Merge pull request #3 from raffclar/general-fixes

General fixes
raffclar · Apr 23, 2018 · 82bae4a · 82bae4a
2 parents e628e51 + 5c3b904
commit 82bae4a
Show file tree

Hide file tree

Showing 6 changed files with 81 additions and 103 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -5,11 +5,25 @@ addons:
   apt:
     sources:
       - ubuntu-toolchain-r-test
+    packages:
+      - gcc-6
+      - g++-6
+notifications:
+ email:
+  on_success: never
+  on_failure: never
+before_install: sudo apt-get update -qq
 install:
   - |
-    CMAKE_URL="https://cmake.org/files/v3.8/cmake-3.8.0-Linux-x86_64.tar.gz"
+    CMAKE_URL="https://cmake.org/files/v3.9/cmake-3.9.6-Linux-x86_64.tar.gz"
     mkdir cmake && travis_retry wget --no-check-certificate --quiet -O - ${CMAKE_URL} | tar --strip-components=1 -xz -C cmake
     export PATH=${TRAVIS_BUILD_DIR}/cmake/bin:${PATH}
-script: ./run_build.sh
+script:
+  - sudo ln -s /usr/bin/gcc-6 /usr/local/bin/gcc
+  - sudo ln -s /usr/bin/g++-6 /usr/local/bin/g++
+  - export CC=/usr/bin/gcc-6
+  - export CXX=/usr/bin/g++-6
+  - gcc -v && g++ -v && cmake --version
+  - ./run_build.sh
 
 
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
@@ -1,5 +1,5 @@
 file(GLOB SOURCE_FILES *.hpp *.cpp)
 add_executable(pe_ep_intercept ${SOURCE_FILES})
 set_property(TARGET pe_ep_intercept PROPERTY CXX_STANDARD 14)
-set_property(TARGET pe_ep_intercept PROPERTY CXX_STANDARD_REQUIRED OFF)
+set_property(TARGET pe_ep_intercept PROPERTY CXX_STANDARD_REQUIRED ON)
 target_link_libraries(pe_ep_intercept keystone)
diff --git a/src/PeFile.cpp b/src/PeFile.cpp
@@ -1,44 +1,6 @@
 #include "PeFile.hpp"
-#include <keystone/keystone.h>
 #include <cinttypes>
-#include <cstring>
 #include <iostream>
-#include <string>
-#include <vector>
-#include <memory>
-
-static bool ReplaceDword(std::vector<char> code_buffer, uint32_t target_dword, uint32_t replace_dword) {
-    for (size_t i = 0; i < code_buffer.size(); i++) {
-        // First byte
-        if (code_buffer[i] != (target_dword & 0xff)) {
-            continue;
-        }
-
-        size_t j = 1;
-
-        while (j < 4) {
-            // Rest of bytes
-            if (code_buffer[i + j] == (target_dword >> ((8 * j) & 0xff))) {
-                j++;
-            } else {
-                // Failed to match all bytes
-                break;
-            }
-        }
-
-        if (j == 4) {
-            for (size_t re_i = 0; re_i < j; re_i++) {
-                uint32_t num = (replace_dword >> (8 * re_i)) & 0xff;
-                auto replace_byte = static_cast<char>(num);
-                code_buffer[i + re_i] = replace_byte;
-            }
-
-            return true;
-        }
-    }
-
-    return false;
-}
 
 namespace PeEpIntercept {
     PeFile::PeFile(std::string path) {
@@ -86,65 +48,6 @@ namespace PeEpIntercept {
         file_header = {};
     }
 
