void buildvm_test(BuildExeInfo & build_info)
{
char * build_exec_name = build_info.get_filename();
printf("待处理文件:%s\n", build_exec_name);
CPEFile file;
if (!file.LoadPEFile(build_exec_name))
{
printf("file is not find!\n");
return;
}
CPEReloc reloc;
reloc = file;
reloc.DeleteReloc();
reloc.GetBaseReloc();
CPESection section;
section = file;
printf ("一共有%d个区段\n", section.GetSectionCount());
get_wprotect_sdk_address(section,build_info,"WProtect Begin","WProtect End");
VMAddressTable table( section.GetNewSectionBase(), 1024, false );
bool t_sign = table.get_sign();
table.set_sign(true);
long virtualmachine_address = table.assign_address(4096);
table.set_sign(t_sign);
VirtualMachineManage vm;
VirtualMachine *pvm = vm.add_virtual_machine(virtualmachine_address,false);
table.copy(virtualmachine_address,pvm->vm_info.buf,pvm->vm_info.size);
CodeBufferInfo Code;
for (BuildExeInfo::iterator iter = build_info.begin();
iter != build_info.end();
iter++)
{
long CodeStartAddr = iter->CodeStartAddr;
Code.buf = file.VaToPtr(CodeStartAddr);
Code.addr = CodeStartAddr;
Code.size = iter->CodeSize;
if (Code.size < 5)
{
printf("编译内容不能小于5Byte,容不下一个跳转\n");
return;
}
Analysis analysis;
std::vector<long> addr_table;
std::vector<long*> addr_entry_point;
analysis.analysis_address_table(&Code,
addr_table,
section.GetSectionMinAddress(),
section.GetSectionMaxAddress());
get_table_addr(section,addr_table,addr_entry_point);
BuildVMByteCode build(&vm,&Code,&table,addr_entry_point);
memset(Code.buf, 0, Code.size); // 旧代码置零
add_jmp_addr(file, CodeStartAddr, Code.addr); // 旧代码处修改为jmp Code.addr
}
#ifdef _DEBUG
FILE *pfile;
fopen_s( &pfile, "virtualmachine", "wb" );
fwrite( pvm->vm_info.buf, 1, pvm->vm_info.size, pfile );
fclose( pfile );
#endif
unsigned long section_size = (unsigned long)(table.buffer_size);
section.AddSection(".WPro",section_size,0xE0000020);
section.WriteSectionData(file.GetSectionCount()-1,
0,
(unsigned char*)table.buffer,
(unsigned long )table.buffer_size);
char new_file_name[256];
memset(new_file_name,0,256);
memcpy(new_file_name,build_exec_name,strlen(build_exec_name)-3);
strcat_s(new_file_name,256,"wp.exe");
printf("Out File:%s\n", new_file_name);
file.SavePEFile(new_file_name);
}
void buildvmtest_elf(BuildCodeInfo & build_info)
{
VirtualMachineManage vm;
CodeBufferInfo info;
CELFFile file;
char * build_exec_name = build_info.get_filename();
bool b = file.LoadELFFile(build_exec_name);
if (!b)
{
printf("file is not find\r\n");
return;
}
get_wprotect_sdk_address_elf(file,build_info,"WProtect Begin","WProtect End");
unsigned long section_size;
VMAddressTable table( file.GetNewSegmentSectionBase(),0x512,false);
bool t_sign = table.get_sign();
table.set_sign(true);
long virtualmachine_address = table.assign_address(0x1024);
table.set_sign(t_sign);
VirtualMachine *pvm = vm.add_virtual_machine(virtualmachine_address,false);
table.copy(virtualmachine_address,pvm->vm_info.buf,pvm->vm_info.size);
for (BuildCodeInfo::iterator iter = build_info.begin(); iter != build_info.end(); iter++)
{
long build_exec_addr = iter->build_exec_addr;
long build_exec_size = iter->build_exec_size;
