|
|
|
@ -50,10 +50,10 @@ namespace vm
|
|
|
|
|
{
|
|
|
|
|
for ( auto itr = vmctx->vm_handlers.begin(); itr != vmctx->vm_handlers.end(); ++itr )
|
|
|
|
|
{
|
|
|
|
|
vinstrs.push_back( { label_data->label_name } );
|
|
|
|
|
virt_labels.push_back( { label_data->label_name } );
|
|
|
|
|
if ( itr->profile && itr->profile->name == vinstr.name )
|
|
|
|
|
{
|
|
|
|
|
vinstrs.back().vinstrs.push_back( { ( std::uint8_t )( itr - vmctx->vm_handlers.begin() ),
|
|
|
|
|
virt_labels.back().vinstrs.push_back( { ( std::uint8_t )( itr - vmctx->vm_handlers.begin() ),
|
|
|
|
|
vinstr.imm, itr->profile->imm_size } );
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
@ -62,11 +62,12 @@ namespace vm
|
|
|
|
|
return true;
|
|
|
|
|
} );
|
|
|
|
|
|
|
|
|
|
return &vinstrs;
|
|
|
|
|
return &virt_labels;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
std::vector< compiled_label_data > compiler_t::encrypt()
|
|
|
|
|
{
|
|
|
|
|
std::vector< compiled_label_data > result;
|
|
|
|
|
const auto end_of_module = vmctx->image_size + vmctx->image_base;
|
|
|
|
|
|
|
|
|
|
// decryption key starts off as the image
|
|
|
|
@ -74,7 +75,7 @@ namespace vm
|
|
|
|
|
std::uintptr_t decrypt_key = end_of_module, start_addr;
|
|
|
|
|
if ( vmctx->exec_type == vmp2::exec_type_t::backward )
|
|
|
|
|
{
|
|
|
|
|
std::for_each( vinstrs.begin(), vinstrs.end(), [ & ]( const vinstr_data &vinstr ) {
|
|
|
|
|
std::for_each( virt_labels.begin(), virt_labels.end(), [ & ]( const vinstr_data &vinstr ) {
|
|
|
|
|
( ++decrypt_key ) += vinstr.imm_size ? vinstr.imm_size / 8 : 0;
|
|
|
|
|
} );
|
|
|
|
|
}
|
|
|
|
@ -82,46 +83,54 @@ namespace vm
|
|
|
|
|
|
|
|
|
|
// invert the encoded virtual instructions operands if vip advances backward...
|
|
|
|
|
if ( vmctx->exec_type == vmp2::exec_type_t::backward )
|
|
|
|
|
std::reverse( vinstrs.begin(), vinstrs.end() );
|
|
|
|
|
std::reverse( virt_labels.begin(), virt_labels.end() );
|
|
|
|
|
|
|
|
|
|
// loop over the instructions and encrypt them...
|
|
|
|
|
for ( auto &vinstr : vinstrs )
|
|
|
|
|
for ( auto &label : virt_labels )
|
|
|
|
|
{
|
|
|
|
|
std::printf( "> decrypt key = 0x%p\n", decrypt_key );
|
|
|
|
|
result.push_back( { label.label_name, start_addr } );
|
|
|
|
|
|
|
|
|
|
auto vm_handler_idx = vinstr.vm_handler;
|
|
|
|
|
std::tie( vinstr.vm_handler, decrypt_key ) =
|
|
|
|
|
vm::instrs::encrypt_operand( calc_jmp_transforms, vinstr.vm_handler, decrypt_key );
|
|
|
|
|
|
|
|
|
|
if ( !vinstr.imm_size )
|
|
|
|
|
for ( auto &vinstr : label.vinstrs )
|
|
|
|
|
{
|
|
|
|
|
result_buffer.push_back( vinstr.vm_handler );
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
std::printf( "> decrypt key = 0x%p\n", decrypt_key );
|
|
|
|
|
|
|
|
|
|
auto transforms = vmctx->vm_handlers.at( vm_handler_idx ).transforms;
|
|
|
|
|
auto vm_handler_idx = vinstr.vm_handler;
|
|
|
|
|
std::tie( vinstr.vm_handler, decrypt_key ) =
|
|
|
|
|
vm::instrs::encrypt_operand( calc_jmp_transforms, vinstr.vm_handler, decrypt_key );
|
|
|
|
|
|
|
|
|
|
std::tie( vinstr.operand, decrypt_key ) =
|
|
|
|
|
vm::instrs::encrypt_operand( transforms, vinstr.operand, decrypt_key );
|
|
|
|
|
if ( !vinstr.imm_size )
|
|
|
|
|
{
|
|
|
|
|
result.back().vinstrs.push_back( vinstr.vm_handler );
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// operands must be backwards if VIP advances backward...
|
|
|
|
|
if ( vmctx->exec_type == vmp2::exec_type_t::backward )
|
|
|
|
|
{
|
|
|
|
|
for ( auto idx = 0u; idx < vinstr.imm_size / 8; ++idx )
|
|
|
|
|
result_buffer.push_back( reinterpret_cast< std::uint8_t * >( &vinstr.operand )[ idx ] );
|
|
|
|
|
auto transforms = vmctx->vm_handlers.at( vm_handler_idx ).transforms;
|
|
|
|
|
|
|
|
|
|
result_buffer.push_back( vinstr.vm_handler );
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
result_buffer.push_back( vinstr.vm_handler );
|
|
|
|
|
std::tie( vinstr.operand, decrypt_key ) =
|
|
|
|
|
vm::instrs::encrypt_operand( transforms, vinstr.operand, decrypt_key );
|
|
|
|
|
|
|
|
|
|
for ( auto idx = 0u; idx < vinstr.imm_size / 8; ++idx )
|
|
|
|
|
result_buffer.push_back( reinterpret_cast< std::uint8_t * >( &vinstr.operand )[ idx ] );
|
|
|
|
|
// operands must be backwards if VIP advances backward...
|
|
|
|
|
if ( vmctx->exec_type == vmp2::exec_type_t::backward )
|
|
|
|
|
{
|
|
|
|
|
for ( auto idx = 0u; idx < vinstr.imm_size / 8; ++idx )
|
|
|
|
|
result.back().vinstrs.push_back( reinterpret_cast< std::uint8_t * >( &vinstr.operand )[ idx ] );
|
|
|
|
|
|
|
|
|
|
result.back().vinstrs.push_back( vinstr.vm_handler );
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
result.back().vinstrs.push_back( vinstr.vm_handler );
|
|
|
|
|
|
|
|
|
|
for ( auto idx = 0u; idx < vinstr.imm_size / 8; ++idx )
|
|
|
|
|
result.back().vinstrs.push_back( reinterpret_cast< std::uint8_t * >( &vinstr.operand )[ idx ] );
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
result.back().enc_alloc_rva = encrypt_rva( start_addr );
|
|
|
|
|
start_addr += result.back().vinstrs.size();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return { start_addr, &result_buffer };
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
std::uint64_t compiler_t::encrypt_rva( std::uint64_t rva )
|
|
|
|
|