01-29-2025, 05:17 PM
(This post was last modified: 01-29-2025, 05:52 PM by Anne Wilson.)
Thanks so much Pierre
I have created the following program "Obfuscator Maker.bas" to create
hex strings out of the Opcode string pointers to 3 functions, namely
Multiplication , Matrix Multiply and Addition.
These 3 functions hex strings are to be written out to 3 text files.
The hex strings can be subsequently used for deployment into another
new program without the need to declare these functions in this
new program.
Two of these functions work --> Multiplication of 2 numbers and Addition
of 3 numbers. Unfortunately the MatrixMultiply function fail and it GPF ?
Not sure why the MatrixMultiply function fail but it works well directly without
using the CALL DWORD opcode string
Pierre
What's the purpose of this line of code
Is it a marker of some sort to mark the end of a function ?
how does it work ? does it do some action ?
I have created the following program "Obfuscator Maker.bas" to create
hex strings out of the Opcode string pointers to 3 functions, namely
Multiplication , Matrix Multiply and Addition.
These 3 functions hex strings are to be written out to 3 text files.
The hex strings can be subsequently used for deployment into another
new program without the need to declare these functions in this
new program.
Two of these functions work --> Multiplication of 2 numbers and Addition
of 3 numbers. Unfortunately the MatrixMultiply function fail and it GPF ?
Not sure why the MatrixMultiply function fail but it works well directly without
using the CALL DWORD opcode string
Code:
' Obfuscator Maker.bas
' Inspired by Pierre
' https://forum.powerbasic.com/forum/user-to-user-discussions/programming/838669-calling-opcode-string-discussion?p=838671#post838671
' http://pump.richheimer.de/showthread.php?tid=21&pid=78#pid78
' This program makes obfuscator hex strings of a given function
' and save this string into a txt file, which can then be deployed
' to other programs
' It is used to test out functions before deployment
#COMPILE EXE
#DIM ALL
#INCLUDE "Win32Api.inc"
GLOBAL hDlg AS DWORD
' pointers params for the Multiplication function
GLOBAL pStringMult , pcodeMult AS DWORD
GLOBAL sAsmMult AS STRING
' pointers params for the Matrix Multiply function
GLOBAL pStringMat , pcodeMat AS DWORD
GLOBAL sAsmMat AS STRING
' pointers params for the Addition function
GLOBAL pStringAdd , pcodeAdd AS DWORD
GLOBAL sAsmAdd AS STRING
$AppName = " Obfuscator Maker "
%Lab01 = 101
%ButtonMult = 201
%ButtonMat = 202
%ButtonAdd = 203
'for call dword usage -- for Masquerading the real functions
' for the multiplication function
DECLARE FUNCTION MasqueradeMt(BYVAL var1 AS LONG ,BYVAL var2 AS LONG) AS LONG
' Function declaration string
$DecFnStr1 = "DECLARE FUNCTION MasqueradeMt(BYVAL var1 AS LONG ,BYVAL var2 AS LONG) AS LONG"
DECLARE FUNCTION MasqueradeM( ) AS STRING
$DecFnStr2 = "DECLARE FUNCTION MasqueradeM( ) AS STRING "
' for the Add function
DECLARE FUNCTION MasqueradeA(BYVAL var1 AS LONG , _
BYVAL var2 AS LONG, BYVAL var3 AS LONG) AS LONG
' Function declaration string
$DecFnStr3 = "DECLARE FUNCTION MasqueradeA(BYVAL var1 AS LONG ," + _
" BYVAL var2 AS LONG, BYVAL var3 AS LONG) AS LONG"
' place your function here ********************
'===================================
' a simple multiplication function
FUNCTION Mult2Numbers(BYVAL var1 AS LONG , BYVAL var2 AS LONG) AS LONG
FUNCTION = var1 * var2
EXIT FUNCTION
' End of function marker to indicate the final end of function
' http://pump.richheimer.de/showthread.php?tid=21&pid=78#pid78
!DB &h12, &h34, &h56, &h78, &h9A, &hBC, &hDE, &hF0
END FUNCTION
'===================================
' a simple addition function
FUNCTION Add3Numbers(BYVAL var1 AS LONG , BYVAL var2 AS LONG ,_
BYVAL var3 AS LONG) AS LONG
FUNCTION = var1 + var2 + var3
EXIT FUNCTION
' End of function marker to indicate the final end of function
' http://pump.richheimer.de/showthread.php?tid=21&pid=78#pid78
!DB &h12, &h34, &h56, &h78, &h9A, &hBC, &hDE, &hF0
END FUNCTION
'=====================================
' a complex function
FUNCTION MatrixMultiply( ) AS STRING
' see the answers in
