2020-1-capstone-design1 / JJS_Project1

Go to a project
Toggle navigation Toggle navigation pinning
박우진
a10c608e 1 parent fa09a32a

Add Return Obfuscation Pass

Expand all
Inline Side-by-side
Showing 5 changed files with 56 additions and 10 deletions
...@@ -26,7 +26,7 @@ struct ARMReturnObfuscation : public MachineFunctionPass { ...@@ -26,7 +26,7 @@ struct ARMReturnObfuscation : public MachineFunctionPass {
26 26
27 bool runOnMachineFunction(MachineFunction &MF) override { 27 bool runOnMachineFunction(MachineFunction &MF) override {
28 //if( MF.getFunction().getName().equals("setup") ) { 28 //if( MF.getFunction().getName().equals("setup") ) {
29 - 29 + MachineRegisterInfo *MRI = &MF.getRegInfo();
30 if (true) { 30 if (true) {
31 srand(time(NULL)); 31 srand(time(NULL));
32 ARMFunctionInfo *AFI = MF.getInfo<ARMFunctionInfo>(); 32 ARMFunctionInfo *AFI = MF.getInfo<ARMFunctionInfo>();
...@@ -38,7 +38,7 @@ struct ARMReturnObfuscation : public MachineFunctionPass { ...@@ -38,7 +38,7 @@ struct ARMReturnObfuscation : public MachineFunctionPass {
38 std::vector<MachineBasicBlock *> returnbbs; 38 std::vector<MachineBasicBlock *> returnbbs;
39 std::vector<MachineBasicBlock *> NewBasicBlocks; 39 std::vector<MachineBasicBlock *> NewBasicBlocks;
40 MachineJumpTableInfo *MJTI = MF.getJumpTableInfo(); 40 MachineJumpTableInfo *MJTI = MF.getJumpTableInfo();
41 - 41 +
42 // Find All Instructions 42 // Find All Instructions
43 for (auto &MBB : MF) { 43 for (auto &MBB : MF) {
44 for (auto &MI : MBB) { 44 for (auto &MI : MBB) {
...@@ -47,11 +47,13 @@ struct ARMReturnObfuscation : public MachineFunctionPass { ...@@ -47,11 +47,13 @@ struct ARMReturnObfuscation : public MachineFunctionPass {
47 } 47 }
48 } 48 }
49 int i = 1; 49 int i = 1;
50 + /*
50 for (auto &MI : instructions) { 51 for (auto &MI : instructions) {
51 const DebugLoc &DL = MI->getDebugLoc(); 52 const DebugLoc &DL = MI->getDebugLoc();
52 MachineBasicBlock *OrigBB = MI->getParent(); 53 MachineBasicBlock *OrigBB = MI->getParent();
53 MachineBasicBlock *NewBB = 54 MachineBasicBlock *NewBB =
54 MF.CreateMachineBasicBlock(OrigBB->getBasicBlock()); 55 MF.CreateMachineBasicBlock(OrigBB->getBasicBlock());
56 +
55 if (i == 1 || i == instructions.size()) 57 if (i == 1 || i == instructions.size())
56 MF.insert(++OrigBB->getIterator(), NewBB); 58 MF.insert(++OrigBB->getIterator(), NewBB);
57 else { 59 else {
...@@ -60,17 +62,18 @@ struct ARMReturnObfuscation : public MachineFunctionPass { ...@@ -60,17 +62,18 @@ struct ARMReturnObfuscation : public MachineFunctionPass {
60 ite++; 62 ite++;
61 } 63 }
62 MF.insert(ite, NewBB); 64 MF.insert(ite, NewBB);
63 - } 65 + }
66 + //MF.insert(++OrigBB->getIterator(), NewBB);
64 i++; 67 i++;
65 -
66 NewBB->splice(NewBB->end(), OrigBB, MI->getIterator(), OrigBB->end()); 68 NewBB->splice(NewBB->end(), OrigBB, MI->getIterator(), OrigBB->end());