-    std::vector<char> PeFile::Assemble(const std::string &assembly) {
-        std::vector<char> instructions;
-
-        if (assembly.empty()) {
-            return instructions;
-        }
-
-        unsigned char *encode = nullptr;
-        ks_engine *ks = nullptr;
-        size_t count;
-        size_t size;
-
-        auto code_deleter = [](unsigned char *code_ptr) {
-            ks_free(code_ptr);
-        };
-
-        auto ks_deleter = [](ks_engine *ks_ptr) {
-            ks_close(ks_ptr);
-        };
-
-        ks_mode instruct_mode;
-
-        switch (type) {
-            case PeArch::x86:
-                instruct_mode = KS_MODE_32;
-                break;
-            case PeArch::x64:
-                instruct_mode = KS_MODE_64;
-                break;
-            default:
-                throw std::runtime_error("executable type not supported");
-        }
-
-        if (ks_open(KS_ARCH_X86, instruct_mode, &ks) != KS_ERR_OK) {
-            throw std::runtime_error("failed to open keystone");
-        }
-
-        std::unique_ptr<ks_engine[],
-                decltype(ks_deleter)> ks_ptr(ks, ks_deleter);
-
-        if (ks_asm(ks, assembly.c_str(), 0, &encode, &size, &count) != KS_ERR_OK) {
-            throw std::runtime_error("failed to assemble instructions");
-        }
-
-        std::unique_ptr<unsigned char[],
-                decltype(code_deleter)> encode_ptr(encode, code_deleter);
-
-        if (size > 0xffffffff) {
-            throw std::runtime_error("exceeded max section size");
-        }
-
-        for (size_t i = 0; i < size; i++) {
-            auto encoded = static_cast<char>(encode[i]);
-            instructions.push_back(encoded);
-        }
-
-        return instructions;
-    }
-
     bool PeFile::HasSection(const std::string &section_name) {
         for (auto &section : section_headers) {
             if (reinterpret_cast<char *>(section.Name) == section_name) {

diff --git a/src/PeFile.hpp b/src/PeFile.hpp
@@ -28,8 +28,6 @@ namespace PeEpIntercept {
         explicit PeFile(std::string path);
 
     public:
-        std::vector<char> Assemble(const std::string &assembly);
-
         bool HasSection(const std::string &section_name);
 
         uint32_t GetOriginalEntryPoint();

diff --git a/src/PePatch.cpp b/src/PePatch.cpp
@@ -1,5 +1,67 @@
+#include <keystone/include/keystone/keystone.h>
 #include "PePatch.hpp"
 
-PeEpIntercept::PePatch::PePatch(std::string &path) : PeFile(path) {
+namespace PeEpIntercept {
+    PePatch::PePatch(std::string &path) : PeFile(path) {
 
+    }
+
+    std::vector<char> PePatch::Assemble(const std::string &assembly) {
+        std::vector<char> instructions;
+
+        if (assembly.empty()) {
+            return instructions;
+        }
+
+        unsigned char *encode = nullptr;
+        ks_engine *ks = nullptr;
+        size_t count;
+        size_t size;
+
+        auto code_deleter = [](unsigned char *code_ptr) {
+            ks_free(code_ptr);
+        };
+
+        auto ks_deleter = [](ks_engine *ks_ptr) {
+            ks_close(ks_ptr);
+        };
+
+        ks_mode instruct_mode;
+
+        switch (type) {
+            case PeArch::x86:
+                instruct_mode = KS_MODE_32;
+                break;
+            case PeArch::x64:
+                instruct_mode = KS_MODE_64;
+                break;
+            default:
+                throw std::runtime_error("executable type not supported");
+        }
+
+        if (ks_open(KS_ARCH_X86, instruct_mode, &ks) != KS_ERR_OK) {
+            throw std::runtime_error("failed to open keystone");
+        }
+
+        std::unique_ptr<ks_engine[],
+                decltype(ks_deleter)> ks_ptr(ks, ks_deleter);
+
+        if (ks_asm(ks, assembly.c_str(), 0, &encode, &size, &count) != KS_ERR_OK) {
+            throw std::runtime_error("failed to assemble instructions");
+        }
+
+        std::unique_ptr<unsigned char[],
+                decltype(code_deleter)> encode_ptr(encode, code_deleter);
+
+        if (size > 0xffffffff) {
+            throw std::runtime_error("exceeded max section size");
+        }
+
+        for (size_t i = 0; i < size; i++) {
+            auto encoded = static_cast<char>(encode[i]);
+            instructions.push_back(encoded);
+        }
+
+        return instructions;
+    }
 }
diff --git a/src/PePatch.hpp b/src/PePatch.hpp
@@ -7,6 +7,7 @@ namespace PeEpIntercept {
     class PePatch : public PeFile {
     protected:
     public:
+        std::vector<char> Assemble(const std::string &assembly);
         explicit PePatch(std::string &path);
         virtual void AddSection(const std::string &name, uint32_t code_size) = 0;
         virtual void SaveFile(std::string new_path, std::vector<char> code_buffer) = 0;