├── .gitattributes ├── pics ├── obfus.h.png ├── how-it-works.png ├── before_and_after.png ├── before_and_after_2.png └── how-it-works.txt ├── tests ├── disasm-security-audit │ ├── example.h │ ├── legacy_tests │ │ ├── example.c │ │ ├── C │ │ │ ├── before_x64.c │ │ │ ├── before_x86.c │ │ │ ├── after_x86.c │ │ │ └── after_x64.c │ │ └── ASM │ │ │ ├── before_x64.asm │ │ │ └── before_x86.asm │ ├── TinySnake_after.c │ └── TinySnake_before.c ├── build_all.bat ├── dll.c ├── hello_dll.c ├── fib.c ├── sorter.c ├── virtualmachine_unit.c ├── virtualmachine.c └── hello_win.c ├── LICENSE ├── include-updater └── obfh-update.cmd ├── README.md └── include └── obfus.h /.gitattributes: -------------------------------------------------------------------------------- 1 | *.asm linguist-detectable=false -------------------------------------------------------------------------------- /pics/obfus.h.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/horsicq/obfus.h/main/pics/obfus.h.png -------------------------------------------------------------------------------- /pics/how-it-works.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/horsicq/obfus.h/main/pics/how-it-works.png -------------------------------------------------------------------------------- /pics/before_and_after.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/horsicq/obfus.h/main/pics/before_and_after.png -------------------------------------------------------------------------------- /tests/disasm-security-audit/example.h: -------------------------------------------------------------------------------- 1 | #define teststr "%d) Hello, world!\n" 2 | #define errstr "Error!" -------------------------------------------------------------------------------- /pics/before_and_after_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/horsicq/obfus.h/main/pics/before_and_after_2.png -------------------------------------------------------------------------------- /tests/build_all.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | rem Set TCC directory 3 | set "path=%path%;C:\tcc" 4 | 5 | set "FLAGS=-w -D NO_CFLOW -D ANTIDEBUG_V2 -D FAKE_SIGNS -D VIRT" 6 | 7 | for %%F in ( 8 | dll.c 9 | fib.c 10 | hello_dll.c 11 | hello_win.c 12 | sorter.c 13 | virtualmachine.c 14 | virtualmachine_unit.c 15 | ) do ( 16 | tcc "%%F" %FLAGS% 17 | ) 18 | -------------------------------------------------------------------------------- /tests/dll.c: -------------------------------------------------------------------------------- 1 | //+--------------------------------------------------------------------------- 2 | // 3 | // dll.c - Windows DLL example - dynamically linked part 4 | // 5 | 6 | #include 7 | #include "../include/obfus.h" 8 | 9 | // Exported data 10 | __declspec(dllexport) const char *hello_data = "(not set)"; 11 | 12 | // Exported function 13 | __declspec(dllexport) void hello_func(void) 14 | { 15 | MessageBoxA(NULL, hello_data, "From DLL", MB_ICONINFORMATION); 16 | } 17 | -------------------------------------------------------------------------------- /tests/disasm-security-audit/legacy_tests/example.c: -------------------------------------------------------------------------------- 1 | 2 | #include 3 | 4 | // #define no_cflow 1 5 | // #define no_antidebug 1 6 | #include "../../include/obfus.h" 7 | #include "example.h" // test header import 8 | 9 | void main() { 10 | int i = 0; 11 | for (i = 0; i < 5; i++) { 12 | char *out = malloc(256); 13 | 14 | strcpy(out, teststr); 15 | 16 | sprintf(out, out, (i + 1)); 17 | 18 | if (out) { 19 | printf(out); 20 | } else { 21 | printf(errstr); 22 | } 23 | 24 | free(out); 25 | } 26 | 27 | getch(); 28 | } -------------------------------------------------------------------------------- /tests/hello_dll.c: -------------------------------------------------------------------------------- 1 | //----------------------------------------------------------------------------- 2 | // HELLO_DLL.C - Windows DLL example - Main Application Entry Point 3 | //----------------------------------------------------------------------------- 4 | 5 | #include 6 | #include "../include/obfus.h" 7 | 8 | // Function prototype for DLL function 9 | void hello_func(void); 10 | 11 | // Import external constant defined in the DLL 12 | __declspec(dllimport) extern const char *hello_data; 13 | 14 | // Entry point for the Windows application 15 | int WINAPI WinMain( 16 | HINSTANCE hInstance, 17 | HINSTANCE hPrevInstance, 18 | LPSTR lpCmdLine, 19 | int nCmdShow) 20 | { 21 | // Set the shared DLL data to a greeting message 22 | hello_data = "Hello World!"; 23 | 24 | // Call the DLL's function to display or process the message 25 | hello_func(); 26 | 27 | // Exit the application 28 | return 0; 29 | } 30 | -------------------------------------------------------------------------------- /tests/fib.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include // For atoi() 3 | 4 | #include "../include/obfus.h" 5 | 6 | /** 7 | * Computes the nth Fibonacci number recursively. 8 | * For n <= 2, returns 1. 9 | * For n > 2, returns fib(n-1) + fib(n-2). 10 | * 11 | * @param n The position in the Fibonacci sequence (must be >= 1). 12 | * @return The nth Fibonacci number. 13 | */ 14 | int fib(int n) { 15 | if (n <= 2) { 16 | return 1; 17 | } else { 18 | return fib(n - 1) + fib(n - 2); 19 | } 20 | } 21 | 22 | /** 23 | * Entry point of the program. 24 | * Expects a single command-line argument specifying n. 25 | * Prints the nth Fibonacci number. 26 | * 27 | * Usage: 28 | * fib n 29 | * 30 | * Example: 31 | * fib 10 32 | * Output: fib(10) = 55 33 | */ 34 | int main(int argc, char **argv) { 35 | if (argc < 2) { 36 | printf("Usage: fib n\n"); 37 | printf("Compute the nth Fibonacci number.\n"); 38 | return 1; 39 | } 40 | 41 | int n = atoi(argv[1]); 42 | printf("fib(%d) = %d\n", n, fib(n)); 43 | return 0; 44 | } 45 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2024 DosX 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /tests/sorter.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #include "../include/obfus.h" 4 | 5 | void main() { 6 | int arr[] = { 7 | 1524, 5772, 9906, 9432, 5306, 5762, 4371, 9723, 9262, 9163, 548, 3736, 3436, 7444, 8 | 9943, 811, 4215, 4729, 2628, 4105, 4037, 4083, 5397, 8664, 9460, 1784, 3785, 3067, 9 | 9358, 7312, 8307, 1937, 4282, 3470, 5392, 9720, 4800, 4886, 8412, 7641, 9326, 3347, 10 | 2090, 4488, 9799, 7541, 316, 9869, 2501, 4003, 9095, 784, 1351, 1507, 8407, 5526, 11 | 9557, 5974, 9651, 5200, 4325, 2102, 9228, 6673, 4274, 7979, 5030, 2421, 3103, 9062, 12 | 4841, 2096, 3501, 8380, 2422, 6122, 6033, 855, 6767, 4297, 8859, 7955, 176, 8883, 13 | 5556, 4988, 6100, 6091, 9274, 8378, 7696, 8531, 3927, 8836, 6839, 3592, 2739, 3150, 14 | 7955, 2887, 5002, 3536, 5918, 627, 5063, 6466, 7177, 5152, 5581, 4314, 1617, 8122, 15 | 4920, 3178, 7696, 4357, 6206, 2738, 529, 6669, 5035, 7676, 1470, 616, 1784, 2596, 16 | 6340, 1917, 7703, 7437, 9938, 7014, 8238, 5793, 758, 9369, 6611, 8693, 4445, 2894, 17 | 7870, 9801, 2581, 3915, 938, 184, 8947, 329, 9964, 2499, 8741, 3345, 8551, 7111, 18 | 3362, 1029, 3947}; 19 | 20 | int n = sizeof(arr) / sizeof(arr[0]); 21 | 22 | int key, j; 23 | for (int i = 1; i < n; i++) { 24 | key = arr[i]; 25 | j = i - 1; 26 | while (j >= 0 && arr[j] > key) { 27 | arr[j + 1] = arr[j]; 28 | j = j - 1; 29 | } 30 | arr[j + 1] = key; 31 | } 32 | 33 | for (int f = 0; f < n; f++) printf("%d ", arr[f]); 34 | printf("\n"); 35 | } -------------------------------------------------------------------------------- /pics/how-it-works.txt: -------------------------------------------------------------------------------- 1 | ┌────────────────────────────────────┐ 2 | │ ------------- Sources ------------ │ 3 | ├────────────────────────────────────┤ 4 | │ ┌─────────────┐ ┌───────────┐ │ 5 | │ │ Your C code │ + │ ↯ obfus.h ├───┼──────┐ 6 | │ └─────────────┘ └───────────┘ │ │ 7 | └──────────────────┬─────────────────┘ │ 8 | │ | 9 | ┌──────────────────▼─────────────────┐ │ 10 | │ ---------- PreProcessor ---------- │ │ 11 | ├────────────────────────────────────┤ │ 12 | │ ┌────────────────────────┐ │ │ 13 | │ ┌─┤ 1. Fake signatures ◄─────┼──────┘ 14 | │ | └────────────────────────┘ │ 15 | │ | ┌────────────────────────┐ │ 16 | | └─► 2. Control Flow ├─┐ | 17 | │ │ obfuscation │ | | 18 | │ └────────────────────────┘ | │ 19 | │ ┌────────────────────────┐ | │ 20 | │ ┌─┤ 3. Virtualization ◄─┘ | 21 | │ | └────────────────────────┘ │ 22 | │ | ┌────────────────────────┐ │ 23 | │ └─► 4. Anti-Debugger ├─┐ | 24 | │ └────────────────────────┘ | │ 25 | │ ┌────────────────────────┐ | │ 26 | │ │ 5. Various code ◄─┘ | 27 | │ | mutations | | 28 | │ └───┬────────────────────┘ │ 29 | └─────────┼──────────────────────────┘ 30 | ┌────▼─────┐ ┌────────┐ 31 | │ Compiler ├─────► Linker ├─────┐ 32 | └──────────┘ └────────┘ | 33 | ┌───────────────────────────┐ | 34 | │ Your program compiled ◄───┘ 35 | │ and protected! │ 36 | └───────────────────────────┘ -------------------------------------------------------------------------------- /tests/virtualmachine_unit.c: -------------------------------------------------------------------------------- 1 | // Unit testing is very helpful in fixing virtualization bugs, but fixing them is still always a big headache! 2 | 3 | #include 4 | #include 5 | 6 | #define VIRT 1 7 | #include "../include/obfus.h" 8 | 9 | void test_int_operations() { 10 | // Test integer operations 11 | assert(VM_ADD(15, 15) == 30); 12 | assert(VM_SUB(30, 15) == 15); 13 | assert(VM_MUL(5, 6) == 30); 14 | assert(VM_DIV(20, 4) == 5); 15 | assert(VM_MOD(20, 3) == 2); 16 | assert(VM_EQU(10, 10) == 1); 17 | assert(VM_EQU(10, 20) == 0); 18 | assert(VM_NEQ(10, 20) == 1); 19 | assert(VM_NEQ(10, 10) == 0); 20 | assert(VM_LSS(10, 20) == 1); 21 | assert(VM_LSS(20, 10) == 0); 22 | assert(VM_GTR(20, 10) == 1); 23 | assert(VM_GTR(10, 20) == 0); 24 | assert(VM_LEQ(10, 10) == 1); 25 | assert(VM_LEQ(20, 10) == 0); 26 | assert(VM_GEQ(20, 10) == 1); 27 | assert(VM_GEQ(10, 20) == 0); 28 | 29 | printf("Integer operations: Passed\n"); 30 | } 31 | 32 | void test_double_operations() { 33 | // Test double operations 34 | assert(VM_ADD_DBL(3.5, 4.5) == 8.0); 35 | assert(VM_SUB_DBL(10.0, 5.5) == 4.5); 36 | assert(VM_MUL_DBL(2.5, 4.0) == 10.0); 37 | assert(VM_DIV_DBL(20.0, 4.0) == 5.0); 38 | assert(VM_LSS_DBL(3.5, 4.5) == 1); 39 | assert(VM_LSS_DBL(4.5, 3.5) == 0); 40 | assert(VM_GTR_DBL(4.5, 3.5) == 1); 41 | assert(VM_GTR_DBL(3.5, 4.5) == 0); 42 | 43 | printf("Double operations: Passed\n"); 44 | } 45 | 46 | void main() { 47 | // Call all the tests 48 | test_int_operations(); 49 | test_double_operations(); 50 | } -------------------------------------------------------------------------------- /include-updater/obfh-update.cmd: -------------------------------------------------------------------------------- 1 | @echo off 2 | call:print " _ __ _ " 3 | call:print " ___ | |__ / _| _ _ ___ | |__ " 4 | call:print " / _ \ | '_ \ | |_ | | | |/ __| | '_ \ " 5 | call:print " | (_) || |_) || _|| |_| |\__ \ _ | | | |" 6 | call:print " \___/ |_.__/ |_| \__,_||___/(_)|_| |_|" 7 | 8 | echo. 9 | 10 | :: Host and protocol 11 | set "protocol=https" 12 | set "host=github.com:443" 13 | 14 | :: Path to file of obfus.h 15 | set "obfus_h_path=DosX-dev/obfus.h/raw/main/include/obfus.h" 16 | 17 | :: Save to directory... 18 | :: "\." - current directory (.\obfus.h) 19 | set "output_dir=.\" 20 | 21 | :: If error: 22 | :: 0 - stop 23 | :: 1 - continue (not recommended) 24 | set "onerror=0" 25 | 26 | :: Additional cURL options 27 | set "special=--ssl-no-revoke -s" 28 | 29 | 30 | 31 | call :process 32 | set /a process_el=errorlevel 33 | 34 | if "%onerror%" == "0" if "%errorlevel%" == "1" ( timeout 1 /nobreak>nul && call:log "STOPPED!" && pause>nul ) 35 | 36 | exit /b %process_el% 37 | 38 | :process 39 | set "curl_path=%windir%\System32\curl.exe" 40 | call:log "Getting the latest version of obfus.h protection from %host%..." 41 | 42 | if not exist "%curl_path%" ( 43 | call:log "Missing cURL executable at %curl_path%!" 44 | exit /b 1 45 | ) 46 | 47 | call "%curl_path%" -L %special% "%protocol%://%host%/%obfus_h_path%" -o "%output_dir%\obfus.h" 48 | 49 | if "%errorlevel%" == "0" ( 50 | call:log "Latest version of protection has been installed." 51 | exit /b 0 52 | ) else ( 53 | call:log "An error occurred while downloading the component package." 54 | exit /b 1 55 | ) 56 | goto :eof 57 | 58 | :log 59 | echo [%time%][pkg:obfus.h] %~1 60 | goto :eof 61 | 62 | :print 63 | for /f %%a in ('"prompt $H && for %%b in (1) do rem"') do set "bs=%%a" 64 | 2 | #include 3 | #include 4 | 5 | #define VIRT 1 6 | #include "../include/obfus.h" 7 | 8 | void main() { 9 | // VM_***(N1, N2) == RESULT == CORRECT 10 | printf("VM_ADD(15, 15) == %d == 30\n", VM_ADD(15, 15)); 11 | printf("VM_SUB(30, 15) == %d == 15\n", VM_SUB(30, 15)); 12 | printf("VM_MUL(5, 6) == %d == 30\n", VM_MUL(5, 6)); 13 | printf("VM_DIV(20, 4) == %d == 5\n", VM_DIV(20, 4)); 14 | printf("VM_MOD(20, 3) == %d == 2\n", VM_MOD(20, 3)); 15 | printf("VM_EQU(10, 10) == %d == 1\n", VM_EQU(10, 10)); 16 | printf("VM_EQU(10, 20) == %d == 0\n", VM_EQU(10, 20)); 17 | printf("VM_NEQ(10, 20) == %d == 1\n", VM_NEQ(10, 20)); 18 | printf("VM_NEQ(10, 20) == %d == 0\n", VM_NEQ(10, 10)); 19 | printf("VM_LSS(10, 20) == %d == 1\n", VM_LSS(10, 20)); 20 | printf("VM_LSS(20, 10) == %d == 0\n", VM_LSS(20, 10)); 21 | printf("VM_GTR(20, 10) == %d == 1\n", VM_GTR(20, 10)); 22 | printf("VM_GTR(10, 20) == %d == 0\n", VM_GTR(10, 20)); 23 | printf("VM_LEQ(10, 10) == %d == 1\n", VM_LEQ(10, 10)); 24 | printf("VM_LEQ(20, 10) == %d == 0\n", VM_LEQ(20, 10)); 25 | printf("VM_GEQ(20, 10) == %d == 1\n", VM_GEQ(20, 10)); 26 | printf("VM_GEQ(10, 20) == %d == 0\n", VM_GEQ(10, 20)); 27 | 28 | printf("VM_ADD_DBL(3.5, 4.5) == %.1f == 8.0\n", VM_ADD_DBL(3.5, 4.5)); 29 | printf("VM_SUB_DBL(10.0, 5.5) == %.1f == 4.5\n", VM_SUB_DBL(10.0, 5.5)); 30 | printf("VM_MUL_DBL(2.5, 4.0) == %.1f == 10.0\n", VM_MUL_DBL(2.5, 4.0)); 31 | printf("VM_DIV_DBL(20.0, 4.0) == %.1f == 5.0\n", VM_DIV_DBL(20.0, 4.0)); 32 | printf("VM_LSS_DBL(3.5, 4.5) == %d == 1\n", VM_LSS_DBL(3.5, 4.5)); 33 | printf("VM_LSS_DBL(4.5, 3.5) == %d == 0\n", VM_LSS_DBL(4.5, 3.5)); 34 | printf("VM_GTR_DBL(4.5, 3.5) == %d == 1\n", VM_GTR_DBL(4.5, 3.5)); 35 | printf("VM_GTR_DBL(3.5, 4.5) == %d == 0\n", VM_GTR_DBL(3.5, 4.5)); 36 | 37 | getch(); 38 | } -------------------------------------------------------------------------------- /tests/disasm-security-audit/legacy_tests/C/before_x64.c: -------------------------------------------------------------------------------- 1 | 2 | #include 3 | 4 | 5 | //------------------------------------------------------------------------- 6 | // Function declarations 7 | 8 | int sub_401000(); 9 | void __noreturn start(); 10 | int __fastcall sub_4011C3(__int64 a1, __int64 a2); 11 | // void *__cdecl malloc(size_t Size); 12 | // char *__cdecl strcpy(char *Destination, const char *Source); 13 | // int sprintf(char *const Buffer, const char *const Format, ...); 14 | // int printf(const char *const Format, ...); 15 | // void __cdecl free(void *Block); 16 | // int __cdecl getch(); 17 | // void __cdecl _set_app_type(_crt_app_type Type); 18 | // unsigned int __cdecl controlfp(unsigned int NewValue, unsigned int Mask); 19 | // __int64 __fastcall _getmainargs(_QWORD, _QWORD, _QWORD, _QWORD, _QWORD); weak 20 | // void __cdecl __noreturn exit(int Code); 21 | 22 | //------------------------------------------------------------------------- 23 | // Data declarations 24 | 25 | char Source[] = "%d) Hello, world!\n"; // idb 26 | // extern int _argc; 27 | // extern char **_argv; 28 | // extern char **environ; 29 | int dword_4021C0 = 0; // weak 30 | 31 | 32 | //----- (0000000000401000) ---------------------------------------------------- 33 | int sub_401000() 34 | { 35 | char *Destination; // [rsp+20h] [rbp-10h] 36 | int i; // [rsp+2Ch] [rbp-4h] 37 | 38 | for ( i = 0; i < 5; ++i ) 39 | { 40 | Destination = (char *)(int)malloc(0x100ui64); 41 | strcpy(Destination, Source); 42 | sprintf(Destination, Destination, (unsigned int)(i + 1)); 43 | if ( Destination ) 44 | printf(Destination); 45 | else 46 | printf("Error!"); 47 | free(Destination); 48 | } 49 | return getch(); 50 | } 51 | 52 | //----- (00000000004010E8) ---------------------------------------------------- 53 | void __noreturn start() 54 | { 55 | int v0; // eax 56 | int v1; // [rsp+4Ch] [rbp-4h] BYREF 57 | 58 | v1 = 0; 59 | _set_app_type(_crt_console_app); 60 | controlfp(0x10000u, 0x30000u); 61 | _getmainargs(*(_QWORD *)&_argc, _argv, environ, (unsigned int)dword_4021C0, &v1); 62 | v0 = sub_401000(); 63 | exit(v0); 64 | } 65 | // 401280: using guessed type __int64 __fastcall _getmainargs(_QWORD, _QWORD, _QWORD, _QWORD, _QWORD); 66 | // 4021C0: using guessed type int dword_4021C0; 67 | 68 | //----- (00000000004011C3) ---------------------------------------------------- 69 | // write access to const memory has been detected, the output may be wrong! 70 | int __fastcall sub_4011C3(__int64 a1, __int64 a2) 71 | { 72 | __int64 v2; // rbp 73 | 74 | *(_QWORD *)(v2 + 16) = a1; 75 | *(_QWORD *)(v2 + 24) = a2; 76 | _argc = *(_DWORD *)(v2 + 16); 77 | _argv = *(char ***)(v2 + 24); 78 | controlfp(0x10000u, 0x30000u); 79 | *(_QWORD *)(v2 - 8) = *(_QWORD *)&_argc; 80 | return sub_401000(); 81 | } 82 | // 4011D5: write access to const memory at 402088 has been detected 83 | // 4011E2: write access to const memory at 402090 has been detected 84 | // 4011C3: variable 'v2' is possibly undefined 85 | 86 | // nfuncs=13 queued=3 decompiled=3 lumina nreq=0 worse=0 better=0 87 | // ALL OK, 3 function(s) have been successfully decompiled 88 | -------------------------------------------------------------------------------- /tests/disasm-security-audit/legacy_tests/C/before_x86.c: -------------------------------------------------------------------------------- 1 | 2 | #include 3 | 4 | 5 | //------------------------------------------------------------------------- 6 | // Function declarations 7 | 8 | int sub_401000(); 9 | void __noreturn start(); // weak 10 | // int __usercall sub_4011E0@(int a1@); 11 | // int __usercall sub_4011E4@(int a1@); 12 | int __cdecl sub_401225(_DWORD *a1, char a2); 13 | // void *__cdecl malloc(size_t Size); 14 | // char *__cdecl strcpy(char *Destination, const char *Source); 15 | // int sprintf(char *const Buffer, const char *const Format, ...); 16 | // int printf(const char *const Format, ...); 17 | // void __cdecl free(void *Block); 18 | // int __cdecl getch(); 19 | // void __cdecl _set_app_type(_crt_app_type Type); 20 | // unsigned int __cdecl controlfp(unsigned int NewValue, unsigned int Mask); 21 | // int __cdecl _getmainargs(_DWORD, _DWORD, _DWORD, _DWORD, _DWORD); weak 22 | // void __cdecl __noreturn exit(int Code); 23 | 24 | //------------------------------------------------------------------------- 25 | // Data declarations 26 | 27 | int dword_401214[3] = { -1, 4198894, 4198915 }; // weak 28 | _UNKNOWN j__except_handler3; // weak 29 | char Source[] = "%d) Hello, world!\n"; // idb 30 | // extern int _argc; 31 | // extern char **_argv; 32 | // extern char **environ; 33 | int dword_40218C = 0; // weak 34 | 35 | 36 | //----- (00401000) -------------------------------------------------------- 37 | int sub_401000() 38 | { 39 | char *Destination; // [esp+0h] [ebp-8h] 40 | int i; // [esp+4h] [ebp-4h] 41 | 42 | for ( i = 0; i < 5; ++i ) 43 | { 44 | Destination = (char *)malloc(0x100u); 45 | strcpy(Destination, Source); 46 | sprintf(Destination, Destination, i + 1); 47 | if ( Destination ) 48 | printf(Destination); 49 | else 50 | printf("Error!"); 51 | free(Destination); 52 | } 53 | return getch(); 54 | } 55 | 56 | //----- (004010B0) -------------------------------------------------------- 57 | void __noreturn start() 58 | { 59 | int v0; // eax 60 | int v1; // [esp+8h] [ebp-1Ch] BYREF 61 | char v2[24]; // [esp+Ch] [ebp-18h] BYREF 62 | 63 | sub_401225(v2); 64 | v1 = 0; 65 | _set_app_type(_crt_console_app); 66 | controlfp(0x10000u, 0x30000u); 67 | _getmainargs(_argc, _argv, environ, dword_40218C, &v1); 68 | v0 = sub_401000(_argc, _argv, environ); 69 | exit(v0); 70 | } 71 | // 401000: using guessed type int __cdecl sub_401000(_DWORD, _DWORD, _DWORD); 72 | // 4010B0: using guessed type void __noreturn start(); 73 | // 4012A0: using guessed type int __cdecl _getmainargs(_DWORD, _DWORD, _DWORD, _DWORD, _DWORD); 74 | // 40218C: using guessed type int dword_40218C; 75 | // 4010B0: using guessed type char var_18[24]; 76 | 77 | //----- (004011E0) -------------------------------------------------------- 78 | int __usercall sub_4011E0@(int a1@) 79 | { 80 | return *(_DWORD *)(a1 - 20); 81 | } 82 | 83 | //----- (004011E4) -------------------------------------------------------- 84 | int __usercall sub_4011E4@(int a1@) 85 | { 86 | return **(_DWORD **)sub_4011E0(a1); 87 | } 88 | 89 | //----- (00401225) -------------------------------------------------------- 90 | int __cdecl sub_401225(_DWORD *a1, char a2) 91 | { 92 | int result; // eax 93 | 94 | *a1 = &a2; 95 | a1[1] = 0; 96 | a1[2] = NtCurrentTeb()->NtTib.ExceptionList; 97 | a1[3] = &sub_401220; 98 | a1[4] = dword_401214; 99 | result = 0; 100 | a1[5] = 0; 101 | return result; 102 | } 103 | // 401214: using guessed type int dword_401214[3]; 104 | 105 | // nfuncs=19 queued=5 decompiled=5 lumina nreq=0 worse=0 better=0 106 | // ALL OK, 5 function(s) have been successfully decompiled 107 | -------------------------------------------------------------------------------- /tests/hello_win.c: -------------------------------------------------------------------------------- 1 | //+--------------------------------------------------------------------------- 2 | // 3 | // HELLO_WIN.C - Windows GUI 'Hello World!' Example 4 | // 5 | //+--------------------------------------------------------------------------- 6 | 7 | #include 8 | #include "../include/obfus.h" 9 | 10 | #define APPNAME "Turn around" 11 | 12 | char szAppName[] = APPNAME; // Application name 13 | char szTitle[] = APPNAME; // Title bar text 14 | const char *pWindowText; // Text to display in window 15 | 16 | void CenterWindow(HWND hWnd); 17 | 18 | //+--------------------------------------------------------------------------- 19 | // WndProc - Handles window messages 20 | //+--------------------------------------------------------------------------- 21 | LRESULT CALLBACK WndProc(HWND hwnd, UINT message, WPARAM wParam, LPARAM lParam) { 22 | switch (message) { 23 | case WM_CREATE: 24 | CenterWindow(hwnd); 25 | break; 26 | 27 | case WM_DESTROY: 28 | PostQuitMessage(0); 29 | break; 30 | 31 | case WM_RBUTTONUP: // Right mouse button releases 32 | case WM_KEYDOWN: 33 | if (message == WM_KEYDOWN && wParam != VK_ESCAPE) 34 | break; 35 | DestroyWindow(hwnd); 36 | break; 37 | 38 | case WM_PAINT: { 39 | PAINTSTRUCT ps; 40 | HDC hdc = BeginPaint(hwnd, &ps); 41 | RECT rc; 42 | GetClientRect(hwnd, &rc); 43 | SetTextColor(hdc, RGB(240, 240, 96)); 44 | SetBkMode(hdc, TRANSPARENT); 45 | DrawText(hdc, pWindowText, -1, &rc, DT_CENTER | DT_SINGLELINE | DT_VCENTER); 46 | EndPaint(hwnd, &ps); 47 | break; 48 | } 49 | 50 | default: 51 | return DefWindowProc(hwnd, message, wParam, lParam); 52 | } 53 | return 0; 54 | } 55 | 56 | //+--------------------------------------------------------------------------- 57 | // WinMain - Program Entry Point 58 | //+--------------------------------------------------------------------------- 59 | int APIENTRY WinMain( 60 | HINSTANCE hInstance, 61 | HINSTANCE hPrevInstance, 62 | LPSTR lpCmdLine, 63 | int nCmdShow 64 | ) { 65 | MSG msg; 66 | WNDCLASS wc = { 0 }; 67 | HWND hwnd; 68 | 69 | // Use command line as window text, or default 70 | pWindowText = lpCmdLine[0] ? lpCmdLine : "DosX behind you!"; 71 | 72 | // Set up window class 73 | wc.hInstance = hInstance; 74 | wc.lpszClassName = szAppName; 75 | wc.lpfnWndProc = WndProc; 76 | wc.style = CS_DBLCLKS | CS_VREDRAW | CS_HREDRAW; 77 | wc.hbrBackground = (HBRUSH)GetStockObject(BLACK_BRUSH); 78 | wc.hIcon = LoadIcon(NULL, IDI_APPLICATION); 79 | wc.hCursor = LoadCursor(NULL, IDC_ARROW); 80 | 81 | if (!RegisterClass(&wc)) 82 | return 0; 83 | 84 | // Create main window 85 | hwnd = CreateWindow( 86 | szAppName, szTitle, 87 | WS_OVERLAPPEDWINDOW | WS_VISIBLE, 88 | CW_USEDEFAULT, CW_USEDEFAULT, 89 | 360, 240, // Size: width, height 90 | NULL, NULL, 91 | hInstance, NULL 92 | ); 93 | 94 | if (!hwnd) 95 | return 0; 96 | 97 | // Message loop 98 | while (GetMessage(&msg, NULL, 0, 0) > 0) { 99 | TranslateMessage(&msg); 100 | DispatchMessage(&msg); 101 | } 102 | 103 | return (int)msg.wParam; 104 | } 105 | 106 | //+--------------------------------------------------------------------------- 107 | // CenterWindow - Centers window on its parent or desktop 108 | //+--------------------------------------------------------------------------- 109 | void CenterWindow(HWND hwnd_self) { 110 | HWND hwnd_parent = GetParent(hwnd_self); 111 | if (!hwnd_parent) 112 | hwnd_parent = GetDesktopWindow(); 113 | 114 | RECT rw_self, rc_parent, rw_parent; 115 | GetWindowRect(hwnd_parent, &rw_parent); 116 | GetClientRect(hwnd_parent, &rc_parent); 117 | GetWindowRect(hwnd_self, &rw_self); 118 | 119 | int xpos = rw_parent.left + (rc_parent.right + rw_self.left - rw_self.right) / 2; 120 | int ypos = rw_parent.top + (rc_parent.bottom + rw_self.top - rw_self.bottom) / 2; 121 | 122 | SetWindowPos( 123 | hwnd_self, NULL, 124 | xpos, ypos, 0, 0, 125 | SWP_NOSIZE | SWP_NOZORDER | SWP_NOACTIVATE 126 | ); 127 | } 128 | -------------------------------------------------------------------------------- /tests/disasm-security-audit/legacy_tests/ASM/before_x64.asm: -------------------------------------------------------------------------------- 1 | RUNTIME_FUNCTION struc 2 | 3 | FunctionStart dd ? 4 | FunctionEnd dd ? 5 | UnwindInfo dd ? 6 | RUNTIME_FUNCTION ends 7 | 8 | UNWIND_INFO_HDR struc 9 | 10 | Ver3_Flags db ? 11 | PrologSize db ? 12 | CntUnwindCodes db ? 13 | FrReg_FrRegOff db ? 14 | UNWIND_INFO_HDR ends 15 | 16 | UNWIND_CODE struc 17 | 18 | PrologOff db ? 19 | OpCode_OpInfo db ? 