admin/pe-packer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(core): add check for .NET binaries

Browse Source
This commit is contained in:
notcpuid
2025-07-02 10:58:37 +03:00
parent 456f1b7484
commit 4aae9feba6
2 changed files with 110 additions and 107 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
pe-packer/core/core.cpp
View File

@@ -17,12 +17,16 @@ c_core::c_core(std::string input_file, std::string output_file, std::uint32_t mu
print_error("Binary is not PE file\n"); print_error("Binary is not PE file\n");
} }
m_peImage = std::make_unique<pe_bliss::pe_base>(pe_bliss::pe_factory::create_pe(pe_file)); m_peImage = std::make_unique<pe_bliss::pe_base>(pe_bliss::pe_factory::create_pe(pe_file));
if (m_peImage->get_pe_type() != pe_bliss::pe_type_32) { if (m_peImage->get_pe_type() != pe_bliss::pe_type_32) {
print_error("Binary is not x86 architecture\n"); print_error("Binary is not x86 architecture\n");
} }
bool clr_dir = m_peImage->directory_exists(14);
if (clr_dir) {
print_error("CLR directory found, .NET binary is not supported yet\n");
}
JitRuntime jitRt; JitRuntime jitRt;
m_codeHolder = std::make_unique<CodeHolder>(); m_codeHolder = std::make_unique<CodeHolder>();
Error init_asmjit = m_codeHolder->init(jitRt.environment(), jitRt.cpuFeatures()); Error init_asmjit = m_codeHolder->init(jitRt.environment(), jitRt.cpuFeatures());
@@ -253,7 +257,6 @@ void c_core::process()
for (const xor_target_t& target : obf_xor_targets) { for (const xor_target_t& target : obf_xor_targets) {
xor_function_range(target); xor_function_range(target);
insert_runtime_xor_stub(target); insert_runtime_xor_stub(target);
} }
} }

