Implémentation du rondoudou patch v2

This commit is contained in:
Yohan Simard 2021-03-25 14:32:37 +01:00
parent f3d2022c2e
commit 239e8ba670
5 changed files with 233 additions and 0 deletions

6
patch2/CMakeLists.txt Normal file
View file

@ -0,0 +1,6 @@
cmake_minimum_required(VERSION 3.17)
project(patch2 C)
set(CMAKE_C_STANDARD 99)
add_executable(patch2 main.c rondoudou_patch2.h rondoudou_patch2.c)

2
patch2/Makefile Normal file
View file

@ -0,0 +1,2 @@
test_patch2: main.c rondoudou_patch2.c rondoudou_patch2.h
gcc -Wall -g main.c rondoudou_patch2.c -o test_patch2

35
patch2/main.c Normal file
View file

@ -0,0 +1,35 @@
#include "rondoudou_patch2.h"
void f() {
cipher;
print_log("Dans f\n");
decipher;
}
void g(int a) {
cipher;
print_log("Dans g(%d)\n", a);
decipher;
}
int h(int a) {
cipher;
print_log("Dans h(%d)\n", a);
change_key(1516531);
decipher;
return 5;
}
int main() {
cipher;
print_log("Appel de f\n");
f();
print_log("Appel de g(3)\n");
g(3);
print_log("Appel de f(6)\n");
h(6);
decipher;
return 0;
}

21
patch2/rondoudou_patch2.c Normal file
View file

@ -0,0 +1,21 @@
#include <stdio.h>
#include <stdarg.h>
#include "rondoudou_patch2.h"
int rondoudou_patch_call_level = 0;
uintptr_t rondoudou_patch_key = 0xffffffffffffffff;
uintptr_t rondoudou_patch_offset = 1;
uintptr_t *rondoudou_patch_return_addr_addr = 0;
int print_debug = 1;
int print_log(const char *format, ...) {
if (print_debug) {
va_list args;
va_start(args, format);
int ret = vprintf(format, args);
va_end(args);
return ret;
}
return 0;
}