20 | UNWIND_CODE ends 21 | 22 | .686p 23 | .mmx 24 | .model flat 25 | 26 | _text segment para public 'CODE' use64 27 | assume cs:_text 28 | 29 | assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing 30 | 31 | sub_401000 proc near 32 | 33 | Destination= qword ptr -10h 34 | var_4= dword ptr -4 35 | 36 | push rbp 37 | mov rbp, rsp 38 | sub rsp, 30h 39 | 40 | loc_40100B: 41 | mov eax, 0 42 | mov [rbp+var_4], eax 43 | mov eax, 0 44 | mov [rbp+var_4], eax 45 | 46 | loc_40101B: 47 | mov eax, [rbp+var_4] 48 | cmp eax, 5 49 | jge loc_4010D7 50 | jmp loc_40103A 51 | 52 | loc_40102C: 53 | mov eax, [rbp+var_4] 54 | mov rcx, rax 55 | add eax, 1 56 | mov [rbp+var_4], eax 57 | jmp short loc_40101B 58 | 59 | loc_40103A: 60 | mov eax, 100h 61 | mov r10, rax 62 | mov rcx, r10 63 | call malloc 64 | movsxd rax, eax 65 | mov [rbp+Destination], rax 66 | lea rax, Source 67 | mov r11, rax 68 | mov rax, [rbp+Destination] 69 | mov r10, rax 70 | mov rcx, r10 71 | mov rdx, r11 72 | call strcpy 73 | mov eax, [rbp+var_4] 74 | add eax, 1 75 | mov r8, rax 76 | mov rax, [rbp+Destination] 77 | mov r11, rax 78 | mov rax, [rbp+Destination] 79 | mov r10, rax 80 | mov rcx, r10 81 | mov rdx, r11 82 | call sprintf 83 | mov rax, [rbp+Destination] 84 | cmp rax, 0 85 | jz loc_4010B1 86 | mov rax, [rbp+Destination] 87 | mov r10, rax 88 | mov rcx, r10 89 | call printf 90 | jmp loc_4010C3 91 | 92 | loc_4010B1: 93 | lea rax, Format 94 | mov r10, rax 95 | mov rcx, r10 96 | call printf 97 | 98 | loc_4010C3: 99 | mov rax, [rbp+Destination] 100 | mov r10, rax 101 | mov rcx, r10 102 | call free 103 | jmp loc_40102C 104 | 105 | loc_4010D7: 106 | call _getch 107 | leave 108 | retn 109 | sub_401000 endp 110 | 111 | algn_4010DE: 112 | align 20h 113 | stru_4010E0 UNWIND_INFO_HDR <1, 4, 2, 5> 114 | UNWIND_CODE <4, 3> 115 | UNWIND_CODE <1, 50h> 116 | 117 | public start 118 | start proc near 119 | 120 | var_30= qword ptr -30h 121 | var_18= qword ptr -18h 122 | var_10= qword ptr -10h 123 | var_4= dword ptr -4 124 | 125 | push rbp 126 | mov rbp, rsp 127 | sub rsp, 50h 128 | 129 | loc_4010F3: 130 | mov eax, 0 131 | mov [rbp+var_4], eax 132 | mov eax, 1 133 | mov r10, rax 134 | mov rcx, r10 135 | call __set_app_type 136 | mov eax, 30000h 137 | mov r11, rax 138 | mov eax, 10000h 139 | mov r10, rax 140 | mov rcx, r10 141 | mov rdx, r11 142 | call _controlfp 143 | mov rax, cs:__argc 144 | mov rcx, cs:__argv 145 | mov rdx, cs:_environ 146 | mov [rbp+var_10], rax 147 | lea rax, [rbp+var_4] 148 | mov [rsp+50h+var_30], rax 149 | mov eax, cs:dword_4021C0 150 | mov r9, rax 151 | mov r8, rdx 152 | mov r11, rcx 153 | mov rax, [rbp+var_10] 154 | mov r10, rax 155 | mov rcx, r10 156 | mov rdx, r11 157 | call __getmainargs 158 | mov rax, cs:__argc 159 | mov rcx, cs:__argv 160 | mov rdx, cs:_environ 161 | mov [rbp+var_18], rax 162 | mov rax, [rdx] 163 | mov r8, rax 164 | mov rax, [rcx] 165 | mov r11, rax 166 | mov rax, [rbp+var_18] 167 | mov eax, [rax] 168 | mov r10, rax 169 | mov rcx, r10 170 | mov rdx, r11 171 | call sub_401000 172 | mov r10, rax 173 | mov rcx, r10 174 | call exit 175 | start endp 176 | 177 | leave 178 | retn 179 | algn_4011AF: 180 | align 10h 181 | stru_4011B0 UNWIND_INFO_HDR <1, 4, 2, 5> 182 | UNWIND_CODE <4, 3> 183 | UNWIND_CODE <1, 50h> 184 | push rbp 185 | mov rbp, rsp 186 | sub rsp, 30h 187 | 188 | sub_4011C3 proc near 189 | mov [rbp+10h], rcx 190 | mov [rbp+18h], rdx 191 | mov rax, cs:__argc 192 | mov ecx, [rbp+10h] 193 | mov [rax], ecx 194 | mov rax, cs:__argv 195 | mov rcx, [rbp+18h] 196 | mov [rax], rcx 197 | mov eax, 30000h 198 | mov r11, rax 199 | mov eax, 10000h 200 | mov r10, rax 201 | mov rcx, r10 202 | mov rdx, r11 203 | call _controlfp 204 | mov rax, cs:__argc 205 | mov rcx, cs:__argv 206 | mov rdx, cs:_environ 207 | mov [rbp-8], rax 208 | mov rax, [rdx] 209 | mov r8, rax 210 | mov rax, [rcx] 211 | mov r11, rax 212 | mov rax, [rbp-8] 213 | mov eax, [rax] 214 | mov r10, rax 215 | mov rcx, r10 216 | mov rdx, r11 217 | call sub_401000 218 | leave 219 | retn 220 | sub_4011C3 endp 221 | 222 | algn_40123B: 223 | align 20h 224 | 225 | align 8 226 | 227 | align 10h 228 | 229 | align 8 230 | 231 | align 20h 232 | 233 | align 8 234 | 235 | align 10h 236 | 237 | align 8 238 | 239 | align 20h 240 | 241 | align 8 242 | 243 | align 200h 244 | dq 180h dup(?) 245 | _text ends 246 | 247 | _data segment para public 'DATA' use64 248 | assume cs:_data 249 | 250 | Source db '%d) Hello, world!',0Ah,0 251 | 252 | Format db 'Error!',0 253 | align 20h 254 | __IMPORT_DESCRIPTOR_msvcrt dd rva off_4020B8 255 | dd 0 256 | dd 0 257 | dd rva aMsvcrtDll 258 | dd rva __imp_malloc 259 | db 0 260 | db 0 261 | db 0 262 | db 0 263 | db 0 264 | db 0 265 | db 0 266 | db 0 267 | db 0 268 | db 0 269 | db 0 270 | db 0 271 | db 0 272 | db 0 273 | db 0 274 | db 0 275 | db 0 276 | db 0 277 | db 0 278 | db 0 279 | _data ends 280 | 281 | extrn __imp_malloc:qword 282 | 283 | extrn __imp_strcpy:qword 284 | 285 | extrn __imp_sprintf:qword 286 | 287 | extrn __imp_printf:qword 288 | 289 | extrn __imp_free:qword 290 | 291 | extrn __imp__getch:qword 292 | 293 | extrn __imp___set_app_type:qword 294 | 295 | extrn __imp__controlfp:qword 296 | 297 | extrn __argc:qword 298 | 299 | extrn __argv:qword 300 | 301 | extrn _environ:qword 302 | extrn __imp___getmainargs:qword 303 | 304 | extrn __imp_exit:qword 305 | 306 | _data segment para public 'DATA' use64 307 | assume cs:_data 308 | 309 | off_4020B8 dq rva word_402133 310 | dq rva word_40213C 311 | dq rva word_402145 312 | dq rva word_40214F 313 | dq rva word_402158 314 | dq rva word_40215F 315 | dq rva word_402168 316 | dq rva word_402179 317 | dq rva word_402186 318 | dq rva word_40218F 319 | dq rva word_402198 320 | dq rva word_4021A3 321 | dq rva word_4021B3 322 | dq 0 323 | aMsvcrtDll db 'msvcrt.dll',0 324 | word_402133 dw 0 325 | db 'malloc',0 326 | word_40213C dw 0 327 | db 'strcpy',0 328 | word_402145 dw 0 329 | db 'sprintf',0 330 | word_40214F dw 0 331 | db 'printf',0 332 | word_402158 dw 0 333 | db 'free',0 334 | word_40215F dw 0 335 | db '_getch',0 336 | word_402168 dw 0 337 | db '__set_app_type',0 338 | word_402179 dw 0 339 | db '_controlfp',0 340 | word_402186 dw 0 341 | db '__argc',0 342 | word_40218F dw 0 343 | db '__argv',0 344 | word_402198 dw 0 345 | db '_environ',0 346 | word_4021A3 dw 0 347 | db '__getmainargs',0 348 | word_4021B3 dw 0 349 | db 'exit',0 350 | align 20h 351 | dword_4021C0 dd 0 352 | align 1000h 353 | _data ends 354 | 355 | _pdata segment para public 'DATA' use64 356 | assume cs:_pdata 357 | 358 | ExceptionDir RUNTIME_FUNCTION 361 | RUNTIME_FUNCTION 364 | RUNTIME_FUNCTION 367 | align 1000h 368 | _pdata ends 369 | 370 | end start -------------------------------------------------------------------------------- /tests/disasm-security-audit/TinySnake_after.c: -------------------------------------------------------------------------------- 1 | /* This file was generated by the Hex-Rays decompiler version 8.3.0.230608. 2 | Copyright (c) 2007-2021 Hex-Rays 3 | 4 | Detected compiler: Visual C++ 5 | */ 6 | 7 | #include 8 | #include 9 | 10 | 11 | //------------------------------------------------------------------------- 12 | // Function declarations 13 | 14 | _DWORD sub_402800(); // weak 15 | _DWORD sub_402FC9(); // weak 16 | void sub_403021(); 17 | int sub_403039(); 18 | _DWORD sub_4032DB(); // weak 19 | _DWORD sub_4033FF(); // weak 20 | _DWORD sub_403B9D(); // weak 21 | _DWORD sub_403DDE(); // weak 22 | _DWORD sub_404206(); // weak 23 | _DWORD sub_404326(); // weak 24 | _DWORD sub_404446(); // weak 25 | _DWORD sub_404566(); // weak 26 | _DWORD sub_40479F(); // weak 27 | _DWORD sub_405726(); // weak 28 | _DWORD sub_405E13(); // weak 29 | _DWORD sub_405F3E(); // weak 30 | _DWORD sub_40608C(); // weak 31 | _DWORD sub_406360(); // weak 32 | _DWORD sub_40648F(); // weak 33 | _DWORD sub_4065C2(); // weak 34 | _DWORD sub_4066E9(); // weak 35 | _DWORD sub_40682A(); // weak 36 | _DWORD sub_406951(); // weak 37 | _DWORD sub_406A7C(); // weak 38 | _DWORD sub_406BA3(); // weak 39 | int sub_406BFB(); 40 | BOOL sub_406CB8(); 41 | int __cdecl sub_40D752(char *Buffer, size_t BufferCount, char *Format, va_list ArgList); // idb 42 | // int __usercall sub_40D778@(int a1@, int a2@, __int32 a3@); 43 | // int __usercall sub_40D7A4@(int a1@); 44 | // int __usercall sub_40D7A8@(int a1@); 45 | // __time32_t __cdecl time(__time32_t *const Time); 46 | // void __cdecl srand(unsigned int Seed); 47 | // void *__cdecl memmove(void *, const void *Src, size_t Size); 48 | // BOOL __stdcall SetConsoleCursorPosition(HANDLE hConsoleOutput, COORD dwCursorPosition); 49 | // int __cdecl vsnprintf(char *const Buffer, const size_t BufferCount, const char *const Format, va_list ArgList); 50 | void sub_44F05E(); 51 | _DWORD __cdecl sub_44F9BF(_DWORD); // weak 52 | 53 | //------------------------------------------------------------------------- 54 | // Data declarations 55 | 56 | _UNKNOWN loc_4012A8; // weak 57 | _UNKNOWN loc_402EFA; // weak 58 | _UNKNOWN loc_4046D0; // weak 59 | _UNKNOWN loc_405AFC; // weak 60 | int dword_40E09C = 0; // weak 61 | int dword_40E0A0 = 0; // weak 62 | int dword_40E0A4 = 0; // weak 63 | int dword_40E0A8 = 0; // weak 64 | HANDLE hConsoleOutput = NULL; // idb 65 | int dword_40E50C = 0; // weak 66 | int dword_42E50C; // weak 67 | char byte_44F054 = '\0'; // weak 68 | char byte_44F057 = '\x03'; // weak 69 | char byte_44F059 = '\x05'; // weak 70 | char byte_44F05C = '\b'; // weak 71 | _UNKNOWN loc_44F12E; // weak 72 | _UNKNOWN loc_44F19C; // weak 73 | 74 | 75 | //----- (00402800) -------------------------------------------------------- 76 | #error "40280C: cannot convert to microcode (funcsize=6)" 77 | 78 | //----- (00402FC9) -------------------------------------------------------- 79 | #error "402FD5: cannot convert to microcode (funcsize=6)" 80 | 81 | //----- (00403021) -------------------------------------------------------- 82 | void sub_403021() 83 | { 84 | JUMPOUT(0x403034); 85 | } 86 | // 40302D: control flows out of bounds to 403034 87 | 88 | //----- (00403039) -------------------------------------------------------- 89 | int sub_403039() 90 | { 91 | int result; // eax 92 | 93 | do 94 | { 95 | result = 697; 96 | if ( (unsigned int)byte_44F054 >= 0x2B9 ) 97 | break; 98 | result = byte_44F05C; 99 | if ( byte_44F05C <= byte_44F057 ) 100 | break; 101 | result = ((int (*)(void))loc_44F12E)(); 102 | if ( !result ) 103 | break; 104 | result = ((int (__cdecl *)(int, int))loc_44F19C)(31, 1); 105 | if ( !result ) 106 | break; 107 | result = byte_44F059; 108 | } 109 | while ( byte_44F059 ); 110 | return result; 111 | } 112 | // 44F054: using guessed type char byte_44F054; 113 | // 44F057: using guessed type char byte_44F057; 114 | // 44F059: using guessed type char byte_44F059; 115 | // 44F05C: using guessed type char byte_44F05C; 116 | 117 | //----- (004032DB) -------------------------------------------------------- 118 | #error "4032E7: cannot convert to microcode (funcsize=6)" 119 | 120 | //----- (004033FF) -------------------------------------------------------- 121 | #error "40340B: cannot convert to microcode (funcsize=6)" 122 | 123 | //----- (00403B9D) -------------------------------------------------------- 124 | #error "403BA9: cannot convert to microcode (funcsize=6)" 125 | 126 | //----- (00403DDE) -------------------------------------------------------- 127 | #error "403DEA: cannot convert to microcode (funcsize=6)" 128 | 129 | //----- (00404206) -------------------------------------------------------- 130 | #error "404212: cannot convert to microcode (funcsize=6)" 131 | 132 | //----- (00404326) -------------------------------------------------------- 133 | #error "404332: cannot convert to microcode (funcsize=6)" 134 | 135 | //----- (00404446) -------------------------------------------------------- 136 | #error "404452: cannot convert to microcode (funcsize=6)" 137 | 138 | //----- (00404566) -------------------------------------------------------- 139 | #error "404572: cannot convert to microcode (funcsize=6)" 140 | 141 | //----- (0040479F) -------------------------------------------------------- 142 | #error "4047AB: cannot convert to microcode (funcsize=6)" 143 | 144 | //----- (00405726) -------------------------------------------------------- 145 | #error "405732: cannot convert to microcode (funcsize=6)" 146 | 147 | //----- (00405E13) -------------------------------------------------------- 148 | #error "405E1F: cannot convert to microcode (funcsize=6)" 149 | 150 | //----- (00405F3E) -------------------------------------------------------- 151 | #error "405F4A: cannot convert to microcode (funcsize=6)" 152 | 153 | //----- (0040608C) -------------------------------------------------------- 154 | #error "406098: cannot convert to microcode (funcsize=6)" 155 | 156 | //----- (00406360) -------------------------------------------------------- 157 | #error "40636C: cannot convert to microcode (funcsize=6)" 158 | 159 | //----- (0040648F) -------------------------------------------------------- 160 | #error "40649B: cannot convert to microcode (funcsize=6)" 161 | 162 | //----- (004065C2) -------------------------------------------------------- 163 | #error "4065CE: cannot convert to microcode (funcsize=6)" 164 | 165 | //----- (004066E9) -------------------------------------------------------- 166 | #error "4066F5: cannot convert to microcode (funcsize=6)" 167 | 168 | //----- (0040682A) -------------------------------------------------------- 169 | #error "406836: cannot convert to microcode (funcsize=6)" 170 | 171 | //----- (00406951) -------------------------------------------------------- 172 | #error "40695D: cannot convert to microcode (funcsize=6)" 173 | 174 | //----- (00406A7C) -------------------------------------------------------- 175 | #error "406A88: cannot convert to microcode (funcsize=6)" 176 | 177 | //----- (00406BA3) -------------------------------------------------------- 178 | #error "406BAF: cannot convert to microcode (funcsize=6)" 179 | 180 | //----- (00406BFB) -------------------------------------------------------- 181 | int sub_406BFB() 182 | { 183 | unsigned int v0; // eax 184 | int v1; // eax 185 | int v2; // eax 186 | int v3; // eax 187 | int v4; // eax 188 | int (__cdecl *v5)(_DWORD); // eax 189 | int result; // eax 190 | int v7; // [esp+4h] [ebp-Ch] 191 | int (*v8)(void); // [esp+8h] [ebp-8h] 192 | int v9; // [esp+Ch] [ebp-4h] 193 | 194 | dword_40E50C = 12; 195 | dword_42E50C = 12; 196 | v0 = time(0); 197 | srand(v0); 198 | v1 = ((int (*)(void))loc_4046D0)(); 199 | v9 = ((int (__cdecl *)(int))loc_402EFA)(v1); 200 | v2 = ((int (*)(void))loc_405AFC)(); 201 | v8 = (int (*)(void))((int (__stdcall *)(int, int))loc_4012A8)(v9, v2); 202 | dword_40E09C = v8() % 23 + 1; 203 | v3 = ((int (*)(void))loc_4046D0)(); 204 | v7 = ((int (__cdecl *)(int))loc_402EFA)(v3); 205 | v4 = ((int (*)(void))loc_405AFC)(); 206 | v5 = (int (__cdecl *)(_DWORD))((int (__stdcall *)(int, int))loc_4012A8)(v7, v4); 207 | dword_40E0A0 = v5(v5) % 23 + 1; 208 | dword_40E0A4 = 0; 209 | result = 1; 210 | dword_40E0A8 = 1; 211 | return result; 212 | } 213 | // 40E09C: using guessed type int dword_40E09C; 214 | // 40E0A0: using guessed type int dword_40E0A0; 215 | // 40E0A4: using guessed type int dword_40E0A4; 216 | // 40E0A8: using guessed type int dword_40E0A8; 217 | // 40E50C: using guessed type int dword_40E50C; 218 | // 42E50C: using guessed type int dword_42E50C; 219 | 220 | //----- (00406CB8) -------------------------------------------------------- 221 | BOOL sub_406CB8() 222 | { 223 | COORD v1; // [esp-4h] [ebp-8h] BYREF 224 | __int16 Src[2]; // [esp+0h] [ebp-4h] BYREF 225 | 226 | Src[0] = 0; 227 | Src[1] = 2; 228 | memmove(&v1, Src, 4u); 229 | return SetConsoleCursorPosition(hConsoleOutput, v1); 230 | } 231 | 232 | //----- (0040D752) -------------------------------------------------------- 233 | int __cdecl sub_40D752(char *Buffer, size_t BufferCount, char *Format, va_list ArgList) 234 | { 235 | return vsnprintf(Buffer, BufferCount, Format, ArgList); 236 | } 237 | 238 | //----- (0040D778) -------------------------------------------------------- 239 | int __usercall sub_40D778@(int a1@, int a2@, __int32 a3@) 240 | { 241 | void **v3; // ecx 242 | int (__thiscall *v6)(int); // [esp-4h] [ebp-4h] 243 | void *retaddr; // [esp+0h] [ebp+0h] BYREF 244 | 245 | v6 = (int (__thiscall *)(int))_InterlockedExchange((volatile __int32 *)&retaddr, a3); 246 | v3 = &retaddr; 247 | do 248 | { 249 | v3 -= 1024; 250 | a1 -= 4096; 251 | } 252 | while ( a1 >= 4096 ); 253 | return v6(a2); 254 | } 255 | 256 | //----- (0040D7A4) -------------------------------------------------------- 257 | int __usercall sub_40D7A4@(int a1@) 258 | { 259 | return *(_DWORD *)(a1 - 20); 260 | } 261 | 262 | //----- (0040D7A8) -------------------------------------------------------- 263 | int __usercall sub_40D7A8@(int a1@) 264 | { 265 | return **(_DWORD **)sub_40D7A4(a1); 266 | } 267 | 268 | //----- (0044F05E) -------------------------------------------------------- 269 | void sub_44F05E() 270 | { 271 | ; 272 | } 273 | 274 | //----- (0044F9BF) -------------------------------------------------------- 275 | #error "44FC98: cannot convert to microcode (funcsize=70)" 276 | 277 | // nfuncs=71 queued=33 decompiled=33 lumina nreq=0 worse=0 better=0 278 | #error "There were 24 decompilation failure(s) on 33 function(s)" 279 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ![](pics/obfus.h.png) 2 | # obfus.h 3 | 4 | **[obfus.h](https://github.com/DosX-dev/obfus.h/blob/main/include/obfus.h)** is a macro-only library for compile-time obfuscating C applications, designed specifically for the **[Tiny C (tcc)](https://bellard.org/tcc/)**. It is tailored for Windows x86 and x64 platforms and supports almost all versions of the compiler. **Very reliable armor for your C programs!** 5 | 6 | ### What features does it have?... 7 | - 🔍 **Function Call Obfuscation**: Confuse function calls to make your code less readable to unauthorized eyes. 8 | - 🛡️ **Anti-Debugging Techniques**: Built-in mechanisms to prevent code analysis during runtime. 9 | - 🔄 **Control Flow Code Mutation**: Turns code into spaghetti, making it difficult to parse conditions and loops. 10 | - 🧶 **Strings Hiding**: Hides specified strings in a file and dynamically collects them when executed. 11 | - 🚫 **Anti-Decompilation Techniques**: Makes many popular decompilers useless visually breaking their output. 12 | - 😈 **Fake Signatures Adding**: Can add fake signatures of various packers and protectors to confuse reverse engineers. 13 | - 🧠 **Virtualization**: Makes math operations very difficult to understand using virtual machine commands. 14 | 15 | ## 👾 Usage 16 | 17 | Integrating **[obfus.h](https://github.com/DosX-dev/obfus.h/blob/main/include/obfus.h)** into your project is a simple process. Just include the following line in your code: 18 | ```c 19 | #include "obfus.h" 20 | ``` 21 | This will automatically obfuscate your code during compilation, ensuring protection and confidentiality of your intellectual property. 22 | 23 | > Available options for protection configuring: 24 | > ```c 25 | > // Advanced code protection (see the "Virtualization" part of the documentation!) 26 | > #define VIRT 1 // Allows you to use the functions of a math VM 27 | > 28 | > // Additional options 29 | > #define CFLOW_V2 1 // More powerful Control Flow obfuscation (slowly!) 30 | > #define ANTIDEBUG_V2 1 // Use better dynamic anti-debugging protection 31 | > #define FAKE_SIGNS 1 // Adds fake signatures of various protectors or packers 32 | > 33 | > // Disabling default features 34 | > #define NO_OBF 1 // Don't obfuscate (for debugging) 35 | > #define NO_CFLOW 1 // Don't use Control-Flow obfuscation 36 | > #define NO_ANTIDEBUG 1 // Don't build in debugging protection 37 | > ``` 38 | > or use it with compiler args: 39 | > 40 | > ``` 41 | > tcc "app.c" -w -D NO_CFLOW -D ANTIDEBUG_V2 -D FAKE_SIGNS -D VIRT 42 | > ``` 43 | 44 | > [!WARNING] 45 | > When compiling an application with obfuscation, use the `-w` argument to suppress warnings. Otherwise, the console will display numerous intimidating logs that have no impact on the final result. There's no need to be alarmed by them. 46 | 47 | 🔐 Debugging protection is triggered by calls to many basic MSVCRT functions. 48 | In critical places in the code you can use the `ANTI_DEBUG;` construct. For example: 49 | ```c 50 | ANTI_DEBUG; 51 | if (!licenseExpired()) { 52 | // ... 53 | } 54 | ``` 55 | 56 | ## 🧶 Strings hiding 57 | The `HIDE_STRING(str)` obfuscates and visually hides strings by mutating them, significantly complicating their discovery and patching in the source code. When declared in this manner, the strings are assembled on the stack through `mov` instructions rather than being loaded all at once. This method ensures that the strings are not statically declared and are instead constructed at runtime, making them less susceptible to static analysis. However, it is important to note that this feature cannot be used for hiding static fields during their declaration, as it involves a function call. 58 | 59 | > [!IMPORTANT] 60 | > Some decompilers may still reveal them due to static optimizations. In disassembler output, the code will appear complex and cumbersome, which can deter straightforward analysis but may not fully prevent determined reverse engineering efforts. 61 | 62 | An example of calling the `printf` function from the standard library with static hiding of the message and its decryption on the stack: 63 | ```c 64 | char *hidden_message = HIDE_STRING("Hello, world!"); 65 | // ... 66 | printf(hidden_message); 67 | ``` 68 | 69 | ## 👺 Virtualization 70 | This is a protection technique in which certain calculations are performed through an embedded virtual machine upon command. Makes analysis of mathematical operations **very difficult**! It will work with the `VIRT` option enabled (and only!). Otherwise, all virtual machine commands will be replaced by ordinary mathematical operators. 71 | 72 | > [!WARNING] 73 | > Virtualization in critical locations can impact optimization. Use with caution only in areas where it is really needed 74 | 75 | | Function | Type | Op | Description | Example | 76 | |------------------|----------------|----|----------------------------------------------------------------------------|--------------------------------------| 77 | | **`VM_ADD`** | *long* |`+` | Adds two numbers | `VM_ADD(5, 3)` = **`8`** | 78 | | **`VM_SUB`** | *long* |`-` | Subtracts two numbers | `VM_SUB(5, 3)` = **`2`** | 79 | | **`VM_MUL`** | *long* |`*` | Multiplies two numbers | `VM_MUL(5, 3)` = **`15`** | 80 | | **`VM_DIV`** | *long* |`/` | Divides two numbers | `VM_DIV(6, 3)` = **`2`** | 81 | | **`VM_MOD`** | *long* |`%` | Calculates the modulus of two numbers | `VM_MOD(5, 3)` = **`2`** | 82 | | **`VM_EQU`** | *BOOL* |`==`| Checks if two numbers are equal | `VM_EQU(5, 5)` = **`true`** | 83 | | **`VM_NEQ`** | *BOOL* |`!=`| Checks if two numbers are not equal | `VM_NEQ(5, 3)` = **`true`** | 84 | | **`VM_LSS`** | *BOOL* |`<` | Checks if the first number is less than the second number | `VM_LSS(3, 5)` = **`true`** | 85 | | **`VM_GTR`** | *BOOL* |`>` | Checks if the first number is greater than the second number | `VM_GTR(5, 3)` = **`true`** | 86 | | **`VM_LEQ`** | *BOOL* |`<=`| Checks if the first number is less than or equal to the second number | `VM_LEQ(3, 5)` = **`true`** | 87 | | **`VM_GEQ`** | *BOOL* |`>=`| Checks if the first number is greater than or equal to the second number | `VM_GEQ(5, 3)` = **`true`** | 88 | | **`VM_ADD_DBL`** | *long double* |`+` | Adds two double numbers | `VM_ADD_DBL(5.5, 3.2)` = **`≈8.7`** | 89 | | **`VM_SUB_DBL`** | *long double* |`-` | Subtracts two double numbers | `VM_SUB_DBL(5.5, 3.2)` = **`≈2.3`** | 90 | | **`VM_MUL_DBL`** | *long double* |`*` | Multiplies two double numbers | `VM_MUL_DBL(5.5, 3.2)` = **`≈17.6`** | 91 | | **`VM_DIV_DBL`** | *long double* |`/` | Divides two double numbers | `VM_DIV_DBL(6.0, 3.0)` = **`≈2.0`** | 92 | | **`VM_LSS_DBL`** | *BOOL* |`<` | Checks if the first double number is less than the second double number | `VM_LSS_DBL(3.5, 5.2)` = **`true`** | 93 | | **`VM_GTR_DBL`** | *BOOL* |`>` | Checks if the first double number is greater than the second double number | `VM_GTR_DBL(5.5, 3.2)` = **`true`** | 94 | > The virtual machine does not support some basic `double` comparison operations. 95 | 96 | You can use logical operators that use virtual machine calls to further complicate the understanding of your code: 97 | | Operator | Description | 98 | |-----------------|---------------------------| 99 | | **`VM_IF`** | Use instead of `if` | 100 | | **`VM_ELSE_IF`**| Use instead of `else if` | 101 | | **`VM_ELSE`** | Use instead of `else` | 102 | > This is not a complete replacement for if/else, but is just a complication of standard operators. 103 | 104 | A simple example of using virtualization: 105 | ```c 106 | // ... 107 | #define VIRT 1 108 | // ... 109 | 110 | // if ((2 + 2) == 4) { ... } 111 | VM_IF (VM_EQU(VM_ADD(2, 2), 4)) { 112 | printf("2 + 2 == 4!"); 113 | } 114 | 115 | // if (condition1) { ... } 116 | // else if (condition2) { ... } 117 | // else { ... } 118 | VM_IF (condition1) { 119 | // if 120 | } VM_ELSE_IF (condition2) { 121 | // else if 122 | } VM_ELSE { 123 | // else 124 | } 125 | ``` 126 | 127 | You can find examples of using all the functions of a virtual machine in the file [tests/virtualmachine.c](tests/virtualmachine.c) 128 | 129 | ## ❓ Example of using 130 | If you need advanced protection against skilled reversers, use `CFLOW_V2` and `ANTIDEBUG_V2` options. 131 | ```c 132 | // Let's obfuscate your code! 133 | 134 | #include 135 | 136 | #define VIRT 1 // [+] Use math virtual machine 137 | 138 | #define CFLOW_V2 1 // [+] ControlFlow v2 139 | #define FAKE_SIGNS 1 // [+] Fake signatures 140 | #define ANTIDEBUG_V2 1 // [+] AntiDebug v2 141 | 142 | #define NO_OBF 0 // [-] Don't obfuscate (disable all) 143 | #define NO_CFLOW 0 // [-] Disable ControlFlow 144 | #define NO_ANTIDEBUG 0 // [-] Disable AntiDebug 145 | 146 | 147 | #include "obfus.h" 148 | 149 | void main() { 150 | char *out = malloc(256); 151 | 152 | strcpy(out, HIDE_STRING("Hello, world!\n")); 153 | 154 | if (out) { 155 | printf(out); 156 | } else { 157 | printf("Error!\n"); 158 | } 159 | 160 | free(out); 161 | 162 | int result = VM_ADD(5, 7); // 5 + 7 163 | 164 | VM_IF (VM_EQU(result, 12)) { // (5 + 7) == 12 165 | printf("5 + 7 == 12"); 166 | } 167 | } 168 | ``` 169 | 170 | ## 🤖 How it works? 