From 823647fbe1366609c5a36b7389c43fe18fb2e8ef Mon Sep 17 00:00:00 2001
From: Wei Chen <wei_chen@rapid7.com>
Date: Mon, 25 Jun 2018 16:50:05 -0500
Subject: [PATCH] Add compile_random_c func && support optional func collection

---
 lib/metasploit/framework/compiler/windows.rb  | 22 +++++++++++++++++--
 .../obfuscation/crandomizer/parser.rb         |  2 +-
 .../crandomizer/random_statements.rb          |  2 +-
 tools/exploit/randomize_c.rb                  |  4 +---
 4 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/lib/metasploit/framework/compiler/windows.rb b/lib/metasploit/framework/compiler/windows.rb
index bf6f78c8fc..e019aaf1a4 100644
--- a/lib/metasploit/framework/compiler/windows.rb
+++ b/lib/metasploit/framework/compiler/windows.rb
@@ -2,6 +2,7 @@ require 'metasm'
 require 'erb'
 require 'metasploit/framework/compiler/utils'
 require 'metasploit/framework/compiler/headers/windows'
+require 'metasploit/framework/obfuscation/crandomizer'
 
 module Metasploit
   module Framework
@@ -13,7 +14,7 @@ module Metasploit
         #
         # @param c_template [String] The C source code to compile.
         # @param type [Symbol] PE type, either :exe or :dll
-        # @param cpu [Object] A Metasm cpu object, for example: Metasm::Ia32.new
+        # @param cpu [Metasm::CPU] A Metasm cpu object, for example: Metasm::Ia32.new
         # @raise [NotImplementedError] If the type is not supported.
         # @return [String] The compiled code.
         def self.compile_c(c_template, type=:exe, cpu=Metasm::Ia32.new)
@@ -36,12 +37,29 @@ module Metasploit
         # @param out_file [String] The file path to save the binary as.
         # @param c_template [String] The C source code to compile.
         # @param type [Symbol] PE type, either :exe or :dll
-        # @param cpu [Object] A Metasm cpu object, for example: Metasm::Ia32.new
+        # @param cpu [Metasm::CPU] A Metasm cpu object, for example: Metasm::Ia32.new
         # @return [Integer] The number of bytes written.
         def self.compile_c_to_file(out_file, c_template, type=:exe, cpu=Metasm::Ia32.new)
           pe = self.compile(c_template, type)
           File.write(out_file, pe)
         end
+
+        # Returns the binary of a randomized and compiled source code.
+        #
+        # @param c_template [String]
+        # 
+        # @raise [NotImplementedError] If the type is not supported.
+        # @return [String] The compiled code.
+        def self.compile_random_c(c_template, opts={})
+          type = opts[:type] || :exe
+          cpu = opts[:cpu] || Metasm::Ia32.new
+          fake_function_size = opts[:fake_function_size] || rand(0..3)
+          weight = opts[:random_weight] || 50
+          headers = Compiler::Headers::Windows.new
+          source_code = Compiler::Utils.normalize_code(c_template, headers)
+          randomizer = Metasploit::Framework::Obfuscation::CRandomizer::Parser.new(weight)
+          randomizer.parse(source_code)
+        end
       end
 
     end
diff --git a/lib/metasploit/framework/obfuscation/crandomizer/parser.rb b/lib/metasploit/framework/obfuscation/crandomizer/parser.rb
index d754deab92..453a910bd1 100644
--- a/lib/metasploit/framework/obfuscation/crandomizer/parser.rb
+++ b/lib/metasploit/framework/obfuscation/crandomizer/parser.rb
@@ -14,7 +14,7 @@ module Metasploit
           #
           # @param weight [Integer] Randomness of the code.
           # @param fake_functions [Metasploit::Framework::Obfuscation::CRandomizer::CodeFactory::FakeFunctionCollection]
-          def initialize(weight, fake_functions)
+          def initialize(weight, fake_functions=nil)
             @max_random_weight = weight
             @fake_functions_collection = fake_functions
           end
diff --git a/lib/metasploit/framework/obfuscation/crandomizer/random_statements.rb b/lib/metasploit/framework/obfuscation/crandomizer/random_statements.rb
index 3d4ff790ee..370f6c5472 100644
--- a/lib/metasploit/framework/obfuscation/crandomizer/random_statements.rb
+++ b/lib/metasploit/framework/obfuscation/crandomizer/random_statements.rb
@@ -22,7 +22,7 @@ module Metasploit
 
             # Only generate fake function calls when the function we are modifying isn't
             # from one of those fake functions (to avoid a recursion).
-            if s && !fake_function_collection.has_function_name?(s.var.name)
+            if s && fake_function_collection && !fake_function_collection.has_function_name?(s.var.name)
               @function_list << Proc.new { get_random_function_call }
             end
           end
diff --git a/tools/exploit/randomize_c.rb b/tools/exploit/randomize_c.rb
index dcd31f83bd..8590a9c336 100644
--- a/tools/exploit/randomize_c.rb
+++ b/tools/exploit/randomize_c.rb
@@ -14,8 +14,6 @@ template = %Q|
 
 void printf(const char*);
 
-#{fake_function_collection}
-
 void test() {
   printf(MSG);
 }
@@ -24,6 +22,6 @@ int main() {
   return 0;
 }|
 
-p = Metasploit::Framework::Obfuscation::CRandomizer::Parser.new(90, fake_function_collection)
+p = Metasploit::Framework::Obfuscation::CRandomizer::Parser.new(90)
 result = p.parse(template)
 puts result
\ No newline at end of file