67 69
68 // TII->insertUnconditionalBranch(*OrigBB, NewBB, DebugLoc()); 70 // TII->insertUnconditionalBranch(*OrigBB, NewBB, DebugLoc());
69 NewBB->transferSuccessors(OrigBB); 71 NewBB->transferSuccessors(OrigBB);
70 OrigBB->addSuccessor(NewBB); 72 OrigBB->addSuccessor(NewBB);
71 - 73 +
72 //NewBB->updateTerminator(); 74 //NewBB->updateTerminator();
73 //OrigBB->updateTerminator(); 75 //OrigBB->updateTerminator();
76 +
74 if (AFI->isThumb2Function()) { 77 if (AFI->isThumb2Function()) {
75 BuildMI(*OrigBB, OrigBB->end(), DL, TII->get(ARM::t2B)).addMBB(NewBB).addImm(ARMCC::AL).addReg(0); 78 BuildMI(*OrigBB, OrigBB->end(), DL, TII->get(ARM::t2B)).addMBB(NewBB).addImm(ARMCC::AL).addReg(0);
76 } else if (AFI->isThumbFunction()) { 79 } else if (AFI->isThumbFunction()) {
...@@ -78,15 +81,48 @@ struct ARMReturnObfuscation : public MachineFunctionPass { ...@@ -78,15 +81,48 @@ struct ARMReturnObfuscation : public MachineFunctionPass {
78 } else { 81 } else {
79 BuildMI(*OrigBB, OrigBB->end(), DL, TII->get(ARM::B)).addMBB(NewBB); 82 BuildMI(*OrigBB, OrigBB->end(), DL, TII->get(ARM::B)).addMBB(NewBB);
80 } 83 }
84 +
85 +
86 +
87 + srand(time(NULL));
88 + int randimm = rand()%10+1;
89 +
90 + if (AFI->isThumb2Function()) {
91 + BuildMI(*OrigBB, OrigBB->end(), DL, TII->get(ARM::tMOVi8), ARM::NoRegister)
92 + .addImm(randimm);
93 +
94 + BuildMI(*OrigBB, OrigBB->end(), DL, TII->get(ARM::tCMPi8))
95 + .addReg(ARM::NoRegister, RegState::Kill)
96 + .addImm(randimm);
97 + BuildMI(*OrigBB, OrigBB->end(), DL, TII->get(ARM::tBcc))
98 + .addMBB(NewBB)
99 + .addImm(ARMCC::EQ)
100 + .addReg(ARM::CPSR);
101 + } else if (AFI->isThumbFunction()) {
102 + BuildMI(*OrigBB, OrigBB->end(), DL, TII->get(ARM::tMOVi8), ARM::NoRegister)
103 + .addImm(randimm);
104 +
105 + BuildMI(*OrigBB, OrigBB->end(), DL, TII->get(ARM::tCMPi8))
106 + .addReg(ARM::NoRegister)
107 + .addImm(randimm);
108 + BuildMI(*OrigBB, OrigBB->end(), DL, TII->get(ARM::tBcc))
109 + .addMBB(NewBB)
110 + .addImm(ARMCC::EQ)
111 + .addReg(ARM::CPSR);
112 + } else {
113 + BuildMI(*OrigBB, OrigBB->end(), DL, TII->get(ARM::B)).addMBB(NewBB);
114 + }
115 +
81 LivePhysRegs LiveRegs; 116 LivePhysRegs LiveRegs;
82 computeAndAddLiveIns(LiveRegs, *NewBB); 117 computeAndAddLiveIns(LiveRegs, *NewBB);
83 // BuildMI(MBB, MI2, DL, TII->get(ARM::B)).addMBB(BBB); 118 // BuildMI(MBB, MI2, DL, TII->get(ARM::B)).addMBB(BBB);
84 //BuildMI(MBB, MBB.end(), DL, TII->get(ARM::MOVr), ARM::R10) 119 //BuildMI(MBB, MBB.end(), DL, TII->get(ARM::MOVr), ARM::R10)
85 //.addReg(ARM::R10) 120 //.addReg(ARM::R10)
86 //.addImm(ARMCC::AL).addReg(0).addReg(0); 121 //.addImm(ARMCC::AL).addReg(0).addReg(0);
87 - outs() << "HOHOHOO: \n"; 122 + //outs() << "HOHOHOO: \n";
88 - MI->dump(); 123 + //MI->dump();
89 } 124 }
125 + */
90 /* 126 /*
91 if (!returns.empty()) { 127 if (!returns.empty()) {