' https://www.mathsisfun.com/algebra/matrix-multiplying.html
'
LOCAL i, j, k AS LONG
LOCAL sum AS LONG
' Note that do NOT use global as cannot pass **************
' global arguments into a CALL DWORD function
' for the Matrix Multiply function
LOCAL MResult() AS LONG
LOCAL MatA() AS LONG
LOCAL MatB() AS LONG
' setup the matrices -- one time only
REDIM MatA(5) ' 2x3 matrix
REDIM MatB(5) ' 3x2 matrix
REDIM MResult(4) ' 2x2 matrix
' Assignments of values as in
' https://www.mathsisfun.com/algebra/matrix-multiplying.html
ARRAY ASSIGN MatA() = 1,2,3,4,5,6
ARRAY ASSIGN MatB() = 7,8,9,10,11,12
FOR i = 0 TO 1
FOR j = 0 TO 1
sum = 0
FOR k = 0 TO 2
sum = sum + MatA(i * 3 + k) * MatB(k * 2 + j)
NEXT k
MResult(i * 2 + j) = sum
NEXT j
NEXT i
'? " sum " + str$(sum)
' the result string
LOCAL ResStr AS STRING
LOCAL ResVal AS LONG
ResStr = ""
FOR i = 0 TO 1
FOR j = 0 TO 1
ResVal = MResult(i * 2 + j)
ResStr += " " + STR$(ResVal)
NEXT j
NEXT i
FUNCTION = ResStr
' End of function marker to indicate the final end of function
!DB &h12, &h34, &h56, &h78, &h9A, &hBC, &hDE, &hF0
END FUNCTION
'==================================
' Setup functions' parameters
SUB SetupFunParams
' Get ready with these function params
' for the Mult2Numbers function
pcodeMult = CODEPTR(Mult2Numbers)
' Obtain the pointer to the ASM string for the
' Mult2Numbers function
Obtain_PtrStringGen( pcodeMult , pStringMult , sAsmMult , 1 )
' for the Matrix Multiply function --> Fail ***************************
pcodeMat = CODEPTR(MatrixMultiply)
' Obtain the pointer to the ASM string for the
' Matrix Multiply function
Obtain_PtrStringGen( pcodeMat , pStringMat , sAsmMat , 2 )
' for the Addition function
pcodeAdd = CODEPTR(Add3Numbers)
' Obtain the pointer to the ASM string for the
' Addition function
Obtain_PtrStringGen( pcodeAdd , pStringAdd , sAsmAdd , 3 )
END SUB
'============================
FUNCTION PBMAIN()
#REGISTER NONE
' Setup functions' parameters
SetupFunParams
DIALOG FONT "Segoe UI", 9
DIALOG NEW %HWND_DESKTOP, $AppName, , , 200, 140, _
%WS_CAPTION OR %WS_MINIMIZEBOX OR %WS_MAXIMIZEBOX OR %WS_SIZEBOX _
OR %WS_SYSMENU, %WS_EX_LEFT TO hDlg
CONTROL ADD LABEL, hDlg, %Lab01 , "Obfuscate using String Pointers to functions",_
15, 10, 190, 11
CONTROL ADD BUTTON, hDlg, %ButtonMult , "Mult function strptr()",_
55, 35, 90, 15
CONTROL ADD BUTTON, hDlg, %ButtonMat, "Matix multiply function strptr()",_
55, 65, 120, 15
CONTROL ADD BUTTON, hDlg, %ButtonAdd , "Add function strptr()",_
55, 95, 90, 15
DIALOG SHOW MODAL hDlg CALL DlgProc
END FUNCTION
'====================================
CALLBACK FUNCTION DlgProc
LOCAL RetVal AS LONG
LOCAL dispst AS STRING
SELECT CASE CB.MSG
CASE %WM_INITDIALOG
CASE %WM_COMMAND
SELECT CASE CB.CTL
CASE %ButtonMult
' compute -- You need to TEST the function out
' so that it is accurate before deployment
IF CB.CTLMSG = %BN_CLICKED OR CB.CTLMSG = 1 THEN
RetVal = 0
' using string pointer to point to the Mult2Numbers function
CALL DWORD pStringMult USING MasqueradeMt(519, 23) TO RetVal
MessageBox(hDlg, "CALL DWORD pStringMult result of 519 and 23 =" & _
STR$(RetVal), "String Pointer to Mult function", 266240)
END IF
CASE %ButtonMat
' compute the
IF CB.CTLMSG = %BN_CLICKED OR CB.CTLMSG = 1 THEN
dispst = ""
' using string pointer to point to the MatrixMultiply function --> Fail ***************
CALL DWORD pStringMat USING MasqueradeM() TO dispst
' Call the real function as a test the function first
' to ensure correct computation --> this works
' dispst = MatrixMultiply()
MessageBox(hDlg, "CALL DWORD pStringMat with matrix result : " + $CRLF+ dispst , _
"String Pointer to Matrix Multiply function ", 266240)
END IF
CASE %ButtonAdd
' compute -- You need to TEST the function out
' so that it is accurate before deployment
IF CB.CTLMSG = %BN_CLICKED OR CB.CTLMSG = 1 THEN
RetVal = 0
' using string pointer to point to the Add3Numbers function
CALL DWORD pStringAdd USING MasqueradeA(19,325, 93) TO RetVal
MessageBox(hDlg, "CALL DWORD pStringAdd result of 19 , 325 and 93 =" & _
STR$(RetVal), "String Pointer to Add function", 266240)
END IF
END SELECT
END SELECT
END FUNCTION
'=========================
' Obtain the pointer to the ASM string
' for General usage.
