preparing to add labels to the virtual assembly language..

merge-requests/2/head
_xeroxz 4 years ago
parent a1b1b49c18
commit 73654873ef

@ -4,17 +4,19 @@ namespace vm
{ {
compiler_t::compiler_t( vm::ctx_t *vmctx ) : vmctx( vmctx ) compiler_t::compiler_t( vm::ctx_t *vmctx ) : vmctx( vmctx )
{ {
if ( !parse_t::get_instance()->for_each( [ & ]( _vinstr_meta *vinstr ) -> bool { if ( !parse_t::get_instance()->for_each( [ & ]( _vlabel_meta *label_data ) -> bool {
std::printf( "> vinstr name = %s, has imm = %d, imm = 0x%p\n", vinstr->name.c_str(), vinstr->has_imm, for ( const auto &vinstr : label_data->vinstrs )
vinstr->imm ); {
std::printf( "> vinstr name = %s, has imm = %d, imm = 0x%p\n", vinstr.name.c_str(), vinstr.has_imm,
vinstr.imm );
for ( auto &vm_handler : vmctx->vm_handlers ) for ( auto &vm_handler : vmctx->vm_handlers )
if ( vm_handler.profile && vm_handler.profile->name == vinstr->name ) if ( vm_handler.profile && vm_handler.profile->name == vinstr.name )
return true; return true;
std::printf( "[!] this vm protected file does not have the vm handler for: %s...\n", std::printf( "[!] this vm protected file does not have the vm handler for: %s...\n",
vinstr->name.c_str() ); vinstr.name.c_str() );
}
return false; return false;
} ) ) } ) )
{ {
@ -41,25 +43,29 @@ namespace vm
} }
} }
std::pair< bool, std::vector< vinstr_data > * > compiler_t::encode() std::vector< vlabel_data > *compiler_t::encode()
{
parse_t::get_instance()->for_each( [ & ]( _vlabel_meta *label_data ) -> bool {
for ( const auto &vinstr : label_data->vinstrs )
{ {
parse_t::get_instance()->for_each( [ & ]( _vinstr_meta *vinstr ) -> bool {
for ( auto itr = vmctx->vm_handlers.begin(); itr != vmctx->vm_handlers.end(); ++itr ) for ( auto itr = vmctx->vm_handlers.begin(); itr != vmctx->vm_handlers.end(); ++itr )
{ {
if ( itr->profile && itr->profile->name == vinstr->name ) vinstrs.push_back( { label_data->label_name } );
if ( itr->profile && itr->profile->name == vinstr.name )
{ {
vinstrs.push_back( vinstrs.back().vinstrs.push_back( { ( std::uint8_t )( itr - vmctx->vm_handlers.begin() ),
{ ( std::uint8_t )( itr - vmctx->vm_handlers.begin() ), vinstr->imm, itr->profile->imm_size } ); vinstr.imm, itr->profile->imm_size } );
break; break;
} }
} }
}
return true; return true;
} ); } );
return { true, &vinstrs }; return &vinstrs;
} }
std::pair< std::uint64_t, std::vector< std::uint8_t > * > compiler_t::encrypt() std::vector< compiled_label_data > compiler_t::encrypt()
{ {
const auto end_of_module = vmctx->image_size + vmctx->image_base; const auto end_of_module = vmctx->image_size + vmctx->image_base;

@ -23,19 +23,30 @@ namespace vm
std::uint8_t imm_size; // size in bits... std::uint8_t imm_size; // size in bits...
}; };
struct vlabel_data
{
std::string label_name;
std::vector< vinstr_data > vinstrs;
};
struct compiled_label_data
{
std::string label_name;
std::uintptr_t enc_alloc_rva;
std::vector< std::uint8_t > vinstrs;
};
class compiler_t class compiler_t
{ {
public: public:
explicit compiler_t( vm::ctx_t *vmctx ); explicit compiler_t( vm::ctx_t *vmctx );
std::pair< bool, std::vector< vinstr_data > * > encode(); std::vector< vlabel_data > *encode();
std::pair< std::uint64_t, std::vector< std::uint8_t > * > encrypt(); std::vector< compiled_label_data > encrypt();
std::uint64_t encrypt_rva( std::uint64_t rva );
private: private:
vm::ctx_t *vmctx; vm::ctx_t *vmctx;
transform::map_t calc_jmp_transforms; transform::map_t calc_jmp_transforms;
std::vector< vinstr_data > vinstrs; std::vector< vlabel_data > vinstrs;
std::vector< std::uint8_t > result_buffer;
std::vector< zydis_decoded_instr_t > encrypt_vinstrs_rva; std::vector< zydis_decoded_instr_t > encrypt_vinstrs_rva;
}; };
} // namespace vm } // namespace vm

