Skip to content

qengine 1.1.1.2
Compare
Choose a tag to compare
@Chemiculs Chemiculs released this 20 Jul 01:57
· 14 commits to main since this release
1.1.1.2
f5a2d3c
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

--> This qengine update addresses an issue introduced with qengine 1.1.1.0, which caused the qgen class to fail generating any unique machine code in some cases, instead only generating NOP instructions and likewise a potential detection vector.

The previous update essentially changed the RNG engine used to generate junk code and i had to revert it to the old format to restore proper functionality.

--> The qengine update also includes several new features, the 2 main ones you will be concerned with are:

// This just removes the const-qualifier from the qimutexpr macro, so as the result may be modified once decrypted
#define qmutexpr(TYPE, NAME, VALUE) static TYPE NAME = static_cast<TYPE>(qengine::qtype_obj<TYPE>(QXOR(VALUE)))

// Decryption routine is inlined by compiler into entrypoint as a proxy to the actual constant, executed only once
#define qimutexpr(TYPE, NAME, VALUE) static imut TYPE NAME = static_cast<TYPE>(qengine::qtype_obj<TYPE>(static_cast<TYPE>(QXOR(VALUE))))

// The decrypted object won't live beyond inlined stackframe unless manual assignment operation occurs
#define qimutexpr_stack(TYPE, NAME, VALUE) static qengine::qtype_obj<TYPE> NAME(QXOR(VALUE))

Likewise, the main reason i made the class and Macro's was because i discovered an unexpected detection vector for qengine.

Certain compiler's (MSVC is the one i noticed with) & with recommended optimization settings, would inline QHASH algorithm constants aggressively and directly into the output machine code.

This created a potential detection vector, and a nasty one which i would hope was not noticed, as i have heard nil of it's presence until i thought if it and checked.
Nevertheless, qimutexpr resolved this issue entirely and the detection vector is gone for good.

--> Lastly, this qengine update altered the namespacing behind the Inline Hook Scanner class from

qhook::qhook_util

to

qhook::qhook_dtc_util

As result of development of features to be introduced in the upcoming qengine update.

Thank you all for bearing with me as i power through the varying bugs which have come up in qengine over time, things have been rough recently but i refuse to give up on this project as it means something to me.

Assets 2
Loading