still fixing buts on encrypt_operand, idk what the rolling_key param

should be just yet...
merge-requests/2/head
_xeroxz 4 years ago
parent 2698c48b12
commit 8204915da1

File diff suppressed because one or more lines are too long

@ -56,12 +56,13 @@ namespace vm
virt_labels.push_back( { label_data->label_name } ); virt_labels.push_back( { label_data->label_name } );
for ( const auto &vinstr : label_data->vinstrs ) for ( const auto &vinstr : label_data->vinstrs )
{ {
for ( auto itr = vmctx->vm_handlers.begin(); itr != vmctx->vm_handlers.end(); ++itr ) for ( auto idx = 0u; idx < 256; ++idx )
{ {
if ( itr->profile && itr->profile->name == vinstr.name ) const auto &vm_handler = vmctx->vm_handlers[ idx ];
if ( vm_handler.profile && !vinstr.name.compare( vm_handler.profile->name ) )
{ {
virt_labels.back().vinstrs.push_back( { ( std::uint8_t )( itr - vmctx->vm_handlers.begin() ), virt_labels.back().vinstrs.push_back(
vinstr.imm, itr->profile->imm_size } ); { ( std::uint8_t )idx, vinstr.imm, vm_handler.profile->imm_size } );
break; break;
} }
} }
@ -81,59 +82,85 @@ namespace vm
// base address of the virtual instructions... // base address of the virtual instructions...
std::uintptr_t decrypt_key = end_of_module, start_addr; std::uintptr_t decrypt_key = end_of_module, start_addr;
if ( vmctx->exec_type == vmp2::exec_type_t::backward ) if ( vmctx->exec_type == vmp2::exec_type_t::backward )
{
std::for_each( virt_labels.begin()->vinstrs.begin(), virt_labels.begin()->vinstrs.end(), std::for_each( virt_labels.begin()->vinstrs.begin(), virt_labels.begin()->vinstrs.end(),
[ & ]( const vinstr_data &vinstr ) { [ & ]( const vinstr_data &vinstr ) {
( ++decrypt_key ) += vinstr.imm_size ? vinstr.imm_size / 8 : 0; ( ++decrypt_key ) += vinstr.imm_size ? vinstr.imm_size / 8 : 0;
} ); } );
std::reverse( virt_labels.begin(), virt_labels.end() ); start_addr = decrypt_key - 1; // make it zero based...
} std::for_each( virt_labels.begin(), virt_labels.end(), [ & ]( vm::vlabel_data &label ) {
decrypt_key = start_addr;
result.push_back( { label.label_name, start_addr } );
start_addr = decrypt_key; if ( vmctx->exec_type == vmp2::exec_type_t::forward )
{
std::for_each( label.vinstrs.begin(), label.vinstrs.end(), [ & ]( vm::vinstr_data &vinstr ) {
std::uint8_t opcode = vinstr.vm_handler;
std::uint64_t operand = 0u;
// loop over the instructions and encrypt them... // encrypt opcode...
for ( auto &label : virt_labels ) std::tie( opcode, decrypt_key ) =
{ vm::instrs::encrypt_operand( calc_jmp_transforms, vinstr.vm_handler, decrypt_key );
result.push_back( { label.label_name, start_addr } );
// if there is an operand then we will encrypt that as well..
if ( vmctx->vm_handlers[ vinstr.vm_handler ].imm_size )
{
auto &vm_handler_transforms = vmctx->vm_handlers[ vinstr.vm_handler ].transforms;
std::tie( operand, decrypt_key ) =
vm::instrs::encrypt_operand( vm_handler_transforms, vinstr.operand, decrypt_key );
}
else // else just push back the opcode...
{
result.back().vinstrs.push_back( opcode );
return; // finished here...
}
for ( auto &vinstr : label.vinstrs ) result.back().vinstrs.push_back( opcode );
for ( auto idx = 0u; idx < vmctx->vm_handlers[ vinstr.vm_handler ].imm_size / 8; ++idx )
result.back().vinstrs.push_back( reinterpret_cast< std::uint8_t * >( &vinstr.operand )[ idx ] );
} );
}
else
{ {
auto vm_handler_idx = vinstr.vm_handler; std::for_each( label.vinstrs.begin(), label.vinstrs.end(), [ & ]( vm::vinstr_data &vinstr ) {
std::tie( vinstr.vm_handler, decrypt_key ) = std::uint8_t opcode = vinstr.vm_handler, opcode_test = 0u;
vm::instrs::encrypt_operand( calc_jmp_transforms, vinstr.vm_handler, decrypt_key ); std::uint64_t operand = 0u;
std::uint64_t test_decrypt_key;
if ( !vinstr.imm_size ) // encrypt opcode...
{ std::tie( opcode, decrypt_key ) =
result.back().vinstrs.push_back( vinstr.vm_handler ); vm::instrs::encrypt_operand( calc_jmp_transforms, vinstr.vm_handler, decrypt_key );
continue;
}
auto transforms = vmctx->vm_handlers.at( vm_handler_idx ).transforms; std::tie( opcode_test, test_decrypt_key ) =
vm::instrs::decrypt_operand( calc_jmp_transforms, opcode, decrypt_key );
std::tie( vinstr.operand, decrypt_key ) = // if there is an operand then we will encrypt that as well..
vm::instrs::encrypt_operand( transforms, vinstr.operand, decrypt_key ); if ( vmctx->vm_handlers[ vinstr.vm_handler ].imm_size )
{
auto &vm_handler_transforms = vmctx->vm_handlers[ vinstr.vm_handler ].transforms;
// operands must be backwards if VIP advances backward... std::tie( operand, decrypt_key ) =
if ( vmctx->exec_type == vmp2::exec_type_t::backward ) vm::instrs::encrypt_operand( vm_handler_transforms, vinstr.operand, decrypt_key );
{ }
for ( auto idx = 0u; idx < vinstr.imm_size / 8; ++idx ) else // else just push back the opcode...
result.back().vinstrs.push_back( reinterpret_cast< std::uint8_t * >( &vinstr.operand )[ idx ] ); {
result.back().vinstrs.insert( result.back().vinstrs.begin(), 1, opcode );
return; // finished here...
}
result.back().vinstrs.push_back( vinstr.vm_handler ); // operand goes first, then opcode when vip advances backwards...
} std::vector< std::uint8_t > _temp;
else for ( auto idx = 0u; idx < vmctx->vm_handlers[ vinstr.vm_handler ].imm_size / 8; ++idx )
{ _temp.push_back( reinterpret_cast< std::uint8_t * >( &operand )[ idx ] );
result.back().vinstrs.push_back( vinstr.vm_handler );
for ( auto idx = 0u; idx < vinstr.imm_size / 8; ++idx ) result.back().vinstrs.insert( result.back().vinstrs.begin(), _temp.begin(), _temp.end() );
result.back().vinstrs.push_back( reinterpret_cast< std::uint8_t * >( &vinstr.operand )[ idx ] ); result.back().vinstrs.insert( result.back().vinstrs.begin() + _temp.size(), opcode );
} } );
} }
result.back().enc_alloc_rva = encrypt_rva( start_addr ); result.back().enc_alloc_rva = encrypt_rva( start_addr );
start_addr += result.back().vinstrs.size(); start_addr += result.back().vinstrs.size() - 1; // make it zero based...
} } );
return result; return result;
} }