@ -22,6 +22,11 @@ void yyerror( char *msg )
std::printf( "[!] parsing failure: %s\n", msg ); std::printf( "[!] parsing failure: %s\n", msg );
} }
void generate_header( std::vector< std::uint8_t > &virt_instrs, std::string image_path )
{
}
int __cdecl main( int argc, const char *argv[] ) int __cdecl main( int argc, const char *argv[] )
{ {
argparse::argument_parser_t argp( "vmassembler", "virtual instruction assembler" ); argparse::argument_parser_t argp( "vmassembler", "virtual instruction assembler" );
@ -137,22 +142,7 @@ int __cdecl main( int argc, const char *argv[] )
} }
} }
} }
std::printf( "\n" );
// std::printf( "\n" );
// write the result to disk... generate_header( *result_buffer, argp.get< std::string >( "output" ) );
//
vmasm::file_header_t file_header;
file_header.magic = VASM_MAGIC;
file_header.epoch_time = std::time( nullptr );
file_header.vasm_size = result_buffer->size();
file_header.alloc_rva = ( entry_rva - image_base );
file_header.vasm_offset = sizeof vmasm::file_header_t;
file_header.encrypted_rva = compiler.encrypt_rva( entry_rva );
std::ofstream output( argp.get< std::string >( "output" ), std::ios::binary );
output.write( reinterpret_cast< char * >( &file_header ), sizeof file_header );
output.write( reinterpret_cast< char * >( result_buffer->data() ), result_buffer->size() );
output.close();
} }

@ -10,16 +10,19 @@ auto parse_t::get_instance() -> parse_t *
return &obj; return &obj;
} }
void parse_t::add_label( std::string label_name )
{
vinstrs.push_back( { label_name } );
}
void parse_t::add_vinstr( std::string vinstr_name ) void parse_t::add_vinstr( std::string vinstr_name )
{ {
_vinstr_meta data{ vinstr_name, false, 0u }; vinstrs.back().vinstrs.push_back( { vinstr_name, false, 0u } );
vinstrs.push_back( data );
} }
void parse_t::add_vinstr( std::string vinstr_name, std::uintptr_t imm_val ) void parse_t::add_vinstr( std::string vinstr_name, std::uintptr_t imm_val )
{ {
_vinstr_meta data{ vinstr_name, true, imm_val }; vinstrs.back().vinstrs.push_back( { vinstr_name, true, imm_val } );
vinstrs.push_back( data );
} }
bool parse_t::for_each( callback_t callback ) bool parse_t::for_each( callback_t callback )

@ -12,7 +12,13 @@ struct _vinstr_meta
std::uintptr_t imm; std::uintptr_t imm;
}; };
using callback_t = std::function< bool( _vinstr_meta * ) >; struct _vlabel_meta
{
std::string label_name;
std::vector< _vinstr_meta > vinstrs;
};
using callback_t = std::function< bool( _vlabel_meta * ) >;
// this singleton class contains all the // this singleton class contains all the
// information for parsed virtual instructions... // information for parsed virtual instructions...
@ -20,11 +26,12 @@ class parse_t
{ {
public: public:
static auto get_instance() -> parse_t *; static auto get_instance() -> parse_t *;
void add_label( std::string label_name );
void add_vinstr( std::string vinstr_name ); void add_vinstr( std::string vinstr_name );
void add_vinstr( std::string vinstr_name, std::uintptr_t imm_val ); void add_vinstr( std::string vinstr_name, std::uintptr_t imm_val );
bool for_each( callback_t callback ); bool for_each( callback_t callback );
private: private:
parse_t(); parse_t();
std::vector< _vinstr_meta > vinstrs; std::vector< _vlabel_meta > vinstrs;
}; };
Loading…
Cancel
Save