169
patch2/rondoudou_patch2.h Normal file
View file

@ -0,0 +1,169 @@
#ifndef PATCH2_RONDOUDOU_PATCH2_H
#define PATCH2_RONDOUDOU_PATCH2_H
#include <stdint.h>
extern int rondoudou_patch_call_level;
extern uintptr_t rondoudou_patch_key;
extern uintptr_t rondoudou_patch_offset;
extern uintptr_t *rondoudou_patch_return_addr_addr;
int print_log(const char *format, ...);
#define cipher \
do { \
rondoudou_patch_return_addr_addr = (uintptr_t *)__builtin_frame_address(0) + rondoudou_patch_offset; \
print_log("cipher : base return address = %018p\n", __builtin_return_address(0));\
/*print_log("cipher : Return address = %018p\n", *rondoudou_patch_return_addr_addr);*/\
*rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ rondoudou_patch_key; \
print_log("cipher : encrypted return address = %018p\n", __builtin_return_address(0));\
/*print_log("cipher : Return address = %018p\n", *rondoudou_patch_return_addr_addr);*/\
rondoudou_patch_call_level++; \
} while(0)
#define decipher \
do { \
rondoudou_patch_return_addr_addr = (uintptr_t *)__builtin_frame_address(0) + rondoudou_patch_offset; \
print_log("decipher: encrypted return address = %018p\n", __builtin_return_address(0));\
/*print_log("decipher: Return address = %018p\n", *rondoudou_patch_return_addr_addr);*/\
*rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ rondoudou_patch_key; \
print_log("decipher: decrypted return address = %018p\n", __builtin_return_address(0));\
/*print_log("decipher: Return address = %018p\n", *rondoudou_patch_return_addr_addr);*/\
rondoudou_patch_call_level--; \
} while(0)
#define change_key(new_key) \
do { \
print_log("\n--- Changing key ---\n"); \
print_log("Call_level = %d\n", rondoudou_patch_call_level); \
\
if (rondoudou_patch_call_level > 0) { \
rondoudou_patch_return_addr_addr = (uintptr_t *)__builtin_frame_address(0) + rondoudou_patch_offset; \
print_log("0: encrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \
*rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ rondoudou_patch_key; \
print_log("0: decrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \
*rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ new_key; \
print_log("0: reencrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \
} \
if (rondoudou_patch_call_level > 1) { \
rondoudou_patch_return_addr_addr = (uintptr_t *)__builtin_frame_address(1) + rondoudou_patch_offset; \
print_log("1: encrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \
*rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ rondoudou_patch_key; \
print_log("1: decrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \
*rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ new_key; \
print_log("1: reencrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \
} \
\
if (rondoudou_patch_call_level > 2) { \
rondoudou_patch_return_addr_addr = (uintptr_t *)__builtin_frame_address(2) + rondoudou_patch_offset; \
print_log("2: encrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \
*rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ rondoudou_patch_key; \
print_log("2: decrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \
*rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ new_key; \
print_log("2: reencrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \
} \
\
if (rondoudou_patch_call_level > 3) { \
rondoudou_patch_return_addr_addr = (uintptr_t *)__builtin_frame_address(3) + rondoudou_patch_offset; \
print_log("3: encrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \
*rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ rondoudou_patch_key; \
print_log("3: decrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \
*rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ new_key; \
print_log("3: reencrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \
} \
\
\
if (rondoudou_patch_call_level > 4) { \
rondoudou_patch_return_addr_addr = (uintptr_t *)__builtin_frame_address(4) + rondoudou_patch_offset; \
print_log("4: encrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \
*rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ rondoudou_patch_key; \
print_log("4: decrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \
*rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ new_key; \
print_log("4: reencrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \
} \
\
if (rondoudou_patch_call_level > 6) { \
rondoudou_patch_return_addr_addr = (uintptr_t *)__builtin_frame_address(6) + rondoudou_patch_offset; \
print_log("6: encrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \
*rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ rondoudou_patch_key; \
print_log("6: decrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \
*rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ new_key; \
print_log("6: reencrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \
} \
if (rondoudou_patch_call_level > 7) { \
rondoudou_patch_return_addr_addr = (uintptr_t *)__builtin_frame_address(7) + rondoudou_patch_offset; \
print_log("7: encrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \
*rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ rondoudou_patch_key; \
print_log("7: decrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \
*rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ new_key; \
print_log("7: reencrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \
} \
if (rondoudou_patch_call_level > 8) { \
rondoudou_patch_return_addr_addr = (uintptr_t *)__builtin_frame_address(8) + rondoudou_patch_offset; \
print_log("8: encrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \
*rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ rondoudou_patch_key; \
print_log("8: decrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \
*rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ new_key; \
print_log("8: reencrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \
} \
if (rondoudou_patch_call_level > 9) { \
rondoudou_patch_return_addr_addr = (uintptr_t *)__builtin_frame_address(9) + rondoudou_patch_offset; \
print_log("9: encrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \
*rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ rondoudou_patch_key; \
print_log("9: decrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \
*rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ new_key; \
print_log("9: reencrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \
} \
if (rondoudou_patch_call_level > 10) { \
rondoudou_patch_return_addr_addr = (uintptr_t *)__builtin_frame_address(10) + rondoudou_patch_offset; \
print_log("10: encrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \
*rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ rondoudou_patch_key; \
print_log("10: decrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \
*rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ new_key; \
print_log("10: reencrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \
} \
if (rondoudou_patch_call_level > 11) { \
rondoudou_patch_return_addr_addr = (uintptr_t *)__builtin_frame_address(11) + rondoudou_patch_offset; \
print_log("11: encrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \
*rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ rondoudou_patch_key; \
print_log("11: decrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \
*rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ new_key; \
print_log("11: reencrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \
} \
if (rondoudou_patch_call_level > 12) { \
rondoudou_patch_return_addr_addr = (uintptr_t *)__builtin_frame_address(12) + rondoudou_patch_offset; \
print_log("12: encrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \
*rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ rondoudou_patch_key; \
print_log("12: decrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \
*rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ new_key; \
print_log("12: reencrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \
} \
if (rondoudou_patch_call_level > 13) { \
rondoudou_patch_return_addr_addr = (uintptr_t *)__builtin_frame_address(13) + rondoudou_patch_offset; \
print_log("13: encrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \
*rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ rondoudou_patch_key; \
print_log("13: decrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \
*rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ new_key; \
print_log("13: reencrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \
} \
if (rondoudou_patch_call_level > 14) { \
rondoudou_patch_return_addr_addr = (uintptr_t *)__builtin_frame_address(14) + rondoudou_patch_offset; \
print_log("14: encrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \
*rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ rondoudou_patch_key; \
print_log("14: decrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \
*rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ new_key; \
print_log("14: reencrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \
} \
if (rondoudou_patch_call_level > 15) { \
rondoudou_patch_return_addr_addr = (uintptr_t *)__builtin_frame_address(15) + rondoudou_patch_offset; \
print_log("15: encrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \
*rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ rondoudou_patch_key; \
print_log("15: decrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \
*rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ new_key; \
print_log("15: reencrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \
} \
print_log("\n"); \
rondoudou_patch_key = new_key; \
} while (0)
#endif //PATCH2_RONDOUDOU_PATCH2_H