@ -74,7 +74,7 @@ std::string gen_code( std::vector< vm::compiled_label_data > &labels, std::strin
using s64 = signed long long; using s64 = signed long long;
using __vmcall_t = void* (*)(...); using __vmcall_t = void* (*)(...);
constexpr u8 IMAGE_DIRECTORY_ENTRY_BASERELOC = 8; constexpr u8 IMAGE_DIRECTORY_ENTRY_BASERELOC = 5;
constexpr u8 IMAGE_REL_BASED_ABSOLUTE = 0; constexpr u8 IMAGE_REL_BASED_ABSOLUTE = 0;
constexpr u8 IMAGE_REL_BASED_DIR64 = 10; constexpr u8 IMAGE_REL_BASED_DIR64 = 10;
@ -463,7 +463,6 @@ int __cdecl main( int argc, const char *argv[] )
std::printf( "> " ); std::printf( "> " );
{ {
auto idx = 0u;
for ( auto byte : label.vinstrs ) for ( auto byte : label.vinstrs )
std::printf( "0x%x ", byte ); std::printf( "0x%x ", byte );

@ -17,7 +17,7 @@ namespace vm
using s64 = signed long long; using s64 = signed long long;
using __vmcall_t = void* (*)(...); using __vmcall_t = void* (*)(...);
constexpr u8 IMAGE_DIRECTORY_ENTRY_BASERELOC = 8; constexpr u8 IMAGE_DIRECTORY_ENTRY_BASERELOC = 5;
constexpr u8 IMAGE_REL_BASED_ABSOLUTE = 0; constexpr u8 IMAGE_REL_BASED_ABSOLUTE = 0;
constexpr u8 IMAGE_REL_BASED_DIR64 = 10; constexpr u8 IMAGE_REL_BASED_DIR64 = 10;
@ -139,14 +139,14 @@ namespace vm
enum class calls : u32 enum class calls : u32
{ {
get_world = 0xbffd6ff5, get_hello = 0xbffd6ff6,
get_hello = 0xbffd6fe9, get_world = 0xbffd6feb,
}; };
inline _pair_t< u8, calls > call_map[2] = inline _pair_t< u8, calls > call_map[2] =
{ {
{ 0, calls::get_world }, { 0, calls::get_hello },
{ 1, calls::get_hello }, { 1, calls::get_world },
}; };
__declspec(align(1)) struct _gen_data __declspec(align(1)) struct _gen_data
@ -158,14 +158,14 @@ namespace vm
u8 map_area[0x29000]; u8 map_area[0x29000];
u8 __get_world_vinstrs[12] = u8 __get_hello_vinstrs[12] =
{ {
0xff, 0xff, 0xff, 0xfe, 0xc7, 0xf0, 0xd6, 0x30, 0x1a, 0xff, 0x94, 0x80, 0x7f, 0x0, 0x93, 0xff, 0xff, 0xff, 0xfe, 0xc7, 0xf0, 0xd6, 0x31, 0x19,
}; };
u8 __get_hello_vinstrs[12] = u8 __get_world_vinstrs[12] =
{ {
0xff, 0xff, 0xff, 0xfe, 0xc7, 0xf1, 0xd6, 0x58, 0x72, 0xa7, 0xec, 0xd8, 0x8a, 0xf5, 0x9e, 0xff, 0xff, 0xff, 0xfe, 0xc7, 0xf0, 0xd6, 0x6, 0x24,
}; };
u8 __vmcall_shell_code[2][15] = u8 __vmcall_shell_code[2][15] =

Loading…
Cancel
Save