📄 morph.dpr
字号:
Inc(AMem);
end;
procedure MovReg32Reg32Rand(var AMem: PByte; AReg: Byte);
begin
AMem^ := $8B;
Inc(AMem);
AMem^ := $C0 + 8 * AReg + RandomReg32All;
Inc(AMem);
end;
procedure CmpEaxNum32(var AMem: PByte; ANum: Cardinal);
begin
AMem^ := $3D;
Inc(AMem);
PCardinal(AMem)^ := ANum;
Inc(AMem, 4);
end;
procedure CmpEaxNum32Rand(var AMem: PByte);
begin
CmpEaxNum32(AMem, Random($FFFFFFFF));
end;
procedure TestEaxNum32(var AMem: PByte; ANum: Cardinal);
begin
AMem^ := $A9;
Inc(AMem);
PCardinal(AMem)^ := ANum;
Inc(AMem, 4);
end;
procedure TestEaxNum32Rand(var AMem: PByte);
begin
TestEaxNum32(AMem, Random($FFFFFFFF));
end;
procedure SubEaxNum32(var AMem: PByte; ANum: Cardinal);
begin
AMem^ := $2D;
Inc(AMem);
PCardinal(AMem)^ := ANum;
Inc(AMem, 4);
end;
procedure AddEaxNum32(var AMem: PByte; ANum: Cardinal);
begin
AMem^ := $05;
Inc(AMem);
PCardinal(AMem)^ := ANum;
Inc(AMem, 4);
end;
procedure AndEaxNum32(var AMem: PByte; ANum: Cardinal);
begin
AMem^ := $25;
Inc(AMem);
PCardinal(AMem)^ := ANum;
Inc(AMem, 4);
end;
procedure OrEaxNum32(var AMem: PByte; ANum: Cardinal);
begin
AMem^ := $0D;
Inc(AMem);
PCardinal(AMem)^ := ANum;
Inc(AMem, 4);
end;
procedure XorEaxNum32(var AMem: PByte; ANum: Cardinal);
begin
AMem^ := $35;
Inc(AMem);
PCardinal(AMem)^ := ANum;
Inc(AMem, 4);
end;
procedure AddReg32Num32(var AMem: PByte; AReg: Byte; ANum: Cardinal);
begin
AMem^ := $81;
Inc(AMem);
AMem^ := $C0 + AReg;
Inc(AMem);
PCardinal(AMem)^ := ANum;
Inc(AMem, 4);
end;
procedure OrReg32Num32(var AMem: PByte; AReg: Byte; ANum: Cardinal);
begin
AMem^ := $81;
Inc(AMem);
AMem^ := $C8 + AReg;
Inc(AMem);
PCardinal(AMem)^ := ANum;
Inc(AMem, 4);
end;
procedure AndReg32Num32(var AMem: PByte; AReg: Byte; ANum: Cardinal);
begin
AMem^ := $81;
Inc(AMem);
AMem^ := $E0 + AReg;
Inc(AMem);
PCardinal(AMem)^ := ANum;
Inc(AMem, 4);
end;
procedure SubReg32Num32(var AMem: PByte; AReg: Byte; ANum: Cardinal);
begin
AMem^ := $81;
Inc(AMem);
AMem^ := $E8 + AReg;
Inc(AMem);
PCardinal(AMem)^ := ANum;
Inc(AMem, 4);
end;
procedure XorReg32Num32(var AMem: PByte; AReg: Byte; ANum: Cardinal);
begin
AMem^ := $81;
Inc(AMem);
AMem^ := $F0 + AReg;
Inc(AMem);
PCardinal(AMem)^ := ANum;
Inc(AMem, 4);
end;
procedure XorReg32Reg32(var AMem: PByte; AReg1, AReg2: Byte);
begin
AMem^ := $31;
Inc(AMem);
AMem^ := $C0+AReg2 * 8 + AReg1;
Inc(AMem);
end;
function XorReg32RegMem(var AMem: PByte; AReg1, AReg2: Byte): Byte;
begin
Result := 2;
AMem^ := $33;
Inc(AMem);
if AReg2 = REG_EBP then
begin
Inc(Result);
AMem^ := AReg1 * 8 + $45;
Inc(AMem);
AMem^ := $00;
end else
AMem^ := AReg1 * 8 + AReg2;
