02-05-2025, 02:44 PM
(This post was last modified: 02-05-2025, 03:49 PM by Anne Wilson.)
Thanks so much Charles
Regarding your OxygenBasic code
This is quite similar to PowerBasic when we use CODEPTR() to a function ,
however in my "obfuscator Maker.bas" above, I saved the opcode into a hex string
using the SUB Obtain_PtrStringGen() then I can reuse the hex string in another program
called BB.bas say.
That means the original function code is not listed nor compile inside BB.bas
that's how CALL DWORD opcode method works. It uses ONLY the hex string which
can be hidden or obfuscated.
I will illustrate the use of Hex string with a simplified program
Hence for example usage of this method, I have listed below the program
called "Obfuscator Maker Simple.bas" in order to create the Hex string for
one function -- Multiply 2 numbers.
The Hex string is then obtained from its output file "Output WsAsm 1.txt"
when we execute the "Obfuscator Maker Simple.Exe"
This is the "Output WsAsm 1.txt" as output by the above program.
Now we can create another program called "Obfus Simple.bas" to use this Hex string
obtained from the "Obfuscator Maker Simple.exe" above
Note that we use the Hex string ONLY and no more listing of the Multiplication of 2 numbers function
inside this new program "Obfus Simple.bas" and this can run fairly well
It can run well provided that the function is very simple multiplication , addition and division of LONG
variables and it GPF if the function calls external PowerBasic function or WinAPI functions.
The Hex string can be encrypted as well so that it would be difficult for hackers to decompile
the program.
Regarding your OxygenBasic code
Code:
MyFun:
! mov eax,12345 'integer return value
! ret
EndMyFun:
'TESTING IN SITU:
DIM p as DWORD
DIM result as LONG
p=CODEPTR(MyFun)
DECLARE FUNCTION ReturnSome() AS LONG
CALL DWORD p USING ReturnSome() TO result '12345This is quite similar to PowerBasic when we use CODEPTR() to a function ,
however in my "obfuscator Maker.bas" above, I saved the opcode into a hex string
using the SUB Obtain_PtrStringGen() then I can reuse the hex string in another program
called BB.bas say.
That means the original function code is not listed nor compile inside BB.bas
that's how CALL DWORD opcode method works. It uses ONLY the hex string which
can be hidden or obfuscated.
I will illustrate the use of Hex string with a simplified program
Hence for example usage of this method, I have listed below the program
called "Obfuscator Maker Simple.bas" in order to create the Hex string for
one function -- Multiply 2 numbers.
The Hex string is then obtained from its output file "Output WsAsm 1.txt"
when we execute the "Obfuscator Maker Simple.Exe"
Code:
' Obfuscator Maker Simple.bas
' Inspired by Pierre
' https://forum.powerbasic.com/forum/user-to-user-discussions/programming/838669-calling-opcode-string-discussion?p=838671#post838671
' http://pump.richheimer.de/showthread.php?tid=21&pid=78#pid78
' This program makes obfuscator hex strings of a given function
