Class: Metasploit::Framework::Obfuscation::CRandomizer::Modifier

Inherits:

Object

• Object
• Metasploit::Framework::Obfuscation::CRandomizer::Modifier

Defined in:

lib/metasploit/framework/obfuscation/crandomizer/modifier.rb

Instance Attribute Summary

• #fake_functions ⇒ Object readonly

  Returns the value of attribute fake_functions.

• #parser ⇒ Object readonly

  Returns the value of attribute parser.

• #weight ⇒ Object readonly

  Returns the value of attribute weight.

Instance Method Summary

• #initialize(p, f, w) ⇒ Modifier constructor

  Initializes a Metasploit::Framework::Obfuscation::CRandomizer::Modifier instance.

• #modify_else(s) ⇒ Object

  Modifies an else block.

• #modify_else_if(s) ⇒ Object

  Modifies an else-if block.

• #modify_for(s) ⇒ Object

  Modifies a for block.

• #modify_function(s) ⇒ Object

  Modifies a function.

• #modify_if(s) ⇒ Object

  Modifies an if block.

• #modify_if_else_blocks(s) ⇒ Metasm::C::Declaration

  Modifies different if-else blocks recursively.

• #modify_nested_blocks(s) ⇒ Object

  Modifies a nested block.

Constructor Details

#initialize(p, f, w) ⇒ Modifier

Initializes a Metasploit::Framework::Obfuscation::CRandomizer::Modifier instance.

Parameters:

• p (Metasploit::C::Parser)
• f (Metasploit::Framework::Obfuscation::CRandomizer::CodeFactory::FakeFunctionCollection)
• w (Integer) —

  Weight of the randomness.

# File 'lib/metasploit/framework/obfuscation/crandomizer/modifier.rb', line 18

def initialize(p, f, w)
  @parser = p
  @fake_functions = f
  @weight = w
end

Instance Attribute Details

#fake_functions ⇒ Object (readonly)

Returns the value of attribute fake_functions.

# File 'lib/metasploit/framework/obfuscation/crandomizer/modifier.rb', line 10

def fake_functions
  @fake_functions
end

#parser ⇒ Object (readonly)

Returns the value of attribute parser.

# File 'lib/metasploit/framework/obfuscation/crandomizer/modifier.rb', line 9

def parser
  @parser
end

#weight ⇒ Object (readonly)

Returns the value of attribute weight.

# File 'lib/metasploit/framework/obfuscation/crandomizer/modifier.rb', line 11

def weight
  @weight
end

Instance Method Details

#modify_else(s) ⇒ Object

Modifies an else block.

Parameters:

• s (Metasm::C::Declaration)

# File 'lib/metasploit/framework/obfuscation/crandomizer/modifier.rb', line 79

def modify_else(s)
  else_block = s.belse

  # The else block is retrieved this way when there is an else if block
  else_block = s.belse.belse if s.belse.respond_to?(:belse)

  # There is really no else block, let's bail.
  # return unless else_block
  return unless else_block.respond_to?(:statements)

  new_else_statements = []

  else_block.statements.each do |stmt|
    modify_nested_blocks(stmt)
    new_else_statements.concat(get_fake_statement)
    new_else_statements << stmt
  end

  else_block.statements = new_else_statements
end

#modify_else_if(s) ⇒ Object

Modifies an else-if block.

Parameters:

• s (Metasm::C::Declaration)
• (void)

# File 'lib/metasploit/framework/obfuscation/crandomizer/modifier.rb', line 55

def modify_else_if(s)
  # There could be multiple else if blocks,
  # this gives the current else if block
  elseif_block = s.belse

  while (elseif_block && elseif_block.respond_to?(:bthen)) do
    new_else_if_statements = []

    elseif_block.bthen.statements.each do |stmt|
      modify_nested_blocks(stmt)
      new_else_if_statements.concat(get_fake_statement)
      new_else_if_statements << stmt
    end

    elseif_block.bthen.statements = new_else_if_statements

    # Move on to the next else if block
    elseif_block = elseif_block.belse
  end
end

#modify_for(s) ⇒ Object

Modifies a for block.

Parameters:

• s (Metasm::C::Declaration)

# File 'lib/metasploit/framework/obfuscation/crandomizer/modifier.rb', line 103

def modify_for(s)
  new_for_statements = []

  s.body.statements.each do |stmt|
    modify_nested_blocks(stmt)
    new_for_statements.concat(get_fake_statement)
    new_for_statements << stmt
  end

  s.body.statements = new_for_statements

  s
end

#modify_function(s) ⇒ Object

Modifies a function.

Parameters:

• s (Metasploit::C::Declaration)

# File 'lib/metasploit/framework/obfuscation/crandomizer/modifier.rb', line 132

def modify_function(s)
  function_statements = s.var.initializer.statements
  new_function_statements = []

  function_statements.each do |func_stmt|
    unless feeling_lucky?
      new_function_statements << func_stmt
      next
    end

    case func_stmt
    when Metasm::C::If
      new_function_statements << modify_if_else_blocks(func_stmt)
    when Metasm::C::For
      new_function_statements << modify_for(func_stmt)
    else
      new_function_statements.concat(get_fake_statement(s))
      new_function_statements << func_stmt
    end
  end

  unless new_function_statements.empty?
    s.var.initializer.statements = new_function_statements
  end
end

#modify_if(s) ⇒ Object

Modifies an if block.

return [void]

Parameters:

• s (Metasm::C::Declaration)

# File 'lib/metasploit/framework/obfuscation/crandomizer/modifier.rb', line 39

def modify_if(s)
  new_if_statements = []

  s.bthen.statements.each do |stmt|
    modify_nested_blocks(stmt)
    new_if_statements.concat(get_fake_statement)
    new_if_statements << stmt
  end

  s.bthen.statements = new_if_statements
end

#modify_if_else_blocks(s) ⇒ Metasm::C::Declaration

Modifies different if-else blocks recursively.

Parameters:

• s (Metasm::C::Declaration)

Returns:

• (Metasm::C::Declaration)

# File 'lib/metasploit/framework/obfuscation/crandomizer/modifier.rb', line 28

def modify_if_else_blocks(s)
  modify_if(s)
  modify_else_if(s)
  modify_else(s)
  s
end

#modify_nested_blocks(s) ⇒ Object

Modifies a nested block.

Parameters:

• s (Metasm::C::Declaration)

# File 'lib/metasploit/framework/obfuscation/crandomizer/modifier.rb', line 120

def modify_nested_blocks(s)
  case s
  when Metasm::C::If
    modify_if_else_blocks(s)
  when Metasm::C::For
    modify_for(s)
  end
end