Inc(AMem);
if AReg2 = REG_ESP then
begin
Inc(Result);
AMem^ := $24;
Inc(AMem);
end;
end;
function XorRegMemReg32(var AMem: PByte; AReg1, AReg2: Byte): Byte;
begin
Result := 2;
AMem^ := $31;
Inc(AMem);
if AReg1 = REG_EBP then
begin
Inc(Result);
AMem^ := AReg2 * 8 + $45;
Inc(AMem);
AMem^ := $00;
end else
AMem^ := AReg2 * 8 + AReg1;
Inc(AMem);
if AReg1 = REG_ESP then
begin
Inc(Result);
AMem^ := $24;
Inc(AMem);
end;
end;
procedure CmpReg32Num32(var AMem: PByte; AReg: Byte; ANum: Cardinal);
begin
AMem^ := $81;
Inc(AMem);
AMem^ := $F8 + AReg;
Inc(AMem);
PCardinal(AMem)^ := ANum;
Inc(AMem,4);
end;
function TestReg32Num32(var AMem: PByte; AReg: Byte; ANum: Cardinal): Byte;
begin
if AReg = REG_EAX then
ThrowTheDice(Result, 2)
else
Result := 2;
Inc(Result, 4);
if Result = 6 then
begin
AMem^ := $F7;
Inc(AMem);
AMem^ := $C0 + AReg;
Inc(AMem);
PCardinal(AMem)^ := ANum;
Inc(AMem, 4);
end else
TestEaxNum32(AMem, ANum);
end;
procedure TestReg32Reg32(var AMem: PByte; AReg1, AReg2: Byte);
begin
AMem^ := $85;
Inc(AMem);
AMem^ := AReg2 * 8 + AReg1 + $C0;
Inc(AMem);
end;
function TestRegMemNum32(var AMem: PByte; AReg: Byte; ANum: Cardinal): Byte;
begin
Result := 6;
AMem^ := $F7;
Inc(AMem);
if AReg = REG_EBP then
begin
Inc(Result);
AMem^ := $45;
Inc(AMem);
AMem^ := $00;
end else
AMem^ := AReg;
Inc(AMem);
if AReg = REG_ESP then
begin
Inc(Result);
AMem^ := $24;
Inc(AMem);
end;
PCardinal(AMem)^ := ANum;
Inc(AMem,4);
end;
procedure AddReg32RandNum32(var AMem: PByte; ANum: Cardinal);
begin
AddReg32Num32(AMem, RandomReg32All, ANum);
end;
procedure OrReg32RandNum32(var AMem: PByte; ANum: Cardinal);
begin
OrReg32Num32(AMem, RandomReg32All, ANum);
end;
procedure AndReg32RandNum32(var AMem: PByte; ANum: Cardinal);
begin
AndReg32Num32(AMem, RandomReg32All, ANum);
end;
procedure SubReg32RandNum32(var AMem: PByte; ANum: Cardinal);
begin
SubReg32Num32(AMem, RandomReg32All, ANum);
end;
procedure XorReg32RandNum32(var AMem: PByte; ANum: Cardinal);
begin
XorReg32Num32(AMem, RandomReg32All, ANum);
end;
procedure CmpReg32RandNum32Rand(var AMem: PByte);
begin
CmpReg32Num32(AMem, RandomReg32All, Random($FFFFFFFF));
end;
procedure TestReg32RandNum32Rand6(var AMem: PByte);
var
LLen: Byte;
begin
LLen := TestReg32Num32(AMem, RandomReg32All, Random($FFFFFFFF));
if LLen = 5 then
begin
AMem^ := $90;
Inc(AMem);
end;
end;
procedure MovReg32Num32Rand(var AMem: PByte; AReg: Byte);
begin
MovReg32Num32(AMem, AReg, Random($FFFFFFFF));
end;
procedure MovReg16Num16(var AMem: PByte; AReg: Byte; ANum: Word);
begin
AMem^ := $66;
Inc(AMem);
AMem^ := $B8 + AReg;
