forked from IDontCode/Theodosius
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
23 lines
5.9 KiB
23 lines
5.9 KiB
\doxysection{Data Structures}
|
|
Here are the data structures with brief descriptions\+:\begin{DoxyCompactList}
|
|
\item\contentsline{section}{\mbox{\hyperlink{classtheo_1_1obf_1_1transform_1_1add__op__t}{theo\+::obf\+::transform\+::add\+\_\+op\+\_\+t}} }{\pageref{classtheo_1_1obf_1_1transform_1_1add__op__t}}{}
|
|
\item\contentsline{section}{\mbox{\hyperlink{classtheo_1_1decomp_1_1decomp__t}{theo\+::decomp\+::decomp\+\_\+t}} \\*the main decomposition class which is responsible for breaking down lib file into coff files, and extracted used symbols from the coff files. }{\pageref{classtheo_1_1decomp_1_1decomp__t}}{}
|
|
\item\contentsline{section}{\mbox{\hyperlink{classtheo_1_1obf_1_1engine__t}{theo\+::obf\+::engine\+\_\+t}} \\*singleton obfuscation engine class. this class is responsible for keeping track of the registered passes and the order in which to execute them. }{\pageref{classtheo_1_1obf_1_1engine__t}}{}
|
|
\item\contentsline{section}{\mbox{\hyperlink{classtheo_1_1obf_1_1hello__world__pass__t}{theo\+::obf\+::hello\+\_\+world\+\_\+pass\+\_\+t}} \\*hello world pass example of how to inherit \mbox{\hyperlink{classtheo_1_1obf_1_1pass__t}{pass\+\_\+t}}. }{\pageref{classtheo_1_1obf_1_1hello__world__pass__t}}{}
|
|
\item\contentsline{section}{\mbox{\hyperlink{classtheo_1_1obf_1_1jcc__rewrite__pass__t}{theo\+::obf\+::jcc\+\_\+rewrite\+\_\+pass\+\_\+t}} \\*jcc rewrite pass which rewrites rip relative jcc\textquotesingle{}s so that they are position independent }{\pageref{classtheo_1_1obf_1_1jcc__rewrite__pass__t}}{}
|
|
\item\contentsline{section}{\mbox{\hyperlink{classtheo_1_1obf_1_1next__inst__pass__t}{theo\+::obf\+::next\+\_\+inst\+\_\+pass\+\_\+t}} \\*This pass is used to generate transformations and jmp code to change RIP to the next instruction }{\pageref{classtheo_1_1obf_1_1next__inst__pass__t}}{}
|
|
\item\contentsline{section}{\mbox{\hyperlink{classtheo_1_1obf_1_1transform_1_1operation__t}{theo\+::obf\+::transform\+::operation\+\_\+t}} \\*\mbox{\hyperlink{classtheo_1_1obf_1_1transform_1_1operation__t}{operation\+\_\+t}} is the base class for all types of transformations. classes that inherit this class are singleton and simply call the super constructor (\mbox{\hyperlink{classtheo_1_1obf_1_1transform_1_1operation__t_a3876ca1c7904aed54940e1519fc9fdf4}{operation\+\_\+t\+::operation\+\_\+t}}). }{\pageref{classtheo_1_1obf_1_1transform_1_1operation__t}}{}
|
|
\item\contentsline{section}{\mbox{\hyperlink{classtheo_1_1obf_1_1pass__t}{theo\+::obf\+::pass\+\_\+t}} \\*the \mbox{\hyperlink{classtheo_1_1obf_1_1pass__t}{pass\+\_\+t}} class is a base clase for all passes made. you must override the \mbox{\hyperlink{classtheo_1_1obf_1_1pass__t_acfadc013ff0754d66a18baffdb1a61d1}{pass\+\_\+t\+::run}} virtual function and declare the logic of your pass there }{\pageref{classtheo_1_1obf_1_1pass__t}}{}
|
|
\item\contentsline{section}{\mbox{\hyperlink{classtheo_1_1recomp_1_1recomp__t}{theo\+::recomp\+::recomp\+\_\+t}} \\*the main class responsible for recomposition }{\pageref{classtheo_1_1recomp_1_1recomp__t}}{}
