:!0,next:!0,prev:!0};function O(e,t){while((e=e[t])&&1!==e.nodeType);return e}S.fn.extend({has:function(e){var t=S(e,this),n=t.length;return this.filter(function(){for(var e=0;e\x20\t\r\n\f]*)/i,he=/^$|^module$|\/(?:java|ecma)script/i;ce=E.createDocumentFragment().appendChild(E.createElement("div")),(fe=E.createElement("input")).setAttribute("type","radio"),fe.setAttribute("checked","checked"),fe.setAttribute("name","t"),ce.appendChild(fe),y.checkClone=ce.cloneNode(!0).cloneNode(!0).lastChild.checked,ce.innerHTML="",y.noCloneChecked=!!ce.cloneNode(!0).lastChild.defaultValue,ce.innerHTML="",y.option=!!ce.lastChild;var ge={thead:[1,"","
"],col:[2,"","
"],tr:[2,"","
"],td:[3,"","
"],_default:[0,"",""]};function ve(e,t){var n;return n="undefined"!=typeof e.getElementsByTagName?e.getElementsByTagName(t||"*"):"undefined"!=typeof e.querySelectorAll?e.querySelectorAll(t||"*"):[],void 0===t||t&&A(e,t)?S.merge([e],n):n}function ye(e,t){for(var n=0,r=e.length;n",""]);var me=/<|&#?\w+;/;function xe(e,t,n,r,i){for(var o,a,s,u,l,c,f=t.createDocumentFragment(),p=[],d=0,h=e.length;d\s*$/g;function je(e,t){return A(e,"table")&&A(11!==t.nodeType?t:t.firstChild,"tr")&&S(e).children("tbody")[0]||e}function De(e){return e.type=(null!==e.getAttribute("type"))+"/"+e.type,e}function qe(e){return"true/"===(e.type||"").slice(0,5)?e.type=e.type.slice(5):e.removeAttribute("type"),e}function Le(e,t){var n,r,i,o,a,s;if(1===t.nodeType){if(Y.hasData(e)&&(s=Y.get(e).events))for(i in Y.remove(t,"handle events"),s)for(n=0,r=s[i].length;n").attr(n.scriptAttrs||{}).prop({charset:n.scriptCharset,src:n.url}).on("load error",i=function(e){r.remove(),i=null,e&&t("error"===e.type?404:200,e.type)}),E.head.appendChild(r[0])},abort:function(){i&&i()}}});var _t,zt=[],Ut=/(=)\?(?=&|$)|\?\?/;S.ajaxSetup({jsonp:"callback",jsonpCallback:function(){var e=zt.pop()||S.expando+"_"+wt.guid++;return this[e]=!0,e}}),S.ajaxPrefilter("json jsonp",function(e,t,n){var r,i,o,a=!1!==e.jsonp&&(Ut.test(e.url)?"url":"string"==typeof e.data&&0===(e.contentType||"").indexOf("application/x-www-form-urlencoded")&&Ut.test(e.data)&&"data");if(a||"jsonp"===e.dataTypes[0])return r=e.jsonpCallback=m(e.jsonpCallback)?e.jsonpCallback():e.jsonpCallback,a?e[a]=e[a].replace(Ut,"$1"+r):!1!==e.jsonp&&(e.url+=(Tt.test(e.url)?"&":"?")+e.jsonp+"="+r),e.converters["script json"]=function(){return o||S.error(r+" was not called"),o[0]},e.dataTypes[0]="json",i=C[r],C[r]=function(){o=arguments},n.always(function(){void 0===i?S(C).removeProp(r):C[r]=i,e[r]&&(e.jsonpCallback=t.jsonpCallback,zt.push(r)),o&&m(i)&&i(o[0]),o=i=void 0}),"script"}),y.createHTMLDocument=((_t=E.implementation.createHTMLDocument("").body).innerHTML="
",2===_t.childNodes.length),S.parseHTML=function(e,t,n){return"string"!=typeof e?[]:("boolean"==typeof t&&(n=t,t=!1),t||(y.createHTMLDocument?((r=(t=E.implementation.createHTMLDocument("")).createElement("base")).href=E.location.href,t.head.appendChild(r)):t=E),o=!n&&[],(i=N.exec(e))?[t.createElement(i[1])]:(i=xe([e],t,o),o&&o.length&&S(o).remove(),S.merge([],i.childNodes)));var r,i,o},S.fn.load=function(e,t,n){var r,i,o,a=this,s=e.indexOf(" ");return-1").append(S.parseHTML(e)).find(r):e)}).always(n&&function(e,t){a.each(function(){n.apply(this,o||[e.responseText,t,e])})}),this},S.expr.pseudos.animated=function(t){return S.grep(S.timers,function(e){return t===e.elem}).length},S.offset={setOffset:function(e,t,n){var r,i,o,a,s,u,l=S.css(e,"position"),c=S(e),f={};"static"===l&&(e.style.position="relative"),s=c.offset(),o=S.css(e,"top"),u=S.css(e,"left"),("absolute"===l||"fixed"===l)&&-1<(o+u).indexOf("auto")?