diff --git a/patch2/CMakeLists.txt b/patch2/CMakeLists.txt new file mode 100644 index 0000000..fe1e751 --- /dev/null +++ b/patch2/CMakeLists.txt @@ -0,0 +1,6 @@ +cmake_minimum_required(VERSION 3.17) +project(patch2 C) + +set(CMAKE_C_STANDARD 99) + +add_executable(patch2 main.c rondoudou_patch2.h rondoudou_patch2.c) \ No newline at end of file diff --git a/patch2/Makefile b/patch2/Makefile new file mode 100644 index 0000000..5b53fae --- /dev/null +++ b/patch2/Makefile @@ -0,0 +1,2 @@ +test_patch2: main.c rondoudou_patch2.c rondoudou_patch2.h + gcc -Wall -g main.c rondoudou_patch2.c -o test_patch2 \ No newline at end of file diff --git a/patch2/main.c b/patch2/main.c new file mode 100644 index 0000000..45ae50d --- /dev/null +++ b/patch2/main.c @@ -0,0 +1,35 @@ +#include "rondoudou_patch2.h" + +void f() { + cipher; + print_log("Dans f\n"); + decipher; +} + +void g(int a) { + cipher; + print_log("Dans g(%d)\n", a); + decipher; +} + +int h(int a) { + cipher; + print_log("Dans h(%d)\n", a); + change_key(1516531); + + decipher; + return 5; +} + + +int main() { + cipher; + print_log("Appel de f\n"); + f(); + print_log("Appel de g(3)\n"); + g(3); + print_log("Appel de f(6)\n"); + h(6); + decipher; + return 0; +} diff --git a/patch2/rondoudou_patch2.c b/patch2/rondoudou_patch2.c new file mode 100644 index 0000000..6487fe6 --- /dev/null +++ b/patch2/rondoudou_patch2.c @@ -0,0 +1,21 @@ +#include +#include +#include "rondoudou_patch2.h" + +int rondoudou_patch_call_level = 0; +uintptr_t rondoudou_patch_key = 0xffffffffffffffff; +uintptr_t rondoudou_patch_offset = 1; +uintptr_t *rondoudou_patch_return_addr_addr = 0; + +int print_debug = 1; + +int print_log(const char *format, ...) { + if (print_debug) { + va_list args; + va_start(args, format); + int ret = vprintf(format, args); + va_end(args); + return ret; + } + return 0; +} \ No newline at end of file diff --git a/patch2/rondoudou_patch2.h b/patch2/rondoudou_patch2.h new file mode 100644 index 0000000..7813174 --- /dev/null +++ b/patch2/rondoudou_patch2.h @@ -0,0 +1,169 @@ +#ifndef PATCH2_RONDOUDOU_PATCH2_H +#define PATCH2_RONDOUDOU_PATCH2_H + +#include + +extern int rondoudou_patch_call_level; +extern uintptr_t rondoudou_patch_key; +extern uintptr_t rondoudou_patch_offset; +extern uintptr_t *rondoudou_patch_return_addr_addr; + +int print_log(const char *format, ...); + +#define cipher \ + do { \ + rondoudou_patch_return_addr_addr = (uintptr_t *)__builtin_frame_address(0) + rondoudou_patch_offset; \ + print_log("cipher : base return address = %018p\n", __builtin_return_address(0));\ + /*print_log("cipher : Return address = %018p\n", *rondoudou_patch_return_addr_addr);*/\ + *rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ rondoudou_patch_key; \ + print_log("cipher : encrypted return address = %018p\n", __builtin_return_address(0));\ + /*print_log("cipher : Return address = %018p\n", *rondoudou_patch_return_addr_addr);*/\ + rondoudou_patch_call_level++; \ + } while(0) + +#define decipher \ + do { \ + rondoudou_patch_return_addr_addr = (uintptr_t *)__builtin_frame_address(0) + rondoudou_patch_offset; \ + print_log("decipher: encrypted return address = %018p\n", __builtin_return_address(0));\ + /*print_log("decipher: Return address = %018p\n", *rondoudou_patch_return_addr_addr);*/\ + *rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ rondoudou_patch_key; \ + print_log("decipher: decrypted return address = %018p\n", __builtin_return_address(0));\ + /*print_log("decipher: Return address = %018p\n", *rondoudou_patch_return_addr_addr);*/\ + rondoudou_patch_call_level--; \ + } while(0) + +#define change_key(new_key) \ + do { \ + print_log("\n--- Changing key ---\n"); \ + print_log("Call_level = %d\n", rondoudou_patch_call_level); \ + \ + if (rondoudou_patch_call_level > 0) { \ + rondoudou_patch_return_addr_addr = (uintptr_t *)__builtin_frame_address(0) + rondoudou_patch_offset; \ + print_log("0: encrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \ + *rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ rondoudou_patch_key; \ + print_log("0: decrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \ + *rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ new_key; \ + print_log("0: reencrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \ + } \ + if (rondoudou_patch_call_level > 1) { \ + rondoudou_patch_return_addr_addr = (uintptr_t *)__builtin_frame_address(1) + rondoudou_patch_offset; \ + print_log("1: encrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \ + *rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ rondoudou_patch_key; \ + print_log("1: decrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \ + *rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ new_key; \ + print_log("1: reencrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \ + } \ + \ + if (rondoudou_patch_call_level > 2) { \ + rondoudou_patch_return_addr_addr = (uintptr_t *)__builtin_frame_address(2) + rondoudou_patch_offset; \ + print_log("2: encrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \ + *rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ rondoudou_patch_key; \ + print_log("2: decrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \ + *rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ new_key; \ + print_log("2: reencrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \ + } \ + \ + if (rondoudou_patch_call_level > 3) { \ + rondoudou_patch_return_addr_addr = (uintptr_t *)__builtin_frame_address(3) + rondoudou_patch_offset; \ + print_log("3: encrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \ + *rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ rondoudou_patch_key; \ + print_log("3: decrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \ + *rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ new_key; \ + print_log("3: reencrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \ + } \ + \ + \ + if (rondoudou_patch_call_level > 4) { \ + rondoudou_patch_return_addr_addr = (uintptr_t *)__builtin_frame_address(4) + rondoudou_patch_offset; \ + print_log("4: encrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \ + *rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ rondoudou_patch_key; \ + print_log("4: decrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \ + *rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ new_key; \ + print_log("4: reencrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \ + } \ + \ + if (rondoudou_patch_call_level > 6) { \ + rondoudou_patch_return_addr_addr = (uintptr_t *)__builtin_frame_address(6) + rondoudou_patch_offset; \ + print_log("6: encrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \ + *rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ rondoudou_patch_key; \ + print_log("6: decrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \ + *rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ new_key; \ + print_log("6: reencrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \ + } \ + if (rondoudou_patch_call_level > 7) { \ + rondoudou_patch_return_addr_addr = (uintptr_t *)__builtin_frame_address(7) + rondoudou_patch_offset; \ + print_log("7: encrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \ + *rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ rondoudou_patch_key; \ + print_log("7: decrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \ + *rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ new_key; \ + print_log("7: reencrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \ + } \ + if (rondoudou_patch_call_level > 8) { \ + rondoudou_patch_return_addr_addr = (uintptr_t *)__builtin_frame_address(8) + rondoudou_patch_offset; \ + print_log("8: encrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \ + *rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ rondoudou_patch_key; \ + print_log("8: decrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \ + *rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ new_key; \ + print_log("8: reencrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \ + } \ + if (rondoudou_patch_call_level > 9) { \ + rondoudou_patch_return_addr_addr = (uintptr_t *)__builtin_frame_address(9) + rondoudou_patch_offset; \ + print_log("9: encrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \ + *rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ rondoudou_patch_key; \ + print_log("9: decrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \ + *rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ new_key; \ + print_log("9: reencrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \ + } \ + if (rondoudou_patch_call_level > 10) { \ + rondoudou_patch_return_addr_addr = (uintptr_t *)__builtin_frame_address(10) + rondoudou_patch_offset; \ + print_log("10: encrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \ + *rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ rondoudou_patch_key; \ + print_log("10: decrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \ + *rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ new_key; \ + print_log("10: reencrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \ + } \ + if (rondoudou_patch_call_level > 11) { \ + rondoudou_patch_return_addr_addr = (uintptr_t *)__builtin_frame_address(11) + rondoudou_patch_offset; \ + print_log("11: encrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \ + *rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ rondoudou_patch_key; \ + print_log("11: decrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \ + *rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ new_key; \ + print_log("11: reencrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \ + } \ + if (rondoudou_patch_call_level > 12) { \ + rondoudou_patch_return_addr_addr = (uintptr_t *)__builtin_frame_address(12) + rondoudou_patch_offset; \ + print_log("12: encrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \ + *rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ rondoudou_patch_key; \ + print_log("12: decrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \ + *rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ new_key; \ + print_log("12: reencrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \ + } \ + if (rondoudou_patch_call_level > 13) { \ + rondoudou_patch_return_addr_addr = (uintptr_t *)__builtin_frame_address(13) + rondoudou_patch_offset; \ + print_log("13: encrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \ + *rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ rondoudou_patch_key; \ + print_log("13: decrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \ + *rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ new_key; \ + print_log("13: reencrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \ + } \ + if (rondoudou_patch_call_level > 14) { \ + rondoudou_patch_return_addr_addr = (uintptr_t *)__builtin_frame_address(14) + rondoudou_patch_offset; \ + print_log("14: encrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \ + *rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ rondoudou_patch_key; \ + print_log("14: decrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \ + *rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ new_key; \ + print_log("14: reencrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \ + } \ + if (rondoudou_patch_call_level > 15) { \ + rondoudou_patch_return_addr_addr = (uintptr_t *)__builtin_frame_address(15) + rondoudou_patch_offset; \ + print_log("15: encrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \ + *rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ rondoudou_patch_key; \ + print_log("15: decrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \ + *rondoudou_patch_return_addr_addr = *rondoudou_patch_return_addr_addr ^ new_key; \ + print_log("15: reencrypted ret address = %018p\n", *rondoudou_patch_return_addr_addr); \ + } \ + print_log("\n"); \ + rondoudou_patch_key = new_key; \ + } while (0) + +#endif //PATCH2_RONDOUDOU_PATCH2_H