171 | > ![](pics/how-it-works.png) 172 | 173 | ## 🛠 Compiler (important) 174 | The latest version of **Tiny C** (`0.9.27`) is recommended for use. Unfortunately, some versions of the compiler do not support the functionality needed to completely obfuscation. **Visual C**, **GCC** and **Clang** *is not supported* and is unlikely to be supported. 175 | 176 | ## 🌐 obfus.h updater 177 | You can use [special script](include-updater/obfh-update.cmd) for Windows to get the latest versions of `obfus.h` by downloading the package from the official repository. This is useful if you need to automate security updates without using `git`. 178 | 179 | > For example, you can use it before building your project: 180 | > ```diff 181 | > + C:\...> call obfh-update 182 | > C:\...> tcc app.c -w 183 | > ``` 184 | > The script will update the contents of the obfus.h file in the current directory (according to the specified configuration) 185 | 186 | ## 📖 Summarize 187 | The code of a program (and its original original logic) protected using **[obfus.h](https://github.com/DosX-dev/obfus.h/blob/main/include/obfus.h)** is almost **impossible to recover (deobfuscate)**. However, using this obfuscator does not guarantee complete protection against all types of threats. **It's important to develop and maintain internal program security systems.** 188 | 189 | > **What the diagrammatic code will look like after obfuscation:** 190 | > ![](pics/before_and_after.png) 191 | 192 | > **The reverser will see something like this if he tries to use a decompiler:** 193 | > ![](pics/before_and_after_2.png) 194 | 195 | > **This is what all hidden strings via `HIDE_STRING` feature look like in the disassembler (x86-64 arch):** 196 | > ```asm 197 | > ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; 198 | > ; PROTECTED STRING: ; ORIGINAL STRING: ; 199 | > mov eax, 48h lea rax, aHelloWorld ; 200 | > mov [rbp-0Fh], al mov r11, rax ; 201 | > mov eax, 65h ; . . . ; 202 | > mov [rbp-0Eh], al ; 203 | > mov eax, 6Ch ; 204 | > mov [rbp-0Dh], al ; 205 | > mov eax, 6Ch ; 206 | > mov [rbp-0Ch], al ; 207 | > mov eax, 6Fh ; 208 | > mov [rbp-0Bh], al ; 209 | > mov eax, 2Ch ; 210 | > ; etc . . . ; 211 | > ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; 212 | > ``` 213 | 214 | 232 | 233 | ## 🌈 Special thanks 234 | Thanks to everyone who helped in the development of this project. I appreciate it! ❤️ 235 | * 👨🏼‍💻 **[@horsicq](https://github.com/horsicq)** *(for help with the code and advices)* 236 | * 🐺 **[@ac3ss0r](https://github.com/ac3ss0r)** *(for cool ideas and their solutions)* 237 | 238 | And **thanks to you** 🤝 for paying attention to this project! 239 | -------------------------------------------------------------------------------- /tests/disasm-security-audit/legacy_tests/ASM/before_x86.asm: -------------------------------------------------------------------------------- 1 | _crt_unknown_app = 0 2 | _crt_console_app = 1 3 | _crt_gui_app = 2 4 | 5 | .686p 6 | .mmx 7 | .model flat 8 | 9 | _text segment para public 'CODE' use32 10 | assume cs:_text 11 | 12 | assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing 13 | 14 | sub_401000 proc near 15 | 16 | Destination = dword ptr -8 17 | var_4 = dword ptr -4 18 | 19 | push ebp 20 | mov ebp, esp 21 | sub esp, 8 22 | nop 23 | mov eax, 0 24 | mov [ebp+var_4], eax 25 | mov eax, 0 26 | mov [ebp+var_4], eax 27 | 28 | loc_40101A: 29 | mov eax, [ebp+var_4] 30 | cmp eax, 5 31 | jge loc_4010A7 32 | jmp loc_401036 33 | 34 | loc_40102B: 35 | mov eax, [ebp+var_4] 36 | mov ecx, eax 37 | inc eax 38 | mov [ebp+var_4], eax 39 | jmp short loc_40101A 40 | 41 | loc_401036: 42 | mov eax, 100h 43 | push eax 44 | call malloc 45 | add esp, 4 46 | mov [ebp+Destination], eax 47 | mov eax, offset Source 48 | push eax 49 | mov eax, [ebp+Destination] 50 | push eax 51 | call strcpy 52 | add esp, 8 53 | mov eax, [ebp+var_4] 54 | inc eax 55 | push eax 56 | mov eax, [ebp+Destination] 57 | push eax 58 | mov eax, [ebp+Destination] 59 | push eax 60 | call sprintf 61 | add esp, 0Ch 62 | mov eax, [ebp+Destination] 63 | cmp eax, 0 64 | jz loc_40108B 65 | mov eax, [ebp+Destination] 66 | push eax 67 | call printf 68 | add esp, 4 69 | jmp loc_401099 70 | 71 | loc_40108B: 72 | mov eax, offset Format 73 | push eax 74 | call printf 75 | add esp, 4 76 | 77 | loc_401099: 78 | mov eax, [ebp+Destination] 79 | push eax 80 | call free 81 | add esp, 4 82 | jmp short loc_40102B 83 | 84 | loc_4010A7: 85 | call _getch 86 | leave 87 | retn 88 | sub_401000 endp 89 | 90 | align 10h 91 | 92 | public start 93 | start proc near 94 | 95 | var_24 = dword ptr -24h 96 | var_20 = dword ptr -20h 97 | var_1C = dword ptr -1Ch 98 | var_18 = byte ptr -18h 99 | 100 | push ebp 101 | mov ebp, esp 102 | sub esp, 24h 103 | nop 104 | lea eax, [ebp+var_18] 105 | push eax 106 | call sub_401225 107 | add esp, 4 108 | mov eax, 0 109 | mov [ebp+var_1C], eax 110 | mov eax, 1 111 | push eax 112 | call __set_app_type 113 | add esp, 4 114 | mov eax, 30000h 115 | push eax 116 | mov eax, 10000h 117 | push eax 118 | call _controlfp 119 | add esp, 8 120 | mov eax, ds:__argc 121 | mov ecx, ds:__argv 122 | mov edx, ds:_environ 123 | mov [ebp+var_20], eax 124 | lea eax, [ebp+var_1C] 125 | push eax 126 | mov eax, dword_40218C 127 | push eax 128 | push edx 129 | push ecx 130 | mov eax, [ebp+var_20] 131 | push eax 132 | call __getmainargs 133 | add esp, 14h 134 | mov eax, ds:__argc 135 | mov ecx, ds:__argv 136 | mov edx, ds:_environ 137 | mov [ebp+var_24], eax 138 | mov eax, [edx] 139 | push eax 140 | mov eax, [ecx] 141 | push eax 142 | mov eax, [ebp+var_24] 143 | mov eax, [eax] 144 | push eax 145 | call sub_401000 146 | add esp, 0Ch 147 | push eax 148 | call exit 149 | start endp 150 | 151 | add esp, 4 152 | leave 153 | retn 154 | 155 | push ebp 156 | mov ebp, esp 157 | sub esp, 4 158 | nop 159 | mov eax, ds:__argc 160 | mov ecx, [ebp+8] 161 | mov [eax], ecx 162 | mov eax, ds:__argv 163 | mov ecx, [ebp+0Ch] 164 | mov [eax], ecx 165 | mov eax, 30000h 166 | push eax 167 | mov eax, 10000h 168 | push eax 169 | call _controlfp 170 | add esp, 8 171 | mov eax, ds:__argc 172 | mov ecx, ds:__argv 173 | mov edx, ds:_environ 174 | mov [ebp-4], eax 175 | mov eax, [edx] 176 | push eax 177 | mov eax, [ecx] 178 | push eax 179 | mov eax, [ebp-4] 180 | mov eax, [eax] 181 | push eax 182 | call sub_401000 183 | add esp, 0Ch 184 | leave 185 | retn 186 | 187 | align 4 188 | xchg ebp, [esp] 189 | push ebp 190 | lea ebp, [esp+4] 191 | push ecx 192 | mov ecx, ebp 193 | 194 | loc_4011BF: 195 | sub ecx, 1000h 196 | test [ecx], eax 197 | sub eax, 1000h 198 | cmp eax, 1000h 199 | jge short loc_4011BF 200 | sub ecx, eax 201 | test [ecx], eax 202 | mov eax, esp 203 | mov esp, ecx 204 | mov ecx, [eax] 205 | jmp dword ptr [eax+4] 206 | 207 | sub_4011E0 proc near 208 | 209 | mov eax, [ebp-14h] 210 | retn 211 | sub_4011E0 endp 212 | 213 | sub_4011E4 proc near 214 | call sub_4011E0 215 | mov eax, [eax] 216 | mov eax, [eax] 217 | retn 218 | sub_4011E4 endp 219 | 220 | call sub_4011E0 221 | push eax 222 | call sub_4011E4 223 | push eax 224 | call _XcptFilter 225 | add esp, 8 226 | retn 227 | 228 | db 8Bh 229 | dd 0D9E8E865h, 50FFFFFFh, 0A7E8h, 0 230 | dword_401214 dd 0FFFFFFFFh, 4011EEh, 401203h 231 | 232 | loc_401220: 233 | jmp loc_4012C0 234 | 235 | sub_401225 proc near 236 | 237 | arg_0 = dword ptr 4 238 | arg_4 = byte ptr 8 239 | 240 | push ebp 241 | mov ebp, [esp+4+arg_0] 242 | lea eax, [esp+4+arg_4] 243 | mov [ebp+0], eax 244 | xor eax, eax 245 | mov [ebp+4], eax 246 | mov eax, large fs:0 247 | mov [ebp+8], eax 248 | mov eax, offset loc_401220 249 | mov [ebp+0Ch], eax 250 | mov eax, offset dword_401214 251 | mov [ebp+10h], eax 252 | xor eax, eax 253 | mov [ebp+14h], eax 254 | lea eax, [ebp+8] 255 | mov large fs:0, eax 256 | pop ebp 257 | retn 258 | sub_401225 endp 259 | 260 | align 10h 261 | 262 | align 4 263 | 264 | align 10h 265 | 266 | align 4 267 | 268 | align 10h 269 | 270 | align 4 271 | 272 | align 10h 273 | 274 | align 4 275 | 276 | align 10h 277 | 278 | align 4 279 | 280 | align 10h 281 | 282 | align 4 283 | 284 | align 10h 285 | 286 | loc_4012C0: 287 | jmp ds:_except_handler3 288 | 289 | align 200h 290 | dd 300h dup(?) 291 | _text ends 292 | 293 | _data segment para public 'DATA' use32 294 | assume cs:_data 295 | 296 | Source db '%d) Hello, world!',0Ah,0 297 | 298 | Format db 'Error!',0 299 | align 10h 300 | __IMPORT_DESCRIPTOR_msvcrt dd rva off_40208C 301 | dd 0 302 | dd 0 303 | dd rva aMsvcrtDll 304 | dd rva __imp_malloc 305 | db 0 306 | db 0 307 | db 0 308 | db 0 309 | db 0 310 | db 0 311 | db 0 312 | db 0 313 | db 0 314 | db 0 315 | db 0 316 | db 0 317 | db 0 318 | db 0 319 | db 0 320 | db 0 321 | db 0 322 | db 0 323 | db 0 324 | db 0 325 | _data ends 326 | 327 | extrn __imp_malloc:dword 328 | 329 | extrn __imp_strcpy:dword 330 | 331 | extrn __imp_sprintf:dword 332 | 333 | extrn __imp_printf:dword 334 | 335 | extrn __imp_free:dword 336 | 337 | extrn __imp__getch:dword 338 | 339 | extrn __imp___set_app_type:dword 340 | 341 | extrn __imp__controlfp:dword 342 | 343 | extrn __argc:dword 344 | 345 | extrn __argv:dword 346 | 347 | extrn _environ:dword 348 | 349 | extrn __imp___getmainargs:dword 350 | 351 | extrn __imp_exit:dword 352 | extrn __imp__XcptFilter:dword 353 | 354 | extrn __imp__exit:dword 355 | extrn _except_handler3:dword 356 | 357 | _data segment para public 'DATA' use32 358 | assume cs:_data 359 | 360 | off_40208C dd rva word_4020DB 361 | dd rva word_4020E4 362 | dd rva word_4020ED 363 | dd rva word_4020F7 364 | dd rva word_402100 365 | dd rva word_402107 366 | dd rva word_402110 367 | dd rva word_402121 368 | dd rva word_40212E 369 | dd rva word_402137 370 | dd rva word_402140 371 | dd rva word_40214B 372 | dd rva word_40215B 373 | dd rva word_402162 374 | dd rva word_402170 375 | dd rva word_402178 376 | dd 0 377 | aMsvcrtDll db 'msvcrt.dll',0 378 | word_4020DB dw 0 379 | db 'malloc',0 380 | word_4020E4 dw 0 381 | db 'strcpy',0 382 | word_4020ED dw 0 383 | db 'sprintf',0 384 | word_4020F7 dw 0 385 | db 'printf',0 386 | word_402100 dw 0 387 | db 'free',0 388 | word_402107 dw 0 389 | db '_getch',0 390 | word_402110 dw 0 391 | db '__set_app_type',0 392 | word_402121 dw 0 393 | db '_controlfp',0 394 | word_40212E dw 0 395 | db '__argc',0 396 | word_402137 dw 0 397 | db '__argv',0 398 | word_402140 dw 0 399 | db '_environ',0 400 | word_40214B dw 0 401 | db '__getmainargs',0 402 | word_40215B dw 0 403 | db 'exit',0 404 | word_402162 dw 0 405 | db '_XcptFilter',0 406 | word_402170 dw 0 407 | db '_exit',0 408 | word_402178 dw 0 409 | db '_except_handler3',0 410 | align 4 411 | dword_40218C dd 0 412 | align 1000h 413 | _data ends 414 | 415 | end start -------------------------------------------------------------------------------- /tests/disasm-security-audit/TinySnake_before.c: -------------------------------------------------------------------------------- 1 | /* This file was generated by the Hex-Rays decompiler version 8.3.0.230608. 2 | Copyright (c) 2007-2021 Hex-Rays 3 | 4 | Detected compiler: Visual C++ 5 | */ 6 | 7 | #include 8 | #include 9 | 10 | 11 | //------------------------------------------------------------------------- 12 | // Function declarations 13 | 14 | int sub_401000(); 15 | BOOL sub_401077(); 16 | BOOL __cdecl sub_4010BC(char *Format, WORD a2); 17 | int sub_401110(); 18 | int sub_40137B(); 19 | int sub_401471(); 20 | // int __usercall sub_4017E5@(int a1@); 21 | void __noreturn start(); // weak 22 | // int __usercall sub_401AFC@(int a1@, int a2@, __int32 a3@); 23 | // int __usercall sub_401B28@(int a1@); 24 | // int __usercall sub_401B2C@(int a1@); 25 | int __cdecl sub_401B6D(_DWORD *a1, char a2); 26 | // __time32_t __cdecl time(__time32_t *const Time); 27 | // void __cdecl srand(unsigned int Seed); 28 | // int __cdecl rand(); 29 | // void *__cdecl memmove(void *, const void *Src, size_t Size); 30 | // BOOL __stdcall SetConsoleCursorPosition(HANDLE hConsoleOutput, COORD dwCursorPosition); 31 | // BOOL __stdcall GetConsoleScreenBufferInfo(HANDLE hConsoleOutput, PCONSOLE_SCREEN_BUFFER_INFO lpConsoleScreenBufferInfo); 32 | // BOOL __stdcall SetConsoleTextAttribute(HANDLE hConsoleOutput, WORD wAttributes); 33 | // int printf(const char *const Format, ...); 34 | // int __cdecl kbhit(); 35 | // int __cdecl getch(); 36 | // int __cdecl tolower(int C); 37 | // int sprintf(char *const Buffer, const char *const Format, ...); 38 | // BOOL __stdcall SetConsoleTitleA(LPCSTR lpConsoleTitle); 39 | // HANDLE __stdcall GetStdHandle(DWORD nStdHandle); 40 | // BOOL __stdcall SetConsoleWindowInfo(HANDLE hConsoleOutput, BOOL bAbsolute, const SMALL_RECT *lpConsoleWindow); 41 | // BOOL __stdcall SetConsoleScreenBufferSize(HANDLE hConsoleOutput, COORD dwSize); 42 | // void *__cdecl memset(void *, int Val, size_t Size); 43 | // BOOL __stdcall SetConsoleCursorInfo(HANDLE hConsoleOutput, const CONSOLE_CURSOR_INFO *lpConsoleCursorInfo); 44 | // void __stdcall Sleep(DWORD dwMilliseconds); 45 | // void __cdecl _set_app_type(_crt_app_type Type); 46 | // unsigned int __cdecl controlfp(unsigned int NewValue, unsigned int Mask); 47 | // int __cdecl _getmainargs(_DWORD, _DWORD, _DWORD, _DWORD, _DWORD); weak 48 | // void __cdecl __noreturn exit(int Code); 49 | 50 | //------------------------------------------------------------------------- 51 | // Data declarations 52 | 53 | int dword_401B5C[3] = { -1, 4201270, 4201291 }; // weak 54 | _UNKNOWN j__except_handler3; // weak 55 | int dword_402000 = 0; // weak 56 | int dword_402004 = 0; // weak 57 | int dword_402008 = 1; // weak 58 | int dword_40200C = 0; // weak 59 | int dword_402010 = 0; // weak 60 | int dword_402014 = 0; // weak 61 | int dword_402018 = 0; // weak 62 | HANDLE hConsoleOutput = NULL; // idb 63 | char asc_402020[3] = " "; // idb 64 | _UNKNOWN unk_402023; // weak 65 | char aOo[3] = "oO"; // idb 66 | char asc_402029[3] = " "; // idb 67 | char asc_40202C[3] = "##"; // idb 68 | char aScore[] = "SCORE"; // idb 69 | char asc_402098[] = "==============\n="; // idb 70 | char aGameOver[] = " GAME OVER! "; // idb 71 | char asc_4020B6[] = "=\n=============="; // idb 72 | // extern int _argc; 73 | // extern char **_argv; 74 | // extern char **environ; 75 | int dword_4023C8[32768] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, }; // weak 76 | int dword_4223C8[32768]; // weak 77 | struct _CONSOLE_SCREEN_BUFFER_INFO ConsoleScreenBufferInfo; // idb 78 | int dword_4423E0; // weak 79 | 80 | 81 | //----- (00401000) -------------------------------------------------------- 82 | int sub_401000() 83 | { 84 | unsigned int v0; // eax 85 | int result; // eax 86 | 87 | dword_4023C8[0] = 12; 88 | dword_4223C8[0] = 12; 89 | v0 = time(0); 90 | srand(v0); 91 | dword_40200C = rand() % 23 + 1; 92 | dword_402010 = rand() % 23 + 1; 93 | dword_402014 = 0; 94 | result = 1; 95 | dword_402018 = 1; 96 | return result; 97 | } 98 | // 40200C: using guessed type int dword_40200C; 99 | // 402010: using guessed type int dword_402010; 100 | // 402014: using guessed type int dword_402014; 101 | // 402018: using guessed type int dword_402018; 102 | // 4023C8: using guessed type int dword_4023C8[32768]; 103 | // 4223C8: using guessed type int dword_4223C8[32768]; 104 | 105 | //----- (00401077) -------------------------------------------------------- 106 | BOOL sub_401077() 107 | { 108 | COORD v1; // [esp-4h] [ebp-8h] BYREF 109 | __int16 Src[2]; // [esp+0h] [ebp-4h] BYREF 110 | 111 | Src[0] = 0; 112 | Src[1] = 2; 113 | memmove(&v1, Src, 4u); 114 | return SetConsoleCursorPosition(hConsoleOutput, v1); 115 | } 116 | 117 | //----- (004010BC) -------------------------------------------------------- 118 | BOOL __cdecl sub_4010BC(char *Format, WORD a2) 119 | { 120 | GetConsoleScreenBufferInfo(hConsoleOutput, &ConsoleScreenBufferInfo); 121 | SetConsoleTextAttribute(hConsoleOutput, a2); 122 | printf(Format); 123 | return SetConsoleTextAttribute(hConsoleOutput, ConsoleScreenBufferInfo.wAttributes); 124 | } 125 | 126 | //----- (00401110) -------------------------------------------------------- 127 | int sub_401110() 128 | { 129 | int v0; // eax 130 | char *v1; // eax 131 | int k; // [esp+0h] [ebp-10h] 132 | int v4; // [esp+4h] [ebp-Ch] 133 | int j; // [esp+8h] [ebp-8h] 134 | int i; // [esp+Ch] [ebp-4h] 135 | 136 | sub_401077(); 137 | for ( i = 0; i < 25; ++i ) 138 | { 139 | for ( j = 0; j < 25; ++j ) 140 | { 141 | if ( i && i != 24 && j && j != 24 ) 142 | { 143 | if ( i == dword_4223C8[0] && j == dword_4023C8[0] ) 144 | { 145 | if ( dword_402000 ) 146 | v1 = aOo; 147 | else 148 | v1 = (char *)&unk_402023; 149 | sub_4010BC(v1, 112); 150 | } 151 | else if ( i == dword_402010 && j == dword_40200C ) 152 | { 153 | sub_4010BC(asc_402029, 192); 154 | } 155 | else 156 | { 157 | v4 = 0; 158 | for ( k = 1; k < dword_402008; ++k ) 159 | { 160 | if ( dword_4023C8[k] == j && dword_4223C8[k] == i ) 161 | { 162 | sub_4010BC(asc_40202C, 136); 163 | v4 = 1; 164 | break; 165 | } 166 | } 167 | if ( !v4 ) 168 | printf(" "); 169 | } 170 | } 171 | else 172 | { 173 | if ( dword_402000 ) 174 | v0 = 64; 175 | else 176 | v0 = 48; 177 | sub_4010BC(asc_402020, v0); 178 | } 179 | } 180 | printf("\n"); 181 | } 182 | sub_4010BC(aScore, 96); 183 | return printf(": %d\n", dword_402004); 184 | } 185 | // 401077: using guessed type int sub_401077(void); 186 | // 402000: using guessed type int dword_402000; 187 | // 402004: using guessed type int dword_402004; 188 | // 402008: using guessed type int dword_402008; 189 | // 40200C: using guessed type int dword_40200C; 190 | // 402010: using guessed type int dword_402010; 191 | // 4023C8: using guessed type int dword_4023C8[32768]; 192 | // 4223C8: using guessed type int dword_4223C8[32768]; 193 | 194 | //----- (0040137B) -------------------------------------------------------- 195 | int sub_40137B() 196 | { 197 | int result; // eax 198 | int v1; // eax 199 | 200 | result = kbhit(); 201 | if ( result ) 202 | { 203 | v1 = getch(); 204 | result = tolower(v1); 205 | switch ( result ) 206 | { 207 | case 'a': 208 | result = dword_402014; 209 | if ( dword_402014 != 1 ) 210 | { 211 | dword_402014 = -1; 212 | result = 0; 213 | dword_402018 = 0; 214 | } 215 | break; 216 | case 'd': 217 | result = dword_402014; 218 | if ( dword_402014 != -1 ) 219 | { 220 | dword_402014 = 1; 221 | result = 0; 222 | dword_402018 = 0; 223 | } 224 | break; 225 | case 's': 226 | result = dword_402018; 227 | if ( dword_402018 != -1 ) 228 | { 229 | dword_402014 = 0; 230 | result = 1; 231 | dword_402018 = 1; 232 | } 233 | break; 234 | case 'w': 235 | result = dword_402018; 236 | if ( dword_402018 != 1 ) 237 | { 238 | dword_402014 = 0; 239 | result = -1; 240 | dword_402018 = -1; 241 | } 242 | break; 243 | } 244 | } 245 | return result; 246 | } 247 | // 402014: using guessed type int dword_402014; 248 | // 402018: using guessed type int dword_402018; 249 | 250 | //----- (00401471) -------------------------------------------------------- 251 | int sub_401471() 252 | { 253 | int result; // eax 254 | int m; // [esp+0h] [ebp-24h] 255 | int k; // [esp+4h] [ebp-20h] 256 | int j; // [esp+8h] [ebp-1Ch] 257 | int v4; // [esp+Ch] [ebp-18h] 258 | int i; // [esp+10h] [ebp-14h] 259 | int v6; // [esp+14h] [ebp-10h] 260 | int v7; // [esp+18h] [ebp-Ch] 261 | int v8; // [esp+1Ch] [ebp-8h] 262 | int v9; // [esp+20h] [ebp-4h] 263 | 264 | v9 = dword_4023C8[0]; 265 | v8 = dword_4223C8[0]; 266 | dword_4023C8[0] += dword_402014; 267 | dword_4223C8[0] += dword_402018; 268 | if ( dword_4023C8[0] ) 269 | { 270 | if ( dword_4023C8[0] == 24 ) 271 | dword_4023C8[0] = 1; 272 | } 273 | else 274 | { 275 | dword_4023C8[0] = 23; 276 | } 277 | if ( dword_4223C8[0] ) 278 | { 279 | if ( dword_4223C8[0] == 24 ) 280 | dword_4223C8[0] = 1; 281 | } 282 | else 283 | { 284 | dword_4223C8[0] = 23; 285 | } 286 | for ( i = 1; i < dword_402008; ++i ) 287 | { 288 | v7 = dword_4023C8[i]; 289 | v6 = dword_4223C8[i]; 290 | dword_4023C8[i] = v9; 291 | dword_4223C8[i] = v8; 292 | v9 = v7; 293 | v8 = v6; 294 | } 295 | if ( dword_4023C8[0] == dword_40200C && dword_4223C8[0] == dword_402010 ) 296 | { 297 | do 298 | { 299 | dword_40200C = rand() % 23 + 1; 300 | dword_402010 = rand() % 23 + 1; 301 | } 302 | while ( dword_40200C == dword_4023C8[0] && dword_402010 == dword_4223C8[0] ); 303 | v4 = 1; 304 | for ( j = 1; j < dword_402008; ++j ) 305 | { 306 | if ( dword_40200C == dword_4023C8[j] && dword_402010 == dword_4223C8[j] ) 307 | { 308 | v4 = 1; 309 | break; 310 | } 311 | } 312 | LABEL_22: 313 | while ( v4 ) 314 | { 315 | dword_40200C = rand() % 23 + 1; 316 | dword_402010 = rand() % 23 + 1; 317 | v4 = 0; 318 | for ( k = 0; k < dword_402008; ++k ) 319 | { 320 | if ( dword_40200C == dword_4023C8[k] && dword_402010 == dword_4223C8[k] ) 321 | { 322 | v4 = 1; 323 | goto LABEL_22; 324 | } 325 | } 326 | } 327 | dword_402004 += 10; 328 | ++dword_402008; 329 | } 330 | for ( m = 1; ; ++m ) 331 | { 332 | result = m; 333 | if ( m >= dword_402008 ) 334 | break; 335 | if ( dword_4023C8[m] == dword_4023C8[0] && dword_4223C8[m] == dword_4223C8[0] ) 336 | { 337 | result = 1; 338 | dword_402000 = 1; 339 | return result; 340 | } 341 | } 342 | return result; 343 | } 344 | // 402000: using guessed type int dword_402000; 345 | // 402004: using guessed type int dword_402004; 346 | // 402008: using guessed type int dword_402008; 347 | // 40200C: using guessed type int dword_40200C; 348 | // 402010: using guessed type int dword_402010; 349 | // 402014: using guessed type int dword_402014; 350 | // 402018: using guessed type int dword_402018; 351 | // 4023C8: using guessed type int dword_4023C8[32768]; 352 | // 4223C8: using guessed type int dword_4223C8[32768]; 353 | 354 | //----- (004017E5) -------------------------------------------------------- 355 | // positive sp value has been detected, the output may be wrong! 356 | int __usercall sub_4017E5@(int a1@) 357 | { 358 | int v1; // eax 359 | int result; // eax 360 | COORD v3; // [esp-8h] [ebp-8h] BYREF 361 | 362 | sub_401AFC(); 363 | sprintf((char *const)(a1 - 0x8000), "Tiny Snake (x%d)", 32); 364 | SetConsoleTitleA((LPCSTR)(a1 - 0x8000)); 365 | *(_DWORD *)(a1 - 32776) = 51; 366 | *(_DWORD *)(a1 - 32772) = 33; 367 | hConsoleOutput = GetStdHandle(0xFFFFFFF5); 368 | *(_WORD *)(a1 - 32784) = 0; 369 | *(_WORD *)(a1 - 32782) = 0; 370 | *(_WORD *)(a1 - 32780) = *(_DWORD *)(a1 - 32776) - 1; 371 | *(_WORD *)(a1 - 32778) = *(_DWORD *)(a1 - 32772) - 1; 372 | SetConsoleWindowInfo(hConsoleOutput, 1, (const SMALL_RECT *)(a1 - 32784)); 373 | *(_WORD *)(a1 - 32788) = *(_WORD *)(a1 - 32776); 374 | *(_WORD *)(a1 - 32786) = *(_WORD *)(a1 - 32772); 375 | memmove(&v3, (const void *)(a1 - 32788), 4u); 376 | SetConsoleScreenBufferSize(hConsoleOutput, v3); 377 | *(_DWORD *)(a1 - 32796) = 0; 378 | memset((void *)(a1 - 32792), 0, 4u); 379 | *(_DWORD *)(a1 - 32796) = 1; 380 | *(_DWORD *)(a1 - 32792) = 0; 381 | SetConsoleCursorInfo(hConsoleOutput, (const CONSOLE_CURSOR_INFO *)(a1 - 32796)); 382 | printf("Coded by DosX-dev (GitHub)\nUSE ONLY ENGLISH KEYBOARD LAYOUT! (WASD)\n"); 383 | sub_401000(); 384 | while ( !dword_402000 ) 385 | { 386 | sub_401110(); 387 | sub_40137B(); 388 | sub_401471(); 389 | Sleep(0x64u); 390 | } 391 | dword_402014 = 0; 392 | dword_402018 = 0; 393 | sub_401110(); 394 | printf("\n"); 395 | sub_4010BC(asc_402098, 68); 396 | sub_4010BC(aGameOver, 116); 397 | sub_4010BC(asc_4020B6, 68); 398 | printf("\nPress X to exit"); 399 | do 400 | { 401 | v1 = getch(); 402 | result = tolower(v1); 403 | } 404 | while ( result != 120 ); 405 | return result; 406 | } 407 | // 4019F4: positive sp value 4 has been found 408 | // 401000: using guessed type _DWORD sub_401000(); 409 | // 401110: using guessed type _DWORD sub_401110(); 410 | // 40137B: using guessed type _DWORD sub_40137B(); 411 | // 401471: using guessed type _DWORD sub_401471(); 412 | // 401AFC: using guessed type _DWORD sub_401AFC(); 413 | // 402000: using guessed type int dword_402000; 414 | // 402014: using guessed type int dword_402014; 415 | // 402018: using guessed type int dword_402018; 416 | 417 | //----- (004019F8) -------------------------------------------------------- 418 | void __noreturn start() 419 | { 420 | int v0; // eax 421 | int v1; // [esp+8h] [ebp-1Ch] BYREF 422 | char v2[24]; // [esp+Ch] [ebp-18h] BYREF 423 | 424 | sub_401B6D(v2); 425 | v1 = 0; 426 | _set_app_type(_crt_console_app); 427 | controlfp(0x10000u, 0x30000u); 428 | _getmainargs(_argc, _argv, environ, dword_4423E0, &v1); 429 | v0 = sub_4017E5(_argc, _argv, environ); 430 | exit(v0); 431 | } 432 | // 4017E5: using guessed type int __cdecl sub_4017E5(_DWORD, _DWORD, _DWORD); 433 | // 4019F8: using guessed type void __noreturn start(); 434 | // 401C50: using guessed type int __cdecl _getmainargs(_DWORD, _DWORD, _DWORD, _DWORD, _DWORD); 435 | // 4423E0: using guessed type int dword_4423E0; 436 | // 4019F8: using guessed type char var_18[24]; 437 | 438 | //----- (00401AFC) -------------------------------------------------------- 439 | int __usercall sub_401AFC@(int a1@, int a2@, __int32 a3@) 440 | { 441 | void **v3; // ecx 442 | int (__thiscall *v6)(int); // [esp-4h] [ebp-4h] 443 | void *retaddr; // [esp+0h] [ebp+0h] BYREF 444 | 445 | v6 = (int (__thiscall *)(int))_InterlockedExchange((volatile __int32 *)&retaddr, a3); 446 | v3 = &retaddr; 447 | do 448 | { 449 | v3 -= 1024; 450 | a1 -= 4096; 451 | } 452 | while ( a1 >= 4096 ); 453 | return v6(a2); 454 | } 455 | 456 | //----- (00401B28) -------------------------------------------------------- 457 | int __usercall sub_401B28@(int a1@) 458 | { 459 | return *(_DWORD *)(a1 - 20); 460 | } 461 | 462 | //----- (00401B2C) -------------------------------------------------------- 463 | int __usercall sub_401B2C@(int a1@) 464 | { 465 | return **(_DWORD **)sub_401B28(a1); 466 | } 467 | 468 | //----- (00401B6D) -------------------------------------------------------- 469 | int __cdecl sub_401B6D(_DWORD *a1, char a2) 470 | { 471 | int result; // eax 472 | 473 | *a1 = &a2; 474 | a1[1] = 0; 475 | a1[2] = NtCurrentTeb()->NtTib.ExceptionList; 476 | a1[3] = &sub_401B68; 477 | a1[4] = dword_401B5C; 478 | result = 0; 479 | a1[5] = 0; 480 | return result; 481 | } 482 | // 401B5C: using guessed type int dword_401B5C[3]; 483 | 484 | // nfuncs=39 queued=12 decompiled=12 lumina nreq=0 worse=0 better=0 485 | // ALL OK, 12 function(s) have been successfully decompiled 486 | -------------------------------------------------------------------------------- /tests/disasm-security-audit/legacy_tests/C/after_x86.c: -------------------------------------------------------------------------------- 1 | 2 | #include 3 | #include 4 | 5 | 6 | //------------------------------------------------------------------------- 7 | // Function declarations 8 | 9 | void sub_401000(); 10 | int __cdecl sub_40100D(int a1); 11 | BOOL sub_401097(); 12 | int __cdecl sub_4010EF(int a1, int a2); 13 | void *__cdecl sub_4012BF(signed int a1); 14 | BOOL __cdecl sub_401511(HANDLE hConsoleOutput, void *lpBuffer, DWORD nNumberOfCharsToWrite, LPDWORD lpNumberOfCharsWritten, LPVOID lpReserved); 15 | HANDLE __cdecl sub_40153A(int a1); 16 | FARPROC __stdcall sub_40155C(HMODULE hModule, LPCSTR lpProcName); 17 | HMODULE __cdecl sub_40157B(LPCSTR lpModuleName); 18 | int __cdecl sub_401DB6(char *a1); 19 | int __cdecl sub_401E94(int a1); 20 | int __cdecl sub_4021E5(int a1); 21 | int __cdecl sub_4021FD(int a1); 22 | int __cdecl sub_402215(int a1); 23 | int __cdecl sub_40222D(int a1); 24 | int __cdecl sub_402245(int a1); 25 | int __cdecl sub_40225D(int a1); 26 | BOOL sub_402275(); 27 | void sub_40247C(); 28 | _BYTE *sub_402489(); 29 | _BYTE *sub_402EE4(); 30 | _BYTE *sub_402EF5(); 31 | _BYTE *sub_402F06(); 32 | _BYTE *sub_402F17(); 33 | _BYTE *sub_402F28(); 34 | _BYTE *sub_402F39(); 35 | _BYTE *sub_402F4A(); 36 | _BYTE *sub_402F5B(); 37 | _BYTE *sub_402F6C(); 38 | _BYTE *sub_402F7D(); 39 | _BYTE *sub_402F8E(); 40 | _BYTE *sub_402F9F(); 41 | _BYTE *sub_402FB0(); 42 | _BYTE *sub_402FC1(); 43 | _BYTE *sub_402FD2(); 44 | _BYTE *sub_402FE3(); 45 | _BYTE *sub_402FF4(); 46 | BOOL __cdecl sub_403005(int a1, char *Format); 47 | char *sub_403299(); 48 | char *sub_403317(); 49 | char *sub_4033BF(); 50 | int sub_4035CE(); 51 | int __cdecl sub_403DEF(char *Buffer, size_t BufferCount, char *Format, va_list ArgList); // idb 52 | void __noreturn start(); // weak 53 | // int __usercall sub_403F44@(int a1@); 54 | // int __usercall sub_403F48@(int a1@); 55 | int __cdecl sub_403F89(_DWORD *a1, char a2); 56 | // BOOL __stdcall WriteConsoleA(HANDLE hConsoleOutput, const void *lpBuffer, DWORD nNumberOfCharsToWrite, LPDWORD lpNumberOfCharsWritten, LPVOID lpReserved); 57 | // HANDLE __stdcall GetStdHandle(DWORD nStdHandle); 58 | // FARPROC __stdcall GetProcAddress(HMODULE hModule, LPCSTR lpProcName); 59 | // HMODULE __stdcall GetModuleHandleA(LPCSTR lpModuleName); 60 | // char *__cdecl strcat(char *Destination, const char *Source); 61 | // int sprintf(char *const Buffer, const char *const Format, ...); 62 | // BOOL __stdcall IsDebuggerPresent(); 63 | // void *__cdecl malloc(size_t Size); 64 | // void __cdecl free(void *Block); 65 | // int __cdecl getch(); 66 | // int __cdecl vsnprintf(char *const Buffer, const size_t BufferCount, const char *const Format, va_list ArgList); 67 | // void __cdecl _set_app_type(_crt_app_type Type); 68 | // unsigned int __cdecl controlfp(unsigned int NewValue, unsigned int Mask); 69 | // int __cdecl _getmainargs(_DWORD, _DWORD, _DWORD, _DWORD, _DWORD); weak 70 | // void __cdecl __noreturn exit(int Code); 71 | 72 | //------------------------------------------------------------------------- 73 | // Data declarations 74 | 75 | int dword_403F78[3] = { -1, 4210514, 4210535 }; // weak 76 | _UNKNOWN j__except_handler3; // weak 77 | char byte_405034 = 'a'; // weak 78 | char byte_405036 = 'c'; // weak 79 | char byte_405037 = 'd'; // weak 80 | char byte_405038 = 'e'; // weak 81 | char byte_40503E = 'k'; // weak 82 | char byte_40503F = 'l'; // weak 83 | char byte_405040 = 'm'; // weak 84 | char byte_405041 = 'n'; // weak 85 | char byte_405042 = 'o'; // weak 86 | char byte_405045 = 'r'; // weak 87 | char byte_405046 = 's'; // weak 88 | char byte_405047 = 't'; // weak 89 | char byte_405049 = 'v'; // weak 90 | char byte_40504F = 'L'; // weak 91 | char byte_405050 = 'A'; // weak 92 | char byte_405054 = '\0'; // weak 93 | char byte_405055 = '\x01'; // weak 94 | char byte_405056 = '\x02'; // weak 95 | char byte_405057 = '\x03'; // weak 96 | char byte_405058 = '\x04'; // weak 97 | char byte_405059 = '\x05'; // weak 98 | char byte_40505A = '\x06'; // weak 99 | char byte_40505B = '\a'; // weak 100 | char byte_40505C = '\b'; // weak 101 | char byte_40505D = '\t'; // weak 102 | int (__stdcall *dword_405060)(_DWORD) = NULL; // weak 103 | char Source[] = "%d%d"; // idb 104 | char Destination[] = "Library"; // idb 105 | char aC[] = "%c"; // idb 106 | char aSprintf[8] = "sprintf"; // weak 107 | char aStrcpy[7] = "strcpy"; // weak 108 | char aRealloc[8] = "realloc"; // weak 109 | char aDHelloWorld[19] = "%d) Hello, world!\n"; // weak 110 | char Format[] = "Error!"; // idb 111 | // extern int _argc; 112 | // extern char **_argv; 113 | // extern char **environ; 114 | _UNKNOWN unk_4053D4; // weak 115 | char byte_4053E4[8] = { '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0' }; // idb 116 | int dword_4053EC = 0; // weak 117 | 118 | 119 | //----- (00401000) -------------------------------------------------------- 120 | void sub_401000() 121 | { 122 | ; 123 | } 124 | 125 | //----- (0040100D) -------------------------------------------------------- 126 | int __cdecl sub_40100D(int a1) 127 | { 128 | sub_401000(); 129 | __asm { cpuid } 130 | return byte_405056 * byte_405058 + byte_405055 * a1 - byte_40505C; 131 | } 132 | // 405055: using guessed type char byte_405055; 133 | // 405056: using guessed type char byte_405056; 134 | // 405058: using guessed type char byte_405058; 135 | // 40505C: using guessed type char byte_40505C; 136 | 137 | //----- (00401097) -------------------------------------------------------- 138 | BOOL sub_401097() 139 | { 140 | __asm { cpuid } 141 | return byte_405055 && (byte_40505B + byte_40505D) / byte_40505C != byte_405055; 142 | } 143 | // 405055: using guessed type char byte_405055; 144 | // 40505B: using guessed type char byte_40505B; 145 | // 40505C: using guessed type char byte_40505C; 146 | // 40505D: using guessed type char byte_40505D; 147 | 148 | //----- (004010EF) -------------------------------------------------------- 149 | int __cdecl sub_4010EF(int a1, int a2) 150 | { 151 | int v8; // [esp+0h] [ebp-8h] 152 | int v9; // [esp+4h] [ebp-4h] 153 | 154 | v9 = sub_40100D(byte_405055 * a2); 155 | if ( v9 == a1 * (3 * byte_405054 + byte_40505A + byte_405057 - byte_40505D) ) 156 | return byte_40505C != byte_405056 * byte_405058 && !sub_401097(); 157 | _EAX = (4 * byte_405054 + byte_40505B + byte_40505D) / byte_40505C - byte_405055; 158 | if ( v9 == _EAX ) 159 | return (sub_401097() 160 | || 9 * byte_405054 + byte_40505A + byte_405057 != byte_40505D 161 | || (8 * byte_405054 + byte_40505B + byte_40505D) / byte_40505C != byte_405055) 162 | && (v8 = 15 * byte_405054 + byte_40505A + byte_405057 - byte_40505D, sub_40100D(byte_405055) + v8); 163 | __asm { cpuid } 164 | return sub_40100D(a2); 165 | } 166 | // 405054: using guessed type char byte_405054; 167 | // 405055: using guessed type char byte_405055; 168 | // 405056: using guessed type char byte_405056; 169 | // 405057: using guessed type char byte_405057; 170 | // 405058: using guessed type char byte_405058; 171 | // 40505A: using guessed type char byte_40505A; 172 | // 40505B: using guessed type char byte_40505B; 173 | // 40505C: using guessed type char byte_40505C; 174 | // 40505D: using guessed type char byte_40505D; 175 | 176 | //----- (004012BF) -------------------------------------------------------- 177 | void *__cdecl sub_4012BF(signed int a1) 178 | { 179 | int v1; // eax 180 | _BYTE *v4; // ecx 181 | _BYTE *v10; // [esp+4h] [ebp-Ch] 182 | signed int i; // [esp+8h] [ebp-8h] 183 | 184 | if ( byte_405054 < 14 && byte_405055 && byte_405056 > sub_401097() ) 185 | { 186 | v1 = a1 <= byte_405054 187 | || a1 >= (84 * byte_405054 188 | + byte_405058 * 16 * byte_405056 / (unsigned int)byte_40505C 189 | + byte_405058 * byte_405056 * 16 * byte_405055 / (unsigned int)byte_40505C) >> 1; 190 | if ( sub_4010EF(8, v1) && (sub_401097() || byte_405054) ) 191 | return 0; 192 | } 193 | v10 = &unk_4053D4; 194 | for ( i = byte_405054; i < a1; ++i ) 195 | { 196 | *v10 = 37; 197 | v4 = v10 + 1; 198 | v10 += 2; 199 | *v4 = byte_405036; 200 | if ( i ) 201 | sub_40100D(21 * ((18 * byte_405054 + byte_40505B + byte_40505D) / byte_40505C - byte_405055)); 202 | } 203 | _EAX = v10; 204 | *v10 = 0; 205 | __asm { cpuid } 206 | return &unk_4053D4; 207 | } 208 | // 405036: using guessed type char byte_405036; 209 | // 405054: using guessed type char byte_405054; 210 | // 405055: using guessed type char byte_405055; 211 | // 405056: using guessed type char byte_405056; 212 | // 405057: using guessed type char byte_405057; 213 | // 405058: using guessed type char byte_405058; 214 | // 40505A: using guessed type char byte_40505A; 215 | // 40505B: using guessed type char byte_40505B; 216 | // 40505C: using guessed type char byte_40505C; 217 | // 40505D: using guessed type char byte_40505D; 218 | 219 | //----- (00401511) -------------------------------------------------------- 220 | BOOL __cdecl sub_401511( 221 | HANDLE hConsoleOutput, 222 | void *lpBuffer, 223 | DWORD nNumberOfCharsToWrite, 224 | LPDWORD lpNumberOfCharsWritten, 225 | LPVOID lpReserved) 226 | { 227 | __asm { cpuid } 228 | return WriteConsoleA(hConsoleOutput, lpBuffer, nNumberOfCharsToWrite, lpNumberOfCharsWritten, lpReserved); 229 | } 230 | 231 | //----- (0040153A) -------------------------------------------------------- 232 | HANDLE __cdecl sub_40153A(int a1) 233 | { 234 | int v6; // eax 235 | 236 | __asm { cpuid } 237 | v6 = sub_40100D(a1); 238 | return GetStdHandle(v6); 239 | } 240 | 241 | //----- (0040155C) -------------------------------------------------------- 242 | FARPROC __stdcall sub_40155C(HMODULE hModule, LPCSTR lpProcName) 243 | { 244 | __asm { cpuid } 245 | return GetProcAddress(hModule, lpProcName); 246 | } 247 | 248 | //----- (0040157B) -------------------------------------------------------- 249 | HMODULE __cdecl sub_40157B(LPCSTR lpModuleName) 250 | { 251 | __asm { cpuid } 252 | return GetModuleHandleA(lpModuleName); 253 | } 254 | 255 | //----- (00401DB6) -------------------------------------------------------- 256 | int __cdecl sub_401DB6(char *a1) 257 | { 258 | int v7; // [esp+0h] [ebp-4h] 259 | 260 | v7 = byte_405054; 261 | while ( 1 ) 262 | { 263 | _EAX = 79; 264 | if ( byte_405054 >= 79 ) 265 | break; 266 | _EAX = byte_40505C; 267 | if ( byte_40505C <= byte_405057 ) 268 | break; 269 | _EAX = sub_401097(); 270 | if ( !_EAX ) 271 | break; 272 | _EAX = sub_4010EF(52, *a1 != 0); 273 | if ( !_EAX ) 274 | break; 275 | _EAX = byte_405059; 276 | if ( !byte_405059 ) 277 | break; 278 | v7 += sub_40100D(byte_405055); 279 | a1 += sub_40100D(byte_405056 - byte_405055); 280 | } 281 | __asm { cpuid } 282 | return sub_40100D(byte_405054 + v7); 283 | } 284 | // 405054: using guessed type char byte_405054; 285 | // 405055: using guessed type char byte_405055; 286 | // 405056: using guessed type char byte_405056; 287 | // 405057: using guessed type char byte_405057; 288 | // 405059: using guessed type char byte_405059; 289 | // 40505C: using guessed type char byte_40505C; 290 | 291 | //----- (00401E94) -------------------------------------------------------- 292 | int __cdecl sub_401E94(int a1) 293 | { 294 | char *v1; // eax 295 | char *v2; // eax 296 | char *v13; // eax 297 | char *v14; // eax 298 | char Source[32]; // [esp+0h] [ebp-5Ch] BYREF 299 | char *v17; // [esp+20h] [ebp-3Ch] 300 | char *v18; // [esp+24h] [ebp-38h] 301 | char *v19; // [esp+28h] [ebp-34h] 302 | char *v20; // [esp+2Ch] [ebp-30h] 303 | char *v21; // [esp+30h] [ebp-2Ch] 304 | char v22; // [esp+37h] [ebp-25h] 305 | HMODULE hModule; // [esp+38h] [ebp-24h] 306 | char Buffer[32]; // [esp+3Ch] [ebp-20h] BYREF 307 | 308 | if ( byte_405054 < 106 309 | && byte_405055 310 | && byte_405056 > sub_401097() 311 | && sub_4010EF(54, dword_405060 == 0) 312 | && (sub_401097() || byte_405054) ) 313 | { 314 | v1 = (char *)sub_4012BF(byte_40505A); 315 | v2 = strcat(v1, ::Source); 316 | sprintf( 317 | Buffer, 318 | v2, 319 | byte_40503E, 320 | byte_405038, 321 | byte_405045, 322 | byte_405041, 323 | byte_405038, 324 | byte_40503F, 325 | byte_405057, 326 | byte_405056); 327 | hModule = sub_40157B(Buffer); 328 | if ( byte_405054 < 110 ) 329 | { 330 | if ( byte_405055 ) 331 | { 332 | if ( byte_405056 > sub_401097() ) 333 | { 334 | if ( sub_4010EF(56, hModule != 0) ) 335 | { 336 | _EAX = sub_401097(); 337 | if ( _EAX || (_EAX = byte_405054) != 0 ) 338 | { 339 | __asm { cpuid } 340 | v22 = byte_40504F; 341 | sub_401000(); 342 | v21 = &byte_4053E4[byte_405058]; 343 | *v21 = sub_40100D(byte_405054); 344 | v20 = &byte_4053E4[byte_405057]; 345 | *v20 = sub_40100D(byte_405037); 346 | v19 = &byte_4053E4[byte_405056]; 347 | *v19 = sub_40100D(byte_405034); 348 | v18 = &byte_4053E4[byte_405055]; 349 | *v18 = sub_40100D(byte_405042); 350 | v17 = &byte_4053E4[byte_405054]; 351 | _EAX = sub_40100D(byte_40504F); 352 | *v17 = _EAX; 353 | __asm { cpuid } 354 | v13 = strcat(Destination, aC); 355 | sprintf(Source, v13, byte_405050); 356 | v14 = strcat(byte_4053E4, Source); 357 | dword_405060 = (int (__stdcall *)(_DWORD))sub_40155C(hModule, v14); 358 | } 359 | } 360 | } 361 | } 362 | } 363 | } 364 | if ( byte_405054 < 114 365 | && byte_405055 366 | && byte_405056 > sub_401097() 367 | && sub_4010EF(58, dword_405060 != 0) 368 | && (sub_401097() || byte_405054) ) 369 | { 370 | return dword_405060(a1); 371 | } 372 | else 373 | { 374 | return 0; 375 | } 376 | } 377 | // 405034: using guessed type char byte_405034; 378 | // 405037: using guessed type char byte_405037; 379 | // 405038: using guessed type char byte_405038; 380 | // 40503E: using guessed type char byte_40503E; 381 | // 40503F: using guessed type char byte_40503F; 382 | // 405041: using guessed type char byte_405041; 383 | // 405042: using guessed type char byte_405042; 384 | // 405045: using guessed type char byte_405045; 385 | // 40504F: using guessed type char byte_40504F; 386 | // 405050: using guessed type char byte_405050; 387 | // 405054: using guessed type char byte_405054; 388 | // 405055: using guessed type char byte_405055; 389 | // 405056: using guessed type char byte_405056; 390 | // 405057: using guessed type char byte_405057; 391 | // 405058: using guessed type char byte_405058; 392 | // 40505A: using guessed type char byte_40505A; 393 | // 405060: using guessed type int (__stdcall *dword_405060)(_DWORD); 394 | 395 | //----- (004021E5) -------------------------------------------------------- 396 | int __cdecl sub_4021E5(int a1) 397 | { 398 | return sub_401E94(a1); 399 | } 400 | 401 | //----- (004021FD) -------------------------------------------------------- 402 | int __cdecl sub_4021FD(int a1) 403 | { 404 | return sub_4021E5(a1); 405 | } 406 | 407 | //----- (00402215) -------------------------------------------------------- 408 | int __cdecl sub_402215(int a1) 409 | { 410 | return sub_4021FD(a1); 411 | } 412 | 413 | //----- (0040222D) -------------------------------------------------------- 414 | int __cdecl sub_40222D(int a1) 415 | { 416 | return sub_402215(a1); 417 | } 418 | 419 | //----- (00402245) -------------------------------------------------------- 420 | int __cdecl sub_402245(int a1) 421 | { 422 | return sub_40222D(a1); 423 | } 424 | 425 | //----- (0040225D) -------------------------------------------------------- 426 | int __cdecl sub_40225D(int a1) 427 | { 428 | return sub_402245(a1); 429 | } 430 | 431 | //----- (00402275) -------------------------------------------------------- 432 | BOOL sub_402275() 433 | { 434 | sub_40100D(60); 435 | if ( byte_405054 < 122 && byte_405055 && byte_405056 > sub_401097() && sub_4010EF(62, (int)sub_401000) ) 436 | sub_401097(); 437 | while ( byte_405054 < 91 && byte_40505C > byte_405057 && sub_401097() && sub_4010EF(64, byte_405054) && byte_405059 ) 438 | ; 439 | sub_40100D(66); 440 | if ( byte_405054 != 134 && byte_405055 && byte_405056 > sub_401097() && sub_4010EF(68, (int)sub_401000) ) 441 | sub_401097(); 442 | while ( byte_405054 < 97 && byte_40505C > byte_405057 && sub_401097() && sub_4010EF(70, byte_405054) && byte_405059 ) 443 | ; 444 | return IsDebuggerPresent(); 445 | } 446 | // 405054: using guessed type char byte_405054; 447 | // 405055: using guessed type char byte_405055; 448 | // 405056: using guessed type char byte_405056; 449 | // 405057: using guessed type char byte_405057; 450 | // 405059: using guessed type char byte_405059; 451 | // 40505C: using guessed type char byte_40505C; 452 | 453 | //----- (0040247C) -------------------------------------------------------- 454 | void sub_40247C() 455 | { 456 | __debugbreak(); 457 | } 458 | 459 | //----- (00402489) -------------------------------------------------------- 460 | _BYTE *sub_402489() 461 | { 462 | int v0; // eax 463 | int v1; // eax 464 | _BYTE *v3; // [esp+4h] [ebp-18h] 465 | _BYTE *v4; // [esp+8h] [ebp-14h] 466 | int v5; // [esp+14h] [ebp-8h] 467 | BOOL v6; // [esp+18h] [ebp-4h] 468 | 469 | sub_40100D(72); 470 | if ( byte_405054 != 146 && byte_405055 && byte_405056 > sub_401097() && sub_4010EF(74, (int)sub_401000) ) 471 | sub_401097(); 472 | while ( byte_405054 < 103 && byte_40505C > byte_405057 && sub_401097() && sub_4010EF(76, byte_405054) && byte_405059 ) 473 | ; 474 | sub_401000(); 475 | sub_401000(); 476 | if ( byte_405054 != 154 && byte_405055 && byte_405056 > sub_401097() ) 477 | { 478 | v0 = 1; 479 | if ( !IsDebuggerPresent() ) 480 | { 481 | v6 = !sub_402275(); 482 | if ( !sub_40100D((byte_405055 + byte_405054 + byte_405055) * (byte_405054 / v6) / byte_405056) ) 483 | v0 = 0; 484 | } 485 | if ( sub_4010EF(78, v0) && (sub_401097() || byte_405054) ) 486 | { 487 | sub_40247C(); 488 | __debugbreak(); 489 | } 490 | } 491 | if ( byte_405054 != 160 492 | && byte_405055 493 | && byte_405056 > sub_401097() 494 | && sub_4010EF(81, byte_405054 > 79) 495 | && (sub_401097() || byte_405054) ) 496 | { 497 | sub_401000(); 498 | } 499 | else if ( byte_405054 != 170 500 | && byte_405055 501 | && byte_405056 > sub_401097() 502 | && sub_4010EF(86, 0) 503 | && (sub_401097() || byte_405054) ) 504 | { 505 | sub_40100D(byte_405057 - 87); 506 | } 507 | else if ( byte_405054 != 178 508 | && byte_405055 509 | && byte_405056 > sub_401097() 510 | && sub_4010EF(90, 264 * byte_405054 + byte_40505A + byte_405057 - byte_40505D) 511 | && (sub_401097() || byte_405054) ) 512 | { 513 | sub_40100D(92); 514 | if ( byte_405054 != 186 && byte_405055 && byte_405056 > sub_401097() && sub_4010EF(94, (int)sub_401000) ) 515 | sub_401097(); 516 | while ( byte_405054 < 123 && byte_40505C > byte_405057 && sub_401097() && sub_4010EF(96, byte_405054) && byte_405059 ) 517 | ; 518 | } 519 | else if ( byte_405054 != 196 520 | && byte_405055 521 | && byte_405056 > sub_401097() 522 | && ((v5 = 291 * byte_405054 + byte_40505A + byte_405057 - byte_40505D, sub_40100D(byte_405057)) 523 | ? (v1 = byte_405056) 524 | : (v1 = byte_405054), 525 | sub_4010EF(99, v1 * v5) && (sub_401097() || byte_405054)) ) 526 | { 527 | sub_40100D(101); 528 | if ( byte_405054 != 204 && byte_405055 && byte_405056 > sub_401097() && sub_4010EF(103, (int)sub_401000) ) 529 | sub_401097(); 530 | while ( byte_405054 != 132 531 | && byte_40505C > byte_405057 532 | && sub_401097() 533 | && sub_4010EF(105, byte_405054) 534 | && byte_405059 ) 535 | ; 536 | } 537 | else 538 | { 539 | IsDebuggerPresent(); 540 | } 541 | v4 = malloc(byte_40505B); 542 | v4[byte_405055 + byte_405056 + byte_405057] = 0; 543 | v3 = &v4[byte_405056 + byte_405056 + byte_405055]; 544 | *v3 = sub_40100D(byte_405047); 545 | v4[byte_405056 + byte_405055 * byte_405056] = byte_405045; 546 | sub_40100D(107); 547 | if ( byte_405054 != 216 && byte_405055 && byte_405056 > sub_401097() && sub_4010EF(109, (int)sub_401000) ) 548 | sub_401097(); 549 | while ( byte_405054 != 138 && byte_40505C > byte_405057 && sub_401097() && sub_4010EF(111, byte_405054) && byte_405059 ) 550 | ; 551 | v4[byte_405056 * byte_405058 - byte_405059] = byte_405036; 552 | v4[byte_405056 * byte_405055] = byte_405049; 553 | v4[byte_405055 + byte_405054] = byte_405046; 554 | v4[byte_40505C - byte_405057 - byte_405059] = byte_405040; 555 | sub_40100D(113); 556 | if ( byte_405054 != 228 && byte_405055 && byte_405056 > sub_401097() && sub_4010EF(115, (int)sub_401000) ) 557 | sub_401097(); 558 | while ( byte_405054 != 144 && byte_40505C > byte_405057 && sub_401097() && sub_4010EF(117, byte_405054) && byte_405059 ) 559 | ; 560 | return v4; 561 | } 562 | // 405036: using guessed type char byte_405036; 563 | // 405040: using guessed type char byte_405040; 564 | // 405045: using guessed type char byte_405045; 565 | // 405046: using guessed type char byte_405046; 566 | // 405047: using guessed type char byte_405047; 567 | // 405049: using guessed type char byte_405049; 568 | // 405054: using guessed type char byte_405054; 569 | // 405055: using guessed type char byte_405055; 570 | // 405056: using guessed type char byte_405056; 571 | // 405057: using guessed type char byte_405057; 572 | // 405058: using guessed type char byte_405058; 573 | // 405059: using guessed type char byte_405059; 574 | // 40505A: using guessed type char byte_40505A; 575 | // 40505B: using guessed type char byte_40505B; 576 | // 40505C: using guessed type char byte_40505C; 577 | // 40505D: using guessed type char byte_40505D; 578 | 579 | //----- (00402EE4) -------------------------------------------------------- 580 | _BYTE *sub_402EE4() 581 | { 582 | return sub_402489(); 583 | } 584 | 585 | //----- (00402EF5) -------------------------------------------------------- 586 | _BYTE *sub_402EF5() 587 | { 588 | return sub_402EE4(); 589 | } 590 | 591 | //----- (00402F06) -------------------------------------------------------- 592 | _BYTE *sub_402F06() 593 | { 594 | return sub_402EF5(); 595 | } 596 | 597 | //----- (00402F17) -------------------------------------------------------- 598 | _BYTE *sub_402F17() 599 | { 600 | return sub_402F06(); 601 | } 602 | 603 | //----- (00402F28) -------------------------------------------------------- 604 | _BYTE *sub_402F28() 605 | { 606 | return sub_402F17(); 607 | } 608 | 609 | //----- (00402F39) -------------------------------------------------------- 610 | _BYTE *sub_402F39() 611 | { 612 | return sub_402F28(); 613 | } 614 | 615 | //----- (00402F4A) -------------------------------------------------------- 616 | _BYTE *sub_402F4A() 617 | { 618 | return sub_402F39(); 619 | } 620 | 621 | //----- (00402F5B) -------------------------------------------------------- 622 | _BYTE *sub_402F5B() 623 | { 624 | return sub_402F4A(); 625 | } 626 | 627 | //----- (00402F6C) -------------------------------------------------------- 628 | _BYTE *sub_402F6C() 629 | { 630 | return sub_402F5B(); 631 | } 632 | 633 | //----- (00402F7D) -------------------------------------------------------- 634 | _BYTE *sub_402F7D() 635 | { 636 | return sub_402F6C(); 637 | } 638 | 639 | //----- (00402F8E) -------------------------------------------------------- 640 | _BYTE *sub_402F8E() 641 | { 642 | return sub_402F7D(); 643 | } 644 | 645 | //----- (00402F9F) -------------------------------------------------------- 646 | _BYTE *sub_402F9F() 647 | { 648 | return sub_402F8E(); 649 | } 650 | 651 | //----- (00402FB0) -------------------------------------------------------- 652 | _BYTE *sub_402FB0() 653 | { 654 | return sub_402F9F(); 655 | } 656 | 657 | //----- (00402FC1) -------------------------------------------------------- 658 | _BYTE *sub_402FC1() 659 | { 660 | return sub_402FB0(); 661 | } 662 | 663 | //----- (00402FD2) -------------------------------------------------------- 664 | _BYTE *sub_402FD2() 665 | { 666 | return sub_402FC1(); 667 | } 668 | 669 | //----- (00402FE3) -------------------------------------------------------- 670 | _BYTE *sub_402FE3() 671 | { 672 | return sub_402FD2(); 673 | } 674 | 675 | //----- (00402FF4) -------------------------------------------------------- 676 | _BYTE *sub_402FF4() 677 | { 678 | return sub_402FE3(); 679 | } 680 | 681 | //----- (00403005) -------------------------------------------------------- 682 | BOOL __cdecl sub_403005(int a1, char *Format) 683 | { 684 | int v2; // eax 685 | HANDLE v3; // eax 686 | int v4; // eax 687 | HANDLE hConsoleOutput; // [esp+0h] [ebp-410h] 688 | char Buffer[1024]; // [esp+10h] [ebp-400h] BYREF 689 | 690 | sub_40100D(119); 691 | if ( byte_405054 != 240 && byte_405055 && byte_405056 > sub_401097() && sub_4010EF(121, (int)sub_401000) ) 692 | sub_401097(); 693 | while ( byte_405054 != 150 && byte_40505C > byte_405057 && sub_401097() && sub_4010EF(123, byte_405054) && byte_405059 ) 694 | ; 695 | sub_403DEF( 696 | Buffer, 697 | (203 * byte_405054 698 | + byte_405058 * (byte_405056 << 10) / (unsigned int)byte_40505C 699 | + byte_405058 * byte_405056 * (byte_405055 << 10) / (unsigned int)byte_40505C) >> 1, 700 | Format, 701 | (va_list)&Format 702 | + ((((202 * byte_405054 703 | + byte_405058 * 4 * byte_405056 / (unsigned int)byte_40505C 704 | + byte_405058 * byte_405056 * 4 * byte_405055 / (unsigned int)byte_40505C) >> 1) 705 | + 3) & 0xFFFFFFFC)); 706 | v2 = sub_40100D(-11); 707 | v3 = sub_40153A(v2); 708 | hConsoleOutput = (HANDLE)sub_40100D((int)v3); 709 | sub_401000(); 710 | v4 = sub_401DB6(Buffer); 711 | return sub_401511(hConsoleOutput, Buffer, v4, 0, 0); 712 | } 713 | // 405054: using guessed type char byte_405054; 714 | // 405055: using guessed type char byte_405055; 715 | // 405056: using guessed type char byte_405056; 716 | // 405057: using guessed type char byte_405057; 717 | // 405058: using guessed type char byte_405058; 718 | // 405059: using guessed type char byte_405059; 719 | // 40505C: using guessed type char byte_40505C; 720 | 721 | //----- (00403299) -------------------------------------------------------- 722 | char *sub_403299() 723 | { 724 | __asm { cpuid } 725 | return aSprintf; 726 | } 727 | 728 | //----- (00403317) -------------------------------------------------------- 729 | char *sub_403317() 730 | { 731 | __asm { cpuid } 732 | return aStrcpy; 733 | } 734 | 735 | //----- (004033BF) -------------------------------------------------------- 736 | char *sub_4033BF() 737 | { 738 | __asm { cpuid } 739 | return aRealloc; 740 | } 741 | 742 | //----- (004035CE) -------------------------------------------------------- 