(a=(r=c.position()).top,i=r.left):(a=parseFloat(o)||0,i=parseFloat(u)||0),m(t)&&(t=t.call(e,n,S.extend({},s))),null!=t.top&&(f.top=t.top-s.top+a),null!=t.left&&(f.left=t.left-s.left+i),"using"in t?t.using.call(e,f):c.css(f)}},S.fn.extend({offset:function(t){if(arguments.length)return void 0===t?this:this.each(function(e){S.offset.setOffset(this,t,e)});var e,n,r=this[0];return r?r.getClientRects().length?(e=r.getBoundingClientRect(),n=r.ownerDocument.defaultView,{top:e.top+n.pageYOffset,left:e.left+n.pageXOffset}):{top:0,left:0}:void 0},position:function(){if(this[0]){var e,t,n,r=this[0],i={top:0,left:0};if("fixed"===S.css(r,"position"))t=r.getBoundingClientRect();else{t=this.offset(),n=r.ownerDocument,e=r.offsetParent||n.documentElement;while(e&&(e===n.body||e===n.documentElement)&&"static"===S.css(e,"position"))e=e.parentNode;e&&e!==r&&1===e.nodeType&&((i=S(e).offset()).top+=S.css(e,"borderTopWidth",!0),i.left+=S.css(e,"borderLeftWidth",!0))}return{top:t.top-i.top-S.css(r,"marginTop",!0),left:t.left-i.left-S.css(r,"marginLeft",!0)}}},offsetParent:function(){return this.map(function(){var e=this.offsetParent;while(e&&"static"===S.css(e,"position"))e=e.offsetParent;return e||re})}}),S.each({scrollLeft:"pageXOffset",scrollTop:"pageYOffset"},function(t,i){var o="pageYOffset"===i;S.fn[t]=function(e){return $(this,function(e,t,n){var r;if(x(e)?r=e:9===e.nodeType&&(r=e.defaultView),void 0===n)return r?r[i]:e[t];r?r.scrollTo(o?r.pageXOffset:n,o?n:r.pageYOffset):e[t]=n},t,e,arguments.length)}}),S.each(["top","left"],function(e,n){S.cssHooks[n]=Fe(y.pixelPosition,function(e,t){if(t)return t=We(e,n),Pe.test(t)?S(e).position()[n]+"px":t})}),S.each({Height:"height",Width:"width"},function(a,s){S.each({padding:"inner"+a,content:s,"":"outer"+a},function(r,o){S.fn[o]=function(e,t){var n=arguments.length&&(r||"boolean"!=typeof e),i=r||(!0===e||!0===t?"margin":"border");return $(this,function(e,t,n){var r;return x(e)?0===o.indexOf("outer")?e["inner"+a]:e.document.documentElement["client"+a]:9===e.nodeType?(r=e.documentElement,Math.max(e.body["scroll"+a],r["scroll"+a],e.body["offset"+a],r["offset"+a],r["client"+a])):void 0===n?S.css(e,t,i):S.style(e,t,n,i)},s,n?e:void 0,n)}})}),S.each(["ajaxStart","ajaxStop","ajaxComplete","ajaxError","ajaxSuccess","ajaxSend"],function(e,t){S.fn[t]=function(e){return this.on(t,e)}}),S.fn.extend({bind:function(e,t,n){return this.on(e,null,t,n)},unbind:function(e,t){return this.off(e,null,t)},delegate:function(e,t,n,r){return this.on(t,e,n,r)},undelegate:function(e,t,n){return 1===arguments.length?this.off(e,"**"):this.off(t,e||"**",n)},hover:function(e,t){return this.mouseenter(e).mouseleave(t||e)}}),S.each("blur focus focusin focusout resize scroll click dblclick mousedown mouseup mousemove mouseover mouseout mouseenter mouseleave change select submit keydown keypress keyup contextmenu".split(" "),function(e,n){S.fn[n]=function(e,t){return 0
'); + searchBox='
'+ + '
'+ + '
'+ + ''+ + '
'+ + '
'+ + '
'+ + '
'; } else { - $('#main-menu').append('
    • '); + searchBox='
    '+ + ''+ + ''+ + ''+ + ''+ + ''+ + '' + '' + '
    '; + } + } + + $('#main-nav').before('
    '+ + ''+ + ''+ + '
    '); + $('#main-nav').append(makeTree(menudata,relPath)); + $('#main-nav').children(':first').addClass('sm sm-dox').attr('id','main-menu'); + if (searchBox) { + $('#main-menu').append('