' and creates the text file for the wsAsm string
' gpar = indicator for a specific function
SUB Obtain_PtrStringGen( BYVAL gpcode AS DWORD, _
BYREF WpString AS DWORD ,BYREF wsAsm AS STRING , gpar AS LONG )
LOCAL byteVal AS BYTE
LOCAL sTerminator AS STRING
sTerminator = CHR$(&h12, &h34, &h56, &h78, &h9A, &hBC, &hDE, &hF0 )
' clear off any prev values
WpString = 0
wsAsm = ""
' Assemble WsAsm byte by byte
' and looking for the end of function marker
DO
WsAsm &= PEEK$(gpcode, 1)
INCR gpcode
IF INSTR(WsAsm, sTerminator) THEN
'found the end of function marker
WsAsm &= PEEK$(gpcode, 16)
EXIT DO
END IF
LOOP
' Gets the pointer to the wanted function's ASM string
WpString = STRPTR(WsAsm)
' Convert to hex as it is printable
LOCAL HxStrAsm , OrigAsm AS STRING
HxStrAsm = HexDump(WsAsm)
SLEEP 10
OrigAsm = DeHex(HxStrAsm)
SLEEP 10
LOCAL filNamAsm , DecFn AS STRING
filNamAsm = "Output WsAsm " + STR$(gpar) + ".txt"
' gets the correct declaration function name
' according to gpar
SELECT CASE gpar
CASE 1
DecFn = $DecFnStr1
CASE 2
DecFn = $DecFnStr2
CASE 3
DecFn = $DecFnStr3
END SELECT
' clear off old file
KILL filNamAsm
' prints out the WsAsm string to a text file
LOCAL bf AS LONG
bf = FREEFILE
OPEN filNamAsm FOR OUTPUT AS #bf
PRINT #bf, WsAsm
PRINT #bf,
PRINT #bf,
PRINT #bf,HxStrAsm
PRINT #bf,
PRINT #bf,
PRINT #bf, OrigAsm
PRINT #bf,
PRINT #bf,
PRINT #bf, "Masquerade Function declaration string"
PRINT #bf, DecFn
CLOSE #bf
END SUB
'======================================
' Provide a string of Hex characters
' for a given string sgBuf
FUNCTION HexDump(sgBuf AS STRING) AS STRING
LOCAL sbh AS ISTRINGBUILDERA
sbh = CLASS "STRINGBUILDERA"
LOCAL ihd AS LONG
FOR ihd = 1 TO LEN(sgBuf)
sbh.add HEX$(ASC(MID$(sgBuf,ihd,1)),2)
NEXT
FUNCTION = sbh.string
END FUNCTION
'===================================================
FUNCTION DeHex(Inpt AS STRING) AS STRING
LOCAL i AS INTEGER
LOCAL Xdh AS STRING
FOR i = 1 TO LEN(Inpt) STEP 2
Xdh = Xdh & CHR$(VAL("&H" & MID$(Inpt, i, 2)))
NEXT i
DeHex = Xdh
END FUNCTIONPierre
What's the purpose of this line of code
Code:
!DB &h12, &h34, &h56, &h78, &h9A, &hBC, &hDE, &hF0Is it a marker of some sort to mark the end of a function ?
how does it work ? does it do some action ?