This repository has been archived by the owner on Sep 16, 2024. It is now read-only.
forked from HikariObfuscator/Hanabi
-
Notifications
You must be signed in to change notification settings - Fork 26
/
Copy pathLoader.cpp
69 lines (63 loc) · 2.54 KB
/
Loader.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
// For open-source license, please refer to
// [License](https://github.com/HikariObfuscator/Hikari/wiki/License).
#include "dobby.h"
#include <llvm/Config/abi-breaking.h>
#include <llvm/IR/LegacyPassManager.h>
#include <llvm/IR/PassManager.h>
#include <llvm/Transforms/Obfuscation/Obfuscation.h>
#include <mach-o/dyld.h>
#include <string>
#include <sys/sysctl.h>
#if LLVM_ENABLE_ABI_BREAKING_CHECKS
#error "Configure LLVM with -DLLVM_ABI_BREAKING_CHECKS=FORCE_OFF"
#endif
using namespace llvm;
void (*old_pmb)(void *dis, legacy::PassManagerBase &MPM);
static void new_pmb(void *dis, legacy::PassManagerBase &MPM) {
MPM.add(createObfuscationLegacyPass());
old_pmb(dis, MPM);
}
ModulePassManager (*old_bo0dp)(void *Level, bool LTOPreLink);
static ModulePassManager new_bo0dp(void *Level, bool LTOPreLink) {
ModulePassManager MPM = old_bo0dp(Level, LTOPreLink);
MPM.addPass(ObfuscationPass());
return MPM;
}
ModulePassManager (*old_bpmdp)(void *Level, bool LTOPreLink);
static ModulePassManager new_bpmdp(void *Level, bool LTOPreLink) {
ModulePassManager MPM = old_bpmdp(Level, LTOPreLink);
MPM.addPass(ObfuscationPass());
return MPM;
}
static __attribute__((__constructor__)) void Inj3c73d(int argc, char *argv[]) {
char *executablePath = argv[0];
// Initialize our own LLVM Library
if (strstr(executablePath, "swift"))
errs() << "Applying Apple SwiftC Hooks...\n";
else
errs() << "Applying Apple Clang Hooks...\n";
#if defined(__x86_64__)
int ret = 0;
size_t size = sizeof(ret);
if (sysctlbyname("sysctl.proc_translated", &ret, &size, NULL, 0) != -1 &&
ret == 1)
errs() << "[Hanabi] Looks like you are currently running the process in "
"Rosetta 2 mode, which will prevent DobbyHook from "
"working.\nPlease close it.\n";
#endif
DobbyHook(DobbySymbolResolver(
executablePath,
"__ZN4llvm18PassManagerBuilder25populateModulePassManagerERNS_"
"6legacy15PassManagerBaseE"),
(dobby_dummy_func_t)new_pmb, (dobby_dummy_func_t *)&old_pmb);
DobbyHook(
DobbySymbolResolver(executablePath,
"__ZN4llvm11PassBuilder22buildO0DefaultPipelineENS_"
"17OptimizationLevelEb"),
(dobby_dummy_func_t)new_bo0dp, (dobby_dummy_func_t *)&old_bo0dp);
DobbyHook(DobbySymbolResolver(
executablePath,
"__ZN4llvm11PassBuilder29buildPerModuleDefaultPipelineENS_"
"17OptimizationLevelEb"),
(dobby_dummy_func_t)new_bpmdp, (dobby_dummy_func_t *)&old_bpmdp);
}