From 73654873ef510fb5a94907d2b8a1684d650faeab Mon Sep 17 00:00:00 2001 From: _xeroxz Date: Sat, 5 Jun 2021 15:49:06 -0700 Subject: [PATCH] preparing to add labels to the virtual assembly language.. --- src/compiler.cpp | 46 ++++++++++++++++++++++++++-------------------- src/compiler.h | 23 +++++++++++++++++------ src/main.cpp | 24 +++++++----------------- src/parser.cpp | 11 +++++++---- src/parser.h | 11 +++++++++-- 5 files changed, 66 insertions(+), 49 deletions(-) diff --git a/src/compiler.cpp b/src/compiler.cpp index fb44ddf..f397cef 100644 --- a/src/compiler.cpp +++ b/src/compiler.cpp @@ -4,17 +4,19 @@ namespace vm { compiler_t::compiler_t( vm::ctx_t *vmctx ) : vmctx( vmctx ) { - if ( !parse_t::get_instance()->for_each( [ & ]( _vinstr_meta *vinstr ) -> bool { - std::printf( "> vinstr name = %s, has imm = %d, imm = 0x%p\n", vinstr->name.c_str(), vinstr->has_imm, - vinstr->imm ); - - for ( auto &vm_handler : vmctx->vm_handlers ) - if ( vm_handler.profile && vm_handler.profile->name == vinstr->name ) - return true; - - std::printf( "[!] this vm protected file does not have the vm handler for: %s...\n", - vinstr->name.c_str() ); - + if ( !parse_t::get_instance()->for_each( [ & ]( _vlabel_meta *label_data ) -> bool { + for ( const auto &vinstr : label_data->vinstrs ) + { + std::printf( "> vinstr name = %s, has imm = %d, imm = 0x%p\n", vinstr.name.c_str(), vinstr.has_imm, + vinstr.imm ); + + for ( auto &vm_handler : vmctx->vm_handlers ) + if ( vm_handler.profile && vm_handler.profile->name == vinstr.name ) + return true; + + std::printf( "[!] this vm protected file does not have the vm handler for: %s...\n", + vinstr.name.c_str() ); + } return false; } ) ) { @@ -41,25 +43,29 @@ namespace vm } } - std::pair< bool, std::vector< vinstr_data > * > compiler_t::encode() + std::vector< vlabel_data > *compiler_t::encode() { - parse_t::get_instance()->for_each( [ & ]( _vinstr_meta *vinstr ) -> bool { - for ( auto itr = vmctx->vm_handlers.begin(); itr != vmctx->vm_handlers.end(); ++itr ) + parse_t::get_instance()->for_each( [ & ]( _vlabel_meta *label_data ) -> bool { + for ( const auto &vinstr : label_data->vinstrs ) { - if ( itr->profile && itr->profile->name == vinstr->name ) + for ( auto itr = vmctx->vm_handlers.begin(); itr != vmctx->vm_handlers.end(); ++itr ) { - vinstrs.push_back( - { ( std::uint8_t )( itr - vmctx->vm_handlers.begin() ), vinstr->imm, itr->profile->imm_size } ); - break; + vinstrs.push_back( { label_data->label_name } ); + if ( itr->profile && itr->profile->name == vinstr.name ) + { + vinstrs.back().vinstrs.push_back( { ( std::uint8_t )( itr - vmctx->vm_handlers.begin() ), + vinstr.imm, itr->profile->imm_size } ); + break; + } } } return true; } ); - return { true, &vinstrs }; + return &vinstrs; } - std::pair< std::uint64_t, std::vector< std::uint8_t > * > compiler_t::encrypt() + std::vector< compiled_label_data > compiler_t::encrypt() { const auto end_of_module = vmctx->image_size + vmctx->image_base; diff --git a/src/compiler.h b/src/compiler.h index 7b07856..6644e89 100644 --- a/src/compiler.h +++ b/src/compiler.h @@ -23,19 +23,30 @@ namespace vm std::uint8_t imm_size; // size in bits... }; + struct vlabel_data + { + std::string label_name; + std::vector< vinstr_data > vinstrs; + }; + + struct compiled_label_data + { + std::string label_name; + std::uintptr_t enc_alloc_rva; + std::vector< std::uint8_t > vinstrs; + }; + class compiler_t { public: - explicit compiler_t( vm::ctx_t* vmctx ); - std::pair< bool, std::vector< vinstr_data > * > encode(); - std::pair< std::uint64_t, std::vector< std::uint8_t > * > encrypt(); - std::uint64_t encrypt_rva( std::uint64_t rva ); + explicit compiler_t( vm::ctx_t *vmctx ); + std::vector< vlabel_data > *encode(); + std::vector< compiled_label_data > encrypt(); private: vm::ctx_t *vmctx; transform::map_t calc_jmp_transforms; - std::vector< vinstr_data > vinstrs; - std::vector< std::uint8_t > result_buffer; + std::vector< vlabel_data > vinstrs; std::vector< zydis_decoded_instr_t > encrypt_vinstrs_rva; }; } // namespace vm \ No newline at end of file diff --git a/src/main.cpp b/src/main.cpp index 74eb15e..319f1ad 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -22,6 +22,11 @@ void yyerror( char *msg ) std::printf( "[!] parsing failure: %s\n", msg ); } +void generate_header( std::vector< std::uint8_t > &virt_instrs, std::string image_path ) +{ + +} + int __cdecl main( int argc, const char *argv[] ) { argparse::argument_parser_t argp( "vmassembler", "virtual instruction assembler" ); @@ -137,22 +142,7 @@ int __cdecl main( int argc, const char *argv[] ) } } } - std::printf( "\n" ); - // - // write the result to disk... - // - - vmasm::file_header_t file_header; - file_header.magic = VASM_MAGIC; - file_header.epoch_time = std::time( nullptr ); - file_header.vasm_size = result_buffer->size(); - file_header.alloc_rva = ( entry_rva - image_base ); - file_header.vasm_offset = sizeof vmasm::file_header_t; - file_header.encrypted_rva = compiler.encrypt_rva( entry_rva ); - - std::ofstream output( argp.get< std::string >( "output" ), std::ios::binary ); - output.write( reinterpret_cast< char * >( &file_header ), sizeof file_header ); - output.write( reinterpret_cast< char * >( result_buffer->data() ), result_buffer->size() ); - output.close(); + std::printf( "\n" ); + generate_header( *result_buffer, argp.get< std::string >( "output" ) ); } \ No newline at end of file diff --git a/src/parser.cpp b/src/parser.cpp index e40ff1d..3d5df60 100644 --- a/src/parser.cpp +++ b/src/parser.cpp @@ -10,16 +10,19 @@ auto parse_t::get_instance() -> parse_t * return &obj; } +void parse_t::add_label( std::string label_name ) +{ + vinstrs.push_back( { label_name } ); +} + void parse_t::add_vinstr( std::string vinstr_name ) { - _vinstr_meta data{ vinstr_name, false, 0u }; - vinstrs.push_back( data ); + vinstrs.back().vinstrs.push_back( { vinstr_name, false, 0u } ); } void parse_t::add_vinstr( std::string vinstr_name, std::uintptr_t imm_val ) { - _vinstr_meta data{ vinstr_name, true, imm_val }; - vinstrs.push_back( data ); + vinstrs.back().vinstrs.push_back( { vinstr_name, true, imm_val } ); } bool parse_t::for_each( callback_t callback ) diff --git a/src/parser.h b/src/parser.h index 3ccaaff..e3a093d 100644 --- a/src/parser.h +++ b/src/parser.h @@ -12,7 +12,13 @@ struct _vinstr_meta std::uintptr_t imm; }; -using callback_t = std::function< bool( _vinstr_meta * ) >; +struct _vlabel_meta +{ + std::string label_name; + std::vector< _vinstr_meta > vinstrs; +}; + +using callback_t = std::function< bool( _vlabel_meta * ) >; // this singleton class contains all the // information for parsed virtual instructions... @@ -20,11 +26,12 @@ class parse_t { public: static auto get_instance() -> parse_t *; + void add_label( std::string label_name ); void add_vinstr( std::string vinstr_name ); void add_vinstr( std::string vinstr_name, std::uintptr_t imm_val ); bool for_each( callback_t callback ); private: parse_t(); - std::vector< _vinstr_meta > vinstrs; + std::vector< _vlabel_meta > vinstrs; }; \ No newline at end of file