|
296 | 296 | #include "llvm/Transforms/Vectorize/SLPVectorizer.h" |
297 | 297 | #include "llvm/Transforms/Vectorize/VectorCombine.h" |
298 | 298 | #include <optional> |
| 299 | +// 引用 Obfuscation 相关文件 |
| 300 | +#include "Obfuscation/BogusControlFlow.h" // 虚假控制流 |
| 301 | +#include "Obfuscation/Flattening.h" // 控制流平坦化 |
| 302 | +#include "Obfuscation/SplitBasicBlock.h" // 基本块分割 |
| 303 | +#include "Obfuscation/Substitution.h" // 指令替换 |
| 304 | +#include "Obfuscation/StringEncryption.h" // 字符串加密 |
| 305 | +#include "Obfuscation/IndirectGlobalVariable.h" // 间接全局变量 |
| 306 | +#include "Obfuscation/IndirectBranch.h" // 间接跳转 |
| 307 | +#include "Obfuscation/IndirectCall.h" // 间接调用 |
| 308 | +#include "Obfuscation/Utils.h" // 为了控制函数名混淆开关 (bool obf_function_name_cmd;) |
299 | 309 |
|
300 | 310 | using namespace llvm; |
301 | 311 |
|
@@ -367,6 +377,17 @@ class TriggerVerifierErrorPass |
367 | 377 |
|
368 | 378 | } // namespace |
369 | 379 |
|
| 380 | +// 添加命令行支持 |
| 381 | +static cl::opt<bool> s_obf_split("split", cl::init(false), cl::desc("SplitBasicBlock: split_num=3(init)")); |
| 382 | +static cl::opt<bool> s_obf_sobf("sobf", cl::init(false), cl::desc("String Obfuscation")); |
| 383 | +static cl::opt<bool> s_obf_fla("fla", cl::init(false), cl::desc("Flattening")); |
| 384 | +static cl::opt<bool> s_obf_sub("sub", cl::init(false), cl::desc("Substitution: sub_loop")); |
| 385 | +static cl::opt<bool> s_obf_bcf("bcf", cl::init(false), cl::desc("BogusControlFlow: application number -bcf_loop=x must be x > 0")); |
| 386 | +static cl::opt<bool> s_obf_ibr("ibr", cl::init(false), cl::desc("Indirect Branch")); |
| 387 | +static cl::opt<bool> s_obf_igv("igv", cl::init(false), cl::desc("Indirect Global Variable")); |
| 388 | +static cl::opt<bool> s_obf_icall("icall", cl::init(false), cl::desc("Indirect Call")); |
| 389 | +static cl::opt<bool> s_obf_fn_name_cmd("fncmd", cl::init(false), cl::desc("use function name control obfuscation(_ + command + _ | example: function_fla_bcf_)")); |
| 390 | + |
370 | 391 | PassBuilder::PassBuilder(TargetMachine *TM, PipelineTuningOptions PTO, |
371 | 392 | std::optional<PGOOptions> PGOOpt, |
372 | 393 | PassInstrumentationCallbacks *PIC) |
@@ -409,6 +430,30 @@ PassBuilder::PassBuilder(TargetMachine *TM, PipelineTuningOptions PTO, |
409 | 430 | PIC->addClassToPassName(decltype(CREATE_PASS)::name(), NAME); |
410 | 431 | #include "llvm/Passes/MachinePassRegistry.def" |
411 | 432 | } |
| 433 | + |
| 434 | + //outs() << "[obf] registerPipelineStartEPCallback\n"; // 优化前 |
| 435 | + //outs() << "[obf] registerOptimizerLastEPCallback\n"; // 优化后 |
| 436 | + this->registerOptimizerLastEPCallback( |
| 437 | + [](llvm::ModulePassManager &MPM, |
| 438 | + llvm::OptimizationLevel Level) { |
| 439 | + outs() << "[obf] run.registerOptimizerLastEPCallback\n"; |
| 440 | + obf_function_name_cmd = s_obf_fn_name_cmd; |
| 441 | + if (obf_function_name_cmd) { |
| 442 | + outs() << "[obf] enable function name control obfuscation(_ + command + _ | example: function_fla_)\n"; |
| 443 | + } |
| 444 | + MPM.addPass(StringEncryptionPass(s_obf_sobf)); // 先进行字符串加密 出现字符串加密基本块以后再进行基本块分割和其他混淆 加大解密难度 |
| 445 | + llvm::FunctionPassManager FPM; |
| 446 | + FPM.addPass(IndirectCallPass(s_obf_icall)); // 间接调用 |
| 447 | + FPM.addPass(SplitBasicBlockPass(s_obf_split)); // 优先进行基本块分割 |
| 448 | + FPM.addPass(FlatteningPass(s_obf_fla)); // 对于控制流平坦化 |
| 449 | + FPM.addPass(SubstitutionPass(s_obf_sub)); // 指令替换 |
| 450 | + FPM.addPass(BogusControlFlowPass(s_obf_bcf)); // 虚假控制流 |
| 451 | + MPM.addPass(createModuleToFunctionPassAdaptor(std::move(FPM))); |
| 452 | + MPM.addPass(IndirectBranchPass(s_obf_ibr)); // 间接指令 理论上间接指令应该放在最后 |
| 453 | + MPM.addPass(IndirectGlobalVariablePass(s_obf_igv)); // 间接全局变量 |
| 454 | + MPM.addPass(RewriteSymbolPass()); // 根据yaml信息 重命名特定symbols |
| 455 | + } |
| 456 | + ); |
412 | 457 | } |
413 | 458 |
|
414 | 459 | void PassBuilder::registerModuleAnalyses(ModuleAnalysisManager &MAM) { |
|
0 commit comments