info.buf = file.VaToPtr(build_exec_addr);
info.addr = build_exec_addr;
info.size = 0x40194f - 0x4014a0;
info.size = build_exec_size;
if (info.size < 5)
{
printf("Protect Size less than 5 Byte\n");
return;
}
//#define VM_DEBUG_BUILD
#ifdef VM_DEBUG_BUILD
Analysis analysis;
std::vector<CodePiece> code_list;
analysis.disasm(&info,code_list);
bool next = true;
for (std::vector<CodePiece>::iterator iter = code_list.begin();
iter != code_list.end();iter++)
{
bool begin = true;
//info.addr = 0;
//info.buf = 0;
if (iter->get_is_jcc())
info.size = iter->get_piece().back().insn_offset - iter->get_piece().front().insn_offset;
else
info.size = iter->get_piece().back().pc - iter->get_piece().front().insn_offset;
info.addr = iter->get_piece().front().insn_offset;
info.buf = section.VaToPtr(info.addr);
if (info.size < 5 )
{
printf("编译的地址不能小于5Byte,这段指令编译失败\n");
//return;
continue;
}
void * ptr_old_code = info.buf;
size_t old_code_size = info.size;
long old_addr = info.addr;
BuildVMByteCode build(&vm,&info,&table);
memset(ptr_old_code,0x90,old_code_size);
add_jmp_addr(file,old_addr,info.addr);
}
#else
void * ptr_old_code = info.buf;
size_t old_code_size = info.size;
Analysis analysis;
std::vector<long> addr_table;
std::vector<long*> addr_entry_point;
analysis.analysis_address_table(&info,addr_table,file.GetSectionMinAddress(),file.GetSectionMaxAddress());
get_table_addr_elf(file,addr_table,addr_entry_point);
BuildVMByteCode build(&vm,&info,&table,addr_entry_point);
memset(ptr_old_code,0,old_code_size);
add_jmp_addr_elf(file,build_exec_addr,info.addr);
#endif
}
FILE *pfile;
// VirtualMachine *pvm = vm.rand_virtual_machine();
//t_sign = table.get_sign();
//table.set_sign(true);
// long virtualmachine_address = table.assign_address(pvm->vm_info.size);
//table.set_sign(t_sign);
// table.copy(virtualmachine_address,pvm->vm_info.buf,pvm->vm_info.size);
section_size = (unsigned long)( table.buffer_size);
file.AddSegmentSection(".WProtect",section_size,PF_X|PF_R|PF_W);
file.WriteSegmentSectionData(file.GetProgramCount()-1,0,
(unsigned char*)table.buffer,(unsigned long *)&table.buffer_size);
char new_file_name[256];
//memset(new_file_name,0,256);
//memcpy(new_file_name,build_exec_name,strlen(build_exec_name)-3);
strcpy(new_file_name,build_exec_name);
strcat(new_file_name,"_WP");
file.SavePEFile(new_file_name);
printf("Out File:%s\n",new_file_name);
//pfile = fopen( "virtualmachine","wb" );
//fwrite( pvm->vm_info.buf,1,pvm->vm_info.size,pfile );
//fclose( file );
//delete [ ] buf;
}
void buildvmtest(BuildCodeInfo & build_info)
{
VirtualMachineManage vm;
CodeBufferInfo info;
CPEFile file;
char * build_exec_name = build_info.get_filename();
bool b = file.LoadPEFile(build_exec_name);
if (!b)
{
printf("file is not find\r\n");
return;
}
if (!file.IsPEFile())
{
printf("executable file type error\n");
return;
}
CPESection section;
CPEReloc reloc;
section = file;
reloc = file;
reloc.DeleteReloc();
reloc.GetBaseReloc();
for (int i = 0;i<section.GetSectionCount();i++)
{
//section.GetRelocations(i);
}
//printf ("一共有%d个区段\r\n");
/*for (int i = 0;i < section.GetSectionCount();i++)
{
DWORD size;
