Главная Обзор Помощь
Регистрация Вход
Apq
/
obs-studio
зеркало из https://github.com/obsproject/obs-studio.git
1
0
Ответвить 0
Файлы Задачи 0 Вики
Просмотр исходного кода

win-capture: Add obfuscation functions

This adds obfuscation functions primarily for use with GetProcAddress.
This takes an obfuscated string and uses a simple integer key to
de-obfuscate it to the intended function name string, which is then
loaded dynamically using GetProcAddress.

This is typically only used with functions such as OpenProcess,
SetWindowsHookEx, and the like, which can often be misinterpreted the
wrong way by security programs if those strings are found within the
strings segment of a scanned executable.
jp9000 11 лет назад
Родитель
7bf69e8a0a
Сommit
a49d731df8
3 измененных файлов с 55 добавлено и 0 удалено
Единый вид Показать статистику Diff
  1. 2 0
      plugins/win-capture/CMakeLists.txt
  2. 38 0
      plugins/win-capture/obfuscate.c
  3. 15 0
      plugins/win-capture/obfuscate.h

+ 2 - 0
plugins/win-capture/CMakeLists.txt
Просмотреть файл 

@@ -1,11 +1,13 @@
 
 project(win-capture)
 
 project(win-capture)
 
 
 
 set(win-capture_HEADERS
 
 set(win-capture_HEADERS
 
+	obfuscate.h
 
 	window-helpers.h
 
 	window-helpers.h
 
 	dc-capture.h)
 
 	dc-capture.h)
 
 
 
 set(win-capture_SOURCES
 
 set(win-capture_SOURCES
 
 	dc-capture.c
 
 	dc-capture.c
 
+	obfuscate.c
 
 	window-helpers.c
 
 	window-helpers.c
 
 	monitor-capture.c
 
 	monitor-capture.c
 
 	window-capture.c
 
 	window-capture.c

+ 38 - 0
plugins/win-capture/obfuscate.c
Просмотреть файл 

@@ -0,0 +1,38 @@
 
+#define _CRT_SECURE_NO_WARNINGS
 
+#pragma warning(disable : 4152) /* casting func ptr to void */
 
+#include <stdbool.h>
 
+#include <windows.h>
 
+#include "obfuscate.h"
 
+
 
+#define LOWER_HALFBYTE(x) ((x) & 0xF)
 
+#define UPPER_HALFBYTE(x) (((x) >> 4) & 0xF)
 
+
 
+static void deobfuscate_str(char *str, uint64_t val)
 
+{
 
+	uint8_t *dec_val = (uint8_t*)&val;
 
+	int i = 0;
 
+
 
+	while (*str != 0) {
 
+		int pos = i / 2;
 
+		bool bottom = (i % 2) == 0;
 
+		uint8_t *ch = (uint8_t*)str;
 
+		uint8_t xor = bottom ?
 
+			LOWER_HALFBYTE(dec_val[pos]) :
 
+			UPPER_HALFBYTE(dec_val[pos]);
 
+
 
+		*ch ^= xor;
 
+
 
+		if (++i == sizeof(uint64_t) * 2)
 
+			i = 0;
 
+
 
+		str++;
 
+	}
 
+}
 
+
 
+void *get_obfuscated_func(HMODULE module, const char *str, uint64_t val)
 
+{
 
+	char new_name[128];
 
+	strcpy(new_name, str);
 
+	deobfuscate_str(new_name, val);
 
+	return GetProcAddress(module, new_name);
 
+}

+ 15 - 0
plugins/win-capture/obfuscate.h
Просмотреть файл 

@@ -0,0 +1,15 @@
 
+#pragma once
 
+
 
+#include <stdint.h>
 
+
 
+#ifdef __cplusplus
 
+extern "C" {
 
+#endif
 
+
 
+/* this is a workaround to A/Vs going crazy whenever certain functions (such as
 
+ * OpenProcess) are used */ 
+extern void *get_obfuscated_func(HMODULE module, const char *str, uint64_t val);
 
+
 
+#ifdef __cplusplus
 
+}
 
+#endif