struct struobf_test
{
int a1;
float a2;
UINT64 a3;
int a4;
int a5;
int a6;
}OBF_STRUCT;
class CTestClass : public ITestClass
{
public:
CTestClass()
{
DbgPrintEx(DPFLTR_DEFAULT_ID, DPFLTR_ERROR_LEVEL, "ctor\n");
}
virtual ~CTestClass() override
{
DbgPrintEx(DPFLTR_DEFAULT_ID, DPFLTR_ERROR_LEVEL, "dtor\n");
}
virtual void testfn() override;
private:
struct struobf_test test;
};
void CTestClass::testfn()
{
test.a4 = 666;
DbgPrintEx(DPFLTR_DEFAULT_ID, DPFLTR_ERROR_LEVEL, "testfn4, a1=%d, a2=%f, a3=%p, a4=%d, offset_a1=%d, offset_a2=%d, offset_a3=%d, offset_a4=%d\n",
test.a1, test.a2, test.a3, test.a4, offsetof(struobf_test, a1), offsetof(struobf_test, a2), offsetof(struobf_test, a3), offsetof(struobf_test, a4));
}
//第一次编译
//第二次编译
优点:不用生成中间文件
缺点:暂时没发现
听说某常年网吧热度第一的游戏很久以前就在用了
感谢某大佬的大力兹磁
实现比较丑陋,这里就不发出来了
//2023-04-23 更新
class CTestClass : public ITestClass
{
public:
CTestClass()
{
DbgPrintEx(DPFLTR_DEFAULT_ID, DPFLTR_ERROR_LEVEL, "ctor\n");
}
~CTestClass()
{
DbgPrintEx(DPFLTR_DEFAULT_ID, DPFLTR_ERROR_LEVEL, "dtor\n");
}
virtual void testfn1() override;
virtual void testfn2() override;
virtual void testfn3() override;
virtual void testfn4() override;
private:
struct struobf_test test;
};
extern "C" NTSTATUS NTAPI DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryString) OBF_FUNCTION
{
UNREFERENCED_PARAMETER(RegistryString);
ITestClass *ptest = new CTestClass;
ptest->testfn1();
ptest->testfn2();
ptest->testfn3();
ptest->testfn4();
delete ptest;
return STATUS_SUCCESS;
}
[培训]二进制漏洞攻防(第3期);满10人开班;模糊测试与工具使用二次开发;网络协议漏洞挖掘;Linux内核漏洞挖掘与利用;AOSP漏洞挖掘与利用;代码审计。
最后于 2023-4-23 18:06
被hzqst编辑
,原因: