qengine 1.1.1.3

This qengine release addresses a bug, in which qengine attempted to call VirtualProtect(), subsequent to wiping the IAT, and before restoring the IAT, causing an invalid address calculation and attempt to direct the PC to an invalid KM region.

Other small changes / fixes include:

• Removal of invalid std::move() usage on const locals / arguments inside qtype_hash
• Changed __singleton (__declspec(noinline)) to __symbolic for readability and precision in terms of visualizing compiler output.
  Thank you all for bearing with me as i improve qengine and get it to where i want it to be.
• Fixed QSTR() underlying object failing to decrypt string upon get() explicit call

qengine 1.1.1.2

--> This qengine update addresses an issue introduced with qengine 1.1.1.0, which caused the qgen class to fail generating any unique machine code in some cases, instead only generating NOP instructions and likewise a potential detection vector.

The previous update essentially changed the RNG engine used to generate junk code and i had to revert it to the old format to restore proper functionality.

--> The qengine update also includes several new features, the 2 main ones you will be concerned with are:

// This just removes the const-qualifier from the qimutexpr macro, so as the result may be modified once decrypted
#define qmutexpr(TYPE, NAME, VALUE) static TYPE NAME = static_cast<TYPE>(qengine::qtype_obj<TYPE>(QXOR(VALUE)))

// Decryption routine is inlined by compiler into entrypoint as a proxy to the actual constant, executed only once
#define qimutexpr(TYPE, NAME, VALUE) static imut TYPE NAME = static_cast<TYPE>(qengine::qtype_obj<TYPE>(static_cast<TYPE>(QXOR(VALUE))))

// The decrypted object won't live beyond inlined stackframe unless manual assignment operation occurs
#define qimutexpr_stack(TYPE, NAME, VALUE) static qengine::qtype_obj<TYPE> NAME(QXOR(VALUE))

Likewise, the main reason i made the class and Macro's was because i discovered an unexpected detection vector for qengine.

Certain compiler's (MSVC is the one i noticed with) & with recommended optimization settings, would inline QHASH algorithm constants aggressively and directly into the output machine code.

This created a potential detection vector, and a nasty one which i would hope was not noticed, as i have heard nil of it's presence until i thought if it and checked.
Nevertheless, qimutexpr resolved this issue entirely and the detection vector is gone for good.

--> Lastly, this qengine update altered the namespacing behind the Inline Hook Scanner class from

qhook::qhook_util

to

qhook::qhook_dtc_util

As result of development of features to be introduced in the upcoming qengine update.

Thank you all for bearing with me as i power through the varying bugs which have come up in qengine over time, things have been rough recently but i refuse to give up on this project as it means something to me.

qengine 1.1.1.0

qengine 1.1.1.0 addresses several bugs in the engine and further optimizations of the codebase, alongside changes to the functionality of the Inline hook scanner, and the PE header / SCN_CODE_EXECUTE manipulation class.

• Appended qxx_bool types for those who prefer polar arithmetic as opposed to integral types for flags

• Appended qxx_struct types, allowing users to wrap their self-defined structures inside of qengines inlined algorithm and achieve similar results to the primitive qengine type wrappers.

• The updated polyc algorithm in which Pointer entries to the master table were corrupted due to register-optimization in certain qe_ and qeh_ series types (fixed with volatile globals).

• Updated and standardized the entire syntax of the project, conforming engine to the prescribed modifier aliases for the project:

:: REMEMBER THE BELOW ALIASES WHEN READING QENGINE'S SOURCE :: ->
-> imut = const
-> mut = mutable
-> imut_cast = const_cast
-> noregister = volatile
-> volatile_cast = const_cast
-> c_void = void*

• Updated Inline hook scanning class to remove multi-threaded hook scan feature -
  The feature ate unnecessary resources for those using it, and seeing that the only time worth scanning for a hook would be before calling the function in question, the class has been modified to the following single-threaded calling format:

const std::size_t function_length = qengine::qhook::qhook_util::analyze_fn_length( & METHOD_NAME );

qengine::qhook::qhook_detection_t* detection_result;

if (detection_result = qengine::qhook::qhook_util::analyze_fn_hook_presence( & METHOD_NAME, function_length)){

    // non-null return value indicates the presence of inline hook leaving module address space
}

• Updated, optimized, and renamed / appended functions to the class. It still functions as it used to for the most part but here is the new example project of PE manipulation with the correct OOP

qmorph::qdisasm::qsection_assembler sec{ }; 	// Initialize qengine's PE manipulation object

sec.analyze_executable_sections();                         // Perform initial analysis on PE headers / sections
sec.morph_executable_sections(true);                   //  Perform instruction mutation
sec.wipe_idata_ilt();                                                // Wipe the ILT and .idata ection, preserve the IAT
sec.wipe_basereloc();                                             // Wipe basereloc section, if module unable to allocate preferred base
sec.wipe_section_headers();                                  // Wipe section headers
sec.scramble_dos_header();                                  // Wipe dos + NT header fields LAST
sec.scramble_nt_header();                                    //

qengine 1.1.0.2

this qengine update addresses bugs inside of the polyc algorithm and updates qualifier references to local variables in the qxx_ series of obfuscated objects.

qengine 1.1.0.1

major update to qengine:

• fixed bugs with architecture-dependent typenaming in some places which was not consistent.

• fixed several bugs with the polyc algorithm which in many cases, broke it

• new keywords to watch for if reading the source are "mut" (mutable) and "imut" (const) - just makes things easier to read and write for myself within the engine. you by no means need to use these.

qengine 1.0.0.3

updates to qengine across the board in terms of syntax and compiler verbosity (explicitness), dozens of bug fixes and performance optimizations.

qengine 1.0.0.2

Initial release of qengine 1.0.0.2, naming conventions, code syntax, std-compliance and typedefs / instance type declarators have been updated to provide more versatile and effecient output.

qengine 1.0.0.1

qengine integrated the ASMJIT library in this release, allowing for more in-depth obfuscation of the .text section by allowing us to generate random machine code at runtime as opposed to a more static mutation approach which was used in the old version.

expirimental support for function hooking added (emphasis on the word, "expirimental" - it is currently performance-heavier than i would like)

qengine 1.0.0.0

Initial public release of the qengine library