Skip to content

add new stuff to obfus.h #23

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
BJNFNE wants to merge 1 commit into
base: main
Choose a base branch
from
Open

add new stuff to obfus.h #23

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 33 additions & 0 deletions include/obfus.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1092,6 +1092,15 @@ char *getFwriteName_proxy() {
}
#define fwrite(...) ((size_t(*)())GetProcAddress(LoadLibraryA_proxy(getStdLibName_proxy()), getFwriteName_proxy()))(__VA_ARGS__)

// fflush
char *getFflushName_proxy() {
BREAK_STACK_1;
FAKE_CPUID;
return "fflush";
// return ({ char result[32]; sprintf(result, getCharMask(_6), _f, _f, _l, _u, _s, _h); result; });
}
#define fflush(...) ((size_t(*)())GetProcAddress(LoadLibraryA_proxy(getStdLibName_proxy()), getFflushName_proxy()))(__VA_ARGS__)

Copilot AI Feb 15, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The fflush proxy macro casts GetProcAddress to size_t(*)() and returns a size_t, but the C runtime fflush signature is int fflush(FILE*). This mismatch can lead to incorrect return values and, on some ABIs, undefined behavior from calling a function through an incompatible function-pointer type. Update the cast/typedef to match int (*)(FILE*) (and include the parameter list) so calls are type-correct.

Suggested change
#define fflush(...) ((size_t(*)())GetProcAddress(LoadLibraryA_proxy(getStdLibName_proxy()), getFflushName_proxy()))(__VA_ARGS__)
#define fflush(stream) ((int (*)(FILE *))GetProcAddress(LoadLibraryA_proxy(getStdLibName_proxy()), getFflushName_proxy()))(stream)

Copilot uses AI. Check for mistakes.

// exit
char *getExitName_proxy() {
BREAK_STACK_1;
Expand Down Expand Up @@ -1295,6 +1304,9 @@ int toupper_proxy(int c) OBFH_SECTION_ATTRIBUTE {
#define ReadFile(hFile, lpBuffer, nNumberOfBytesToRead, lpNumberOfBytesRead, lpOverlapped) \
ReadFile(obfh_int_proxy(hFile), obfh_int_proxy(lpBuffer), obfh_int_proxy(nNumberOfBytesToRead), obfh_int_proxy(lpNumberOfBytesRead), obfh_int_proxy(lpOverlapped))

#define CopyFile(lpExistingFileName, lpNewFileName) \
CopyFile(obfh_int_proxy(lpExistingFileName), obfh_int_proxy(lpNewFileName))
Comment on lines +1307 to +1308

Copilot AI Feb 15, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CopyFile on Windows takes 3 parameters (lpExistingFileName, lpNewFileName, bFailIfExists) and is commonly a macro mapping to CopyFileA/W. This new 2-argument macro will break callers that pass the third parameter and may also interfere with the CopyFile macro from Windows headers. Consider wrapping CopyFileA (or CopyFileW) with the correct 3-arg signature, or expose a separate CopyFile_proxy name to avoid colliding with the Windows macro.

Suggested change
#define CopyFile(lpExistingFileName, lpNewFileName) \
CopyFile(obfh_int_proxy(lpExistingFileName), obfh_int_proxy(lpNewFileName))
#undef CopyFile
#define CopyFile(lpExistingFileName, lpNewFileName, bFailIfExists) \
CopyFileA(obfh_int_proxy(lpExistingFileName), obfh_int_proxy(lpNewFileName), obfh_int_proxy(bFailIfExists))

Copilot uses AI. Check for mistakes.

#define WriteFile(hFile, lpBuffer, nNumberOfBytesToWrite, lpNumberOfBytesWritten, lpOverlapped) \
WriteFile(obfh_int_proxy(hFile), obfh_int_proxy(lpBuffer), obfh_int_proxy(nNumberOfBytesToWrite), obfh_int_proxy(lpNumberOfBytesWritten), obfh_int_proxy(lpOverlapped))

Expand Down Expand Up @@ -1354,6 +1366,27 @@ int toupper_proxy(int c) OBFH_SECTION_ATTRIBUTE {
#define ResetEvent(hEvent) \
ResetEvent(obfh_int_proxy(hEvent))