BYTE * data = section.GetSectionData(i,&size);
printf("第%d个区段,大小%d\n",i,size);
for (int x = 0;x<size;x++)
{
printf("%x ",data[x]);
if ((x+1)%16==0)
{
printf("\n");
}
}
}*/
get_wprotect_sdk_address(section,build_info,"WProtect Begin","WProtect End");
unsigned long section_size;
VMAddressTable table( section.GetNewSectionBase(),0x512,false);
bool t_sign = table.get_sign();
table.set_sign(true);
long virtualmachine_address = table.assign_address(0x1024);
table.set_sign(t_sign);
VirtualMachine *pvm = vm.add_virtual_machine(virtualmachine_address,false);
table.copy(virtualmachine_address,pvm->vm_info.buf,pvm->vm_info.size);
for (BuildCodeInfo::iterator iter = build_info.begin(); iter != build_info.end(); iter++)
{
long build_exec_addr = iter->build_exec_addr;
long build_exec_size = iter->build_exec_size;
info.buf = file.VaToPtr(build_exec_addr);
info.addr = build_exec_addr;
info.size = 0x40194f - 0x4014a0;
info.size = build_exec_size;
if (info.size < 5)
{
printf("Protect Size less than 5 Byte\n");
return;
}
//#define VM_DEBUG_BUILD
#ifdef VM_DEBUG_BUILD
Analysis analysis;
std::vector<CodePiece> code_list;
analysis.disasm(&info,code_list);
bool next = true;
for (std::vector<CodePiece>::iterator iter = code_list.begin();
iter != code_list.end();iter++)
{
bool begin = true;
//info.addr = 0;
//info.buf = 0;
if (iter->get_is_jcc())
info.size = iter->get_piece().back().insn_offset - iter->get_piece().front().insn_offset;
else
info.size = iter->get_piece().back().pc - iter->get_piece().front().insn_offset;
info.addr = iter->get_piece().front().insn_offset;
info.buf = section.VaToPtr(info.addr);
if (info.size < 5 )
{
printf("编译的地址不能小于5Byte,这段指令编译失败\n");
//return;
continue;
}
void * ptr_old_code = info.buf;
size_t old_code_size = info.size;
long old_addr = info.addr;
BuildVMByteCode build(&vm,&info,&table);
memset(ptr_old_code,0x90,old_code_size);
add_jmp_addr(file,old_addr,info.addr);
}
#else
void * ptr_old_code = info.buf;
size_t old_code_size = info.size;
Analysis analysis;
std::vector<long> addr_table;
std::vector<long*> addr_entry_point;
analysis.analysis_address_table(&info,addr_table,section.GetSectionMinAddress(),section.GetSectionMaxAddress());
get_table_addr(section,addr_table,addr_entry_point);
BuildVMByteCode build(&vm,&info,&table,addr_entry_point);
memset(ptr_old_code,0,old_code_size);
add_jmp_addr(file,build_exec_addr,info.addr);
#endif
}
FILE *pfile;
// VirtualMachine *pvm = vm.rand_virtual_machine();
//t_sign = table.get_sign();
//table.set_sign(true);
// long virtualmachine_address = table.assign_address(pvm->vm_info.size);
//table.set_sign(t_sign);
// table.copy(virtualmachine_address,pvm->vm_info.buf,pvm->vm_info.size);
section_size = (unsigned long)( table.buffer_size);
section.AddSection(".WProtect",section_size,0xE0000020);
section.WriteSectionData(file.GetSectionCount()-1,0,
(unsigned char*)table.buffer,(unsigned long *)&table.buffer_size);
char new_file_name[256];
memset(new_file_name,0,256);
memcpy(new_file_name,build_exec_name,strlen(build_exec_name)-3);
strcat(new_file_name,"wp.exe");
file.SavePEFile(new_file_name);
printf("Out File:%s\n",new_file_name);