  • '); + } + var $mainMenuState = $('#main-menu-state'); + var prevWidth = 0; + if ($mainMenuState.length) { + function initResizableIfExists() { + if (typeof initResizable==='function') initResizable(); + } + // animate mobile menu + $mainMenuState.change(function(e) { + var $menu = $('#main-menu'); + var options = { duration: 250, step: initResizableIfExists }; + if (this.checked) { + options['complete'] = function() { $menu.css('display', 'block') }; + $menu.hide().slideDown(options); + } else { + options['complete'] = function() { $menu.css('display', 'none') }; + $menu.show().slideUp(options); + } + }); + // set default menu visibility + function resetState() { + var $menu = $('#main-menu'); + var $mainMenuState = $('#main-menu-state'); + var newWidth = $(window).outerWidth(); + if (newWidth!=prevWidth) { + if ($(window).outerWidth()<768) { + $mainMenuState.prop('checked',false); $menu.hide(); + $('#searchBoxPos1').html(searchBox); + $('#searchBoxPos2').hide(); + } else { + $menu.show(); + $('#searchBoxPos1').empty(); + $('#searchBoxPos2').html(searchBox); + $('#searchBoxPos2').show(); + } + prevWidth = newWidth; + } } + $(window).ready(function() { resetState(); initResizableIfExists(); }); + $(window).resize(resetState); } $('#main-menu').smartmenus(); } diff --git a/doxygen/html/menudata.js b/doxygen/html/menudata.js index e37ad5f..5530675 100644 --- a/doxygen/html/menudata.js +++ b/doxygen/html/menudata.js @@ -34,11 +34,11 @@ var menudata={children:[ {text:"Typedefs",url:"namespacemembers_type.html"}, {text:"Enumerations",url:"namespacemembers_enum.html"}, {text:"Enumerator",url:"namespacemembers_eval.html"}]}]}, -{text:"Classes",url:"annotated.html",children:[ -{text:"Class List",url:"annotated.html"}, -{text:"Class Index",url:"classes.html"}, +{text:"Data Structures",url:"annotated.html",children:[ +{text:"Data Structures",url:"annotated.html"}, +{text:"Data Structure Index",url:"classes.html"}, {text:"Class Hierarchy",url:"hierarchy.html"}, -{text:"Class Members",url:"functions.html",children:[ +{text:"Data Fields",url:"functions.html",children:[ {text:"All",url:"functions.html",children:[ {text:"a",url:"functions.html#index_a"}, {text:"c",url:"functions.html#index_c"}, @@ -71,7 +71,7 @@ var menudata={children:[ {text:"t",url:"functions_func.html#index_t"}]}]}]}, {text:"Files",url:"files.html",children:[ {text:"File List",url:"files.html"}, -{text:"File Members",url:"globals.html",children:[ +{text:"Globals",url:"globals.html",children:[ {text:"All",url:"globals.html"}, {text:"Functions",url:"globals_func.html"}, {text:"Macros",url:"globals_defs.html"}]}]}]} diff --git a/doxygen/html/namespacemembers.html b/doxygen/html/namespacemembers.html index bba3d0b..e79e127 100644 --- a/doxygen/html/namespacemembers.html +++ b/doxygen/html/namespacemembers.html @@ -2,8 +2,8 @@ - - + + Theodosius: Namespace Members @@ -19,33 +19,34 @@
    - - + +
    -
    Theodosius -  v3.0 +
    +
    Theodosius v3.0
    -
    Jit linker, mapper, obfuscator, and mutator
    +
    Jit linker, symbol mapper, and obfuscator
    - + +/* @license-end */ +
    @@ -64,53 +65,25 @@ $(function() {
    Here is a list of all namespace members with links to the namespace documentation for each member:
    -Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
    diff --git a/doxygen/html/namespacemembers_enum.html b/doxygen/html/namespacemembers_enum.html index 7e8d55a..bd6f989 100644 --- a/doxygen/html/namespacemembers_enum.html +++ b/doxygen/html/namespacemembers_enum.html @@ -2,8 +2,8 @@ - - + + Theodosius: Namespace Members @@ -19,33 +19,34 @@
    - - + +
    -
    Theodosius -  v3.0 +
    +
    Theodosius v3.0
    -
    Jit linker, mapper, obfuscator, and mutator
    +
    Jit linker, symbol mapper, and obfuscator
    - + +/* @license-end */ +
    @@ -64,14 +65,12 @@ $(function() {
     
    -Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