' and save this string into a txt file, which can then be deployed
' to other programs
' It is used to test out functions before deployment
' This is a simplified version of Obfuscator Maker.bas as it uses
' only one function for multiplication
#COMPILE EXE
#DIM ALL
#INCLUDE "Win32Api.inc"
GLOBAL hDlg AS DWORD
' pointers params for the Multiplication function
GLOBAL pStringMult , pcodeMult AS DWORD
GLOBAL sAsmMult AS STRING
$AppName = "Simple Obfuscator Maker "
%Lab01 = 101
%ButtonMult = 201
' To convert Hex to text use https://www.rapidtables.com/convert/number/hex-to-ascii.html
' End of function marker to indicate the final end of function ëFxtMðÞ
' ë F x t M ð Þ
MACRO FN_END = ! DB &HEB, &H08, &H46, &H78, &H74, &H4D, &hF0 , &HDE, &H00, &H00
'for call dword usage -- for Masquerading the real functions
' for the multiplication function
DECLARE FUNCTION MasqueradeMt(BYVAL var1 AS LONG ,BYVAL var2 AS LONG) AS LONG
' Function declaration string
$DecFnStr1 = "DECLARE FUNCTION MasqueradeMt(BYVAL var1 AS LONG ,BYVAL var2 AS LONG) AS LONG"
' place your functions to be obfuscated here ********************
'===================================
' a simple multiplication function
FUNCTION Mult2Numbers(BYVAL var1 AS LONG , BYVAL var2 AS LONG) AS LONG
FUNCTION = var1 * var2
EXIT FUNCTION
' End of function marker to indicate the final end of function
FN_END
END FUNCTION
'==================================
' Setup functions' parameters into Opcode strings
SUB SetupFunParams
' Get ready with these function params
' for the Mult2Numbers function
pcodeMult = CODEPTR(Mult2Numbers)
' Obtain the pointer to the ASM string for the
' Mult2Numbers function
Obtain_PtrStringGen( pcodeMult , pStringMult , sAsmMult , 1 )
END SUB
'============================
FUNCTION PBMAIN()
#REGISTER NONE
' Setup functions' parameters
SetupFunParams
DIALOG FONT "Segoe UI", 9
DIALOG NEW %HWND_DESKTOP, $AppName, , , 250, 120, _
%WS_CAPTION OR %WS_MINIMIZEBOX OR %WS_MAXIMIZEBOX OR %WS_SIZEBOX _
OR %WS_SYSMENU, %WS_EX_LEFT TO hDlg
CONTROL ADD LABEL, hDlg, %Lab01 , "Obfuscate using String Pointers to functions",_
15, 10, 190, 11
CONTROL ADD BUTTON, hDlg, %ButtonMult , "Mult function strptr()",_
55, 35, 90, 15
DIALOG SHOW MODAL hDlg CALL DlgProc
END FUNCTION
'====================================
CALLBACK FUNCTION DlgProc
LOCAL RetVal AS LONG
LOCAL dispst AS STRING
SELECT CASE CB.MSG
CASE %WM_INITDIALOG
CASE %WM_COMMAND
SELECT CASE CB.CTL
CASE %ButtonMult
' compute -- You need to TEST the function out
' so that it is accurate before deployment
' Simple Multiplication of 2 numbers
IF CB.CTLMSG = %BN_CLICKED OR CB.CTLMSG = 1 THEN
RetVal = 0
' using string pointer to point to the Mult2Numbers function
CALL DWORD pStringMult USING MasqueradeMt(519, 23) TO RetVal
MessageBox(hDlg, "CALL DWORD pStringMult result of 519 and 23 =" & _
STR$(RetVal), "String Pointer to Mult function", 266240)
END IF
END SELECT
END SELECT
END FUNCTION
'=========================
' Obtain the pointer to the ASM string
' for General usage.
