forked from HikariObfuscator/Core
-
Notifications
You must be signed in to change notification settings - Fork 0
/
IndirectBranch.cpp
135 lines (134 loc) · 4.99 KB
/
IndirectBranch.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
// For open-source license, please refer to [License](https://github.com/HikariObfuscator/Hikari/wiki/License).
//===----------------------------------------------------------------------===//
#include "llvm/IR/Constants.h"
#include "llvm/IR/IRBuilder.h"
#include "llvm/IR/InstIterator.h"
#include "llvm/IR/Instructions.h"
#include "llvm/IR/Module.h"
#include "llvm/IR/Value.h"
#include "llvm/Pass.h"
#include "llvm/Support/CommandLine.h"
#include "llvm/Support/raw_ostream.h"
#include "llvm/Transforms/Obfuscation/Obfuscation.h"
#include "llvm/Transforms/Utils/BasicBlockUtils.h"
using namespace llvm;
using namespace std;
namespace llvm {
struct IndirectBranch : public FunctionPass {
static char ID;
bool flag;
bool initialized;
map<BasicBlock *, unsigned long long> indexmap;
IndirectBranch() : FunctionPass(ID) {
this->flag = true;
this->initialized = false;
}
IndirectBranch(bool flag) : FunctionPass(ID) {
this->flag = flag;
this->initialized = false;
}
StringRef getPassName() const override { return StringRef("IndirectBranch"); }
bool initialize(Module &M) {
vector<Constant *> BBs;
unsigned long long i = 0;
for (auto F = M.begin(); F != M.end(); F++) {
for (auto BB = F->begin(); BB != F->end(); BB++) {
BasicBlock *BBPtr = &*BB;
if (BBPtr != &(BBPtr->getParent()->getEntryBlock())) {
indexmap[BBPtr] = i++;
BBs.push_back(BlockAddress::get(BBPtr));
}
}
}
ArrayType *AT =
ArrayType::get(Type::getInt8PtrTy(M.getContext()), BBs.size());
Constant *BlockAddressArray =
ConstantArray::get(AT, ArrayRef<Constant *>(BBs));
GlobalVariable *Table = new GlobalVariable(
M, AT, false, GlobalValue::LinkageTypes::InternalLinkage,
BlockAddressArray, "IndirectBranchingGlobalTable");
appendToCompilerUsed(M, {Table});
return true;
}
bool runOnFunction(Function &Func) override {
if (!toObfuscate(flag, &Func, "indibr")) {
return false;
}
if (this->initialized == false) {
initialize(*Func.getParent());
this->initialized = true;
}
errs() << "Running IndirectBranch On " << Func.getName() << "\n";
vector<BranchInst *> BIs;
for (inst_iterator I = inst_begin(Func); I != inst_end(Func); I++) {
Instruction *Inst = &(*I);
if (BranchInst *BI = dyn_cast<BranchInst>(Inst)) {
BIs.push_back(BI);
}
} // Finish collecting branching conditions
Value *zero =
ConstantInt::get(Type::getInt32Ty(Func.getParent()->getContext()), 0);
for (BranchInst *BI : BIs) {
IRBuilder<> IRB(BI);
vector<BasicBlock *> BBs;
// We use the condition's evaluation result to generate the GEP
// instruction False evaluates to 0 while true evaluates to 1. So here
// we insert the false block first
if (BI->isConditional()) {
BBs.push_back(BI->getSuccessor(1));
}
BBs.push_back(BI->getSuccessor(0));
ArrayType *AT = ArrayType::get(
Type::getInt8PtrTy(Func.getParent()->getContext()), BBs.size());
vector<Constant *> BlockAddresses;
for (unsigned i = 0; i < BBs.size(); i++) {
BlockAddresses.push_back(BlockAddress::get(BBs[i]));
}
GlobalVariable *LoadFrom = NULL;
if (BI->isConditional() ||
indexmap.find(BI->getSuccessor(0)) == indexmap.end()) {
// Create a new GV
Constant *BlockAddressArray =
ConstantArray::get(AT, ArrayRef<Constant *>(BlockAddresses));
LoadFrom = new GlobalVariable(
*Func.getParent(), AT, false,
GlobalValue::LinkageTypes::PrivateLinkage, BlockAddressArray,
"HikariConditionalLocalIndirectBranchingTable");
appendToCompilerUsed(*Func.getParent(), {LoadFrom});
} else {
LoadFrom = Func.getParent()->getGlobalVariable(
"IndirectBranchingGlobalTable", true);
}
Value *index = NULL;
if (BI->isConditional()) {
Value *condition = BI->getCondition();
index = IRB.CreateZExt(
condition, Type::getInt32Ty(Func.getParent()->getContext()));
} else {
index =
ConstantInt::get(Type::getInt32Ty(Func.getParent()->getContext()),
indexmap[BI->getSuccessor(0)]);
}
Value *GEP = IRB.CreateGEP(LoadFrom, {zero, index});
LoadInst *LI = IRB.CreateLoad(GEP, "IndirectBranchingTargetAddress");
IndirectBrInst *indirBr = IndirectBrInst::Create(LI, BBs.size());
for (BasicBlock *BB : BBs) {
indirBr->addDestination(BB);
}
ReplaceInstWithInst(BI, indirBr);
}
return true;
}
virtual bool doFinalization(Module &M) override {
indexmap.clear();
initialized = false;
return false;
}
};
} // namespace llvm
FunctionPass *llvm::createIndirectBranchPass() { return new IndirectBranch(); }
FunctionPass *llvm::createIndirectBranchPass(bool flag) {
return new IndirectBranch(flag);
}
char IndirectBranch::ID = 0;
INITIALIZE_PASS(IndirectBranch, "indibran", "IndirectBranching", true, true)