Inc(AMem);
PWord(AMem)^ := ANum;
Inc(AMem,2);
end;
procedure MovReg16Num16Rand(var AMem: PByte; AReg: Byte);
begin
MovReg16Num16(AMem, AReg, Random($10000));
end;
procedure GenerateRubbishCode(AMem: Pointer; ASize, AVirtAddr: Cardinal); stdcall;
procedure InsertRandomInstruction(var AMem:PByte; ALength: Byte; var ARemaining: Cardinal);
var
LRegAny: Byte;
LMaxDice,LXRem: Cardinal;
begin
case ALength of
1:
begin
ThrowTheDice(LMaxDice, 50);
case LMaxDice of
001..010: Cld(AMem);
011..020: Nop(AMem);
021..030: Stc(AMem);
031..040: Clc(AMem);
041..050: Cmc(AMem);
end;
end;
2:
begin
ThrowTheDice(LMaxDice, 145);
case LMaxDice of
001..010: XchgReg32Rand(AMem);
011..020: MovReg32Rand(AMem);
021..030:
begin
LRegAny := IncReg32Rand(AMem);
DecReg32(AMem, LRegAny);
end;
031..040:
begin
LRegAny := DecReg32Rand(AMem);
IncReg32(AMem, LRegAny);
end;
041..050:
begin
LRegAny := PushReg32Rand(AMem);
PopReg32(AMem, LRegAny);
end;
051..060: LeaReg32Rand(AMem);
061..070: TestReg32Rand(AMem);
071..080: OrReg32Rand(AMem);
081..090: AndReg32Rand(AMem);
091..100: TestReg8Rand(AMem);
101..110: OrReg8Rand(AMem);
111..120: AndReg8Rand(AMem);
121..130: CmpRegRegNum8Rand(AMem);
131..132:
begin
Std(AMem);
Cld(AMem);
end;
133..134: JmpNum8(AMem, 0);
135..138: SubAlNum8(AMem, 0);
139..140: TestAlNum8Rand(AMem);
141..142: AddAlNum8(AMem, 0);
143..145: FNop(AMem);
end;
end;
3:
begin
ThrowTheDice(LMaxDice, 205);
case LMaxDice of
001..010:
begin
JmpNum8(AMem, 1);
InsertRandomInstruction(AMem, 1, LXRem);
end;
011..020: SubReg32Num8Rand(AMem, 0);
021..030: AddReg32Num8Rand(AMem, 0);
031..040:
begin
LRegAny := PushReg32Rand(AMem);
IncReg32(AMem, LRegAny);
PopReg32(AMem, LRegAny);
end;
041..050:
begin
LRegAny := PushReg32Rand(AMem);
DecReg32(AMem, LRegAny);
PopReg32(AMem, LRegAny);
end;
051..060: CmpRandReg32RandNum8(AMem);
061..070: TestReg8Num8Rand(AMem);
071..080: SubReg8Num8Rand(AMem,0);
081..090: AddReg8Num8Rand(AMem,0);
091..100: AndReg16Rand(AMem);
101..110: TestReg16Rand(AMem);
111..120: OrReg16Rand(AMem);
121..130: ShlReg32RandNum8FullRand(AMem);
131..140: ShrReg32RandNum8FullRand(AMem);
141..150: SalReg32RandNum8FullRand(AMem);
151..160: SarReg32RandNum8FullRand(AMem);
161..170: RolReg8RandNum8FullRand(AMem);
171..180: RorReg8RandNum8FullRand(AMem);
181..190: RolReg32RandNum8FullRand(AMem);
191..200: RorReg32RandNum8FullRand(AMem);
201..203:
begin
PushReg32(AMem, REG_EDX);
Cdq(AMem);
PopReg32(AMem, REG_EDX);
end;
204..205:
begin
LRegAny := PushReg32Rand(AMem);
InsertRandomInstruction(AMem, 1, LXRem);
PopReg32(AMem, LRegAny);
end;
end;
end;
4:
begin