' and creates the text file for the wsAsm string
' gpar = indicator for a specific function
SUB Obtain_PtrStringGen( BYVAL gpcode AS DWORD, _
BYREF WpString AS DWORD ,BYREF wsAsm AS STRING , gpar AS LONG )
LOCAL byteVal AS BYTE
LOCAL sTerm AS STRING
' 1 2 3 4 5 6 7 8 9 10
sTerm = CHR$( &HEB, &H08, &H46, &H78, &H74, &H4D, &hF0 , &HDE, &H00, &H00)
' clear off any prev values
WpString = 0
wsAsm = ""
' Assemble WsAsm byte by byte
' and looking for the end of function marker
DO
WsAsm &= PEEK$(gpcode, 1)
INCR gpcode
IF INSTR(WsAsm, sTerm ) THEN
'found the end of function marker
' WsAsm &= PEEK$(gpcode, 16) ' works
WsAsm &= PEEK$(gpcode, 20) ' works
EXIT DO
END IF
LOOP
' Gets the pointer to the wanted function's ASM string
WpString = STRPTR(WsAsm)
' Convert to hex as it is printable
LOCAL HxStrAsm , OrigAsm AS STRING
HxStrAsm = HexDump(WsAsm)
SLEEP 10
OrigAsm = DeHex(HxStrAsm)
SLEEP 10
LOCAL filNamAsm , DecFn AS STRING
filNamAsm = "Output WsAsm " + STR$(gpar) + ".txt"
' gets the correct declaration function name
' according to gpar
SELECT CASE gpar
CASE 1
DecFn = $DecFnStr1
CASE ELSE
DecFn = "Wrong choice"
END SELECT
' clear off old file
KILL filNamAsm
' prints out the WsAsm string to a text file
LOCAL bf AS LONG
bf = FREEFILE
OPEN filNamAsm FOR OUTPUT AS #bf
PRINT #bf, WsAsm
PRINT #bf,
PRINT #bf,
PRINT #bf,HxStrAsm
PRINT #bf,
PRINT #bf,
PRINT #bf, OrigAsm
PRINT #bf,
PRINT #bf,
PRINT #bf, "Masquerade Function declaration string"
PRINT #bf, DecFn
CLOSE #bf
END SUB
'======================================
' Provide a string of Hex characters
' for a given string sgBuf
FUNCTION HexDump(sgBuf AS STRING) AS STRING
LOCAL sbh AS ISTRINGBUILDERA
sbh = CLASS "STRINGBUILDERA"
LOCAL ihd AS LONG
FOR ihd = 1 TO LEN(sgBuf)
sbh.add HEX$(ASC(MID$(sgBuf,ihd,1)),2)
NEXT
FUNCTION = sbh.string
END FUNCTION
'===================================================
FUNCTION DeHex(Inpt AS STRING) AS STRING
LOCAL i AS INTEGER
LOCAL Xdh AS STRING
FOR i = 1 TO LEN(Inpt) STEP 2
Xdh = Xdh & CHR$(VAL("&H" & MID$(Inpt, i, 2)))
NEXT i
DeHex = Xdh
END FUNCTIONThis is the "Output WsAsm 1.txt" as output by the above program.
Code:
U‹ìSVWh? ƒìphƒ 1öVVVVV‹E
÷m‰…hÿÿÿé
ëFxtMðÞ ‹…hÿÿÿeô_^[]Â
558BEC535657683F13000083EC70688310200031F656565656568B450CF76D08898568FFFFFFE90A000000EB084678744DF0DE00008B8568FFFFFF8D65F45F5E5B5DC2080000000000
U‹ìSVWh? ƒìphƒ 1öVVVVV‹E
÷m‰…hÿÿÿé
ëFxtMðÞ ‹…hÿÿÿeô_^[]Â
Masquerade Function declaration string
DECLARE FUNCTION MasqueradeMt(BYVAL var1 AS LONG ,BYVAL var2 AS LONG) AS LONGNow we can create another program called "Obfus Simple.bas" to use this Hex string
obtained from the "Obfuscator Maker Simple.exe" above
Code:
' Obfus Simple.bas
' Inspired by Pierre
' https://forum.powerbasic.com/forum/user-to-user-discussions/programming/838669-calling-opcode-string-discussion?p=838671#post838671
' This program use the Hex string provided by Obfuscator Maker Simple.bas
' for the Multiplication function
' Note that the Multiplication function code is NOT listed in this program
#COMPILE EXE
#DIM ALL
#INCLUDE "Win32Api.inc"
GLOBAL hDlg AS DWORD
' pointers params
