-
-
[原创] obfuscator-llvm-3.6.1 的 VS2017 win32 修正编译
-
发表于:
2018-10-11 17:58
7447
-
[原创] obfuscator-llvm-3.6.1 的 VS2017 win32 修正编译
import base64
base64.b64decode('aHR0cHM6Ly9wYXBlci5zZWVidWcub3JnLzE5Mi8=')
因考察 obf-llvm 对代码的展平化效果,想在win上编译obf-llvm。
根据官方简单的mkdir & cd & cmake & vs-compile 遭遇一些错误,需对源码做一些修正。
如下:
----------------
建立2017解决方案
----------------
根据官方说明用cmake通过源码建立2017解决方案
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 | Download and install CMake. Version 2.8 is the minimum required.
Open a shell. Your development tools must be reachable from this shell through the PATH environment variable.
Create a directory for containing the build. It is not supported to build LLVM on the source directory. cd to this directory:
$ mkdir mybuilddir
$ cd mybuilddir
Execute this command on the shell replacing path/to/llvm/source/root with the path to the root of your LLVM source tree:
$ cmake path/to/llvm/source/root
这里我们解压释放的源码目录为obf_llvm_361
mkdir mybuilddir
cd mybuilddir
cmake ..\obf_llvm_361
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 | Download and install CMake. Version 2.8 is the minimum required.
Open a shell. Your development tools must be reachable from this shell through the PATH environment variable.
Create a directory for containing the build. It is not supported to build LLVM on the source directory. cd to this directory:
$ mkdir mybuilddir
$ cd mybuilddir
Execute this command on the shell replacing path/to/llvm/source/root with the path to the root of your LLVM source tree:
$ cmake path/to/llvm/source/root
这里我们解压释放的源码目录为obf_llvm_361
mkdir mybuilddir
cd mybuilddir
cmake ..\obf_llvm_361
|
-----------------------------------------------------------------
%ROOTDIR%\obf_llvm_361\lib\Transforms\Obfuscation\CryptoUtils.cpp
-----------------------------------------------------------------
编译解决方案会,执行会 提示 /dev/random 无法读取,window平台理所当然会出错。
由于源码目的市初始化16字节的key,我们改为srand,rand来完成key的随机初始化。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 | #include <time.h>
void tritium_init_rand_key(char * buf,unsigned int buflen) {
unsigned int i;
srand(time(NULL));
for (i = 0; i < buflen; i++) {
buf[i] = char(rand() & 0xFF);
}
}
#define __tritium__
void CryptoUtils::prng_seed() {
#ifdef __tritium__
LLVMContext &ctx = llvm::getGlobalContext();
tritium_init_rand_key(key, 16);
DEBUG_WITH_TYPE("cryptoutils", dbgs() << "cryptoutils seeded with time srand and rand\n");
memset(ctr, 0, 16);
aes_compute_ks(ks, key);
seeded = true;
#else
#endif // __tritium__
}
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 | #include <time.h>
void tritium_init_rand_key(char * buf,unsigned int buflen) {
unsigned int i;
srand(time(NULL));
for (i = 0; i < buflen; i++) {
buf[i] = char(rand() & 0xFF);
}
}
#define __tritium__
void CryptoUtils::prng_seed() {
#ifdef __tritium__
LLVMContext &ctx = llvm::getGlobalContext();
tritium_init_rand_key(key, 16);
DEBUG_WITH_TYPE("cryptoutils", dbgs() << "cryptoutils seeded with time srand and rand\n");
memset(ctr, 0, 16);
aes_compute_ks(ks, key);
seeded = true;
#else
#endif // __tritium__
}
|
------------------------------------------------------
%ROOTDIR%\obf_llvm_361\lib\Support\Windows\Program.inc
------------------------------------------------------
对于已经在命令行运行了vcvarsall.bat初始化编译环境后,link.exe找不到,这部分代码检测文件是否可执行,
去不去都没啥影响,这里在检测该错误的过程去掉了,这里也去掉(方便确定的确市找不到文件的问题)。
-----------------------------------------------------
%ROOTDIR%\obf_llvm_361\tools\clang\lib\Driver\Job.cpp
-----------------------------------------------------
这部分代码会导致输入的提示,都是\\,而不是单个\,这里我们直接清除两行代码
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
hzqst