|
|
\item\contentsline{section}{\mbox{\hyperlink{classtheo_1_1recomp_1_1reloc__t}{theo\+::recomp\+::reloc\+\_\+t}} \\*meta data about a relocation for a symbol }{\pageref{classtheo_1_1recomp_1_1reloc__t}}{}
|
|
\item\contentsline{section}{\mbox{\hyperlink{classtheo_1_1obf_1_1reloc__transform__pass__t}{theo\+::obf\+::reloc\+\_\+transform\+\_\+pass\+\_\+t}} \\*this pass is like the next\+\_\+inst\+\_\+pass, however, relocations are encrypted with transformations instead of the address of the next instruction. this pass only runs at the instruction level and appends transformations into the reloc\+\_\+t object of the instruction symbol }{\pageref{classtheo_1_1obf_1_1reloc__transform__pass__t}}{}
|
|
\item\contentsline{section}{\mbox{\hyperlink{classtheo_1_1obf_1_1transform_1_1rol__op__t}{theo\+::obf\+::transform\+::rol\+\_\+op\+\_\+t}} }{\pageref{classtheo_1_1obf_1_1transform_1_1rol__op__t}}{}
|
|
\item\contentsline{section}{\mbox{\hyperlink{classtheo_1_1obf_1_1transform_1_1ror__op__t}{theo\+::obf\+::transform\+::ror\+\_\+op\+\_\+t}} }{\pageref{classtheo_1_1obf_1_1transform_1_1ror__op__t}}{}
|
|
\item\contentsline{section}{\mbox{\hyperlink{classtheo_1_1decomp_1_1routine__t}{theo\+::decomp\+::routine\+\_\+t}} \\*the routine class which is responsible for creating symbols for routines. if the routine is located inside a section with the name \char`\"{}.\+split\char`\"{} it will break functions into instruction symbols. }{\pageref{classtheo_1_1decomp_1_1routine__t}}{}
|
|
\item\contentsline{section}{\mbox{\hyperlink{classtheo_1_1obf_1_1transform_1_1sub__op__t}{theo\+::obf\+::transform\+::sub\+\_\+op\+\_\+t}} }{\pageref{classtheo_1_1obf_1_1transform_1_1sub__op__t}}{}
|
|
\item\contentsline{section}{\mbox{\hyperlink{classtheo_1_1decomp_1_1symbol__t}{theo\+::decomp\+::symbol\+\_\+t}} \\*\mbox{\hyperlink{classtheo_1_1decomp_1_1symbol__t}{symbol\+\_\+t}} is an abstraction upon the coff symbol. this allows for easier manipulation of the symbol. symbols can be different things, sections, functions, and even instructions (when functions are broken down) }{\pageref{classtheo_1_1decomp_1_1symbol__t}}{}
|
|
\item\contentsline{section}{\mbox{\hyperlink{classtheo_1_1recomp_1_1symbol__table__t}{theo\+::recomp\+::symbol\+\_\+table\+\_\+t}} \\*this class is a high level wrapper for a hashmap that contains \mbox{\hyperlink{classtheo_1_1decomp_1_1symbol__t}{decomp\+::symbol\+\_\+t}} values. the symbol values are references by a hashcode. }{\pageref{classtheo_1_1recomp_1_1symbol__table__t}}{}
|
|
\item\contentsline{section}{\mbox{\hyperlink{classtheo_1_1theo__t}{theo\+::theo\+\_\+t}} \\*the main class which encapsulates a symbol table, decomp, and recomp objects. This class is a bridge that connects all three\+: decomp, obf, recomp }{\pageref{classtheo_1_1theo__t}}{}
|
|
\item\contentsline{section}{\mbox{\hyperlink{classtheo_1_1obf_1_1transform_1_1xor__op__t}{theo\+::obf\+::transform\+::xor\+\_\+op\+\_\+t}} }{\pageref{classtheo_1_1obf_1_1transform_1_1xor__op__t}}{}
|
|
\end{DoxyCompactList}
|