    diff --git a/doxygen/html/namespacemembers_eval.html b/doxygen/html/namespacemembers_eval.html index 1aa3de3..8d873a6 100644 --- a/doxygen/html/namespacemembers_eval.html +++ b/doxygen/html/namespacemembers_eval.html @@ -2,8 +2,8 @@ - - + + Theodosius: Namespace Members @@ -19,33 +19,34 @@
    - - + +
    -
    Theodosius -  v3.0 +
    +
    Theodosius v3.0
    -
    Jit linker, mapper, obfuscator, and mutator
    +
    Jit linker, symbol mapper, and obfuscator
    - + +/* @license-end */ +
    @@ -64,26 +65,16 @@ $(function() {
     
    -Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
    diff --git a/doxygen/html/namespacemembers_func.html b/doxygen/html/namespacemembers_func.html index 8e27782..5b769ae 100644 --- a/doxygen/html/namespacemembers_func.html +++ b/doxygen/html/namespacemembers_func.html @@ -2,8 +2,8 @@ - - + + Theodosius: Namespace Members @@ -19,33 +19,34 @@
    - - + +
    -
    Theodosius -  v3.0 +
    +
    Theodosius v3.0
    -
    Jit linker, mapper, obfuscator, and mutator
    +
    Jit linker, symbol mapper, and obfuscator
    - + +/* @license-end */ +
    @@ -64,14 +65,12 @@ $(function() {
     
    -Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
    diff --git a/doxygen/html/namespacemembers_type.html b/doxygen/html/namespacemembers_type.html index ccc7f3d..0cae329 100644 --- a/doxygen/html/namespacemembers_type.html +++ b/doxygen/html/namespacemembers_type.html @@ -2,8 +2,8 @@ - - + + Theodosius: Namespace Members @@ -19,33 +19,34 @@
    - - + +
    -
    Theodosius -  v3.0 +
    +
    Theodosius v3.0
    -
    Jit linker, mapper, obfuscator, and mutator
    +
    Jit linker, symbol mapper, and obfuscator
    - + +/* @license-end */ +
    @@ -64,29 +65,17 @@ $(function() {
     
    -Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
    diff --git a/doxygen/html/namespacemembers_vars.html b/doxygen/html/namespacemembers_vars.html index 679de47..8bd26bd 100644 --- a/doxygen/html/namespacemembers_vars.html +++ b/doxygen/html/namespacemembers_vars.html @@ -2,8 +2,8 @@ - - + + Theodosius: Namespace Members @@ -19,33 +19,34 @@
    - - + +
    -
    Theodosius -  v3.0 +
    +
    Theodosius v3.0
    -
    Jit linker, mapper, obfuscator, and mutator
    +
    Jit linker, symbol mapper, and obfuscator
    - + +/* @license-end */ +
    @@ -64,14 +65,12 @@ $(function() {
     
    -Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
    diff --git a/doxygen/html/namespaces.html b/doxygen/html/namespaces.html index 98746ee..2565e8e 100644 --- a/doxygen/html/namespaces.html +++ b/doxygen/html/namespaces.html @@ -2,8 +2,8 @@ - - + + Theodosius: Namespace List @@ -19,33 +19,34 @@
    - - + +
    -
    Theodosius -  v3.0 +
    +
    Theodosius v3.0
    -
    Jit linker, mapper, obfuscator, and mutator
    +
    Jit linker, symbol mapper, and obfuscator
    - + +/* @license-end */ +
    @@ -63,42 +64,41 @@ $(function() {
    -
    -
    Namespace List
    +
    Namespace List
    Here is a list of all namespaces with brief descriptions:
    [detail level 1234]
    - - - - + + + + - - + + - + - - + + - - - + + + - +
     NtheoThe outer most encompassing namespace of this project
     Ndecompthe namespace that contains all of the decomposition related code
     Cdecomp_tthe main decomposition class which is responsible for breaking down lib file into coff files, and extracted used symbols from the coff files
     Croutine_tthe routine class which is responsible for creating symbols for routines. if the routine is located inside a section with the name ".split" it will break functions into instruction symbols
     NtheoThe outer most encompassing namespace of this project.