743 | int sub_4035CE() 744 | { 745 | int v1; // eax 746 | _BYTE *v2; // eax 747 | char *v3; // eax 748 | _BYTE *v4; // eax 749 | char *v5; // eax 750 | int v6; // eax 751 | int v8; // [esp+0h] [ebp-24h] 752 | int v9; // [esp+4h] [ebp-20h] 753 | FARPROC v10; // [esp+8h] [ebp-1Ch] 754 | HMODULE v11; // [esp+Ch] [ebp-18h] 755 | FARPROC v12; // [esp+10h] [ebp-14h] 756 | HMODULE hModule; // [esp+14h] [ebp-10h] 757 | char *Block; // [esp+18h] [ebp-Ch] 758 | int i; // [esp+20h] [ebp-4h] 759 | 760 | for ( i = 0; i < 5; ++i ) 761 | { 762 | v1 = sub_40100D(256); 763 | Block = (char *)malloc(v1); 764 | v2 = sub_402FF4(); 765 | hModule = (HMODULE)sub_40225D((int)v2); 766 | v3 = sub_403317(); 767 | v12 = sub_40155C(hModule, v3); 768 | ((void (*)(char *, const char *, ...))v12)(Block, aDHelloWorld); 769 | v4 = sub_402FF4(); 770 | v11 = (HMODULE)sub_40225D((int)v4); 771 | v5 = sub_403299(); 772 | v10 = sub_40155C(v11, v5); 773 | ((void (__cdecl *)(char *, char *, int))v10)(Block, Block, i + 1); 774 | if ( byte_405054 != 262 775 | && byte_405055 776 | && byte_405056 > sub_401097() 777 | && sub_4010EF(132, (int)Block) 778 | && (sub_401097() || byte_405054) ) 779 | { 780 | do 781 | { 782 | sub_401000(); 783 | sub_403005(134, Block); 784 | } 785 | while ( byte_405054 != 164 && byte_40505C > byte_405057 && sub_401097() && sub_4010EF(137, 0) && byte_405059 ); 786 | } 787 | else if ( byte_405054 != 278 788 | && byte_405055 789 | && byte_405056 > sub_401097() 790 | && sub_4010EF(140, 0) 791 | && (sub_401097() || byte_405054) ) 792 | { 793 | sub_401000(); 794 | } 795 | else if ( byte_405054 != 288 796 | && byte_405055 797 | && byte_405056 > sub_401097() 798 | && sub_4010EF(145, 0) 799 | && (sub_401097() || byte_405054) ) 800 | { 801 | sub_40100D(byte_405057 - 146); 802 | } 803 | else if ( byte_405054 != 296 804 | && byte_405055 805 | && byte_405056 > sub_401097() 806 | && sub_4010EF(149, 441 * byte_405054 + byte_40505A + byte_405057 - byte_40505D) 807 | && (sub_401097() || byte_405054) ) 808 | { 809 | sub_40100D(151); 810 | if ( byte_405054 != 304 && byte_405055 && byte_405056 > sub_401097() && sub_4010EF(153, (int)sub_401000) ) 811 | sub_401097(); 812 | while ( byte_405054 != 182 813 | && byte_40505C > byte_405057 814 | && sub_401097() 815 | && sub_4010EF(155, byte_405054) 816 | && byte_405059 ) 817 | ; 818 | } 819 | else if ( byte_405054 != 314 820 | && byte_405055 821 | && byte_405056 > sub_401097() 822 | && ((v9 = 468 * byte_405054 + byte_40505A + byte_405057 - byte_40505D, sub_40100D(byte_405057)) 823 | ? (v6 = byte_405056) 824 | : (v6 = byte_405054), 825 | sub_4010EF(158, v6 * v9) && (sub_401097() || byte_405054)) ) 826 | { 827 | sub_40100D(160); 828 | if ( byte_405054 != 322 && byte_405055 && byte_405056 > sub_401097() && sub_4010EF(162, (int)sub_401000) ) 829 | sub_401097(); 830 | while ( byte_405054 != 191 831 | && byte_40505C > byte_405057 832 | && sub_401097() 833 | && sub_4010EF(164, byte_405054) 834 | && byte_405059 ) 835 | ; 836 | } 837 | else 838 | { 839 | do 840 | { 841 | sub_401000(); 842 | sub_403005(166, Format); 843 | } 844 | while ( byte_405054 != 196 && byte_40505C > byte_405057 && sub_401097() && sub_4010EF(169, 0) && byte_405059 ); 845 | } 846 | free(Block); 847 | if ( i ) 848 | sub_40100D(140 * (((byte_405054 << 8) + byte_40505B + byte_40505D) / byte_40505C - byte_405055)); 849 | } 850 | v8 = getch(); 851 | return sub_40100D(510 * byte_405054 + byte_40505A + byte_405057 - byte_40505D + v8); 852 | } 853 | // 405054: using guessed type char byte_405054; 854 | // 405055: using guessed type char byte_405055; 855 | // 405056: using guessed type char byte_405056; 856 | // 405057: using guessed type char byte_405057; 857 | // 405059: using guessed type char byte_405059; 858 | // 40505A: using guessed type char byte_40505A; 859 | // 40505B: using guessed type char byte_40505B; 860 | // 40505C: using guessed type char byte_40505C; 861 | // 40505D: using guessed type char byte_40505D; 862 | 863 | //----- (00403DEF) -------------------------------------------------------- 864 | int __cdecl sub_403DEF(char *Buffer, size_t BufferCount, char *Format, va_list ArgList) 865 | { 866 | return vsnprintf(Buffer, BufferCount, Format, ArgList); 867 | } 868 | 869 | //----- (00403E14) -------------------------------------------------------- 870 | void __noreturn start() 871 | { 872 | int v0; // eax 873 | char v1; // [esp+0h] [ebp-24h] 874 | int v2; // [esp+8h] [ebp-1Ch] BYREF 875 | int v3[6]; // [esp+Ch] [ebp-18h] BYREF 876 | 877 | sub_403F89(v3, v1); 878 | v2 = 0; 879 | _set_app_type(_crt_console_app); 880 | controlfp(0x10000u, 0x30000u); 881 | _getmainargs(_argc, _argv, environ, dword_4053EC, &v2); 882 | v0 = sub_4035CE(); 883 | exit(v0); 884 | } 885 | // 403E22: variable 'v1' is possibly undefined 886 | // 403E14: using guessed type void __noreturn start(); 887 | // 404088: using guessed type int __cdecl _getmainargs(_DWORD, _DWORD, _DWORD, _DWORD, _DWORD); 888 | // 4053EC: using guessed type int dword_4053EC; 889 | // 403E14: using guessed type int var_18[6]; 890 | 891 | //----- (00403F44) -------------------------------------------------------- 892 | int __usercall sub_403F44@(int a1@) 893 | { 894 | return *(_DWORD *)(a1 - 20); 895 | } 896 | 897 | //----- (00403F48) -------------------------------------------------------- 898 | int __usercall sub_403F48@(int a1@) 899 | { 900 | return **(_DWORD **)sub_403F44(a1); 901 | } 902 | 903 | //----- (00403F89) -------------------------------------------------------- 904 | int __cdecl sub_403F89(_DWORD *a1, char a2) 905 | { 906 | int result; // eax 907 | 908 | *a1 = &a2; 909 | a1[1] = 0; 910 | a1[2] = NtCurrentTeb()->NtTib.ExceptionList; 911 | a1[3] = &sub_403F84; 912 | a1[4] = dword_403F78; 913 | result = 0; 914 | a1[5] = 0; 915 | return result; 916 | } 917 | // 403F78: using guessed type int dword_403F78[3]; 918 | 919 | // nfuncs=77 queued=47 decompiled=47 lumina nreq=0 worse=0 better=0 920 | // ALL OK, 47 function(s) have been successfully decompiled 921 | -------------------------------------------------------------------------------- /tests/disasm-security-audit/legacy_tests/C/after_x64.c: -------------------------------------------------------------------------------- 1 | 2 | #include 3 | #include 4 | 5 | #include 6 | 7 | 8 | //------------------------------------------------------------------------- 9 | // Function declarations 10 | 11 | void sub_401000(); 12 | __int64 __fastcall sub_401028(int a1); 13 | double __fastcall sub_401085(double a1); 14 | _BOOL8 __fastcall sub_4010D2(); 15 | __int64 __fastcall sub_40112B(int a1, int a2); 16 | void *__fastcall sub_40130B(int a1); 17 | BOOL __fastcall sub_4015B4(void *a1, const void *a2, DWORD a3, DWORD *a4, LPVOID lpReserved); 18 | HANDLE __fastcall sub_401604(int a1); 19 | FARPROC __fastcall sub_401632(HMODULE a1, const CHAR *a2); 20 | HMODULE __fastcall sub_401664(const CHAR *a1); 21 | __int64 __fastcall sub_401688(_BYTE *a1, _BYTE *a2); 22 | __int64 __fastcall sub_401F47(char *a1); 23 | __int64 __fastcall sub_402050(__int64 a1); 24 | __int64 __fastcall sub_402460(__int64 a1); 25 | __int64 __fastcall sub_402480(__int64 a1); 26 | __int64 __fastcall sub_4024A0(__int64 a1); 27 | __int64 __fastcall sub_4024C0(__int64 a1); 28 | __int64 __fastcall sub_4024E0(__int64 a1); 29 | __int64 __fastcall sub_402500(__int64 a1); 30 | BOOL sub_402520(); 31 | void sub_40274C(); 32 | _BYTE *sub_40275A(); 33 | _BYTE *sub_403268(); 34 | _BYTE *sub_40327A(); 35 | _BYTE *sub_40328C(); 36 | _BYTE *sub_40329E(); 37 | _BYTE *sub_4032B0(); 38 | _BYTE *sub_4032C2(); 39 | _BYTE *sub_4032D4(); 40 | _BYTE *sub_4032E6(); 41 | _BYTE *sub_4032F8(); 42 | _BYTE *sub_40330A(); 43 | _BYTE *sub_40331C(); 44 | _BYTE *sub_40332E(); 45 | _BYTE *sub_403340(); 46 | _BYTE *sub_403352(); 47 | _BYTE *sub_403364(); 48 | _BYTE *sub_403376(); 49 | _BYTE *sub_403388(); 50 | BOOL sub_40339A(__int64 a1, const char *a2, ...); 51 | char *__fastcall sub_40362C(); 52 | char *__fastcall sub_403644(); 53 | char *__fastcall sub_40365C(); 54 | char *__fastcall sub_403674(); 55 | char *__fastcall sub_40368C(); 56 | char *__fastcall sub_4036A4(); 57 | char *__fastcall sub_4036BC(); 58 | char *__fastcall sub_4036D4(); 59 | char *__fastcall sub_4036EC(); 60 | void *__fastcall sub_403704(void *a1, int a2, size_t a3); 61 | char *__fastcall sub_403746(); 62 | char *__fastcall sub_40375E(); 63 | char *__fastcall sub_403776(); 64 | char *__fastcall sub_40378E(); 65 | char *__fastcall sub_4037A6(); 66 | void *__fastcall sub_4037BE(size_t a1, size_t a2); 67 | __int64 __fastcall sub_4037EC(__int64 a1, __int64 a2); 68 | __int64 __fastcall sub_40384E(__int64 a1); 69 | __int64 sub_40386E(char *a1, size_t a2, const char *a3, ...); 70 | int __fastcall sub_4038C0(char *a1, const char *a2, va_list a3); 71 | int __fastcall sub_4038F9(char *a1, size_t a2, const char *a3, va_list a4); 72 | char *__fastcall sub_40393D(const char *a1); 73 | int __fastcall sub_40395D(const char *a1); 74 | void __noreturn sub_40397D(); 75 | int __fastcall sub_40398F(void (__cdecl *a1)()); 76 | __int64 __fastcall sub_4039AF(char *a1, int a2); 77 | int __fastcall sub_4039E0(int a1); 78 | int __fastcall sub_4039FF(int a1); 79 | __int64 sub_403A1E(); 80 | int __fastcall sub_404303(char *a1, size_t a2, const char *a3, va_list a4); 81 | void __noreturn start(); 82 | __int64 __fastcall sub_404423(__int64 a1, __int64 a2); 83 | // BOOL __stdcall WriteConsoleA(HANDLE hConsoleOutput, const void *lpBuffer, DWORD nNumberOfCharsToWrite, LPDWORD lpNumberOfCharsWritten, LPVOID lpReserved); 84 | // HANDLE __stdcall GetStdHandle(DWORD nStdHandle); 85 | // FARPROC __stdcall GetProcAddress(HMODULE hModule, LPCSTR lpProcName); 86 | // HMODULE __stdcall GetModuleHandleA(LPCSTR lpModuleName); 87 | // char *__cdecl strcat(char *Destination, const char *Source); 88 | // int sprintf(char *const Buffer, const char *const Format, ...); 89 | // BOOL __stdcall IsDebuggerPresent(); 90 | // void *__cdecl malloc(size_t Size); 91 | // void *__cdecl memset(void *, int Val, size_t Size); 92 | // void *__cdecl calloc(size_t Count, size_t Size); 93 | // __int64 __fastcall gets(_QWORD); weak 94 | // int __cdecl vsprintf(char *const Buffer, const char *const Format, va_list ArgList); 95 | // char *__cdecl getenv(const char *VarName); 96 | // int __cdecl system(const char *Command); 97 | // void __cdecl __noreturn abort(); 98 | // int __cdecl atexit(void (__cdecl *)()); 99 | // char *__cdecl getcwd(char *DstBuf, int SizeInBytes); 100 | // int __cdecl tolower(int C); 101 | // int __cdecl toupper(int C); 102 | // void __cdecl free(void *Block); 103 | // int __cdecl getch(); 104 | // int __cdecl vsnprintf(char *const Buffer, const size_t BufferCount, const char *const Format, va_list ArgList); 105 | // void __cdecl _set_app_type(_crt_app_type Type); 106 | // unsigned int __cdecl controlfp(unsigned int NewValue, unsigned int Mask); 107 | // __int64 __fastcall _getmainargs(_QWORD, _QWORD, _QWORD, _QWORD, _QWORD); weak 108 | // void __cdecl __noreturn exit(int Code); 109 | 110 | //------------------------------------------------------------------------- 111 | // Data declarations 112 | 113 | char byte_405034 = 'a'; // weak 114 | char byte_405036 = 'c'; // weak 115 | char byte_405037 = 'd'; // weak 116 | char byte_405038 = 'e'; // weak 117 | char byte_40503E = 'k'; // weak 118 | char byte_40503F = 'l'; // weak 119 | char byte_405040 = 'm'; // weak 120 | char byte_405041 = 'n'; // weak 121 | char byte_405042 = 'o'; // weak 122 | char byte_405045 = 'r'; // weak 123 | char byte_405046 = 's'; // weak 124 | char byte_405047 = 't'; // weak 125 | char byte_405049 = 'v'; // weak 126 | char byte_40504F = 'L'; // weak 127 | char byte_405050 = 'A'; // weak 128 | char byte_405054 = '\0'; // weak 129 | char byte_405055 = '\x01'; // weak 130 | char byte_405056 = '\x02'; // weak 131 | char byte_405057 = '\x03'; // weak 132 | char byte_405058 = '\x04'; // weak 133 | char byte_405059 = '\x05'; // weak 134 | char byte_40505A = '\x06'; // weak 135 | char byte_40505B = '\a'; // weak 136 | char byte_40505C = '\b'; // weak 137 | char byte_40505D = '\t'; // weak 138 | __int64 (__fastcall *qword_405060)(_QWORD) = NULL; // weak 139 | char Source[] = "%d%d"; // idb 140 | char Destination[] = "Library"; // idb 141 | char aC[] = "%c"; // idb 142 | char aScanf[6] = "scanf"; // weak 143 | char aSprintf[8] = "sprintf"; // weak 144 | char aFclose[7] = "fclose"; // weak 145 | char aFopen[6] = "fopen"; // weak 146 | char aFread[6] = "fread"; // weak 147 | char aFwrite[7] = "fwrite"; // weak 148 | char aExit[5] = "exit"; // weak 149 | char aStrcpy[7] = "strcpy"; // weak 150 | char aStrtok[7] = "strtok"; // weak 151 | char aMemcpy[7] = "memcpy"; // weak 152 | char aStrchr[7] = "strchr"; // weak 153 | char aStrrchr[8] = "strrchr"; // weak 154 | char aRand[5] = "rand"; // weak 155 | char aRealloc[8] = "realloc"; // weak 156 | char aDHelloWorld[19] = "%d) Hello, world!\n"; // weak 157 | char aError[7] = "Error!"; // weak 158 | // extern int _argc; 159 | // extern char **_argv; 160 | // extern char **environ; 161 | _UNKNOWN unk_405490; // weak 162 | char byte_4054A0[8] = { '\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0' }; // idb 163 | int dword_4054A8 = 0; // weak 164 | 165 | 166 | //----- (0000000000401000) ---------------------------------------------------- 167 | void sub_401000() 168 | { 169 | ; 170 | } 171 | 172 | //----- (0000000000401028) ---------------------------------------------------- 173 | __int64 __fastcall sub_401028(int a1) 174 | { 175 | sub_401000(); 176 | __asm { cpuid } 177 | return (unsigned int)(byte_405056 * byte_405058 + byte_405055 * a1 - byte_40505C); 178 | } 179 | // 405055: using guessed type char byte_405055; 180 | // 405056: using guessed type char byte_405056; 181 | // 405058: using guessed type char byte_405058; 182 | // 40505C: using guessed type char byte_40505C; 183 | 184 | //----- (0000000000401085) ---------------------------------------------------- 185 | double __fastcall sub_401085(double a1) 186 | { 187 | sub_401000(); 188 | __asm { cpuid } 189 | return a1 * (double)byte_405055; 190 | } 191 | // 405055: using guessed type char byte_405055; 192 | 193 | //----- (00000000004010D2) ---------------------------------------------------- 194 | _BOOL8 __fastcall sub_4010D2() 195 | { 196 | __asm { cpuid } 197 | return byte_405055 && (byte_40505B + byte_40505D) / byte_40505C != byte_405055; 198 | } 199 | // 405055: using guessed type char byte_405055; 200 | // 40505B: using guessed type char byte_40505B; 201 | // 40505C: using guessed type char byte_40505C; 202 | // 40505D: using guessed type char byte_40505D; 203 | 204 | //----- (000000000040112B) ---------------------------------------------------- 205 | __int64 __fastcall sub_40112B(int a1, int a2) 206 | { 207 | int v8; // [rsp+20h] [rbp-10h] 208 | int v9; // [rsp+2Ch] [rbp-4h] 209 | 210 | v9 = sub_401028(byte_405055 * a2); 211 | if ( v9 == a1 * (3 * byte_405054 + byte_40505A + byte_405057 - byte_40505D) ) 212 | return byte_40505C != byte_405056 * byte_405058 && !sub_4010D2(); 213 | _RAX = (unsigned int)((4 * byte_405054 + byte_40505B + byte_40505D) / byte_40505C - byte_405055); 214 | if ( v9 == (_DWORD)_RAX ) 215 | return (sub_4010D2() 216 | || 9 * byte_405054 + byte_40505A + byte_405057 != byte_40505D 217 | || (8 * byte_405054 + byte_40505B + byte_40505D) / byte_40505C != byte_405055) 218 | && (v8 = 15 * byte_405054 + byte_40505A + byte_405057 - byte_40505D, (unsigned int)sub_401028(byte_405055) + v8); 219 | __asm { cpuid } 220 | return sub_401028(a2); 221 | } 222 | // 405054: using guessed type char byte_405054; 223 | // 405055: using guessed type char byte_405055; 224 | // 405056: using guessed type char byte_405056; 225 | // 405057: using guessed type char byte_405057; 226 | // 405058: using guessed type char byte_405058; 227 | // 40505A: using guessed type char byte_40505A; 228 | // 40505B: using guessed type char byte_40505B; 229 | // 40505C: using guessed type char byte_40505C; 230 | // 40505D: using guessed type char byte_40505D; 231 | 232 | //----- (000000000040130B) ---------------------------------------------------- 233 | void *__fastcall sub_40130B(int a1) 234 | { 235 | int v1; // eax 236 | _BYTE *v3; // rcx 237 | _BYTE *v9; // [rsp+28h] [rbp-18h] 238 | int i; // [rsp+34h] [rbp-Ch] 239 | 240 | if ( byte_405054 < 14 && byte_405055 && byte_405056 > (int)sub_4010D2() ) 241 | { 242 | v1 = a1 <= byte_405054 243 | || a1 >= (84 * byte_405054 244 | + byte_405058 * 16i64 * byte_405056 / (unsigned __int64)byte_40505C 245 | + byte_405058 * byte_405056 * 16i64 * byte_405055 / (unsigned __int64)byte_40505C) >> 1; 246 | if ( (unsigned int)sub_40112B(8, v1) && (sub_4010D2() || byte_405054) ) 247 | return 0i64; 248 | } 249 | v9 = &unk_405490; 250 | for ( i = byte_405054; i < a1; ++i ) 251 | { 252 | *v9 = 37; 253 | v3 = v9 + 1; 254 | v9 += 2; 255 | *v3 = byte_405036; 256 | LODWORD(v3) = i; 257 | if ( (_DWORD)v3 ) 258 | sub_401028(21 * ((18 * byte_405054 + byte_40505B + byte_40505D) / byte_40505C - byte_405055)); 259 | } 260 | _RAX = v9; 261 | *v9 = 0; 262 | __asm { cpuid } 263 | return &unk_405490; 264 | } 265 | // 405036: using guessed type char byte_405036; 266 | // 405054: using guessed type char byte_405054; 267 | // 405055: using guessed type char byte_405055; 268 | // 405056: using guessed type char byte_405056; 269 | // 405057: using guessed type char byte_405057; 270 | // 405058: using guessed type char byte_405058; 271 | // 405059: using guessed type char byte_405059; 272 | // 40505A: using guessed type char byte_40505A; 273 | // 40505B: using guessed type char byte_40505B; 274 | // 40505C: using guessed type char byte_40505C; 275 | // 40505D: using guessed type char byte_40505D; 276 | 277 | //----- (00000000004015B4) ---------------------------------------------------- 278 | BOOL __fastcall sub_4015B4(void *a1, const void *a2, DWORD a3, DWORD *a4, LPVOID lpReserved) 279 | { 280 | __asm { cpuid } 281 | return WriteConsoleA(a1, a2, a3, a4, lpReserved); 282 | } 283 | 284 | //----- (0000000000401604) ---------------------------------------------------- 285 | HANDLE __fastcall sub_401604(int a1) 286 | { 287 | DWORD v6; // eax 288 | 289 | __asm { cpuid } 290 | v6 = sub_401028(a1); 291 | return GetStdHandle(v6); 292 | } 293 | 294 | //----- (0000000000401632) ---------------------------------------------------- 295 | FARPROC __fastcall sub_401632(HMODULE a1, const CHAR *a2) 296 | { 297 | __asm { cpuid } 298 | return GetProcAddress(a1, a2); 299 | } 300 | 301 | //----- (0000000000401664) ---------------------------------------------------- 302 | HMODULE __fastcall sub_401664(const CHAR *a1) 303 | { 304 | __asm { cpuid } 305 | return GetModuleHandleA(a1); 306 | } 307 | 308 | //----- (0000000000401688) ---------------------------------------------------- 309 | __int64 __fastcall sub_401688(_BYTE *a1, _BYTE *a2) 310 | { 311 | int v3; // eax 312 | int v4; // eax 313 | int v6; // eax 314 | int v7; // eax 315 | int v12; // [rsp+28h] [rbp-18h] 316 | int v13; // [rsp+30h] [rbp-10h] 317 | int v14; // [rsp+38h] [rbp-8h] 318 | 319 | while ( 1 ) 320 | { 321 | _RAX = 40i64; 322 | if ( byte_405054 >= 40 ) 323 | break; 324 | _RAX = (unsigned int)byte_40505C; 325 | if ( (int)_RAX <= byte_405057 ) 326 | break; 327 | _RAX = sub_4010D2(); 328 | if ( !(_DWORD)_RAX ) 329 | break; 330 | v3 = *a1 || *a2; 331 | _RAX = sub_40112B(13, v3); 332 | if ( !(_DWORD)_RAX ) 333 | break; 334 | _RAX = (unsigned int)byte_405059; 335 | if ( !byte_405059 ) 336 | break; 337 | sub_401028(15); 338 | if ( byte_405054 < 32 339 | && byte_405055 340 | && byte_405056 > (int)sub_4010D2() 341 | && (unsigned int)sub_40112B(17, (int)sub_401000) ) 342 | { 343 | sub_4010D2(); 344 | } 345 | while ( byte_405054 < 46 346 | && byte_40505C > byte_405057 347 | && sub_4010D2() 348 | && (unsigned int)sub_40112B(19, byte_405054) 349 | && byte_405059 ) 350 | ; 351 | if ( byte_405054 < 40 && byte_405055 && byte_405056 > (int)sub_4010D2() ) 352 | { 353 | v14 = sub_401028((char)*a1); 354 | v4 = v14 < (int)sub_401028((char)*a2) && (unsigned int)sub_401028(byte_405055); 355 | if ( (unsigned int)sub_40112B(21, v4) && (sub_4010D2() || byte_405054) ) 356 | return (unsigned int)-((int)sub_401028(byte_405056) / byte_405056); 357 | } 358 | if ( byte_405054 < 46 359 | && byte_405055 360 | && byte_405056 > (int)sub_4010D2() 361 | && (unsigned int)sub_40112B(24, byte_405054 > 22) 362 | && (sub_4010D2() || byte_405054) ) 363 | { 364 | sub_401000(); 365 | } 366 | else if ( byte_405054 < 56 367 | && byte_405055 368 | && byte_405056 > (int)sub_4010D2() 369 | && (unsigned int)sub_40112B(29, 0) 370 | && (sub_4010D2() || byte_405054) ) 371 | { 372 | sub_401028(byte_405057 - 30); 373 | } 374 | else if ( byte_405054 < 64 375 | && byte_405055 376 | && byte_405056 > (int)sub_4010D2() 377 | && (unsigned int)sub_40112B(33, 93 * byte_405054 + byte_40505A + byte_405057 - byte_40505D) 378 | && (sub_4010D2() || byte_405054) ) 379 | { 380 | sub_401028(35); 381 | if ( byte_405054 < 72 382 | && byte_405055 383 | && byte_405056 > (int)sub_4010D2() 384 | && (unsigned int)sub_40112B(37, (int)sub_401000) ) 385 | { 386 | sub_4010D2(); 387 | } 388 | while ( byte_405054 < 66 389 | && byte_40505C > byte_405057 390 | && sub_4010D2() 391 | && (unsigned int)sub_40112B(39, byte_405054) 392 | && byte_405059 ) 393 | ; 394 | } 395 | else if ( byte_405054 < 82 396 | && byte_405055 397 | && byte_405056 > (int)sub_4010D2() 398 | && ((v13 = 120 * byte_405054 + byte_40505A + byte_405057 - byte_40505D, (unsigned int)sub_401028(byte_405057)) 399 | ? (v6 = byte_405056) 400 | : (v6 = byte_405054), 401 | (unsigned int)sub_40112B(42, v6 * v13) && (sub_4010D2() || byte_405054)) ) 402 | { 403 | sub_401028(44); 404 | if ( byte_405054 < 90 405 | && byte_405055 406 | && byte_405056 > (int)sub_4010D2() 407 | && (unsigned int)sub_40112B(46, (int)sub_401000) ) 408 | { 409 | sub_4010D2(); 410 | } 411 | while ( byte_405054 < 75 412 | && byte_40505C > byte_405057 413 | && sub_4010D2() 414 | && (unsigned int)sub_40112B(48, byte_405054) 415 | && byte_405059 ) 416 | ; 417 | } 418 | else if ( byte_405054 < 98 ) 419 | { 420 | if ( byte_405055 ) 421 | { 422 | if ( byte_405056 > (int)sub_4010D2() ) 423 | { 424 | v12 = sub_401028((char)*a1); 425 | v7 = sub_401028((char)*a2); 426 | if ( (unsigned int)sub_40112B(50, v12 > v7) ) 427 | { 428 | if ( sub_4010D2() || byte_405054 ) 429 | return sub_401028(byte_405055 + byte_405054); 430 | } 431 | } 432 | } 433 | } 434 | a1 += (int)sub_401028(byte_405055); 435 | a2 += (int)sub_401028(byte_405056 - byte_405055); 436 | } 437 | __asm { cpuid } 438 | return (unsigned int)byte_405054; 439 | } 440 | // 405054: using guessed type char byte_405054; 441 | // 405055: using guessed type char byte_405055; 442 | // 405056: using guessed type char byte_405056; 443 | // 405057: using guessed type char byte_405057; 444 | // 405059: using guessed type char byte_405059; 445 | // 40505A: using guessed type char byte_40505A; 446 | // 40505C: using guessed type char byte_40505C; 447 | // 40505D: using guessed type char byte_40505D; 448 | 449 | //----- (0000000000401F47) ---------------------------------------------------- 450 | __int64 __fastcall sub_401F47(char *a1) 451 | { 452 | __int64 v7; // [rsp+28h] [rbp-8h] 453 | 454 | v7 = byte_405054; 455 | while ( 1 ) 456 | { 457 | _RAX = 79i64; 458 | if ( byte_405054 >= 79 ) 459 | break; 460 | _RAX = (unsigned int)byte_40505C; 461 | if ( (int)_RAX <= byte_405057 ) 462 | break; 463 | _RAX = sub_4010D2(); 464 | if ( !(_DWORD)_RAX ) 465 | break; 466 | _RAX = sub_40112B(52, *a1 != 0); 467 | if ( !