#define InitializeCriticalSection(lpCriticalSection) \
InitializeCriticalSection(obfh_int_proxy(lpCriticalSection))

#define EnterCriticalSection(lpCriticalSection) \
EnterCriticalSection(obfh_int_proxy(lpCriticalSection))

#define LeaveCriticalSection(lpCriticalSection) \
LeaveCriticalSection(obfh_int_proxy(lpCriticalSection))

#define DeleteCriticalSection(lpCriticalSection) \
DeleteCriticalSection(obfh_int_proxy(lpCriticalSection))
Comment on lines +1370 to +1379

Copilot AI Feb 15, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These CriticalSection wrappers pass LPCRITICAL_SECTION through obfh_int_proxy, which is int obfh_int_proxy(int value). That forces pointer→int→pointer conversions (and truncation on 64-bit), risking crashes/UB. Introduce a pointer-sized proxy (e.g., using uintptr_t/intptr_t) or at least cast via uintptr_t so pointer arguments are preserved on x86_64.

Suggested change
InitializeCriticalSection(obfh_int_proxy(lpCriticalSection))
#define EnterCriticalSection(lpCriticalSection) \
EnterCriticalSection(obfh_int_proxy(lpCriticalSection))
#define LeaveCriticalSection(lpCriticalSection) \
LeaveCriticalSection(obfh_int_proxy(lpCriticalSection))
#define DeleteCriticalSection(lpCriticalSection) \
DeleteCriticalSection(obfh_int_proxy(lpCriticalSection))
InitializeCriticalSection(lpCriticalSection)
#define EnterCriticalSection(lpCriticalSection) \
EnterCriticalSection(lpCriticalSection)
#define LeaveCriticalSection(lpCriticalSection) \
LeaveCriticalSection(lpCriticalSection)
#define DeleteCriticalSection(lpCriticalSection) \
DeleteCriticalSection(lpCriticalSection)

Copilot uses AI. Check for mistakes.

#define RegCloseKey(hKey) \
RegCloseKey(obfh_int_proxy(hKey))

#define RegOpenKeyA(hKey, lpSubKey, phkResult) \
RegOpenKeyA(obfh_int_proxy(hKey), obfh_int_proxy(lpSubKey), obfh_int_proxy(phkResult))

#define RegCreateKeyA(hKey, lpSubKey, phkResult) \
RegCreateKeyA(obfh_int_proxy(hKey), obfh_int_proxy(lpSubKey), obfh_int_proxy(phkResult))
Comment on lines +1382 to +1388

Copilot AI Feb 15, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The registry wrappers (RegCloseKey / RegOpenKeyA / RegCreateKeyA) also route handle/pointer parameters through obfh_int_proxy (an int), which can truncate HKEY/pointer values on 64-bit and yields incorrect argument types. Use a pointer-sized proxy type (e.g., uintptr_t) for these parameters (and/or avoid proxying pointer/handle values through an int helper).

Suggested change
RegCloseKey(obfh_int_proxy(hKey))
#define RegOpenKeyA(hKey, lpSubKey, phkResult) \
RegOpenKeyA(obfh_int_proxy(hKey), obfh_int_proxy(lpSubKey), obfh_int_proxy(phkResult))
#define RegCreateKeyA(hKey, lpSubKey, phkResult) \
RegCreateKeyA(obfh_int_proxy(hKey), obfh_int_proxy(lpSubKey), obfh_int_proxy(phkResult))
RegCloseKey(hKey)
#define RegOpenKeyA(hKey, lpSubKey, phkResult) \
RegOpenKeyA(hKey, lpSubKey, phkResult)
#define RegCreateKeyA(hKey, lpSubKey, phkResult) \
RegCreateKeyA(hKey, lpSubKey, phkResult)

Copilot uses AI. Check for mistakes.

#define WaitForMultipleObjects(nCount, lpHandles, bWaitAll, dwMilliseconds) WaitForMultipleObjects(obfh_int_proxy(nCount), obfh_int_proxy(lpHandles), obfh_int_proxy(bWaitAll), obfh_int_proxy(dwMilliseconds))

#define memmove(_Dst, _Src, _Size) memmove(_Dst, _Src, obfh_int_proxy(_Size *(TRUE + FALSE)))
Expand Down