//pfile = fopen( "virtualmachine","wb" );
//fwrite( pvm->vm_info.buf,1,pvm->vm_info.size,pfile );
//fclose( file );
//delete [ ] buf;
}
int vmtest()
{
//VirtualMachine vm(0x401000);
VirtualMachineManage vm;
PCode pcode;
SeniorVMHandle vmhandle(&pcode);
FILE *file;
VirtualMachine * pvm = vm.add_virtual_machine(0x401000); //可能发生溢出
vm.rand_virtual_machine();
// PCode *pcode = new PCode;
vm.moc(pvm,&pcode);
unsigned char * buf = new unsigned char [0xffff];
unsigned long size;
size = pvm->vm_info.size;
memcpy(buf,pvm->vm_info.buf,pvm->vm_info.size);
//pcode->v_pop_register(T_EAX);
// pcode->v_pop_register(T_EBX);
//pcode->v_push_register(T_AX);
//pcode->v_push_register(T_BX);
//pcode->v_pop_register(T_BX);
// pcode->v_pop_register(T_AX);
//vmhandle.d_and(T_EAX,T_EBX);
// vmhandle.d_xor(T_EAX);
//vmhandle.d_or(T_EAX,T_EBX);
// vmhandle.d_xor(T_EAX,T_EBX);
// vmhandle.d_xor(T_EAX,T_EBX);
// pcode->v_pop_register(T_INVALID);
//pcode->v_push_register(T_EAX);
// pcode->v_push_register(T_EBX);
// vmhandle.w_push_imm_sx(0xf7ea);
vmhandle.upset_register_array( vmhandle.pcode->register_store_in );
vmhandle.start();
//vmhandle.r_get_mem(T_ESP,T_EAX,0,0);
// vmhandle.push(T_ESP,false);
// vmhandle.d_sub(T_EAX,T_EBX);
//pcode->v_pop_register(T_EFLAG);
//pcode->v_pop_register(T_EAX);
//vmhandle.set_protect_grade(true);
//vmhandle.d_add(T_EAX,T_EBX);
//vmhandle.pop(T_INVALID);
//vmhandle.pop(T_INVALID);
//vmhandle.r_get_mem( T_ESP,0,0,0 );
//vmhandle.pop( T_EAX );
//vmhandle.d_and( T_EAX,0 ,true);
//vmhandle.pop( T_INVALID );
// vmhandle.pop( T_EAX );
//vmhandle.upset_register_array( vmhandle.pcode->register_store_out );
//vmhandle.recover_vm_context( );
//RegisterStore reg_bak;
//reg_bak = vmhandle.pcode->register_store_in ;
//vmhandle.pcode->register_store_in = vmhandle.pcode->register_store_out;
//vmhandle.save_vm_context( );
vmhandle.popf( );
//vmhandle.pushf( );
//vmhandle.pushad( );
//vmhandle.push( T_EAX ) ;
vmhandle.exit( );
// vmhandle.pcode->register_store_in = reg_bak;
//vmhandle.exit( );
//vmhandle.push( T_EFLAG );
//vmhandle.pop(T_EAX);
//vmhandle.d_push_imm(0xffffffff);
//vmhandle.pop(T_EBX);
//vmhandle.b_push_imm(0xFF);
// vmhandle.d_not(T_EAX);
//vmhandle.d_xor(T_EAX,T_EDX);
//pcode->v_pop_register(T_EFLAG32);
// vmhandle.w_xor(T_DX,T_BX);
// vmhandle.w_xor(T_DX,T_AX);
//pcode->v_push_register(T_DL);
//pcode->v_push_register(T_DH);
// pcode->v_pop_register(T_AL);
//vmhandle.d_not(T_EDX);
//vmhandle.popf();
//pcode->v_pop_register(T_EDX);
//pcode->v_pop_register(T_AH);
//vmhandle.b_or(T_AL,T_DH);
//vmhandle.popf();
//pcode->v_pop_register(T_AL);
//vmhandle.d_add(T_EBX,T_EDX);
// pcode->v_pop_register(T_ECX);
//pcode->v_pop_register(T_AL);
// vmhandle.w_xor(T_AX,T_DX);
//vmhandle.popf();
//pcode->v_pop_register(T_DX);
//vmhandle.exit();
long key = pcode.get_original_key();
ppcode_block_info info = pvm->add_new_function(0x401000+pvm->vm_info.size,&pcode,0x401000,123456,key);
memcpy(&buf[size],info->buf,info->size);
size += info->size;
//delete pcode;
file = fopen("code","wb");
fwrite(buf,1,size,file);
fclose(file);
delete [] buf;
// delete pcode;
return 0;
}