(_DWORD)_RAX ) 468 | break; 469 | _RAX = (unsigned int)byte_405059; 470 | if ( !byte_405059 ) 471 | break; 472 | v7 += (int)sub_401028(byte_405055); 473 | a1 += (int)sub_401028(byte_405056 - byte_405055); 474 | } 475 | __asm { cpuid } 476 | return (int)sub_401028(byte_405054 + (int)v7); 477 | } 478 | // 405054: using guessed type char byte_405054; 479 | // 405055: using guessed type char byte_405055; 480 | // 405056: using guessed type char byte_405056; 481 | // 405057: using guessed type char byte_405057; 482 | // 405059: using guessed type char byte_405059; 483 | // 40505C: using guessed type char byte_40505C; 484 | 485 | //----- (0000000000402050) ---------------------------------------------------- 486 | __int64 __fastcall sub_402050(__int64 a1) 487 | { 488 | char *v1; // rax 489 | char *v2; // rax 490 | char *v13; // rax 491 | char *v14; // rax 492 | char Source[32]; // [rsp+58h] [rbp-78h] BYREF 493 | char *v17; // [rsp+78h] [rbp-58h] 494 | char *v18; // [rsp+80h] [rbp-50h] 495 | char *v19; // [rsp+88h] [rbp-48h] 496 | char *v20; // [rsp+90h] [rbp-40h] 497 | char *v21; // [rsp+98h] [rbp-38h] 498 | char v22; // [rsp+A7h] [rbp-29h] 499 | HMODULE v23; // [rsp+A8h] [rbp-28h] 500 | char Buffer[32]; // [rsp+B0h] [rbp-20h] BYREF 501 | 502 | if ( byte_405054 < 106 503 | && byte_405055 504 | && byte_405056 > (int)sub_4010D2() 505 | && (unsigned int)sub_40112B(54, qword_405060 == 0i64) 506 | && (sub_4010D2() || byte_405054) ) 507 | { 508 | v1 = (char *)sub_40130B(byte_40505A); 509 | v2 = strcat(v1, ::Source); 510 | sprintf( 511 | Buffer, 512 | v2, 513 | (unsigned int)byte_40503E, 514 | (unsigned int)byte_405038, 515 | (unsigned int)byte_405045, 516 | (unsigned int)byte_405041, 517 | (unsigned int)byte_405038, 518 | (unsigned int)byte_40503F, 519 | (unsigned int)byte_405057, 520 | (unsigned int)byte_405056); 521 | v23 = sub_401664(Buffer); 522 | if ( byte_405054 < 110 ) 523 | { 524 | if ( byte_405055 ) 525 | { 526 | if ( byte_405056 > (int)sub_4010D2() ) 527 | { 528 | if ( (unsigned int)sub_40112B(56, v23 != 0i64) ) 529 | { 530 | _RAX = sub_4010D2(); 531 | if ( (_DWORD)_RAX || (_RAX = (unsigned int)byte_405054, byte_405054) ) 532 | { 533 | __asm { cpuid } 534 | v22 = byte_40504F; 535 | sub_401000(); 536 | v21 = &byte_4054A0[byte_405058]; 537 | *v21 = sub_401028(byte_405054); 538 | v20 = &byte_4054A0[byte_405057]; 539 | *v20 = sub_401028(byte_405037); 540 | v19 = &byte_4054A0[byte_405056]; 541 | *v19 = sub_401028(byte_405034); 542 | v18 = &byte_4054A0[byte_405055]; 543 | *v18 = sub_401028(byte_405042); 544 | v17 = &byte_4054A0[byte_405054]; 545 | _RAX = sub_401028(byte_40504F); 546 | *v17 = _RAX; 547 | __asm { cpuid } 548 | v13 = strcat(Destination, aC); 549 | sprintf(Source, v13, (unsigned int)byte_405050); 550 | v14 = strcat(byte_4054A0, Source); 551 | qword_405060 = (__int64 (__fastcall *)(_QWORD))sub_401632(v23, v14); 552 | } 553 | } 554 | } 555 | } 556 | } 557 | } 558 | if ( byte_405054 < 114 559 | && byte_405055 560 | && byte_405056 > (int)sub_4010D2() 561 | && (unsigned int)sub_40112B(58, qword_405060 != 0i64) 562 | && (sub_4010D2() || byte_405054) ) 563 | { 564 | return qword_405060(a1); 565 | } 566 | else 567 | { 568 | return 0i64; 569 | } 570 | } 571 | // 405034: using guessed type char byte_405034; 572 | // 405037: using guessed type char byte_405037; 573 | // 405038: using guessed type char byte_405038; 574 | // 40503E: using guessed type char byte_40503E; 575 | // 40503F: using guessed type char byte_40503F; 576 | // 405041: using guessed type char byte_405041; 577 | // 405042: using guessed type char byte_405042; 578 | // 405045: using guessed type char byte_405045; 579 | // 40504F: using guessed type char byte_40504F; 580 | // 405050: using guessed type char byte_405050; 581 | // 405054: using guessed type char byte_405054; 582 | // 405055: using guessed type char byte_405055; 583 | // 405056: using guessed type char byte_405056; 584 | // 405057: using guessed type char byte_405057; 585 | // 405058: using guessed type char byte_405058; 586 | // 40505A: using guessed type char byte_40505A; 587 | // 405060: using guessed type __int64 (__fastcall *qword_405060)(_QWORD); 588 | 589 | //----- (0000000000402460) ---------------------------------------------------- 590 | __int64 __fastcall sub_402460(__int64 a1) 591 | { 592 | return sub_402050(a1); 593 | } 594 | 595 | //----- (0000000000402480) ---------------------------------------------------- 596 | __int64 __fastcall sub_402480(__int64 a1) 597 | { 598 | return sub_402460(a1); 599 | } 600 | 601 | //----- (00000000004024A0) ---------------------------------------------------- 602 | __int64 __fastcall sub_4024A0(__int64 a1) 603 | { 604 | return sub_402480(a1); 605 | } 606 | 607 | //----- (00000000004024C0) ---------------------------------------------------- 608 | __int64 __fastcall sub_4024C0(__int64 a1) 609 | { 610 | return sub_4024A0(a1); 611 | } 612 | 613 | //----- (00000000004024E0) ---------------------------------------------------- 614 | __int64 __fastcall sub_4024E0(__int64 a1) 615 | { 616 | return sub_4024C0(a1); 617 | } 618 | 619 | //----- (0000000000402500) ---------------------------------------------------- 620 | __int64 __fastcall sub_402500(__int64 a1) 621 | { 622 | return sub_4024E0(a1); 623 | } 624 | 625 | //----- (0000000000402520) ---------------------------------------------------- 626 | BOOL sub_402520() 627 | { 628 | sub_401028(60); 629 | if ( byte_405054 < 122 630 | && byte_405055 631 | && byte_405056 > (int)sub_4010D2() 632 | && (unsigned int)sub_40112B(62, (int)sub_401000) ) 633 | { 634 | sub_4010D2(); 635 | } 636 | while ( byte_405054 < 91 637 | && byte_40505C > byte_405057 638 | && sub_4010D2() 639 | && (unsigned int)sub_40112B(64, byte_405054) 640 | && byte_405059 ) 641 | ; 642 | sub_401028(66); 643 | if ( byte_405055 && byte_405056 > (int)sub_4010D2() && (unsigned int)sub_40112B(68, (int)sub_401000) ) 644 | sub_4010D2(); 645 | while ( byte_405054 < 97 646 | && byte_40505C > byte_405057 647 | && sub_4010D2() 648 | && (unsigned int)sub_40112B(70, byte_405054) 649 | && byte_405059 ) 650 | ; 651 | return IsDebuggerPresent(); 652 | } 653 | // 405054: using guessed type char byte_405054; 654 | // 405055: using guessed type char byte_405055; 655 | // 405056: using guessed type char byte_405056; 656 | // 405057: using guessed type char byte_405057; 657 | // 405059: using guessed type char byte_405059; 658 | // 40505C: using guessed type char byte_40505C; 659 | 660 | //----- (000000000040274C) ---------------------------------------------------- 661 | void sub_40274C() 662 | { 663 | __debugbreak(); 664 | } 665 | 666 | //----- (000000000040275A) ---------------------------------------------------- 667 | _BYTE *sub_40275A() 668 | { 669 | __int64 v0; // kr00_8 670 | int v1; // eax 671 | int v2; // eax 672 | _BYTE *v4; // [rsp+20h] [rbp-20h] 673 | _BYTE *v5; // [rsp+28h] [rbp-18h] 674 | int v6; // [rsp+30h] [rbp-10h] 675 | 676 | sub_401028(72); 677 | if ( byte_405055 && byte_405056 > (int)sub_4010D2() && (unsigned int)sub_40112B(74, (int)sub_401000) ) 678 | sub_4010D2(); 679 | while ( byte_405054 < 103 680 | && byte_40505C > byte_405057 681 | && sub_4010D2() 682 | && (unsigned int)sub_40112B(76, byte_405054) 683 | && byte_405059 ) 684 | ; 685 | sub_401000(); 686 | sub_401000(); 687 | if ( byte_405055 && byte_405056 > (int)sub_4010D2() ) 688 | { 689 | v1 = 1; 690 | if ( !IsDebuggerPresent() ) 691 | { 692 | v0 = (byte_405055 + byte_405054 + byte_405055) * (byte_405054 / !sub_402520()); 693 | if ( !(unsigned int)sub_401028(v0 / byte_405056) ) 694 | v1 = 0; 695 | } 696 | if ( (unsigned int)sub_40112B(78, v1) && (sub_4010D2() || byte_405054) ) 697 | { 698 | sub_40274C(); 699 | __debugbreak(); 700 | } 701 | } 702 | if ( byte_405055 703 | && byte_405056 > (int)sub_4010D2() 704 | && (unsigned int)sub_40112B(81, byte_405054 > 79) 705 | && (sub_4010D2() || byte_405054) ) 706 | { 707 | sub_401000(); 708 | } 709 | else if ( byte_405055 710 | && byte_405056 > (int)sub_4010D2() 711 | && (unsigned int)sub_40112B(86, 0) 712 | && (sub_4010D2() || byte_405054) ) 713 | { 714 | sub_401028(byte_405057 - 87); 715 | } 716 | else if ( byte_405055 717 | && byte_405056 > (int)sub_4010D2() 718 | && (unsigned int)sub_40112B(90, 264 * byte_405054 + byte_40505A + byte_405057 - byte_40505D) 719 | && (sub_4010D2() || byte_405054) ) 720 | { 721 | sub_401028(92); 722 | if ( byte_405055 && byte_405056 > (int)sub_4010D2() && (unsigned int)sub_40112B(94, (int)sub_401000) ) 723 | sub_4010D2(); 724 | while ( byte_405054 < 123 725 | && byte_40505C > byte_405057 726 | && sub_4010D2() 727 | && (unsigned int)sub_40112B(96, byte_405054) 728 | && byte_405059 ) 729 | ; 730 | } 731 | else if ( byte_405055 732 | && byte_405056 > (int)sub_4010D2() 733 | && ((v6 = 291 * byte_405054 + byte_40505A + byte_405057 - byte_40505D, (unsigned int)sub_401028(byte_405057)) 734 | ? (v2 = byte_405056) 735 | : (v2 = byte_405054), 736 | (unsigned int)sub_40112B(99, v2 * v6) && (sub_4010D2() || byte_405054)) ) 737 | { 738 | sub_401028(101); 739 | if ( byte_405055 && byte_405056 > (int)sub_4010D2() && (unsigned int)sub_40112B(103, (int)sub_401000) ) 740 | sub_4010D2(); 741 | while ( byte_40505C > byte_405057 && sub_4010D2() && (unsigned int)sub_40112B(105, byte_405054) && byte_405059 ) 742 | ; 743 | } 744 | else 745 | { 746 | IsDebuggerPresent(); 747 | } 748 | v5 = malloc(byte_40505B); 749 | v5[byte_405055 + byte_405056 + byte_405057] = 0; 750 | v4 = &v5[byte_405056 + byte_405056 + byte_405055]; 751 | *v4 = sub_401028(byte_405047); 752 | v5[byte_405056 + byte_405055 * byte_405056] = byte_405045; 753 | sub_401028(107); 754 | if ( byte_405055 && byte_405056 > (int)sub_4010D2() && (unsigned int)sub_40112B(109, (int)sub_401000) ) 755 | sub_4010D2(); 756 | while ( byte_40505C > byte_405057 && sub_4010D2() && (unsigned int)sub_40112B(111, byte_405054) && byte_405059 ) 757 | ; 758 | v5[byte_405056 * byte_405058 - byte_405059] = byte_405036; 759 | v5[byte_405056 * byte_405055] = byte_405049; 760 | v5[byte_405055 + byte_405054] = byte_405046; 761 | v5[byte_40505C - byte_405057 - byte_405059] = byte_405040; 762 | sub_401028(113); 763 | if ( byte_405055 && byte_405056 > (int)sub_4010D2() && (unsigned int)sub_40112B(115, (int)sub_401000) ) 764 | sub_4010D2(); 765 | while ( byte_40505C > byte_405057 && sub_4010D2() && (unsigned int)sub_40112B(117, byte_405054) && byte_405059 ) 766 | ; 767 | return v5; 768 | } 769 | // 402EE9: ignored the value written to the shadow area of the succeeding call 770 | // 405036: using guessed type char byte_405036; 771 | // 405040: using guessed type char byte_405040; 772 | // 405045: using guessed type char byte_405045; 773 | // 405046: using guessed type char byte_405046; 774 | // 405047: using guessed type char byte_405047; 775 | // 405049: using guessed type char byte_405049; 776 | // 405054: using guessed type char byte_405054; 777 | // 405055: using guessed type char byte_405055; 778 | // 405056: using guessed type char byte_405056; 779 | // 405057: using guessed type char byte_405057; 780 | // 405058: using guessed type char byte_405058; 781 | // 405059: using guessed type char byte_405059; 782 | // 40505A: using guessed type char byte_40505A; 783 | // 40505B: using guessed type char byte_40505B; 784 | // 40505C: using guessed type char byte_40505C; 785 | // 40505D: using guessed type char byte_40505D; 786 | 787 | //----- (0000000000403268) ---------------------------------------------------- 788 | _BYTE *sub_403268() 789 | { 790 | return sub_40275A(); 791 | } 792 | 793 | //----- (000000000040327A) ---------------------------------------------------- 794 | _BYTE *sub_40327A() 795 | { 796 | return sub_403268(); 797 | } 798 | 799 | //----- (000000000040328C) ---------------------------------------------------- 800 | _BYTE *sub_40328C() 801 | { 802 | return sub_40327A(); 803 | } 804 | 805 | //----- (000000000040329E) ---------------------------------------------------- 806 | _BYTE *sub_40329E() 807 | { 808 | return sub_40328C(); 809 | } 810 | 811 | //----- (00000000004032B0) ---------------------------------------------------- 812 | _BYTE *sub_4032B0() 813 | { 814 | return sub_40329E(); 815 | } 816 | 817 | //----- (00000000004032C2) ---------------------------------------------------- 818 | _BYTE *sub_4032C2() 819 | { 820 | return sub_4032B0(); 821 | } 822 | 823 | //----- (00000000004032D4) ---------------------------------------------------- 824 | _BYTE *sub_4032D4() 825 | { 826 | return sub_4032C2(); 827 | } 828 | 829 | //----- (00000000004032E6) ---------------------------------------------------- 830 | _BYTE *sub_4032E6() 831 | { 832 | return sub_4032D4(); 833 | } 834 | 835 | //----- (00000000004032F8) ---------------------------------------------------- 836 | _BYTE *sub_4032F8() 837 | { 838 | return sub_4032E6(); 839 | } 840 | 841 | //----- (000000000040330A) ---------------------------------------------------- 842 | _BYTE *sub_40330A() 843 | { 844 | return sub_4032F8(); 845 | } 846 | 847 | //----- (000000000040331C) ---------------------------------------------------- 848 | _BYTE *sub_40331C() 849 | { 850 | return sub_40330A(); 851 | } 852 | 853 | //----- (000000000040332E) ---------------------------------------------------- 854 | _BYTE *sub_40332E() 855 | { 856 | return sub_40331C(); 857 | } 858 | 859 | //----- (0000000000403340) ---------------------------------------------------- 860 | _BYTE *sub_403340() 861 | { 862 | return sub_40332E(); 863 | } 864 | 865 | //----- (0000000000403352) ---------------------------------------------------- 866 | _BYTE *sub_403352() 867 | { 868 | return sub_403340(); 869 | } 870 | 871 | //----- (0000000000403364) ---------------------------------------------------- 872 | _BYTE *sub_403364() 873 | { 874 | return sub_403352(); 875 | } 876 | 877 | //----- (0000000000403376) ---------------------------------------------------- 878 | _BYTE *sub_403376() 879 | { 880 | return sub_403364(); 881 | } 882 | 883 | //----- (0000000000403388) ---------------------------------------------------- 884 | _BYTE *sub_403388() 885 | { 886 | return sub_403376(); 887 | } 888 | 889 | //----- (000000000040339A) ---------------------------------------------------- 890 | BOOL sub_40339A(__int64 a1, const char *a2, ...) 891 | { 892 | int v2; // eax 893 | int v3; // eax 894 | DWORD v4; // eax 895 | void *v6; // [rsp+38h] [rbp-418h] 896 | char v7[1024]; // [rsp+50h] [rbp-400h] BYREF 897 | va_list va; // [rsp+470h] [rbp+20h] BYREF 898 | 899 | va_start(va, a2); 900 | sub_401028(119); 901 | if ( byte_405055 && byte_405056 > (int)sub_4010D2() && (unsigned int)sub_40112B(121, (int)sub_401000) ) 902 | sub_4010D2(); 903 | while ( byte_40505C > byte_405057 && sub_4010D2() && (unsigned int)sub_40112B(123, byte_405054) && byte_405059 ) 904 | ; 905 | sub_404303( 906 | v7, 907 | (202 * byte_405054 908 | + byte_405058 * ((__int64)byte_405056 << 10) / (unsigned __int64)byte_40505C 909 | + byte_405058 * byte_405056 * ((__int64)byte_405055 << 10) / (unsigned __int64)byte_40505C) >> 1, 910 | a2, 911 | va); 912 | v2 = sub_401028(-11); 913 | v3 = (unsigned int)sub_401604(v2); 914 | v6 = (void *)(int)sub_401028(v3); 915 | sub_401000(); 916 | v4 = sub_401F47(v7); 917 | return sub_4015B4(v6, v7, v4, 0i64, 0i64); 918 | } 919 | // 405054: using guessed type char byte_405054; 920 | // 405055: using guessed type char byte_405055; 921 | // 405056: using guessed type char byte_405056; 922 | // 405057: using guessed type char byte_405057; 923 | // 405058: using guessed type char byte_405058; 924 | // 405059: using guessed type char byte_405059; 925 | // 40505C: using guessed type char byte_40505C; 926 | // 40339A: using guessed type char var_400[1024]; 927 | 928 | //----- (000000000040362C) ---------------------------------------------------- 929 | char *__fastcall sub_40362C() 930 | { 931 | __asm { cpuid } 932 | return aScanf; 933 | } 934 | 935 | //----- (0000000000403644) ---------------------------------------------------- 936 | char *__fastcall sub_403644() 937 | { 938 | __asm { cpuid } 939 | return aSprintf; 940 | } 941 | 942 | //----- (000000000040365C) ---------------------------------------------------- 943 | char *__fastcall sub_40365C() 944 | { 945 | __asm { cpuid } 946 | return aFclose; 947 | } 948 | 949 | //----- (0000000000403674) ---------------------------------------------------- 950 | char *__fastcall sub_403674() 951 | { 952 | __asm { cpuid } 953 | return aFopen; 954 | } 955 | 956 | //----- (000000000040368C) ---------------------------------------------------- 957 | char *__fastcall sub_40368C() 958 | { 959 | __asm { cpuid } 960 | return aFread; 961 | } 962 | 963 | //----- (00000000004036A4) ---------------------------------------------------- 964 | char *__fastcall sub_4036A4() 965 | { 966 | __asm { cpuid } 967 | return aFwrite; 968 | } 969 | 970 | //----- (00000000004036BC) ---------------------------------------------------- 971 | char *__fastcall sub_4036BC() 972 | { 973 | __asm { cpuid } 974 | return aExit; 975 | } 976 | 977 | //----- (00000000004036D4) ---------------------------------------------------- 978 | char *__fastcall sub_4036D4() 979 | { 980 | __asm { cpuid } 981 | return aStrcpy; 982 | } 983 | 984 | //----- (00000000004036EC) ---------------------------------------------------- 985 | char *__fastcall sub_4036EC() 986 | { 987 | __asm { cpuid } 988 | return aStrtok; 989 | } 990 | 991 | //----- (0000000000403704) ---------------------------------------------------- 992 | void *__fastcall sub_403704(void *a1, int a2, size_t a3) 993 | { 994 | return memset(a1, byte_405055 * a2, a3); 995 | } 996 | // 405055: using guessed type char byte_405055; 997 | 998 | //----- (0000000000403746) ---------------------------------------------------- 999 | char *__fastcall sub_403746() 1000 | { 1001 | __asm { cpuid } 1002 | return aMemcpy; 1003 | } 1004 | 1005 | //----- (000000000040375E) ---------------------------------------------------- 1006 | char *__fastcall sub_40375E() 1007 | { 1008 | __asm { cpuid } 1009 | return aStrchr; 1010 | } 1011 | 1012 | //----- (0000000000403776) ---------------------------------------------------- 1013 | char *__fastcall sub_403776() 1014 | { 1015 | __asm { cpuid } 1016 | return aStrrchr; 1017 | } 1018 | 1019 | //----- (000000000040378E) ---------------------------------------------------- 1020 | char *__fastcall sub_40378E() 1021 | { 1022 | __asm { cpuid } 1023 | return aRand; 1024 | } 1025 | 1026 | //----- (00000000004037A6) ---------------------------------------------------- 1027 | char *__fastcall sub_4037A6() 1028 | { 1029 | __asm { cpuid } 1030 | return aRealloc; 1031 | } 1032 | 1033 | //----- (00000000004037BE) ---------------------------------------------------- 1034 | void *__fastcall sub_4037BE(size_t a1, size_t a2) 1035 | { 1036 | return calloc(a1, a2); 1037 | } 1038 | 1039 | //----- (00000000004037EC) ---------------------------------------------------- 1040 | __int64 __fastcall sub_4037EC(__int64 a1, __int64 a2) 1041 | { 1042 | _BYTE *v2; // rax 1043 | char *v3; // rax 1044 | FARPROC v5; // [rsp+20h] [rbp-10h] 1045 | HMODULE v6; // [rsp+28h] [rbp-8h] 1046 | 1047 | v2 = sub_403388(); 1048 | v6 = (HMODULE)sub_402500((__int64)v2); 1049 | v3 = sub_4037A6(); 1050 | v5 = sub_401632(v6, v3); 1051 | return ((__int64 (__fastcall *)(__int64, __int64))v5)(a1, a2); 1052 | } 1053 | 1054 | //----- (000000000040384E) ---------------------------------------------------- 1055 | __int64 __fastcall sub_40384E(__int64 a1) 1056 | { 1057 | return gets(a1); 1058 | } 1059 | // 4044F0: using guessed type __int64 __fastcall gets(_QWORD); 1060 | 1061 | //----- (000000000040386E) ---------------------------------------------------- 1062 | __int64 sub_40386E(char *a1, size_t a2, const char *a3, ...) 1063 | { 1064 | va_list va; // [rsp+58h] [rbp+28h] BYREF 1065 | 1066 | va_start(va, a3); 1067 | return (unsigned int)sub_404303(a1, a2, a3, va); 1068 | } 1069 | 1070 | //----- (00000000004038C0) ---------------------------------------------------- 1071 | int __fastcall sub_4038C0(char *a1, const char *a2, va_list a3) 1072 | { 1073 | return vsprintf(a1, a2, a3); 1074 | } 1075 | 1076 | //----- (00000000004038F9) ---------------------------------------------------- 1077 | int __fastcall sub_4038F9(char *a1, size_t a2, const char *a3, va_list a4) 1078 | { 1079 | return sub_404303(a1, a2, a3, a4); 1080 | } 1081 | 1082 | //----- (000000000040393D) ---------------------------------------------------- 1083 | char *__fastcall sub_40393D(const char *a1) 1084 | { 1085 | return getenv(a1); 1086 | } 1087 | 1088 | //----- (000000000040395D) ---------------------------------------------------- 1089 | int __fastcall sub_40395D(const char *a1) 1090 | { 1091 | return system(a1); 1092 | } 1093 | 1094 | //----- (000000000040397D) ---------------------------------------------------- 1095 | void __noreturn sub_40397D() 1096 | { 1097 | abort(); 1098 | } 1099 | 1100 | //----- (000000000040398F) ---------------------------------------------------- 1101 | int __fastcall sub_40398F(void (__cdecl *a1)()) 1102 | { 1103 | return atexit(a1); 1104 | } 1105 | 1106 | //----- (00000000004039AF) ---------------------------------------------------- 1107 | __int64 __fastcall sub_4039AF(char *a1, int a2) 1108 | { 1109 | return (int)getcwd(a1, a2); 1110 | } 1111 | 1112 | //----- (00000000004039E0) ---------------------------------------------------- 1113 | int __fastcall sub_4039E0(int a1) 1114 | { 1115 | return tolower(a1); 1116 | } 1117 | 1118 | //----- (00000000004039FF) ---------------------------------------------------- 1119 | int __fastcall sub_4039FF(int a1) 1120 | { 1121 | return toupper(a1); 1122 | } 1123 | 1124 | //----- (0000000000403A1E) ---------------------------------------------------- 1125 | __int64 sub_403A1E() 1126 | { 1127 | int v1; // eax 1128 | _BYTE *v2; // rax 1129 | char *v3; // rax 1130 | _BYTE *v4; // rax 1131 | char *v5; // rax 1132 | int v6; // eax 1133 | int v7; // eax 1134 | int v9; // [rsp+30h] [rbp-40h] 1135 | FARPROC v10; // [rsp+38h] [rbp-38h] 1136 | HMODULE v11; // [rsp+40h] [rbp-30h] 1137 | FARPROC v12; // [rsp+48h] [rbp-28h] 1138 | HMODULE v13; // [rsp+50h] [rbp-20h] 1139 | char *Block; // [rsp+58h] [rbp-18h] 1140 | int i; // [rsp+6Ch] [rbp-4h] 1141 | 1142 | for ( i = 0; i < 5; ++i ) 1143 | { 1144 | v1 = sub_401028(256); 1145 | Block = (char *)malloc(v1); 1146 | v2 = sub_403388(); 1147 | v13 = (HMODULE)sub_402500((__int64)v2); 1148 | v3 = sub_4036D4(); 1149 | v12 = sub_401632(v13, v3); 1150 | ((void (*)(char *, const char *, ...))v12)(Block, aDHelloWorld); 1151 | v4 = sub_403388(); 1152 | v11 = (HMODULE)sub_402500((__int64)v4); 1153 | v5 = sub_403644(); 1154 | v10 = sub_401632(v11, v5); 1155 | ((void (__fastcall *)(char *, char *, _QWORD))v10)(Block, Block, (unsigned int)(i + 1)); 1156 | if ( byte_405055 1157 | && byte_405056 > (int)sub_4010D2() 1158 | && (unsigned int)sub_40112B(130, (int)Block) 1159 | && (sub_4010D2() || byte_405054) ) 1160 | { 1161 | do 1162 | { 1163 | sub_401000(); 1164 | sub_40339A(132i64, Block); 1165 | } 1166 | while ( byte_40505C > byte_405057 && sub_4010D2() && (unsigned int)sub_40112B(135, 0) && byte_405059 ); 1167 | } 1168 | else if ( byte_405055 1169 | && byte_405056 > (int)sub_4010D2() 1170 | && (unsigned int)sub_40112B(138, 0) 1171 | && (sub_4010D2() || byte_405054) ) 1172 | { 1173 | sub_401000(); 1174 | } 1175 | else if ( byte_405055 1176 | && byte_405056 > (int)sub_4010D2() 1177 | && (unsigned int)sub_40112B(143, 0) 1178 | && (sub_4010D2() || byte_405054) ) 1179 | { 1180 | sub_401028(byte_405057 - 144); 1181 | } 1182 | else if ( byte_405055 1183 | && byte_405056 > (int)sub_4010D2() 1184 | && (unsigned int)sub_40112B(147, 435 * byte_405054 + byte_40505A + byte_405057 - byte_40505D) 1185 | && (sub_4010D2() || byte_405054) ) 1186 | { 1187 | sub_401028(149); 1188 | if ( byte_405055 && byte_405056 > (int)sub_4010D2() && (unsigned int)sub_40112B(151, (int)sub_401000) ) 1189 | sub_4010D2(); 1190 | while ( byte_40505C > byte_405057 && sub_4010D2() && (unsigned int)sub_40112B(153, byte_405054) && byte_405059 ) 1191 | ; 1192 | } 1193 | else if ( byte_405055 1194 | && byte_405056 > (int)sub_4010D2() 1195 | && ((v9 = 462 * byte_405054 + byte_40505A + byte_405057 - byte_40505D, (unsigned int)sub_401028(byte_405057)) 1196 | ? (v6 = byte_405056) 1197 | : (v6 = byte_405054), 1198 | (unsigned int)sub_40112B(156, v6 * v9) && (sub_4010D2() || byte_405054)) ) 1199 | { 1200 | sub_401028(158); 1201 | if ( byte_405055 && byte_405056 > (int)sub_4010D2() && (unsigned int)sub_40112B(160, (int)sub_401000) ) 1202 | sub_4010D2(); 1203 | while ( byte_40505C > byte_405057 && sub_4010D2() && (unsigned int)sub_40112B(162, byte_405054) && byte_405059 ) 1204 | ; 1205 | } 1206 | else 1207 | { 1208 | do 1209 | { 1210 | sub_401000(); 1211 | sub_40339A(164i64, aError); 1212 | } 1213 | while ( byte_40505C > byte_405057 && sub_4010D2() && (unsigned int)sub_40112B(167, 0) && byte_405059 ); 1214 | } 1215 | free(Block); 1216 | if ( i ) 1217 | sub_401028(138 * ((252 * byte_405054 + byte_40505B + byte_40505D) / byte_40505C - byte_405055)); 1218 | } 1219 | v7 = getch(); 1220 | return sub_401028(504 * byte_405054 + byte_40505A + byte_405057 - byte_40505D + v7); 1221 | } 1222 | // 405054: using guessed type char byte_405054; 1223 | // 405055: using guessed type char byte_405055; 1224 | // 405056: using guessed type char byte_405056; 1225 | // 405057: using guessed type char byte_405057; 1226 | // 405059: using guessed type char byte_405059; 1227 | // 40505A: using guessed type char byte_40505A; 1228 | // 40505B: using guessed type char byte_40505B; 1229 | // 40505C: using guessed type char byte_40505C; 1230 | // 40505D: using guessed type char byte_40505D; 1231 | 1232 | //----- (0000000000404303) ---------------------------------------------------- 1233 | int __fastcall sub_404303(char *a1, size_t a2, const char *a3, va_list a4) 1234 | { 1235 | return vsnprintf(a1, a2, a3, a4); 1236 | } 1237 | 1238 | //----- (0000000000404348) ---------------------------------------------------- 1239 | void __noreturn start() 1240 | { 1241 | int v0; // eax 1242 | int v1; // [rsp+4Ch] [rbp-4h] BYREF 1243 | 1244 | v1 = 0; 1245 | _set_app_type(_crt_console_app); 1246 | controlfp(0x10000u, 0x30000u); 1247 | _getmainargs(*(_QWORD *)&_argc, _argv, environ, (unsigned int)dword_4054A8, &v1); 1248 | v0 = sub_403A1E(); 1249 | exit(v0); 1250 | } 1251 | // 404560: using guessed type __int64 __fastcall _getmainargs(_QWORD, _QWORD, _QWORD, _QWORD, _QWORD); 1252 | // 4054A8: using guessed type int dword_4054A8; 1253 | 1254 | //----- (0000000000404423) ---------------------------------------------------- 1255 | // write access to const memory has been detected, the output may be wrong! 1256 | __int64 __fastcall sub_404423(__int64 a1, __int64 a2) 1257 | { 1258 | __int64 v2; // rbp 1259 | 1260 | *(_QWORD *)(v2 + 16) = a1; 1261 | *(_QWORD *)(v2 + 24) = a2; 1262 | _argc = *(_DWORD *)(v2 + 16); 1263 | _argv = *(char ***)(v2 + 24); 1264 | controlfp(0x10000u, 0x30000u); 1265 | *(_QWORD *)(v2 - 8) = *(_QWORD *)&_argc; 1266 | return sub_403A1E(); 1267 | } 1268 | // 404435: write access to const memory at 405204 has been detected 1269 | // 404442: write access to const memory at 40520C has been detected 1270 | // 404423: variable 'v2' is possibly undefined 1271 | 1272 | // nfuncs=98 queued=72 decompiled=72 lumina nreq=0 worse=0 better=0 1273 | // ALL OK, 72 function(s) have been successfully decompiled 1274 | -------------------------------------------------------------------------------- /include/obfus.h: -------------------------------------------------------------------------------- 1 | /* 2 | ██████╗ ██████╗ ███████╗██╗ ██╗███████╗ ██╗ 3 | ██╔═══██╗██╔══██╗██╔════╝██║ ██║██╔════╝ ██║ 4 | ██║ ██║██████╔╝█████╗ ██║ ██║███████╗ ███████║ 5 | ██║ ██║██╔══██╗██╔══╝ ██║ ██║╚════██║ ██╔══██║ 6 | ╚██████╔╝██████╔╝██║ ╚██████╔╝███████║ ██╗ ██║ ██║ 7 | ╚═════╝ ╚═════╝ ╚═╝ ╚═════╝ ╚══════╝ ╚═╝ ╚═╝ ╚═╝ 8 | Very reliable armor for your C programs! 9 | Coded by (C) DosX, 2025 10 | 11 | [Additional options] 12 | ~ CFLOW_V2 = more powerful Control Flow obfuscation (slowly!) 13 | ~ ANTIDEBUG_V2 = use better dynamic anti-debugging protection 14 | ~ FAKE_SIGNS = adds fake signatures of various protectors or packers 15 | 16 | [Advanced code protection] 17 | ~ VIRT = allows you to use the functions of a math VM 18 | 19 | [Disabling default features] 20 | ~ NO_CFLOW = disable control flow obfuscation 21 | ~ NO_ANTIDEBUG = disable antidebug protection 22 | 23 | ~ NO_OBF = disable obfuscation 24 | 25 | GitHub: 26 | -> https://github.com/DosX-dev/obfus.h 27 | 28 | (Full documentation and examples are available on the GitHub page) 29 | */ 30 | 31 | #ifndef OBFH 32 | #define OBFH 33 | 34 | #if !__TINYC__ && !__GNUC__ && !__MINGW32__ 35 | #define __attribute__(...) 