ThrowTheDice(LMaxDice, 170);
case LMaxDice of
001..020:
begin
JmpNum8(AMem, 2);
InsertRandomInstruction(AMem, 2, LXRem);
end;
021..040:
begin
LRegAny := PushReg32Rand(AMem);
InsertRandomInstruction(AMem, 2, LXRem);
PopReg32(AMem, LRegAny);
end;
041..050: TestAxNum16Rand(AMem);
051..060: CmpAxNum16Rand(AMem);
061..063: DoubleXorRand(AMem);
064..066: DoubleNegRand(AMem);
067..070: DoubleNotRand(AMem);
071..080: AddReg16Num8Rand(AMem, 0);
081..090: OrReg16Num8Rand(AMem, 0);
091..100: AndReg16Num8Rand(AMem, $FF);
101..110: SubReg16Num8Rand(AMem, 0);
111..120: XorReg16Num8Rand(AMem, 0);
121..130: CmpReg16Num8RandRand(AMem);
131..140: RolReg16RandNum8FullRand(AMem);
141..150: RorReg16RandNum8FullRand(AMem);
151..155: DoubleXchgRand(AMem);
156..160:
begin
LRegAny := PushReg32Rand(AMem);
MovReg32Reg32Rand(AMem,LRegAny);
PopReg32(AMem, LRegAny);
end;
161..170:
begin
PushReg32Rand(AMem);
AddReg32Num8(AMem, REG_ESP, 4);
end;
end;
end;
5:
begin
ThrowTheDice(LMaxDice, 150);
case LMaxDice of
001..030:
begin
JmpNum8(AMem, 3);
InsertRandomInstruction(AMem, 3, LXRem);
end;
031..060:
begin
LRegAny := PushReg32Rand(AMem);
InsertRandomInstruction(AMem, 3, LXRem);
PopReg32(AMem, LRegAny);
end;
061..070:
begin
LRegAny := PushReg32Rand(AMem);
PushNum8Rand(AMem);
PopReg32(AMem, LRegAny);
PopReg32(AMem, LRegAny);
end;
071..080:
begin
PushNum8Rand(AMem);
AddReg32Num8(AMem, REG_ESP, 4);
end;
081..090: AddEaxNum32(AMem, 0);
091..100: OrEaxNum32(AMem, 0);
101..110: AndEaxNum32(AMem, $FFFFFFFF);
111..120: SubEaxNum32(AMem, 0);
121..130: XorEaxNum32(AMem, 0);
131..140: CmpEaxNum32Rand(AMem);
141..150: TestEaxNum32Rand(AMem);
end;
end;
6:
begin
ThrowTheDice(LMaxDice, 161);
case LMaxDice of
001..040:
begin
JmpNum8(AMem, 4);
InsertRandomInstruction(AMem, 4, LXRem);
end;
041..080:
begin
LRegAny := PushReg32Rand(AMem);
InsertRandomInstruction(AMem, 4, LXRem);
PopReg32(AMem, LRegAny);
end;
081..090: AddReg32RandNum32(AMem, 0);
091..100: OrReg32RandNum32(AMem, 0);
101..110: AndReg32RandNum32(AMem, $FFFFFFFF);
111..120: SubReg32RandNum32(AMem, 0);
121..130: XorReg32RandNum32(AMem, 0);
131..140: CmpReg32RandNum32Rand(AMem);
141..150: TestReg32RandNum32Rand6(AMem);
151..161:
begin
LRegAny := PushReg32Rand(AMem);
MovReg16Num16Rand(AMem, LRegAny);
PopReg32(AMem, LRegAny);
end;
end;
end;
7:
begin
ThrowTheDice(LMaxDice, 110);
case LMaxDice of
001..050:
begin
JmpNum8(AMem, 5);
InsertRandomInstruction(AMem, 5, LXRem);
end;
051..100:
begin
LRegAny := PushReg32Rand(AMem);
InsertRandomInstruction(AMem, 5, LXRem);
PopReg32(AMem, LRegAny);
end;
101..110:
begin