     Ndecompthe namespace that contains all of the decomposition related code.
     Cdecomp_tthe main decomposition class which is responsible for breaking down lib file into coff files, and extracted used symbols from the coff files.
     Croutine_tthe routine class which is responsible for creating symbols for routines. if the routine is located inside a section with the name ".split" it will break functions into instruction symbols.
     Csymbol_tsymbol_t is an abstraction upon the coff symbol. this allows for easier manipulation of the symbol. symbols can be different things, sections, functions, and even instructions (when functions are broken down)
     Nobfthis is the main namespace for obfuscation related things
     Ntransformthis namespace encompasses the code for transforming relocations
     Nobfthis is the main namespace for obfuscation related things.
     Ntransformthis namespace encompasses the code for transforming relocations.
     Cadd_op_t
     Coperation_toperation_t is the base class for all types of transformations. classes that inherit this class are singleton and simply call the super constructor (operation_t::operation_t)
     Coperation_toperation_t is the base class for all types of transformations. classes that inherit this class are singleton and simply call the super constructor (operation_t::operation_t).
     Crol_op_t
     Cror_op_t
     Csub_op_t
     Cxor_op_t
     Cengine_tsingleton obfuscation engine class. this class is responsible for keeping track of the registered passes and the order in which to execute them
     Cpass_tthe pass_t class is a base clase for all passes made. you must override the pass_t::run virtual function and declare the logic of your pass there
     Cengine_tsingleton obfuscation engine class. this class is responsible for keeping track of the registered passes and the order in which to execute them.
     Chello_world_pass_thello world pass example of how to inherit pass_t.
     Cjcc_rewrite_pass_tjcc rewrite pass which rewrites rip relative jcc's so that they are position independent
     Cnext_inst_pass_tThis pass is used to generate transformations and jmp code to change RIP to the next instruction
     Creloc_transform_pass_tthis pass is like the next_inst_pass, however, relocations are encrypted with transformations instead of the address of the next instruction. this pass only runs at the instruction level and appends transformations into the reloc_t object of the instruction symbol
     Chello_world_pass_thello world pass example of how to inherit pass_t
     Nrecompthis namespace encompasses all recomposition related code
     Cpass_tthe pass_t class is a base clase for all passes made. you must override the pass_t::run virtual function and declare the logic of your pass there
     Creloc_transform_pass_tthis pass is like the next_inst_pass, however, relocations are encrypted with transformations instead of the address of the next instruction. this pass only runs at the instruction level and appends transformations into the reloc_t object of the instruction symbol
     Nrecompthis namespace encompasses all recomposition related code.
     Crecomp_tthe main class responsible for recomposition
     Creloc_tmeta data about a relocation for a symbol
     Csymbol_table_tthis class is a high level wrapper for a hashmap that contains decomp::symbol_t values. the symbol values are references by a hashcode
     Csymbol_table_tthis class is a high level wrapper for a hashmap that contains decomp::symbol_t values. the symbol values are references by a hashcode.
     Ctheo_tthe main class which encapsulates a symbol table, decomp, and recomp objects. This class is a bridge that connects all three: decomp, obf, recomp
    -Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
    diff --git a/doxygen/html/pages.html b/doxygen/html/pages.html index 79ce0fb..f08bb41 100644 --- a/doxygen/html/pages.html +++ b/doxygen/html/pages.html @@ -2,8 +2,8 @@ - - + + Theodosius: Related Pages @@ -19,33 +19,34 @@
    - - + +
    -
    Theodosius -  v3.0 +
    +
    Theodosius v3.0
    -
    Jit linker, mapper, obfuscator, and mutator
    +
    Jit linker, symbol mapper, and obfuscator
    - + +/* @license-end */ +
    @@ -63,8 +64,7 @@ $(function() {
    -
    -
    Related Pages
    +
    Related Pages
    Here is a list of all related documentation pages:
    @@ -75,7 +75,7 @@ $(function() {
    -Generated by doxygen 1.9.1 +Generated by doxygen 1.9.3
    diff --git a/doxygen/html/search/all_0.html b/doxygen/html/search/all_0.html index 1ec5b2d..c36c9af 100644 --- a/doxygen/html/search/all_0.html +++ b/doxygen/html/search/all_0.html @@ -2,7 +2,7 @@ - + @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches
    @@ -12,14 +12,14 @@
    Loading...
    Searching...
    No Matches