GLOBAL pStringMult AS DWORD
GLOBAL sAsmMult AS STRING
$AppName = " Strings pointer Obfuscator Simple"
%Lab01 = 101
%ButtonMult = 202
'for call dword usage -- for Masquerading real functions
DECLARE FUNCTION MasqueradeMt(BYVAL var1 AS LONG ,BYVAL var2 AS LONG) AS LONG
'==================================
' Setup functions' pointers
SUB SetupFunPtr
LOCAL sAsmMultHx , stMultHx AS STRING
' Get ready with these pointers
' Mult2Numbers Multiplication function -- place in the Hex string stMultHx
' obtained from Obfuscator Maker Simple.bas program
stMultHx ="558BEC535657683F13000083EC70688310200031F656565656568B450CF76D08898568FFFFFFE90A000000EB084678744DF0DE00008B8568FFFFFF8D65F45F5E5B5DC2080000000000"
sAsmMultHx = StMultHx
sAsmMult = DeHex(sAsmMultHx)
pStringMult = STRPTR(sAsmMult)
END SUB
'============================
FUNCTION PBMAIN()
#REGISTER NONE
' Setup functions' pointers
SetupFunPtr
DIALOG FONT "Segoe UI", 9
DIALOG NEW %HWND_DESKTOP, $AppName, , , 250, 180, _
%WS_CAPTION OR %WS_MINIMIZEBOX OR %WS_MAXIMIZEBOX OR %WS_SIZEBOX _
OR %WS_SYSMENU, %WS_EX_LEFT TO hDlg
CONTROL ADD LABEL, hDlg, %Lab01 , "Obfuscate using String Pointers to functions",_
15, 10, 190, 11
CONTROL ADD BUTTON, hDlg, %ButtonMult, "Mult2Numbers function strptr()",_
65, 65, 110, 15
DIALOG SHOW MODAL hDlg CALL DlgProc
END FUNCTION
'====================================
CALLBACK FUNCTION DlgProc
LOCAL RetVal AS LONG
SELECT CASE CB.MSG
CASE %WM_INITDIALOG
CASE %WM_COMMAND
SELECT CASE CB.CTL
CASE %ButtonMult
' compute the multiplication of 2 numbers
IF CB.CTLMSG = %BN_CLICKED OR CB.CTLMSG = 1 THEN
RetVal = 0
' using string pointer to point to the matrix function
CALL DWORD pStringMult USING MasqueradeMt(103,81) TO RetVal
MessageBox(hDlg, "CALL DWORD pStringMult result of 103 and 81 = " & _
STR$(RetVal), "String Pointer to Mult2Numbers function", 266240)
END IF
END SELECT
END SELECT
END FUNCTION
'======================================
' Provide a string of Hex characters
' for a given string sgBuf
FUNCTION HexDump(sgBuf AS STRING) AS STRING
LOCAL sbh AS ISTRINGBUILDERA
sbh = CLASS "STRINGBUILDERA"
LOCAL ihd AS LONG
FOR ihd = 1 TO LEN(sgBuf)
sbh.add HEX$(ASC(MID$(sgBuf,ihd,1)),2)
NEXT
FUNCTION = sbh.string
END FUNCTION
'===================================================
FUNCTION DeHex(Inpt AS STRING) AS STRING
LOCAL i AS INTEGER
LOCAL Xdh AS STRING
FOR i = 1 TO LEN(Inpt) STEP 2
Xdh = Xdh & CHR$(VAL("&H" & MID$(Inpt, i, 2)))
NEXT i
DeHex = Xdh
END FUNCTIONNote that we use the Hex string ONLY and no more listing of the Multiplication of 2 numbers function
inside this new program "Obfus Simple.bas" and this can run fairly well
Code:
558BEC535657683F13000083EC70688310200031F656565656568B450CF76D08898568FFFFFFE90A000000EB084678744DF0DE00008B8568FFFFFF8D65F45F5E5B5DC2080000000000It can run well provided that the function is very simple multiplication , addition and division of LONG
variables and it GPF if the function calls external PowerBasic function or WinAPI functions.
The Hex string can be encrypted as well so that it would be difficult for hackers to decompile
the program.