210
pe-packer/core/mba.cpp
View File

@@ -32,149 +32,149 @@ void c_mba::gen_math_operations() {
void c_mba::mba_code(c_mba::options opt) { void c_mba::mba_code(c_mba::options opt) {
int x = random_value(0, 3); int x = random_value(0, 3);
switch (x) { switch (x) {
case 0: { case 0: {
Label new_label = m_core.get_assembler()->newLabel(); Label new_label = m_core.get_assembler()->newLabel();
gen_math_operations(); gen_math_operations();
// create new jump equal to label // create new jump equal to label
m_core.get_assembler()->je(new_label); m_core.get_assembler()->je(new_label);
// load x and y into regs // load x and y into regs
m_core.get_assembler()->mov(x86::eax, x86::edi); m_core.get_assembler()->mov(x86::eax, x86::edi);
m_core.get_assembler()->mov(x86::ebx, x86::esi); m_core.get_assembler()->mov(x86::ebx, x86::esi);
// calculate in eax: (X | Y) // calculate in eax: (X | Y)
// store result in stack // store result in stack
m_core.get_assembler()->or_(x86::eax, x86::ebx); // eax = X | Y m_core.get_assembler()->or_(x86::eax, x86::ebx); // eax = X | Y
m_core.get_assembler()->push(x86::eax); m_core.get_assembler()->push(x86::eax);
// calculate in eax: (X & Y) // calculate in eax: (X & Y)
m_core.get_assembler()->mov(x86::eax, x86::edi); m_core.get_assembler()->mov(x86::eax, x86::edi);
m_core.get_assembler()->and_(x86::eax, x86::ebx); m_core.get_assembler()->and_(x86::eax, x86::ebx);
// get (X | Y) from stack and substraction (X & Y) // get (X | Y) from stack and substraction (X & Y)
// store result in ecx // store result in ecx
m_core.get_assembler()->pop(x86::ecx); m_core.get_assembler()->pop(x86::ecx);
m_core.get_assembler()->sub(x86::ecx, x86::eax); m_core.get_assembler()->sub(x86::ecx, x86::eax);
m_core.get_assembler()->mov(x86::eax, x86::ecx); m_core.get_assembler()->mov(x86::eax, x86::ecx);
// store result in stack and manipulate it // store result in stack and manipulate it
m_core.get_assembler()->push(x86::eax); m_core.get_assembler()->push(x86::eax);
m_core.get_assembler()->mov(x86::ebx, x86::eax); m_core.get_assembler()->mov(x86::ebx, x86::eax);
m_core.get_assembler()->xor_(x86::ebx, x86::edi); m_core.get_assembler()->xor_(x86::ebx, x86::edi);
// its loc // its loc
m_core.get_assembler()->bind(new_label); m_core.get_assembler()->bind(new_label);
// store base pointer and push new from stack // store base pointer and push new from stack
m_core.get_assembler()->push(x86::rbp); m_core.get_assembler()->push(x86::rbp);
m_core.get_assembler()->mov(x86::rbp, x86::rsp); m_core.get_assembler()->mov(x86::rbp, x86::rsp);
gen_math_operations(); gen_math_operations();
// restore base pointer // restore base pointer
m_core.get_assembler()->pop(x86::rbp); m_core.get_assembler()->pop(x86::rbp);
break; break;
} }
case 1: { case 1: {
Label new_label = m_core.get_assembler()->newLabel(); Label new_label = m_core.get_assembler()->newLabel();
gen_math_operations(); gen_math_operations();
// create new jump equal to label // create new jump equal to label
m_core.get_assembler()->je(new_label); m_core.get_assembler()->je(new_label);
// load x and y into regs // load x and y into regs
m_core.get_assembler()->mov(x86::eax, x86::edi); m_core.get_assembler()->mov(x86::eax, x86::edi);
m_core.get_assembler()->mov(x86::ebx, x86::esi); m_core.get_assembler()->mov(x86::ebx, x86::esi);
// calculate in eax: (X & Y) // calculate in eax: (X & Y)
// store result in stack // store result in stack
m_core.get_assembler()->and_(x86::eax, x86::ebx); m_core.get_assembler()->and_(x86::eax, x86::ebx);
m_core.get_assembler()->push(x86::eax); m_core.get_assembler()->push(x86::eax);
// calculate in eax: (X | Y) // calculate in eax: (X | Y)
m_core.get_assembler()->mov(x86::eax, x86::edi); m_core.get_assembler()->mov(x86::eax, x86::edi);
m_core.get_assembler()->or_(x86::eax, x86::ebx); m_core.get_assembler()->or_(x86::eax, x86::ebx);
// get (X & Y) from stack and addition (X | Y) // get (X & Y) from stack and addition (X | Y)
// store result in ecx // store result in ecx
m_core.get_assembler()->pop(x86::ecx); m_core.get_assembler()->pop(x86::ecx);
m_core.get_assembler()->add(x86::ecx, x86::eax); m_core.get_assembler()->add(x86::ecx, x86::eax);
m_core.get_assembler()->mov(x86::eax, x86::ecx); m_core.get_assembler()->mov(x86::eax, x86::ecx);
// store result in stack and manipulate it // store result in stack and manipulate it
m_core.get_assembler()->push(x86::eax); m_core.get_assembler()->push(x86::eax);
m_core.get_assembler()->mov(x86::ebx, x86::eax); m_core.get_assembler()->mov(x86::ebx, x86::eax);
m_core.get_assembler()->xor_(x86::ebx, x86::edi); m_core.get_assembler()->xor_(x86::ebx, x86::edi);
// its loc // its loc
m_core.get_assembler()->bind(new_label); m_core.get_assembler()->bind(new_label);
// store base pointer and push new from stack // store base pointer and push new from stack
m_core.get_assembler()->push(x86::rbp); m_core.get_assembler()->push(x86::rbp);
m_core.get_assembler()->mov(x86::rbp, x86::rsp); m_core.get_assembler()->mov(x86::rbp, x86::rsp);
gen_math_operations(); gen_math_operations();
// restore base pointer // restore base pointer
m_core.get_assembler()->pop(x86::rbp); m_core.get_assembler()->pop(x86::rbp);
break; break;
} }
case 2: { case 2: {
Label new_label = m_core.get_assembler()->newLabel(); Label new_label = m_core.get_assembler()->newLabel();
// create new jump equal to label // create new jump equal to label
m_core.get_assembler()->je(new_label); m_core.get_assembler()->je(new_label);
// load x and y into regs // load x and y into regs
m_core.get_assembler()->mov(x86::eax, x86::edi); m_core.get_assembler()->mov(x86::eax, x86::edi);
m_core.get_assembler()->mov(x86::ebx, x86::esi); m_core.get_assembler()->mov(x86::ebx, x86::esi);
// calculate in eax: (X & Y) // calculate in eax: (X & Y)
// store result in stack // store result in stack
m_core.get_assembler()->xor_(x86::eax, x86::ebx); m_core.get_assembler()->xor_(x86::eax, x86::ebx);
m_core.get_assembler()->neg(x86::eax); m_core.get_assembler()->neg(x86::eax);
m_core.get_assembler()->push(x86::eax); m_core.get_assembler()->push(x86::eax);
// calculate in eax: (X | Y) // calculate in eax: (X | Y)
m_core.get_assembler()->mov(x86::eax, x86::edi); m_core.get_assembler()->mov(x86::eax, x86::edi);
m_core.get_assembler()->neg(x86::eax); m_core.get_assembler()->neg(x86::eax);
m_core.get_assembler()->and_(x86::eax, x86::ebx); m_core.get_assembler()->and_(x86::eax, x86::ebx);
// get (X & Y) from stack and addition (X | Y) // get (X & Y) from stack and addition (X | Y)
// store result in ecx // store result in ecx
m_core.get_assembler()->pop(x86::ecx); m_core.get_assembler()->pop(x86::ecx);
m_core.get_assembler()->add(x86::ecx, x86::eax); m_core.get_assembler()->add(x86::ecx, x86::eax);
m_core.get_assembler()->mov(x86::eax, x86::ecx); m_core.get_assembler()->mov(x86::eax, x86::ecx);
// store result in stack and manipulate it // store result in stack and manipulate it
m_core.get_assembler()->push(x86::eax); m_core.get_assembler()->push(x86::eax);
m_core.get_assembler()->mov(x86::ebx, x86::eax); m_core.get_assembler()->mov(x86::ebx, x86::eax);
m_core.get_assembler()->xor_(x86::ebx, x86::edi); m_core.get_assembler()->xor_(x86::ebx, x86::edi);
// its loc // its loc
m_core.get_assembler()->bind(new_label); m_core.get_assembler()->bind(new_label);
// store base pointer and push new from stack // store base pointer and push new from stack
m_core.get_assembler()->push(x86::rbp); m_core.get_assembler()->push(x86::rbp);
m_core.get_assembler()->mov(x86::rbp, x86::rsp); m_core.get_assembler()->mov(x86::rbp, x86::rsp);
gen_math_operations(); gen_math_operations();
// restore base pointer // restore base pointer
m_core.get_assembler()->pop(x86::rbp); m_core.get_assembler()->pop(x86::rbp);
break; break;
} }
} }
} }