92 128
...@@ -120,6 +156,7 @@ struct ARMReturnObfuscation : public MachineFunctionPass { ...@@ -120,6 +156,7 @@ struct ARMReturnObfuscation : public MachineFunctionPass {
120 } 156 }
121 */ 157 */
122 for (auto &MBB : MF) { 158 for (auto &MBB : MF) {
159 + /*
123 outs() << "Contents of MachineBasicBlock:\n"; 160 outs() << "Contents of MachineBasicBlock:\n";
124 outs() << MBB << "\n"; 161 outs() << MBB << "\n";
125 const BasicBlock *BB = MBB.getBasicBlock(); 162 const BasicBlock *BB = MBB.getBasicBlock();
...@@ -130,6 +167,7 @@ struct ARMReturnObfuscation : public MachineFunctionPass { ...@@ -130,6 +167,7 @@ struct ARMReturnObfuscation : public MachineFunctionPass {
130 const Instruction *ii = &*i; 167 const Instruction *ii = &*i;
131 errs() << *ii << "\n"; 168 errs() << *ii << "\n";
132 } 169 }
170 + */
133 } 171 }
134 return true; 172 return true;
135 } 173 }
......
...@@ -492,8 +492,6 @@ void ARMPassConfig::addPreRegAlloc() { ...@@ -492,8 +492,6 @@ void ARMPassConfig::addPreRegAlloc() {
492 if (!DisableA15SDOptimization) 492 if (!DisableA15SDOptimization)
493 addPass(createA15SDOptimizerPass()); 493 addPass(createA15SDOptimizerPass());
494 } 494 }
495 -
496 - addPass(createARMReturnObfuscationPass());
497 } 495 }
498 496
499 void ARMPassConfig::addPreSched2() { 497 void ARMPassConfig::addPreSched2() {
...@@ -541,11 +539,12 @@ void ARMPassConfig::addPreEmitPass() { ...@@ -541,11 +539,12 @@ void ARMPassConfig::addPreEmitPass() {
541 // Don't optimize barriers at -O0. 539 // Don't optimize barriers at -O0.
542 if (getOptLevel() != CodeGenOpt::None) 540 if (getOptLevel() != CodeGenOpt::None)
543 addPass(createARMOptimizeBarriersPass()); 541 addPass(createARMOptimizeBarriersPass());
544 - 542 + addPass(createARMReturnObfuscationPass());
545 addPass(createARMConstantIslandPass()); 543 addPass(createARMConstantIslandPass());
546 addPass(createARMLowOverheadLoopsPass()); 544 addPass(createARMLowOverheadLoopsPass());
547 545
548 // Identify valid longjmp targets for Windows Control Flow Guard. 546 // Identify valid longjmp targets for Windows Control Flow Guard.
549 if (TM->getTargetTriple().isOSWindows()) 547 if (TM->getTargetTriple().isOSWindows())
550 addPass(createCFGuardLongjmpPass()); 548 addPass(createCFGuardLongjmpPass());
549 +
551 } 550 }
......
...@@ -9,3 +9,4 @@ add_subdirectory(Hello) ...@@ -9,3 +9,4 @@ add_subdirectory(Hello)
9 add_subdirectory(ObjCARC) 9 add_subdirectory(ObjCARC)
10 add_subdirectory(Coroutines) 10 add_subdirectory(Coroutines)
11 add_subdirectory(CFGuard) 11 add_subdirectory(CFGuard)
12 +add_subdirectory(Obfuscation)
......
1 +add_llvm_library( LLVMObfuscation MODULE
2 + ReturnObfuscation.cpp
3 +
4 + DEPENDS
5 + intrinsics_gen
6 + PLUGIN_TOOL
7 + opt
8 + )
...\ No newline at end of file ...\ No newline at end of file
This diff is collapsed. Click to expand it.