LRegAny := PushReg32Rand(AMem);
MovReg32Num32Rand(AMem, LRegAny);
PopReg32(AMem, LRegAny);
end;
end;
end;
8:
begin
ThrowTheDice(LMaxDice, 120);
case LMaxDice of
001..060:
begin
JmpNum8(AMem, 6);
InsertRandomInstruction(AMem, 6, LXRem);
end;
061..120:
begin
LRegAny := PushReg32Rand(AMem);
InsertRandomInstruction(AMem, 6, LXRem);
PopReg32(AMem, LRegAny);
end;
end;
end;
9..10:
begin
ThrowTheDice(LMaxDice, 200);
case LMaxDice of
001..100:
begin
JmpNum8(AMem, ALength - 2);
InsertRandomInstruction(AMem, ALength - 2, LXRem);
end;
101..200:
begin
LRegAny := PushReg32Rand(AMem);
InsertRandomInstruction(AMem, ALength - 2, LXRem);
PopReg32(AMem, LRegAny);
end;
end;
end;
end;
if ALength < 11 then Dec(ARemaining, ALength);
end;
var
LPB: PByte;
LReg: Byte;
LDice, LDecSize, LSize, LAddr: Cardinal;
begin
LPB := AMem;
LSize := ASize;
while LSize > 0 do
begin
ThrowTheDice(LDice, 6);
if LSize < 32 then LDice := 1;
if AVirtAddr = 0 then LDice := 1;
if LDice < 6 then
begin
ThrowTheDice(LDice, LSize * 100);
if LSize = 1 then LDice := 1;
case LDice of
001..002: InsertRandomInstruction(LPB, 1, LSize);
101..104: InsertRandomInstruction(LPB, 2, LSize);
201..208: InsertRandomInstruction(LPB, 3, LSize);
301..316: InsertRandomInstruction(LPB, 4, LSize);
401..432: InsertRandomInstruction(LPB, 5, LSize);
501..564: InsertRandomInstruction(LPB, 6, LSize);
else InsertRandomInstruction(LPB, (LDice + 99) div 100, LSize);
end;
end else begin
ThrowTheDice(LDice, 63);
if LDice < 57 then
LDecSize := LSize
else
LDecSize := 0;
case LDice of
1..18:
begin
RelJmpAddr32(LPB, LSize - 5);
PutRandomBuffer(LPB, LSize - 5);
end;
19..37:
begin
LReg := PushReg32Rand(LPB);
ThrowTheDice(LDice);
if LDice > 3 then
LAddr := LSize - 8
else
LAddr := LSize - 10;
RelCallAddr(LPB,LAddr);
PutRandomBuffer(LPB,LAddr);
if LDice > 3 then
PopReg32(LPB, LReg)
else
AddReg32Num8(LPB, REG_ESP, 4);
PopReg32(LPB, LReg);
end;
38..56:
begin
if LSize-3 < $7D then
LAddr := LSize - 4
else
LAddr := $7C;
LAddr := Random(LAddr) + 2;
LoopNum8(LPB, LAddr);
JecxzNum8(LPB, LAddr - 2);
PutRandomBuffer(LPB, LAddr - 2);
IncReg32(LPB, REG_ECX);
LDecSize := LAddr + 3;
end;
57..63:
begin
if LSize - 7 < $7D then
LAddr := LSize - 7
else
LAddr := $75;
LAddr := Random(LAddr) + 3;
PushReg32(LPB, REG_ECX);
MovzxEcxCl(LPB);
GenerateRubbishCode(LPB, LAddr - 3, 0);
Inc(LPB, LAddr - 3);
LoopNum8(LPB, $FE - LAddr);
PopReg32(LPB, REG_ECX);
LDecSize := LAddr + 4;
end;
end;
Dec(LSize, LDecSize);
end;
end;
end;
exports
GenerateRubbishCode;
begin
Randomize;
end.
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -