虚拟机配置: 4g 40g
增加源
deb [arch=amd64] http://archive.ubuntu.com/ubuntu focal main universe
安装cmake
sudo apt-get install cmake -y
安装gcc8
sudo apt-get install gcc-8 g++-8 -y
切换为默认版本
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-8 100 --slave /usr/bin/g++ g++ /usr/bin/g++-8 --slave /usr/bin/gcov gcov /usr/bin/gcov-8
ollvm
git clone -b llvm-4.0 https://github.com/obfuscator-llvm/obfuscator.git
cd obfuscator/vim include/llvm/ExecutionEngine/Orc/OrcRemoteTargetClient.h
修改源码 char为uint8_t
Expected<std::vector<uint8_t>> readMem(char *Dst, JITTargetAddress Src,uint64_t Size) {// Check for an 'out-of-band' error, e.g. from an MM destructor.if (ExistingError)return std::move(ExistingError);return callB<ReadMem>(Src, Size);}
编译
mkdir build
cd build
cmake -DCMAKE_BUILD_TYPE=Release -DLLVM_INCLUDE_TESTS=OFF ../
make -j4
sudo make install
make失败了多试几次 内存拉大点
demo
#include <stdio.h>
#include <stdlib.h>int encryptFunc(int inputNum_1,int inputNum_2){int tmpNum_1 = 666, tmpNum_2 = 888, tmpNum_3 = 777;return tmpNum_1 ^ tmpNum_2 + tmpNum_3 * inputNum_1 - inputNum_2;
}int main(int argc,char *argv[]){int printNum = 55;if (argc > 1){printNum = encryptFunc(printNum, atoi(argv[1]));}else{printNum = encryptFunc(printNum, argc);}printf("Hello OLLVM %d\r\n", printNum);return 0;
}clang -mllvm -sub -mllvm -sub_loop=3 -mllvm -bcf -mllvm -bcf_loop=3 -mllvm -bcf_prob=40 -mllvm -fla -mllvm -split -mllvm -split_num=3 a.cpp -o a.exe
这样就实现了linux下elf文件的编译
那么假如我们想要windows的呢
windows OLLVM太鸡巴难配了 系统恢复之后就没配成功过了
那么我们需要minGW交叉编译
sudo apt-get install mingw-w64
安装完再次测试
clang -target x86_64-w64-windows-gnu -mllvm -sub -mllvm -sub_loop=3 -mllvm -bcf -mllvm -bcf_loop=3 -mllvm -bcf_prob=40 -mllvm -fla -mllvm -split -mllvm -split_num=3 a.cpp -o a.exe
报错 找不到啥几把路径
指定一下就好了
clang -target x86_64-w64-mingw32 -mllvm -sub -mllvm -sub_loop=3 -mllvm -bcf -mllvm -bcf_loop=3 -mllvm -bcf_prob=40 -mllvm -fla -mllvm -split -mllvm -split_num=3 -L /usr/lib/gcc/x86_64-w64-mingw32/10-posix/ a.cpp -o a.exe
混淆效果如下
证实可运行
:结构化工具对话、Self-Ask with Search以及 Plan and execute代理)
)