36 | #endif 37 | 38 | // if virtualization disabled 39 | #if NO_OBF == 1 || VIRT != 1 40 | #define VM_ADD(num1, num2) num1 + num2 41 | #define VM_SUB(num1, num2) num1 - num2 42 | #define VM_MUL(num1, num2) num1 *num2 43 | #define VM_DIV(num1, num2) num1 / num2 44 | #define VM_MOD(num1, num2) num1 % num2 45 | #define VM_EQU(num1, num2) num1 == num2 46 | #define VM_NEQ(num1, num2) num1 != num2 47 | #define VM_LSS(num1, num2) num1 < num2 48 | #define VM_GTR(num1, num2) num1 > num2 49 | #define VM_LEQ(num1, num2) num1 <= num2 50 | #define VM_GEQ(num1, num2) num1 >= num2 51 | #define VM_ADD_DBL(num1, num2) num1 + num2 52 | #define VM_SUB_DBL(num1, num2) num1 - num2 53 | #define VM_MUL_DBL(num1, num2) num1 *num2 54 | #define VM_DIV_DBL(num1, num2) num1 / num2 55 | #define VM_LSS_DBL(num1, num2) num1 < num2 56 | #define VM_GTR_DBL(num1, num2) num1 > num2 57 | #define VM_IF(condition) if (condition) 58 | #define VM_ELSE_IF(condition) else if (condition) 59 | #define VM_ELSE else 60 | #define VM_OBF_INT(num) num 61 | #define VM_OBF_DBL(num) num 62 | #endif 63 | 64 | #if NO_OBF == 1 65 | #define HIDE_STRING(str) str 66 | #define ANTI_DEBUG 0 67 | #endif 68 | 69 | #if !NO_OBF 70 | 71 | #include 72 | #include 73 | #include 74 | #include 75 | #include 76 | 77 | #if defined _MSC_VER 78 | #warning obfus.h doesn't support Visual C/C++. You can use [obfusheader.h] by ac3ss0r to obfuscate this app (https://github.com/ac3ss0r/obfusheader.h) 79 | #endif 80 | 81 | #if !defined __COUNTER__ 82 | #error You are using too old a compiler version! 83 | #endif 84 | 85 | #ifndef __asm__ 86 | #define __asm__(...) 87 | #endif 88 | 89 | #define SECTION_ATTRIBUTE(NAME) __attribute__((section(NAME))) 90 | 91 | #define DATA_SECTION_ATTRIBUTE SECTION_ATTRIBUTE(".data") // Data section 92 | 93 | // Fake signatures ;) 94 | #if FAKE_SIGNS == 1 95 | 96 | static const char FAKE_ENIGMAVM_1[] SECTION_ATTRIBUTE(".enigma1") = {0}; 97 | static const char FAKE_ENIGMAVM_2[] SECTION_ATTRIBUTE(".enigma2") = {0}; 98 | static const char FAKE_VMPROTECT_1[] SECTION_ATTRIBUTE(".vmp0") = {0}; // (now is open-source) 99 | static const char FAKE_VMPROTECT_2[] SECTION_ATTRIBUTE(".vmp1") = {0}; 100 | static const char FAKE_VMPROTECT_3[] SECTION_ATTRIBUTE(".vmp2") = {0}; 101 | 102 | #define OBFH_SECTION_ATTRIBUTE SECTION_ATTRIBUTE("UPX0") // OBFH section 103 | static const char FAKE_UPX[] OBFH_SECTION_ATTRIBUTE = {0}; 104 | 105 | static const char FAKE_THEMIDA[] SECTION_ATTRIBUTE(".winlice") = {0}; 106 | static const char FAKE_PETITE[] SECTION_ATTRIBUTE(".petite") = {0}; 107 | static const char FAKE_RLP[] SECTION_ATTRIBUTE(".rlp") = {0}; 108 | static const char FAKE_SECUROM[] SECTION_ATTRIBUTE(".dsstext") = {0}; 109 | static const char FAKE_SQUISHY[] SECTION_ATTRIBUTE("logicoma") = {0}; 110 | static const char FAKE_THEARK_1[] SECTION_ATTRIBUTE("adr") = {0}; 111 | static const char FAKE_THEARK_2[] SECTION_ATTRIBUTE("have") = {0}; 112 | static const char FAKE_THEARK_3[] SECTION_ATTRIBUTE("30cm") = {0}; 113 | static const char FAKE_PETETRIS[] SECTION_ATTRIBUTE("PETETRIS") = {0}; 114 | 115 | static const char FAKE_ENIGMA[] SECTION_ATTRIBUTE(".data") = {0x45, 0x6e, 0x69, 0x67, 116 | 0x6d, 0x61, 0x20, 0x70, 117 | 0x72, 0x6f, 0x74, 0x65, 118 | 0x63, 0x74, 0x6f, 0x72, 119 | 0x20, 0x76, 0x01}; 120 | 121 | static const char FAKE_ALINYZE[] SECTION_ATTRIBUTE(".alien") = {0}; 122 | static const char FAKE_PWDPROTECT[] SECTION_ATTRIBUTE(".pwdprot") = {0}; 123 | 124 | static const char FAKE_DENUVO[] SECTION_ATTRIBUTE(".arch") = {0x64, 0x65, 0x6E, 0x75, 125 | 0x76, 0x6F, 0x5F, 0x61, 126 | 0x74, 0x64, 0x00, 0x00, 127 | 0x00, 0x00, 0x00, 0x00}; 128 | 129 | static const char FAKE_NUITKA[] SECTION_ATTRIBUTE(".rdata") = {0x4e, 0x55, 0x49, 0x54, 130 | 0x4b, 0x41, 0x5f, 0x4f, 131 | 0x4e, 0x45, 0x46, 0x49, 132 | 0x4c, 0x45, 0x5f, 0x50, 133 | 0x41, 0x52, 0x45, 0x4e, 134 | 0x54}; 135 | 136 | static const char FAKE_THEARK_4[] SECTION_ATTRIBUTE(".tw") = {0}; 137 | static const char FAKE_THEARK_5[] SECTION_ATTRIBUTE("logicoma") = {0}; 138 | static const char FAKE_OREANSVM[] SECTION_ATTRIBUTE(".vlizer") = {0}; 139 | 140 | static const char FAKE_SCREEN2EXE[] SECTION_ATTRIBUTE(".text") = {0x56, 0x69, 0x64, 0x65, 141 | 0x6f, 0x20, 0x63, 0x72, 142 | 0x65, 0x61, 0x74, 0x65, 143 | 0x64, 0x20, 0x62, 0x79, 144 | 0x20, 0x53, 0x43, 0x52, 145 | 0x45, 0x45, 0x4e, 0x32, 146 | 0x45, 0x58, 0x45, 0x2f, 147 | 0x53, 0x43, 0x52, 0x45, 148 | 0x45, 0x4e, 0x32, 0x53, 149 | 0x57, 0x46}; 150 | 151 | static const char FAKE_ASPACK_1[] SECTION_ATTRIBUTE(".aspack") = {0}; 152 | static const char FAKE_ASPACK_2[] SECTION_ATTRIBUTE(".adata") = {0}; 153 | static const char FAKE_WIBUCODEMETER_1[] SECTION_ATTRIBUTE("__wibu00") = {0}; 154 | static const char FAKE_WIBUCODEMETER_2[] SECTION_ATTRIBUTE("__wibu01") = {0}; 155 | static const char *FAKE_DONGLE[] = {"skeydrv.dll", "HASPDOSDRV", 156 | "MARXDEV1.SYS", "MxLPT_Sem", 157 | "nethasp.ini", "sense4.dll", 158 | "SNTNLUSB", "RNBOspro", 159 | "SSIVDDP.DLL", "WIBUKEY", 160 | "\\\\.\\WIZZKEYRL", 161 | "\\\\.\\NVKEY"}; 162 | 163 | #else 164 | 165 | #define OBFH_SECTION_ATTRIBUTE SECTION_ATTRIBUTE(".obfh") // OBFH section 166 | 167 | #endif 168 | 169 | // Thanks to @horsicq && @ac3ss0r 170 | #define RND(min, max) \ 171 | (min + (((__COUNTER__ + (__LINE__ * __LINE__)) * 2654435761u) % (max - min + 1))) 172 | 173 | #define STACK_STRING(str) ((char[]){str}) 174 | 175 | #define HIDE_STRING(str) \ 176 | _0 < RND(1, 255) ? obfh_process_hidden_string(STACK_STRING("\0" str "\0"), (float)__s_rdtsc(RND(0, 255)) != 0.1) : (float)__s_rdtsc(RND(0, 255)) == RND(0, 255) 177 | 178 | typedef enum { 179 | SALT_SHIFT = RND(0xBAD, 0xBEEF) 180 | } VAR_ADDR_SHIFT; 181 | 182 | #define RET_BY_VAR(value) \ 183 | { \ 184 | int _obfh_ret_val_shift = SALT_SHIFT, \ 185 | *_obfh_ret_val_addr = (&value + SALT_SHIFT); \ 186 | return *(_obfh_ret_val_addr - _obfh_ret_val_shift); \ 187 | } 188 | 189 | volatile static char _s_a[] OBFH_SECTION_ATTRIBUTE = "a", _s_b[] OBFH_SECTION_ATTRIBUTE = "b", _s_c[] OBFH_SECTION_ATTRIBUTE = "c", _s_d[] OBFH_SECTION_ATTRIBUTE = "d", 190 | _s_e[] OBFH_SECTION_ATTRIBUTE = "e", _s_f[] OBFH_SECTION_ATTRIBUTE = "f", _s_g[] OBFH_SECTION_ATTRIBUTE = "g", _s_h[] OBFH_SECTION_ATTRIBUTE = "h", 191 | _s_i[] OBFH_SECTION_ATTRIBUTE = "i", _s_j[] OBFH_SECTION_ATTRIBUTE = "j", _s_k[] OBFH_SECTION_ATTRIBUTE = "k", _s_l[] OBFH_SECTION_ATTRIBUTE = "l", 192 | _s_m[] OBFH_SECTION_ATTRIBUTE = "m", _s_n[] OBFH_SECTION_ATTRIBUTE = "n", _s_o[] OBFH_SECTION_ATTRIBUTE = "o", _s_p[] OBFH_SECTION_ATTRIBUTE = "p", 193 | _s_q[] OBFH_SECTION_ATTRIBUTE = "q", _s_r[] OBFH_SECTION_ATTRIBUTE = "r", _s_s[] OBFH_SECTION_ATTRIBUTE = "s", _s_t[] OBFH_SECTION_ATTRIBUTE = "t", 194 | _s_u[] OBFH_SECTION_ATTRIBUTE = "u", _s_v[] OBFH_SECTION_ATTRIBUTE = "v", _s_w[] OBFH_SECTION_ATTRIBUTE = "w", _s_x[] OBFH_SECTION_ATTRIBUTE = "x", 195 | _s_y[] OBFH_SECTION_ATTRIBUTE = "y", _s_z[] = "z", 196 | _a OBFH_SECTION_ATTRIBUTE = 'a', _b OBFH_SECTION_ATTRIBUTE = 'b', _c OBFH_SECTION_ATTRIBUTE = 'c', _d OBFH_SECTION_ATTRIBUTE = 'd', 197 | _e OBFH_SECTION_ATTRIBUTE = 'e', _f OBFH_SECTION_ATTRIBUTE = 'f', _g OBFH_SECTION_ATTRIBUTE = 'g', _h OBFH_SECTION_ATTRIBUTE = 'h', 198 | _i OBFH_SECTION_ATTRIBUTE = 'i', _j OBFH_SECTION_ATTRIBUTE = 'j', _k OBFH_SECTION_ATTRIBUTE = 'k', _l OBFH_SECTION_ATTRIBUTE = 'l', 199 | _m OBFH_SECTION_ATTRIBUTE = 'm', _n OBFH_SECTION_ATTRIBUTE = 'n', _o OBFH_SECTION_ATTRIBUTE = 'o', _p OBFH_SECTION_ATTRIBUTE = 'p', 200 | _q OBFH_SECTION_ATTRIBUTE = 'q', _r OBFH_SECTION_ATTRIBUTE = 'r', _s OBFH_SECTION_ATTRIBUTE = 's', _t OBFH_SECTION_ATTRIBUTE = 't', 201 | _u OBFH_SECTION_ATTRIBUTE = 'u', _v OBFH_SECTION_ATTRIBUTE = 'v', _w OBFH_SECTION_ATTRIBUTE = 'w', _x OBFH_SECTION_ATTRIBUTE = 'x', 202 | _y OBFH_SECTION_ATTRIBUTE = 'y', _z OBFH_SECTION_ATTRIBUTE = 'z', 203 | _S OBFH_SECTION_ATTRIBUTE = 'S', _L OBFH_SECTION_ATTRIBUTE = 'L', _A OBFH_SECTION_ATTRIBUTE = 'A', _I OBFH_SECTION_ATTRIBUTE = 'I', 204 | _D OBFH_SECTION_ATTRIBUTE = 'D', _P OBFH_SECTION_ATTRIBUTE = 'P', 205 | _0 DATA_SECTION_ATTRIBUTE = 0, _1 DATA_SECTION_ATTRIBUTE = 1, _2 DATA_SECTION_ATTRIBUTE = 2, _3 DATA_SECTION_ATTRIBUTE = 3, _4 DATA_SECTION_ATTRIBUTE = 4, 206 | _5 DATA_SECTION_ATTRIBUTE = 5, _6 DATA_SECTION_ATTRIBUTE = 6, _7 DATA_SECTION_ATTRIBUTE = 7, _8 DATA_SECTION_ATTRIBUTE = 8, _9 DATA_SECTION_ATTRIBUTE = 9; 207 | 208 | #define __obfh_asm__(...) __asm__ __volatile(__VA_ARGS__) 209 | 210 | #define BREAK_STACK_1 \ 211 | __obfh_asm__( \ 212 | "xorl %eax, %eax;" \ 213 | "jz 1f;" \ 214 | ".byte 0xE8;" \ 215 | "1:" \ 216 | "cpuid;") 217 | 218 | #define BREAK_STACK_2 \ 219 | if (_0) __obfh_asm__(".byte 0x00;") 220 | 221 | #define BREAK_STACK_3 \ 222 | switch (_0) { \ 223 | case RND(1, 1000): \ 224 | __obfh_asm__(".byte 0x00, 0x00;"); \ 225 | } 226 | 227 | #define BREAK_STACK_4 \ 228 | __obfh_asm__( \ 229 | "xorl %ebx, %ebx;" \ 230 | "xorl %edx, %edx;" \ 231 | "xorl %ebx, %edx;" \ 232 | "jz 1f;" \ 233 | "mov $4, %eax;" \ 234 | ".byte 0x00;" \ 235 | "1:" \ 236 | "cpuid;") 237 | 238 | #define BREAK_STACK_5 \ 239 | __obfh_asm__( \ 240 | "xorl %ebx, %ebx;" \ 241 | "xorl %eax, %eax;" \ 242 | "mov %eax, %ebx;" \ 243 | "mov %edx, %ebx;" \ 244 | "xorl %eax, %edx;" \ 245 | "jz 1f;" \ 246 | ".byte 0x20;" \ 247 | "1:" \ 248 | "cpuid;") 249 | 250 | #define BREAK_STACK_6 \ 251 | __obfh_asm__( \ 252 | "xorl %edx, %edx;" \ 253 | "xorl %eax, %eax;" \ 254 | "mov %eax, %edx;" \ 255 | "jz 1f;" \ 256 | ".byte 0xE8;" \ 257 | "1:" \ 258 | "cpuid;") 259 | 260 | #define BREAK_STACK_7 \ 261 | __obfh_asm__( \ 262 | "xorl %edx, %edx;" \ 263 | "jz 1f;" \ 264 | ".byte 0xE8;" \ 265 | "1:" \ 266 | "cpuid;") 267 | 268 | #define BREAK_STACK_8 \ 269 | __obfh_asm__( \ 270 | "xorl %eax, %eax;" \ 271 | "jz 1f;" \ 272 | ".byte 0x50;" \ 273 | "1:" \ 274 | "cpuid;") 275 | 276 | #define BREAK_STACK_9 \ 277 | __obfh_asm__( \ 278 | "xorl %edx, %edx;" \ 279 | "jz 1f;" \ 280 | ".byte 0x00, 0x00;" \ 281 | "1:" \ 282 | "cpuid;") 283 | 284 | #if defined(__x86_64__) 285 | #define BAD_JMP __obfh_asm__("cpuid; mov %eax, %rax; mov %ebx, %edx; .byte 0xFF, 0x25, 0xF1, 0xF2, 0xF3, 0xF4;") 286 | #else 287 | #define BAD_JMP __obfh_asm__(".byte 0xEB, 0xE1;") 288 | #endif 289 | 290 | #define BAD_CALL __obfh_asm__(".byte 0xB8;") 291 | 292 | void obfh_junk_func_args(int z, ...) OBFH_SECTION_ATTRIBUTE { 293 | BREAK_STACK_1; 294 | __obfh_asm__("nop;"); 295 | return; 296 | } 297 | 298 | void obfh_junk_func() DATA_SECTION_ATTRIBUTE { 299 | BREAK_STACK_5; 300 | __obfh_asm__("nop;"); 301 | return; 302 | } 303 | 304 | #define __CRASH \ 305 | __obfh_asm__( \ 306 | ".byte 0xED;" \ 307 | "int $3;"); \ 308 | exit(1); 309 | 310 | #define TRUE ((((_9 + _7 + (RND(0, 1000) * _0))) / _8) - _1) 311 | #define FALSE (((_3 + _6 + (RND(0, 1000) * _0)) - _9) * RND(0, 255)) 312 | 313 | #define FAKE_CPUID __obfh_asm__( \ 314 | "nop;" \ 315 | "cpuid;" \ 316 | "nop;") 317 | 318 | #define NOP_FLOOD \ 319 | (RND(0, 1000)) + obfh_int_proxy(RND(0, 1000)); \ 320 | if (obfh_junk_func_args) { \ 321 | __obfh_asm__("nop;"); \ 322 | } \ 323 | do { \ 324 | __obfh_asm__( \ 325 | "nop;" \ 326 | "nop;"); \ 327 | } while (RND(0, 200) * _0) 328 | 329 | int malloc_proxy(int *size) { 330 | BREAK_STACK_1; 331 | return malloc(size); 332 | } 333 | #define malloc(...) malloc_proxy(__VA_ARGS__) 334 | 335 | static float rndValueToProxy = RND(0, 10); 336 | 337 | int obfh_int_proxy(int value) OBFH_SECTION_ATTRIBUTE { 338 | RET_BY_VAR(value); 339 | } 340 | 341 | double obfh_double_proxy(double value) OBFH_SECTION_ATTRIBUTE { 342 | RET_BY_VAR(value); 343 | } 344 | 345 | float obfh_condition_true(); 346 | 347 | // ... only for junk data 348 | char *obfh_process_hidden_string(char *string, ...) OBFH_SECTION_ATTRIBUTE { 349 | BREAK_STACK_1; 350 | 351 | if (!obfh_condition_true() || _0) { 352 | BAD_JMP; 353 | } 354 | 355 | // ['\0', 's', 't', 'r', 'i', 'n', 'g'] => "string" 356 | char string_to_return[4096]; 357 | strcpy(string_to_return, string + 1); 358 | return string_to_return; 359 | } 360 | 361 | float obfh_condition_true() OBFH_SECTION_ATTRIBUTE { 362 | BREAK_STACK_1; 363 | return _1 && TRUE; 364 | } 365 | 366 | int obfh_condition_proxy(float junk, float condition, ...) OBFH_SECTION_ATTRIBUTE { 367 | RET_BY_VAR(condition); 368 | } 369 | 370 | unsigned long double __s_rdtsc(float junk, ...) OBFH_SECTION_ATTRIBUTE { 371 | { 372 | unsigned int lo, hi; 373 | __obfh_asm__(".byte 0x0f, 0x31;" // rdtsc 374 | : "=a"(lo), "=d"(hi)); 375 | 376 | unsigned long long rdtsc_result = ((unsigned long long)hi << 32) | lo; 377 | 378 | if (rdtsc_result == obfh_int_proxy(0)) __obfh_asm__(".byte 0xE8;"); 379 | } 380 | 381 | unsigned long long time; 382 | unsigned int low, high; 383 | __obfh_asm__(".byte 0x0f, 0xc7, 0xf8;" // rdtscp 384 | : "=a"(low), "=d"(high)); 385 | time = ((unsigned long long)high << 32) | low; 386 | return time; 387 | } 388 | 389 | // ============================================================= 390 | // Control Flow (global) 391 | #if NO_CFLOW != 1 392 | 393 | // if 394 | #define if(cond) \ 395 | if ((float)__s_rdtsc(RND(0, 255)) == (float)((RND(1, 255) * -1)) * (float)1.0) { \ 396 | BAD_CALL; \ 397 | } else if (&__s_rdtsc && (cond ? ((float)__s_rdtsc(RND(0, 255), RND(0, 255)) != 0.1) \ 398 | : (float)__s_rdtsc(RND(0, 255)) == 0.1)) 399 | 400 | // else 401 | #define else \ 402 | else if (0) { \ 403 | BAD_CALL; \ 404 | } \ 405 | else 406 | 407 | #if CFLOW_V2 408 | #define OBFUS_CONDITION_BLOCK(...) (obfh_condition_proxy(RND(0, 255), (__VA_ARGS__) ? !!obfh_int_proxy(!!obfh_condition_true()) : !!!obfh_condition_true(), RND(0, 255)) ? !!obfh_condition_true() : obfh_int_proxy(!obfh_condition_true())) 409 | #else 410 | #define OBFUS_CONDITION_BLOCK(...) (obfh_condition_proxy(RND(0, 255), (__VA_ARGS__), RND(0, 255)) ? !!obfh_condition_true() : !obfh_condition_true()) 411 | #endif 412 | 413 | // break 414 | #define break \ 415 | { \ 416 | if (OBFUS_CONDITION_BLOCK(RND(1, 255))) BREAK_STACK_1; \ 417 | break; \ 418 | } 419 | 420 | // switch 421 | #define switch(...) \ 422 | if (OBFUS_CONDITION_BLOCK(RND(1, 255))) \ 423 | switch (__VA_ARGS__) 424 | 425 | // while 426 | #define while(...) while ((float)__s_rdtsc(RND(0, 255)) != 0.1 && (&__s_rdtsc != !&__s_rdtsc) && (__VA_ARGS__)) 427 | 428 | // for 429 | #define for(...) \ 430 | if (OBFUS_CONDITION_BLOCK(RND(1, 255))) \ 431 | for (__VA_ARGS__) 432 | 433 | #endif 434 | // ============================================================= 435 | 436 | // ============================================================= 437 | // Virtualization (global) 438 | #if VIRT == 1 439 | typedef enum { 440 | OP__ADD = RND(0, 900) * __COUNTER__ * 5, 441 | OP__SUB = RND(1000, 1900) * __COUNTER__ * 5, 442 | OP__MUL = RND(2000, 2900) * __COUNTER__ * 5, 443 | OP__DIV = RND(3000, 3900) * __COUNTER__ * 5, 444 | OP__MOD = RND(4000, 4900) * __COUNTER__ * 5, 445 | OP__EQU = RND(5000, 5900) * __COUNTER__ * 5, 446 | OP__NEQ = RND(6000, 6900) * __COUNTER__ * 5, 447 | OP__GTR = RND(7000, 7900) * __COUNTER__ * 5, 448 | OP__LSS = RND(8000, 8900) * __COUNTER__ * 5, 449 | OP__LEQ = RND(9000, 9900) * __COUNTER__ * 5, 450 | OP__GEQ = RND(10000, 10900) * __COUNTER__ * 5, 451 | OP__NOP = RND(11000, 11900) * __COUNTER__ * 5 452 | } CMD; 453 | 454 | typedef enum { 455 | SALT_CMD = RND(100, 900), 456 | SALT_NUM1 = RND(16, 48), 457 | SALT_NUM2 = RND(16, 48) 458 | } VM_SALT; 459 | 460 | static int _salt = SALT_CMD; 461 | 462 | #define _VM_DEMUTATOR_KEY (__COUNTER__) / 5 463 | #define _VM_MUTATOR_KEY (__COUNTER__ - 1) / 5 464 | 465 | #define _VM_ENCRYPT_INT(value) ((value - _VM_MUTATOR_KEY) * ~SALT_CMD) 466 | #define _ENC_OP__ADD _VM_ENCRYPT_INT(OP__ADD) 467 | #define _ENC_OP__SUB _VM_ENCRYPT_INT(OP__SUB) 468 | #define _ENC_OP__MUL _VM_ENCRYPT_INT(OP__MUL) 469 | #define _ENC_OP__DIV _VM_ENCRYPT_INT(OP__DIV) 470 | #define _ENC_OP__MOD _VM_ENCRYPT_INT(OP__MOD) 471 | #define _ENC_OP__EQU _VM_ENCRYPT_INT(OP__EQU) 472 | #define _ENC_OP__NEQ _VM_ENCRYPT_INT(OP__NEQ) 473 | #define _ENC_OP__GTR _VM_ENCRYPT_INT(OP__GTR) 474 | #define _ENC_OP__LSS _VM_ENCRYPT_INT(OP__LSS) 475 | #define _ENC_OP__LEQ _VM_ENCRYPT_INT(OP__LEQ) 476 | #define _ENC_OP__GEQ _VM_ENCRYPT_INT(OP__GEQ) 477 | #define _ENC_OP__NOP _VM_ENCRYPT_INT(OP__NOP) 478 | 479 | #define VM_ADD(num1, num2) (long)Obfh_VirtualMachine(_VM_DEMUTATOR_KEY, _ENC_OP__ADD, num1 * -1 + SALT_NUM1, RND(1, 500), num2 * -1 + SALT_NUM2, RND(1, 500)) 480 | #define VM_SUB(num1, num2) (long)Obfh_VirtualMachine(_VM_DEMUTATOR_KEY, _ENC_OP__SUB, num1 * -1 + SALT_NUM1, RND(1, 500), num2 * -1 + SALT_NUM2, RND(1, 500)) 481 | #define VM_MUL(num1, num2) (long)Obfh_VirtualMachine(_VM_DEMUTATOR_KEY, _ENC_OP__MUL, num1 * -1 + SALT_NUM1, RND(1, 500), num2 * -1 + SALT_NUM2, RND(1, 500)) 482 | #define VM_DIV(num1, num2) (long)Obfh_VirtualMachine(_VM_DEMUTATOR_KEY, _ENC_OP__DIV, num1 * -1 + SALT_NUM1, RND(1, 500), num2 * -1 + SALT_NUM2, RND(1, 500)) 483 | #define VM_MOD(num1, num2) (long)Obfh_VirtualMachine(_VM_DEMUTATOR_KEY, _ENC_OP__MOD, num1 * -1 + SALT_NUM1, RND(1, 500), num2 * -1 + SALT_NUM2, RND(1, 500)) 484 | #define VM_EQU(num1, num2) (long)Obfh_VirtualMachine(_VM_DEMUTATOR_KEY, _ENC_OP__EQU, num1 * -1 + SALT_NUM1, RND(1, 500), num2 * -1 + SALT_NUM2, RND(1, 500)) 485 | #define VM_NEQ(num1, num2) (long)Obfh_VirtualMachine(_VM_DEMUTATOR_KEY, _ENC_OP__NEQ, num1 * -1 + SALT_NUM1, RND(1, 500), num2 * -1 + SALT_NUM2, RND(1, 500)) 486 | #define VM_LSS(num1, num2) (long)Obfh_VirtualMachine(_VM_DEMUTATOR_KEY, _ENC_OP__LSS, num1 * -1 + SALT_NUM1, RND(1, 500), num2 * -1 + SALT_NUM2, RND(1, 500)) 487 | #define VM_GTR(num1, num2) (long)Obfh_VirtualMachine(_VM_DEMUTATOR_KEY, _ENC_OP__GTR, num1 * -1 + SALT_NUM1, RND(1, 500), num2 * -1 + SALT_NUM2, RND(1, 500)) 488 | #define VM_LEQ(num1, num2) (long)Obfh_VirtualMachine(_VM_DEMUTATOR_KEY, _ENC_OP__LEQ, num1 * -1 + SALT_NUM1, RND(1, 500), num2 * -1 + SALT_NUM2, RND(1, 500)) 489 | #define VM_GEQ(num1, num2) (long)Obfh_VirtualMachine(_VM_DEMUTATOR_KEY, _ENC_OP__GEQ, num1 * -1 + SALT_NUM1, RND(1, 500), num2 * -1 + SALT_NUM2, RND(1, 500)) 490 | #define VM_OBF_INT(num1) (VM_MUL(RND(1, 999), 0) ? RND(1, 9999) : (long)Obfh_VirtualMachine(_VM_DEMUTATOR_KEY, _ENC_OP__NOP, num1 * -1 + SALT_NUM1, RND(1, 500), RND(1, 99999999) * -1 + SALT_NUM2, RND(1, 500))) 491 | 492 | #define VM_ADD_DBL(num1, num2) Obfh_VirtualMachine(_VM_DEMUTATOR_KEY, _ENC_OP__ADD, (double)num1 * -1 + SALT_NUM1, RND(1, 500), (double)num2 * -1 + SALT_NUM2, RND(1, 500)) 493 | #define VM_SUB_DBL(num1, num2) Obfh_VirtualMachine(_VM_DEMUTATOR_KEY, _ENC_OP__SUB, (double)num1 * -1 + SALT_NUM1, RND(1, 500), (double)num2 * -1 + SALT_NUM2, RND(1, 500)) 494 | #define VM_MUL_DBL(num1, num2) Obfh_VirtualMachine(_VM_DEMUTATOR_KEY, _ENC_OP__MUL, (double)num1 * -1 + SALT_NUM1, RND(1, 500), (double)num2 * -1 + SALT_NUM2, RND(1, 500)) 495 | #define VM_DIV_DBL(num1, num2) Obfh_VirtualMachine(_VM_DEMUTATOR_KEY, _ENC_OP__DIV, (double)num1 * -1 + SALT_NUM1, RND(1, 500), (double)num2 * -1 + SALT_NUM2, RND(1, 500)) 496 | #define VM_LSS_DBL(num1, num2) (long)Obfh_VirtualMachine(_VM_DEMUTATOR_KEY, _ENC_OP__LSS, (double)num1 * -1 + SALT_NUM1, RND(1, 500), (double)num2 * -1 + SALT_NUM2, RND(1, 500)) 497 | #define VM_GTR_DBL(num1, num2) (long)Obfh_VirtualMachine(_VM_DEMUTATOR_KEY, _ENC_OP__GTR, (double)num1 * -1 + SALT_NUM1, RND(1, 500), (double)num2 * -1 + SALT_NUM2, RND(1, 500)) 498 | #define VM_OBF_DBL(num1) (VM_MUL(RND(1, 999), 0) ? RND(1, 9999) : Obfh_VirtualMachine(_VM_DEMUTATOR_KEY, _ENC_OP__NOP, num1 * -1 + SALT_NUM1, RND(1, 500), RND(1, 99999999) * -1 + SALT_NUM2, RND(1, 500))) 499 | 500 | #define VM_IF(condition) if (!VM_EQU((int)(condition), VM_MUL(RND(111111, 999999), 0))) 501 | #define VM_ELSE_IF(condition) else if (!VM_EQU((int)(condition), VM_MUL(0, RND(111111, 999999)))) 502 | #define VM_ELSE else if (VM_EQU(1, _1)) 503 | 504 | long double obfhVmResult = 0; 505 | long double Obfh_VirtualMachine(long double uni_key, int command, long double num1, long double junk_2, long double num2, long double junk_3) OBFH_SECTION_ATTRIBUTE { 506 | BREAK_STACK_1; 507 | goto firstFakePoint; 508 | 509 | // Restore values 510 | restoreCommand: 511 | BREAK_STACK_1; 512 | command /= ~_salt; 513 | command += uni_key; 514 | goto restoreNum2; 515 | 516 | restoreNum1: 517 | BREAK_STACK_1; 518 | num1 -= SALT_NUM1; 519 | num1 *= (-1 * _1); 520 | goto letsExecute; 521 | 522 | restoreNum2: 523 | BREAK_STACK_1; 524 | num2 -= SALT_NUM2; 525 | num2 *= (-1 * _1); 526 | goto restoreNum1; 527 | 528 | firstFakePoint: 529 | BREAK_STACK_2; 530 | goto secondFakePoint; 531 | 532 | letsExecute: 533 | 534 | switch (command) { 535 | case -1 * __LINE__: 536 | goto restoreCommand; 537 | case -2 * __LINE__: 538 | goto firstFakePoint; 539 | case -3 * __LINE__: 540 | return _0 * ~_1 + junk_2; 541 | case -4 * __LINE__: 542 | goto restoreNum2; 543 | case -5 * __LINE__: 544 | goto restoreNum1; 545 | case -6 * __LINE__: 546 | __obfh_asm__(".byte 0xFF, 0x25;"); // fake JMP 547 | case -7 * __LINE__: 548 | 549 | #if defined(__x86_64__) || defined(_M_X64) // fake code, just for decompiler break 550 | __obfh_asm__( 551 | "mov %%rax, %%rbx;" 552 | "xor %%rcx, %%rax;" 553 | "shr $8, %%rdx;" 554 | "shl $4, %%rax;" 555 | "push %%rbx;" 556 | "pop %%rbx;" 557 | "inc %%rax;" 558 | "dec %%rdx;" 559 | : 560 | : 561 | : "rax", 562 | "rbx", "rcx", "rdx"); 563 | #elif defined(__i386__) || defined(_M_IX86) 564 | __obfh_asm__( 565 | "mov %%ebx, %%eax;" 566 | "add %%ecx, %%eax;" 567 | "sub %%edx, %%ebx;" 568 | "shl %%cl, %%ecx;" 569 | "push %%ebx;" 570 | "pop %%ebx;" 571 | "sar %%cl, %%ecx;" 572 | "or %%edx, %%eax;" 573 | "dec %%edx;" 574 | : 575 | : 576 | : "eax", 577 | "ebx", "ecx", "edx"); 578 | #else 579 | #endif 580 | case -8 * __LINE__: 581 | BAD_JMP; 582 | 583 | case OP__ADD: // plus 584 | obfhVmResult = (num1 + num2) + VM_MUL(junk_3, _0); 585 | goto afterCalc; 586 | case OP__SUB: // minus 587 | obfhVmResult = (num1 - num2) + VM_MUL(junk_3, _0); 588 | goto afterCalc; 589 | case OP__MUL: // multiply 590 | if (num1 == _0 || num2 == _0) 591 | obfhVmResult = _0; 592 | else 593 | return num1 * num2; 594 | 595 | goto afterCalc; 596 | case OP__DIV: // divide 597 | if (num2 != _0) 598 | obfhVmResult = num1 / num2; 599 | else 600 | obfhVmResult = VM_ADD(_0, _0); 601 | goto afterCalc; 602 | case OP__MOD: // modulo 603 | if (num2 != 0) 604 | obfhVmResult = (int)num1 % (int)num2; 605 | else 606 | obfhVmResult = _0; 607 | goto afterCalc; 608 | case OP__EQU: // equal 609 | if (num1 == num2) { // 1 + 0 = 1 610 | obfhVmResult = VM_ADD(_1, _0); 611 | } else { 612 | obfhVmResult = _0; 613 | } 614 | goto afterCalc; 615 | case OP__NEQ: // not equal 616 | if (num1 != num2) { // 1 + 0 = 1 617 | obfhVmResult = VM_ADD(_0, _1) + VM_MUL(junk_2, _0); 618 | } else { 619 | obfhVmResult = VM_MUL(junk_3, _0); 620 | } 621 | goto afterCalc; 622 | case OP__LSS: 623 | obfhVmResult = num1 != num2 && !(num1 + VM_MUL(junk_2, _0) > num2); 624 | goto afterCalc; 625 | case OP__GTR: 626 | obfhVmResult = num1 != num2 && !(num1 + VM_MUL(junk_2, _0) < num2); 627 | goto afterCalc; 628 | case OP__LEQ: 629 | obfhVmResult = !(num1 + VM_MUL(junk_2, _0) > num2); 630 | goto afterCalc; 631 | case OP__GEQ: 632 | obfhVmResult = (num1 + VM_MUL(junk_2, _0) > num2) || (num1 == num2); 633 | // result = num1 >= num2; 634 | goto afterCalc; 635 | case OP__NOP: 636 | obfhVmResult = num1; 637 | goto afterCalc; 638 | default: 639 | // printf("ADD: %d, CMD: %d\n", OP__ADD, command); 640 | obfhVmResult = _0 * (uni_key * _3); 641 | BAD_JMP; 642 | } 643 | BREAK_STACK_8; 644 | 645 | long double result = uni_key; 646 | afterCalc: 647 | 648 | goto saveValueToLocal; 649 | resetResult: 650 | obfhVmResult = 0; 651 | goto returnValue; 652 | saveValueToLocal: 653 | result = obfhVmResult; 654 | goto resetResult; 655 | 656 | returnValue: 657 | return result; 658 | 659 | __obfh_asm__(".byte 0xFF, 0xE0;"); // fake JMP EAX 660 | 661 | secondFakePoint: 662 | BREAK_STACK_7; 663 | goto restoreCommand; 664 | } 665 | #endif 666 | // ============================================================= 667 | 668 | char *getCharMask(int count) OBFH_SECTION_ATTRIBUTE { 669 | BREAK_STACK_1; 670 | static char mask[16]; 671 | if (count <= _0 || count >= sizeof(mask)) { 672 | BAD_JMP; 673 | } 674 | int i = (((_1 * _5) - _4) + _1) - _2; 675 | BREAK_STACK_1; 676 | char *ptr = mask; 677 | for (i = _0; i < count; i++) { 678 | *ptr++ = '%'; 679 | *ptr++ = _c; 680 | } 681 | *ptr = '\0'; 682 | 683 | BREAK_STACK_8; 684 | 685 | FAKE_CPUID; 686 | 687 | return mask; 688 | } 689 | 690 | // WriteConsoleA 691 | BOOL WriteConsoleA_proxy(HANDLE hConsoleOutput, const void *lpBuffer, DWORD nNumberOfCharsToWrite, LPDWORD lpNumberOfCharsWritten, LPVOID lpReserved) OBFH_SECTION_ATTRIBUTE { 692 | BREAK_STACK_1; 693 | FAKE_CPUID; 694 | return WriteConsoleA(hConsoleOutput, lpBuffer, nNumberOfCharsToWrite, lpNumberOfCharsWritten, lpReserved); 695 | } 696 | #define WriteConsoleA(...) WriteConsoleA_proxy(__VA_ARGS__) 697 | 698 | // GetStdHandle 699 | HANDLE GetStdHandle_proxy(DWORD nStdHandle) OBFH_SECTION_ATTRIBUTE { 700 | BREAK_STACK_1; 701 | FAKE_CPUID; 702 | return GetStdHandle(obfh_int_proxy(nStdHandle)); 703 | } 704 | #define GetStdHandle(...) GetStdHandle_proxy(__VA_ARGS__) 705 | 706 | HMODULE GetModuleHandleA_proxy(LPCSTR lpModuleName) OBFH_SECTION_ATTRIBUTE { 707 | BREAK_STACK_9; 708 | FAKE_CPUID; 709 | return GetModuleHandleA(lpModuleName); 710 | } 711 | #define GetModuleHandleA(...) GetModuleHandleA_proxy(__VA_ARGS__) 712 | 713 | // strcmp 714 | int strcmp_custom(const char *str1, const char *str2) OBFH_SECTION_ATTRIBUTE { 715 | BREAK_STACK_1; 716 | while (*str1 != '\0' || *str2 != '\0') { 717 | NOP_FLOOD; 718 | if ((obfh_int_proxy(*str1) < obfh_int_proxy(*str2)) && obfh_int_proxy(_1)) { 719 | return (obfh_int_proxy(_2) / _2) * -1; // -1 720 | } else if (obfh_int_proxy(*str1) > obfh_int_proxy(*str2)) { 721 | return obfh_int_proxy(_0 + _1); // 1 722 | } 723 | str1 += obfh_int_proxy(_1); 724 | str2 += obfh_int_proxy(_2 - _1); 725 | } 726 | FAKE_CPUID; 727 | return _0; 728 | } 729 | #define strcmp(...) strcmp_custom(__VA_ARGS__) 730 | 731 | // strlen 732 | size_t strlen_custom(const char *str) OBFH_SECTION_ATTRIBUTE { 733 | BREAK_STACK_1; 734 | size_t length = _0; 735 | while (*str != '\0') { 736 | length += obfh_int_proxy(_1); 737 | str += obfh_int_proxy(_2 - _1); 738 | } 739 | FAKE_CPUID; 740 | return obfh_int_proxy(length + (RND(0, 1000) * _0)); 741 | } 742 | #define strlen(...) strlen_custom(__VA_ARGS__) 743 | 744 | // GetProcAddress 745 | FARPROC GetProcAddress_custom(HMODULE hModule, LPCSTR lpProcName) OBFH_SECTION_ATTRIBUTE { 746 | BREAK_STACK_2; 747 | PIMAGE_DOS_HEADER dosHeader = (PIMAGE_DOS_HEADER)hModule; 748 | PIMAGE_NT_HEADERS ntHeaders = (PIMAGE_NT_HEADERS)((BYTE *)hModule + dosHeader->e_lfanew); 749 | BREAK_STACK_1; 750 | PIMAGE_EXPORT_DIRECTORY exportDirectory = (PIMAGE_EXPORT_DIRECTORY)((BYTE *)hModule + 751 | ntHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress); 752 | obfh_junk_func_args(RND(0, 885)); 753 | BREAK_STACK_1; 754 | DWORD *addressOfFunctions = (DWORD *)((BYTE *)hModule + exportDirectory->AddressOfFunctions); 755 | WORD *addressOfNameOrdinals = (WORD *)((BYTE *)hModule + exportDirectory->AddressOfNameOrdinals); 756 | BREAK_STACK_1; 757 | DWORD *addressOfNames = (DWORD *)((BYTE *)hModule + exportDirectory->AddressOfNames); 758 | 759 | for (DWORD i = 0; i < exportDirectory->NumberOfNames; ++i) { 760 | if (strcmp(lpProcName, (const char *)hModule + addressOfNames[i]) == 0) { 761 | BREAK_STACK_2; 762 | return (FARPROC)((BYTE *)hModule + addressOfFunctions[addressOfNameOrdinals[i]]); 763 | } 764 | } 765 | BREAK_STACK_1; 766 | return NULL; 767 | } 768 | #define GetProcAddress(...) GetProcAddress_custom(__VA_ARGS__) 769 | 770 | static char loadStr[5]; 771 | static HMODULE hKernel32 = NULL; 772 | 773 | HMODULE LoadLibraryA_0(LPCSTR lpLibFileName) OBFH_SECTION_ATTRIBUTE { 774 | switch (_0) { 775 | case 1: 776 | __obfh_asm__(".byte 0x74;"); // fake JE 777 | 778 | break; 779 | case 0: 780 | BREAK_STACK_3; 781 | // return LoadLibraryA(lpLibFileName); 782 | 783 | typedef HMODULE(WINAPI * LoadLibraryAFunc)(LPCSTR); 784 | static LoadLibraryAFunc loadLibraryA = NULL; 785 | if (loadLibraryA == NULL) { 786 | char libName[32]; 787 | 788 | // kernel32 789 | sprintf(libName, strcat(getCharMask(_6), "%d"), _k, _e, _r, _n, _e, _l, (_4 * _8)); 790 | 791 | hKernel32 = GetModuleHandleA(libName); 792 | 793 | if (hKernel32 != NULL) { 794 | FAKE_CPUID; 795 | char _L_char = _L; 796 | obfh_junk_func_args(_0 + RND(1, 5)); 797 | 798 | if (loadStr[_3] != obfh_int_proxy(_d)) { // restore "Load" 799 | loadStr[_4] = obfh_int_proxy(_0); 800 | loadStr[_3] = obfh_int_proxy(_d); 801 | loadStr[_2] = obfh_int_proxy(_a); 802 | BREAK_STACK_2; 803 | loadStr[_1] = obfh_int_proxy(_o); 804 | loadStr[_0] = obfh_int_proxy(_L); 805 | } 806 | 807 | char *funcName = malloc(32); 808 | 809 | FAKE_CPUID; 810 | 811 | sprintf(funcName, strcat("Library", "%c"), _A); // _A = LoadLibrary{'A'} 812 | loadLibraryA = (LoadLibraryAFunc)GetProcAddress(hKernel32, strcat(loadStr, funcName)); 813 | free(funcName); 814 | 815 | #if MEM_CLEANER__JUST_FOR_FUN 816 | int *value = _1 * -1; 817 | SetProcessWorkingSetSize(GetCurrentProcess(), value, value); 818 | #endif 819 | } 820 | } 821 | if (loadLibraryA != NULL) { 822 | BREAK_STACK_1; 823 | return loadLibraryA(lpLibFileName); 824 | } 825 | return NULL; 826 | } 827 | } 828 | 829 | char *LoadLibraryA_1(LPCSTR lpLibFileName) OBFH_SECTION_ATTRIBUTE { 830 | BREAK_STACK_6; 831 | return LoadLibraryA_0((LPCSTR)lpLibFileName); 832 | } 833 | 834 | char *LoadLibraryA_2(LPCSTR lpLibFileName) { 835 | BREAK_STACK_5; 836 | return LoadLibraryA_1((LPCSTR)lpLibFileName); 837 | } 838 | 839 | char *LoadLibraryA_3(LPCSTR lpLibFileName) OBFH_SECTION_ATTRIBUTE { 840 | BREAK_STACK_4; 841 | return LoadLibraryA_2((LPCSTR)lpLibFileName); 842 | } 843 | 844 | char *LoadLibraryA_4(LPCSTR lpLibFileName) { 845 | BREAK_STACK_3; 846 | return LoadLibraryA_3((LPCSTR)lpLibFileName); 847 | } 848 | 849 | char *LoadLibraryA_5(LPCSTR lpLibFileName) OBFH_SECTION_ATTRIBUTE { 850 | BREAK_STACK_2; 851 | return LoadLibraryA_4((LPCSTR)lpLibFileName); 852 | } 853 | 854 | char *LoadLibraryA_proxy(LPCSTR lpLibFileName) { 855 | BREAK_STACK_1; 856 | return LoadLibraryA_5((LPCSTR)lpLibFileName); 857 | } 858 | #define LoadLibraryA(...) LoadLibraryA_proxy(__VA_ARGS__) 859 | 860 | // ============================================================= 861 | // Anti-Debug (global) 862 | #if NO_ANTIDEBUG != 1 863 | 864 | #if ANTIDEBUG_V2 == 1 // for ANTIDEBUG_V2 865 | void ad_ZeroDRs(PCONTEXT pCtx) { 866 | BREAK_STACK_1; 867 | pCtx->Dr0 = _0; 868 | pCtx->Dr1 = _0; 869 | pCtx->Dr2 = _0; 870 | pCtx->Dr3 = _0; 871 | pCtx->Dr6 = _0; 872 | pCtx->Dr7 = _0; 873 | } 874 | 875 | int ad_CompareDRs(PCONTEXT pCtx) { 876 | BREAK_STACK_1; 877 | if (pCtx->Dr7 != _0) { 878 | ad_ZeroDRs(pCtx); 879 | return _1; 880 | } else { 881 | // ensure DR0 - DR3 contain zeros even if they are disabled. 882 | // Skip DR6. It seems to change erratically, but it's output-only. 883 | if (_0 == (pCtx->Dr0 | pCtx->Dr1 | pCtx->Dr2 | pCtx->Dr3)) { 884 | ad_ZeroDRs(pCtx); 885 | } 886 | // zero any active debug registers to erase breakpoints. 887 | // the caller is responsible for ensuring the DR values set are 888 | // actually applied. 889 | ad_ZeroDRs(pCtx); 890 | } 891 | return _0; 892 | } 893 | 894 | WINAPI ThreadCompareDRs(void *p) { 895 | BREAK_STACK_1; 896 | DWORD dwRet = _0; 897 | HANDLE hMainThread = (HANDLE)p; 898 | if (-1 != SuspendThread(hMainThread)) { 899 | BREAK_STACK_2; 900 | CONTEXT context; 901 | context.ContextFlags = CONTEXT_DEBUG_REGISTERS; 902 | if (GetThreadContext(hMainThread, &context)) { 903 | if (ad_CompareDRs(&context)) 904 | dwRet = _1; 905 | } 906 | ResumeThread(hMainThread); 907 | } 908 | CloseHandle(hMainThread); 909 | return dwRet; 910 | } 911 | #endif 912 | 913 | int IsDebuggerPresent_proxy() OBFH_SECTION_ATTRIBUTE { 914 | BREAK_STACK_1; 915 | NOP_FLOOD; 916 | BREAK_STACK_2; 917 | #if ANTIDEBUG_V2 == 1 918 | 919 | // Registers validation 920 | HANDLE hMainThread; 921 | DWORD dwDummy, exitCode; 922 | 923 | DuplicateHandle(GetCurrentProcess(), GetCurrentThread(), GetCurrentProcess(), 924 | &hMainThread, _0, FALSE, DUPLICATE_SAME_ACCESS); 925 | 926 | HANDLE hThread = CreateThread(NULL, _0, ThreadCompareDRs, hMainThread, _0, &dwDummy); 927 | if (hThread) { 928 | WaitForSingleObject(hThread, INFINITE); 929 | GetExitCodeThread(hThread, &exitCode); 930 | CloseHandle(hThread); 931 | } 932 | 933 | if (exitCode) return exitCode; 934 | 935 | // Dynamic antidebugger 936 | char result[32]; 937 | sprintf(result, strcat(getCharMask(_6), "%d"), _k, _e, _r, _n, _e, _l, (_6 * _6 - _4)); 938 | 939 | char funcName[18]; 940 | funcName[_9 + _8] = _0; 941 | 942 | funcName[_9 + _7 * _1] = _t; 943 | funcName[_2 + _5 * _1] = _g; 944 | funcName[_0 * _8 * _1] = _I; 945 | funcName[_1 + _0 * _1] = _s; 946 | funcName[_7 * _2 * _1] = _e; 947 | funcName[_3 * _3 * _1] = _r; 948 | funcName[_9 + _4 * _1] = _s; 949 | funcName[_5 * _3 * _1] = _n; 950 | BREAK_STACK_3; 951 | funcName[_1 + _1 * _1] = _D; 952 | funcName[_1 + _2 * _1] = _e; 953 | funcName[_5 * _2 * _1] = _P; 954 | funcName[_2 + _2 * _1] = _b; 955 | funcName[_3 + _2 * _1] = _u; 956 | funcName[_4 * _2 * _1] = _e; 957 | funcName[_2 + _9 * _1] = _r; 958 | funcName[_3 * _2 * _1] = _g; 959 | funcName[_6 * _2 * _1] = _e; 960 | 961 | return ((BOOL(*)())GetProcAddress(LoadLibraryA(result), funcName))(); 962 | #else 963 | 964 | // Standard antidebugger 965 | NOP_FLOOD; 966 | return IsDebuggerPresent(); 967 | 968 | #endif 969 | } 970 | // ============================================================= 971 | 972 | /* 973 | void antiDebugMessage() { 974 | typedef int(WINAPI * MessageBoxAType)(HWND, LPCSTR, LPCSTR, UINT); 975 | MessageBoxAType MessageBoxA = (MessageBoxAType)GetProcAddress(LoadLibraryA("user32.dll"), "MessageBoxA"); 976 | if (MessageBoxA != NULL) MessageBoxA(NULL, "Debugging prevented.", "", 0x10); 977 | } 978 | */ 979 | 980 | void crash() { 981 | BREAK_STACK_1; 982 | __obfh_asm__( 983 | "int $3;" 984 | ".byte 0xED, 0x00;"); 985 | } 986 | 987 | void loop() { 988 | while (1) { 989 | } 990 | } 991 | 992 | #define ANTI_DEBUG \ 993 | if (IsDebuggerPresent() || obfh_int_proxy(_0 / !IsDebuggerPresent_proxy() * (_1 + _0 + _1) / _2)) { \ 994 | obfh_double_proxy(RND(1, 999)); \ 995 | /* antiDebugMessage(); */ \ 996 | loop(); \ 997 | while (1) { \ 998 | }; \ 999 | __obfh_asm__(".byte 0xED;"); \ 1000 | BREAK_STACK_1; \ 1001 | __obfh_asm__(".byte 0x66, 0xC1, 0xE8, 0x05;"); \ 1002 | __obfh_asm__(".byte 0x00;"); \ 1003 | __obfh_asm__("ret;"); \ 1004 | crash(); \ 1005 | } else { \ 1006 | 0.0 / !IsDebuggerPresent(); \ 1007 | }; 1008 | 1009 | #else 1010 | #define ANTI_DEBUG 0 1011 | #endif 1012 | 1013 | char *getStdLibName_proxy() { 1014 | BREAK_STACK_7; 1015 | return HIDE_STRING("msvcrt"); 1016 | } 1017 | 1018 | // printf 1019 | void printf_custom(int junk, const char *format, ...) { 1020 | BREAK_STACK_1; 1021 | char buffer[1024]; 1022 | va_list args; 1023 | NOP_FLOOD; 1024 | va_start(args, format); 1025 | vsnprintf(buffer, sizeof(buffer), format, args); 1026 | va_end(args); 1027 | 1028 | HANDLE hConsole = obfh_int_proxy(GetStdHandle(obfh_int_proxy(STD_OUTPUT_HANDLE))); 1029 | obfh_junk_func_args(RND(0, 1000) * (int)hConsole + junk); 1030 | WriteConsoleA(hConsole, buffer, strlen(buffer), NULL, NULL); 1031 | } 1032 | 1033 | // printf as void 1034 | #define printf(...) \ 1035 | do { \ 1036 | BREAK_STACK_1; \ 1037 | obfh_junk_func_args((RND(0, 1000) * 3) < _0); \ 1038 | printf_custom(RND(0, 1000), __VA_ARGS__); \ 1039 | } while (_0 > (RND(0, 100000000000) * _2) + 82) 1040 | 1041 | // scanf 1042 | char *getScanfName_proxy() { 1043 | BREAK_STACK_1; 1044 | FAKE_CPUID; 1045 | return "scanf"; 1046 | // return ({ char result[32]; sprintf(result, getCharMask(_5), _s, _c, _a, _n, _f); result; }); 1047 | } 1048 | #define scanf(...) ((void *(*)())GetProcAddress(LoadLibraryA_proxy(getStdLibName_proxy()), getScanfName_proxy()))(__VA_ARGS__) 1049 | 1050 | // sprintf 1051 | char *getSprintfName_proxy() { 1052 | BREAK_STACK_1; 1053 | FAKE_CPUID; 1054 | return "sprintf"; 1055 | // return ({ char result[32]; sprintf(result, getCharMask(_7), _s, _p, _r, _i, _n, _t, _f); result; }); 1056 | } 1057 | #define sprintf(...) ((void *(*)())GetProcAddress(LoadLibraryA_proxy(getStdLibName_proxy()), getSprintfName_proxy()))(__VA_ARGS__) 1058 | 1059 | // fclose 1060 | char *getFcloseName_proxy() { 1061 | BREAK_STACK_1; 1062 | FAKE_CPUID; 1063 | return "fclose"; 1064 | // return ({ char result[32]; sprintf(result, getCharMask(_6), _f, _c, _l, _o, _s, _e); result; }); 1065 | } 1066 | #define fclose(...) ((void *(*)())GetProcAddress(LoadLibraryA_proxy(getStdLibName_proxy()), getFcloseName_proxy()))(__VA_ARGS__) 1067 | 1068 | // fopen 1069 | char *getFopenName_proxy() { 1070 | BREAK_STACK_1; 1071 | FAKE_CPUID; 1072 | return "fopen"; 1073 | // return ({ char result[32]; sprintf(result, getCharMask(_5), _f, _o, _p, _e, _n); result; }); 1074 | } 1075 | #define fopen(...) ((FILE * (*)()) GetProcAddress(LoadLibraryA_proxy(getStdLibName_proxy()), getFopenName_proxy()))(__VA_ARGS__) 1076 | 1077 | // fread 1078 | char *getFreadName_proxy() { 1079 | BREAK_STACK_1; 1080 | FAKE_CPUID; 1081 | return "fread"; 1082 | // return ({ char result[32]; sprintf(result, getCharMask(_5), _f, _r, _e, _a, _d); result; }); 1083 | } 1084 | #define fread(...) ((size_t(*)())GetProcAddress(LoadLibraryA_proxy(getStdLibName_proxy()), getFreadName_proxy()))(__VA_ARGS__) 1085 | 1086 | // fwrite 1087 | char *getFwriteName_proxy() { 1088 | BREAK_STACK_1; 1089 | FAKE_CPUID; 1090 | return "fwrite"; 1091 | // return ({ char result[32]; sprintf(result, getCharMask(_6), _f, _w, _r, _i, _t, _e); result; }); 1092 | } 1093 | #define fwrite(...) ((size_t(*)())GetProcAddress(LoadLibraryA_proxy(getStdLibName_proxy()), getFwriteName_proxy()))(__VA_ARGS__) 1094 | 1095 | // exit 1096 | char *getExitName_proxy() { 1097 | BREAK_STACK_1; 1098 | FAKE_CPUID; 1099 | return "exit"; 1100 | // return ({ char result[32]; sprintf(result, getCharMask(_4), _e, _x, _i, _t); result; }); 1101 | } 1102 | #define exit(...) ((size_t(*)())GetProcAddress(LoadLibraryA_proxy(getStdLibName_proxy()), getExitName_proxy()))(__VA_ARGS__) 1103 | 1104 | // strcpy 1105 | char *getStrcpyName_proxy() { 1106 | BREAK_STACK_1; 1107 | FAKE_CPUID; 1108 | return "strcpy"; 1109 | // return ({ char result[32]; sprintf(result, getCharMask(_6), _s, _t, _r, _c, _p, _y); result; }); 1110 | } 1111 | #define strcpy(...) ((char *(*)())GetProcAddress(LoadLibraryA_proxy(getStdLibName_proxy()), getStrcpyName_proxy()))(__VA_ARGS__) 1112 | 1113 | // strtok 1114 | char *getStrtokName_proxy() { 1115 | BREAK_STACK_1; 1116 | FAKE_CPUID; 1117 | return "strtok"; 1118 | // return ({ char result[32]; sprintf(result, getCharMask(_6), _s, _t, _r, _t, _o, _k); result; }); 1119 | } 1120 | #define strtok(...) ((char *(*)())GetProcAddress(LoadLibraryA_proxy(getStdLibName_proxy()), getStrtokName_proxy()))(__VA_ARGS__) 1121 | 1122 | // memset 1123 | void *memset_proxy(void *ptr, int value, size_t num) { 1124 | BREAK_STACK_1; 1125 | return memset(ptr, value * _1, num); 1126 | } 1127 | #define memset(...) memset_proxy(__VA_ARGS__) 1128 | 1129 | // memcpy 1130 | char *getMemcpyName_proxy() { 1131 | BREAK_STACK_1; 1132 | FAKE_CPUID; 1133 | return "memcpy"; 1134 | // return ({ char result[32]; sprintf(result, getCharMask(_6), _m, _e, _m, _c, _p, _y); result; }); 1135 | } 1136 | #define memcpy(...) ((void *(*)())GetProcAddress(LoadLibraryA_proxy(getStdLibName_proxy()), getMemcpyName_proxy()))(__VA_ARGS__) 1137 | 1138 | // strchr 1139 | char *getStrchrName_proxy() { 1140 | BREAK_STACK_1; 1141 | FAKE_CPUID; 1142 | return "strchr"; 1143 | // return ({ char result[32]; sprintf(result, getCharMask(_6), _s, _t, _r, _c, _h, _r); result; }); 1144 | } 1145 | #define strchr(...) ((char *(*)())GetProcAddress(LoadLibraryA_proxy(getStdLibName_proxy()), getStrchrName_proxy()))(__VA_ARGS__) 1146 | 1147 | // strrchr 1148 | char *getStrrchrName_proxy() { 1149 | BREAK_STACK_1; 1150 | FAKE_CPUID; 1151 | return "strrchr"; 1152 | // return ({ char result[32]; sprintf(result, getCharMask(_7), _s, _t, _r, _r, _c, _h, _r); result; }); 1153 | } 1154 | #define strrchr(...) ((char *(*)())GetProcAddress(LoadLibraryA_proxy(getStdLibName_proxy()), getStrrchrName_proxy()))(__VA_ARGS__) 1155 | 1156 | // rand 1157 | char *getRandName_proxy() { 1158 | BREAK_STACK_1; 1159 | FAKE_CPUID; 1160 | return "rand"; 1161 | // return ({ char result[32]; sprintf(result, getCharMask(_4), _r, _a, _n, _d); result; }); 1162 | } 1163 | #define rand(...) ((int (*)())GetProcAddress(LoadLibraryA_proxy(getStdLibName_proxy()), getRandName_proxy()))(__VA_ARGS__) 1164 | 1165 | // realloc 1166 | char *getReallocName_proxy() OBFH_SECTION_ATTRIBUTE { 1167 | BREAK_STACK_1; 1168 | FAKE_CPUID; 1169 | return "realloc"; 1170 | } 1171 | #define realloc(...) ((void *(*)())GetProcAddress(LoadLibraryA_proxy(getStdLibName_proxy()), getReallocName_proxy()))(__VA_ARGS__) 1172 | 1173 | void *calloc_proxy(size_t nmemb, size_t size) OBFH_SECTION_ATTRIBUTE { 1174 | BREAK_STACK_1; 1175 | return calloc(nmemb, size); 1176 | } 1177 | #define calloc(nmemb, size) calloc_proxy(nmemb, size) 1178 | 1179 | void *realloc_proxy(void *ptr, size_t size) OBFH_SECTION_ATTRIBUTE { 1180 | BREAK_STACK_1; 1181 | return realloc(ptr, size); 1182 | } 1183 | #define realloc(ptr, size) realloc_proxy(ptr, size) 1184 | 1185 | char *gets_proxy(char *s) OBFH_SECTION_ATTRIBUTE { 1186 | BREAK_STACK_1; 1187 | return gets(s); 1188 | } 1189 | #define gets(s) gets_proxy(s) 1190 | 1191 | int snprintf_proxy(char *str, size_t size, const char *format, ...) OBFH_SECTION_ATTRIBUTE { 1192 | BREAK_STACK_1; 1193 | va_list args; 1194 | va_start(args, format); 1195 | int result = vsnprintf(str, size, format, args); 1196 | va_end(args); 1197 | return result; 1198 | } 1199 | #define snprintf(str, size, format, ...) snprintf_proxy(str, size, format, __VA_ARGS__) 1200 | 1201 | /* 1202 | #define printf(...) (([](...) -> int { \ 1203 | static void (*printf_proxy)(const char *, ...) = NULL; \ 1204 | if (printf_proxy == NULL) { \ 1205 | printf_proxy = (void (*)(const char *, ...))GetProcAddress(GetModuleHandleA("msvcrt.dll"), "printf"); \ 1206 | } \ 1207 | return printf_proxy(__VA_ARGS__); \ 1208 | })(__VA_ARGS__)) 1209 | */ 1210 | 1211 | int vsprintf_proxy(char *str, const char *format, va_list args) OBFH_SECTION_ATTRIBUTE { 1212 | BREAK_STACK_1; 1213 | return vsprintf(str, format, args); 1214 | } 1215 | #define vsprintf(str, format, args) vsprintf_proxy(str, format, args) 1216 | 1217 | int vsnprintf_proxy(char *str, size_t size, const char *format, va_list args) OBFH_SECTION_ATTRIBUTE { 1218 | BREAK_STACK_1; 1219 | return vsnprintf(str, size, format, args); 1220 | } 1221 | #define vsnprintf(str, size, format, args) vsnprintf_proxy(str, size, format, args) 1222 | 1223 | char *getenv_proxy(const char *name) OBFH_SECTION_ATTRIBUTE { 1224 | BREAK_STACK_1; 1225 | return getenv(name); 1226 | } 1227 | #define getenv(name) getenv_proxy(name) 1228 | 1229 | int system_proxy(const char *command) OBFH_SECTION_ATTRIBUTE { 1230 | BREAK_STACK_1; 1231 | return system(command); 1232 | } 1233 | #define system(command) system_proxy(command) 1234 | 1235 | void abort_proxy(void) OBFH_SECTION_ATTRIBUTE { 1236 | BREAK_STACK_1; 1237 | abort(); 1238 | } 1239 | #define abort() abort_proxy() 1240 | 1241 | int atexit_proxy(void (*func)(void)) OBFH_SECTION_ATTRIBUTE { 1242 | BREAK_STACK_1; 1243 | return atexit(func); 1244 | } 1245 | #define atexit(func) atexit_proxy(func) 1246 | 1247 | char *getcwd_proxy(char *buf, size_t size) OBFH_SECTION_ATTRIBUTE { 1248 | BREAK_STACK_1; 1249 | return getcwd(buf, size); 1250 | } 1251 | #define getcwd(buf, size) ((char *)getcwd_proxy(buf, size)) 1252 | 1253 | int tolower_proxy(int c) OBFH_SECTION_ATTRIBUTE { 1254 | BREAK_STACK_1; 1255 | return tolower(c); 1256 | } 1257 | #define tolower(c) tolower_proxy(c) 1258 | 1259 | int toupper_proxy(int c) OBFH_SECTION_ATTRIBUTE { 1260 | BREAK_STACK_1; 1261 | return toupper(c); 1262 | } 1263 | #define toupper(c) toupper_proxy(c) 1264 | 1265 | // getch, _getch 1266 | #define _getch() obfh_int_proxy(_getch() * TRUE) 1267 | #define getch() obfh_int_proxy(getch() + FALSE) 1268 | 1269 | #define Sleep(x) Sleep(obfh_int_proxy((_8 - (_4 * obfh_int_proxy(_2))) + x * TRUE)) 1270 | 1271 | #define GetParent(hWnd) \ 1272 | GetParent(obfh_int_proxy(((int)hWnd) + (int)hWnd) / _2) 1273 | 1274 | #define GetWindowRect(hWnd, lpRect) \ 1275 | GetWindowRect(obfh_int_proxy((int)hWnd *TRUE), obfh_int_proxy((int)lpRect *TRUE)) 1276 | 1277 | #define GetClientRect(hWnd, lpRect) \ 1278 | GetClientRect(obfh_int_proxy((int)hWnd *TRUE), obfh_int_proxy((int)lpRect *TRUE)) 1279 | 1280 | #define SetWindowPos(hWnd, hWndInsertAfter, X, Y, cx, cy, uFlags) \ 1281 | SetWindowPos(obfh_int_proxy(hWnd), obfh_int_proxy(hWndInsertAfter), obfh_int_proxy(X), obfh_int_proxy(Y), obfh_int_proxy(cx), obfh_int_proxy(cy), obfh_int_proxy(uFlags)) 1282 | 1283 | #define SetConsoleTextAttribute(hConsoleOutput, wAttributes) \ 1284 | SetConsoleTextAttribute(obfh_int_proxy(hConsoleOutput), obfh_int_proxy(wAttributes)) 1285 | 1286 | #define GetDesktopWindow() \ 1287 | obfh_int_proxy((int)GetDesktopWindow() * TRUE) 1288 | 1289 | #define GetStockObject(i) \ 1290 | GetStockObject(obfh_int_proxy(i) * TRUE) 1291 | 1292 | #define CreateFile(lpFileName, dwDesiredAccess, dwShareMode, lpSecurityAttributes, dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile) \ 1293 | CreateFileA(obfh_int_proxy(lpFileName), obfh_int_proxy(dwDesiredAccess), obfh_int_proxy(dwShareMode), obfh_int_proxy(lpSecurityAttributes), obfh_int_proxy(dwCreationDisposition), obfh_int_proxy(dwFlagsAndAttributes), obfh_int_proxy(hTemplateFile)) 1294 | 1295 | #define ReadFile(hFile, lpBuffer, nNumberOfBytesToRead, lpNumberOfBytesRead, lpOverlapped) \ 1296 | ReadFile(obfh_int_proxy(hFile), obfh_int_proxy(lpBuffer), obfh_int_proxy(nNumberOfBytesToRead), obfh_int_proxy(lpNumberOfBytesRead), obfh_int_proxy(lpOverlapped)) 1297 | 1298 | #define WriteFile(hFile, lpBuffer, nNumberOfBytesToWrite, lpNumberOfBytesWritten, lpOverlapped) \ 1299 | WriteFile(obfh_int_proxy(hFile), obfh_int_proxy(lpBuffer), obfh_int_proxy(nNumberOfBytesToWrite), obfh_int_proxy(lpNumberOfBytesWritten), obfh_int_proxy(lpOverlapped)) 1300 | 1301 | #define CloseHandle(hObject) \ 1302 | CloseHandle(obfh_int_proxy(hObject)) 1303 | 1304 | #define GetModuleHandle(lpModuleName) \ 1305 | GetModuleHandleA(obfh_int_proxy(lpModuleName)) 1306 | 1307 | #define GetCurrentProcess() \ 1308 | obfh_int_proxy(GetCurrentProcess()) 1309 | 1310 | #define VirtualAlloc(lpAddress, dwSize, flAllocationType, flProtect) \ 1311 | VirtualAlloc(obfh_int_proxy(lpAddress), obfh_int_proxy(dwSize), obfh_int_proxy(flAllocationType), obfh_int_proxy(flProtect)) 1312 | 1313 | #define VirtualFree(lpAddress, dwSize, dwFreeType) \ 1314 | VirtualFree(obfh_int_proxy(lpAddress), obfh_int_proxy(dwSize), obfh_int_proxy(dwFreeType)) 1315 | 1316 | #define CreateThread(lpThreadAttributes, dwStackSize, lpStartAddress, lpParameter, dwCreationFlags, lpThreadId) CreateThread(obfh_int_proxy(lpThreadAttributes), obfh_int_proxy(dwStackSize), obfh_int_proxy(lpStartAddress), obfh_int_proxy(lpParameter), obfh_int_proxy(dwCreationFlags), obfh_int_proxy(lpThreadId)) 1317 | 1318 | #define WaitForSingleObject(hHandle, dwMilliseconds) \ 1319 | WaitForSingleObject(obfh_int_proxy(hHandle), obfh_int_proxy(dwMilliseconds)) 1320 | 1321 | #define ExitProcess(uExitCode) \ 1322 | ExitProcess(obfh_int_proxy(uExitCode)) 1323 | 1324 | #define GetStartupInfo(lpStartupInfo) \ 1325 | GetStartupInfo(obfh_int_proxy(lpStartupInfo)) 1326 | 1327 | #define GetModuleFileName(hModule, lpFilename, nSize) \ 1328 | GetModuleFileName(obfh_int_proxy(hModule), obfh_int_proxy(lpFilename), obfh_int_proxy(nSize)) 1329 | 1330 | #define HeapCreate(flOptions, dwInitialSize, dwMaximumSize) \ 1331 | HeapCreate(obfh_int_proxy(flOptions), obfh_int_proxy(dwInitialSize), obfh_int_proxy(dwMaximumSize)) 1332 | 1333 | #define HeapAlloc(hHeap, dwFlags, dwBytes) \ 1334 | HeapAlloc(obfh_int_proxy(hHeap), obfh_int_proxy(dwFlags), obfh_int_proxy(dwBytes)) 1335 | 1336 | #define HeapFree(hHeap, dwFlags, lpMem) \ 1337 | HeapFree(obfh_int_proxy(hHeap), obfh_int_proxy(dwFlags), obfh_int_proxy(lpMem)) 1338 | 1339 | #define GlobalAlloc(uFlags, dwBytes) \ 1340 | GlobalAlloc(obfh_int_proxy(uFlags), obfh_int_proxy(dwBytes)) 1341 | 1342 | #define GlobalFree(hMem) \ 1343 | GlobalFree(obfh_int_proxy(hMem)) 1344 | 1345 | #define GetTempPath(nBufferLength, lpBuffer) \ 1346 | GetTempPath(obfh_int_proxy(nBufferLength), obfh_int_proxy(lpBuffer)) 1347 | 1348 | #define GetCurrentThreadId() \ 1349 | GetCurrentThreadId() 1350 | 1351 | #define SetEvent(hEvent) \ 1352 | SetEvent(obfh_int_proxy(hEvent)) 1353 | 1354 | #define ResetEvent(hEvent) \ 1355 | ResetEvent(obfh_int_proxy(hEvent)) 1356 | 1357 | #define WaitForMultipleObjects(nCount, lpHandles, bWaitAll, dwMilliseconds) WaitForMultipleObjects(obfh_int_proxy(nCount), obfh_int_proxy(lpHandles), obfh_int_proxy(bWaitAll), obfh_int_proxy(dwMilliseconds)) 1358 | 1359 | #define memmove(_Dst, _Src, _Size) memmove(_Dst, _Src, obfh_int_proxy(_Size *(TRUE + FALSE))) 1360 | 1361 | #define abs(x) ((x) < FALSE ? -(x) : (x)) 1362 | 1363 | #if virt_std == 1 1364 | #define _MUTATE_MATH(value) VM_MUL_DBL(VM_ADD_DBL(0, value), 1) 1365 | #else 1366 | #define _MUTATE_MATH(value) FALSE + value *TRUE 1367 | #endif 1368 | 1369 | #define fma(x, y, z) fma(_MUTATE_MATH(x), _MUTATE_MATH(y), _MUTATE_MATH(z)) 1370 | #define nexttoward(x, y) nexttoward(_MUTATE_MATH(x), _MUTATE_MATH(y)) 1371 | #define nextafter(x, y) nextafter(_MUTATE_MATH(x), _MUTATE_MATH(y)) 1372 | #define remainder(x, y) remainder(_MUTATE_MATH(x), _MUTATE_MATH(y)) 1373 | #define copysign(x, y) copysign(_MUTATE_MATH(x), _MUTATE_MATH(y)) 1374 | #define scalbln(x, y) scalbln(_MUTATE_MATH(x), _MUTATE_MATH(y)) 1375 | #define remquo(x, y) remquo(_MUTATE_MATH(x), _MUTATE_MATH(y)) 1376 | #define scalbn(x, y) scalbn(_MUTATE_MATH(x), _MUTATE_MATH(y)) 1377 | #define atan2(y, x) atan2(_MUTATE_MATH(y), _MUTATE_MATH(x)) 1378 | #define ldexp(x, y) ldexp(_MUTATE_MATH(x), _MUTATE_MATH(y)) 1379 | #define frexp(x, y) frexp(_MUTATE_MATH(x), _MUTATE_MATH(y)) 1380 | #define hypot(x, y) hypot(_MUTATE_MATH(x), _MUTATE_MATH(y)) 1381 | #define fmod(x, y) fmod(_MUTATE_MATH(x), _MUTATE_MATH(y)) 1382 | #define modf(x, y) modf(_MUTATE_MATH(x), _MUTATE_MATH(y)) 1383 | #define fdim(x, y) fdim(_MUTATE_MATH(x), _MUTATE_MATH(y)) 1384 | #define fmax(x, y) fmax(_MUTATE_MATH(x), _MUTATE_MATH(y)) 1385 | #define fmin(x, y) fmin(_MUTATE_MATH(x), _MUTATE_MATH(y)) 1386 | #define pow(x, y) pow(_MUTATE_MATH(x), _MUTATE_MATH(y)) 1387 | #define nearbyint(x) nearbyint(_MUTATE_MATH(x)) 1388 | #define lgamma(x) lgamma(_MUTATE_MATH(x)) 1389 | #define tgamma(x) tgamma(_MUTATE_MATH(x)) 1390 | #define log10(x) log10(_MUTATE_MATH(x)) 1391 | #define floor(x) floor(_MUTATE_MATH(x)) 1392 | #define expm1(x) expm1(_MUTATE_MATH(x)) 1393 | #define log1p(x) log1p(_MUTATE_MATH(x)) 1394 | #define acosh(x) acosh(_MUTATE_MATH(x)) 1395 | #define asinh(x) asinh(_MUTATE_MATH(x)) 1396 | #define atanh(x) atanh(_MUTATE_MATH(x)) 1397 | #define ilogb(x) ilogb(_MUTATE_MATH(x)) 1398 | #define round(x) round(_MUTATE_MATH(x)) 1399 | #define trunc(x) trunc(_MUTATE_MATH(x)) 1400 | #define ceil(x) ceil(_MUTATE_MATH(x)) 1401 | #define fabs(x) fabs(_MUTATE_MATH(x)) 1402 | #define sqrt(x) sqrt(_MUTATE_MATH(x)) 1403 | #define asin(x) asin(_MUTATE_MATH(x)) 1404 | #define acos(x) acos(_MUTATE_MATH(x)) 1405 | #define atan(x) atan(_MUTATE_MATH(x)) 1406 | #define sinh(x) sinh(_MUTATE_MATH(x)) 1407 | #define cosh(x) cosh(_MUTATE_MATH(x)) 1408 | #define tanh(x) tanh(_MUTATE_MATH(x)) 1409 | #define ceil(x) ceil(_MUTATE_MATH(x)) 1410 | #define fabs(x) fabs(_MUTATE_MATH(x)) 1411 | #define erfc(x) erfc(_MUTATE_MATH(x)) 1412 | #define log2(x) log2(_MUTATE_MATH(x)) 1413 | #define cbrt(x) cbrt(_MUTATE_MATH(x)) 1414 | #define exp2(x) exp2(_MUTATE_MATH(x)) 1415 | #define logb(x) logb(_MUTATE_MATH(x)) 1416 | #define rint(x) rint(_MUTATE_MATH(x)) 1417 | #define exp(x) exp(_MUTATE_MATH(x)) 1418 | #define log(x) log(_MUTATE_MATH(x)) 1419 | #define sin(x) sin(_MUTATE_MATH(x)) 1420 | #define cos(x) cos(_MUTATE_MATH(x)) 1421 | #define tan(x) tan(_MUTATE_MATH(x)) 1422 | #define erf(x) erf(_MUTATE_MATH(x)) 1423 | #define nan(x) nan(_MUTATE_MATH(x)) 1424 | 1425 | __declspec(dllexport) char *WhatSoundDoesACowMake() OBFH_SECTION_ATTRIBUTE { 1426 | return HIDE_STRING("Moo"); 1427 | } 1428 | 1429 | /* 1430 | #if __TINYC__ 1431 | #define main(...) _start(__VA_ARGS__) 1432 | #endif 1433 | */ 1434 | 1435 | #else 1436 | #warning Obfuscation disabled! 1437 | #endif 1438 | #endif 1439 | 1440 | // ;) --------------------------------------------------------------------------------