add new stuff to obfus.h

[BJNFNE]

No description provided.

[Copilot]

Pull request overview

Adds additional obfuscation “fake section” data and expands the set of proxied/wrapped APIs in obfus.h.

Changes:

• Add a new fake section marker (MacroMix).
• Add a new CRT proxy wrapper for fflush.
• Add additional WinAPI wrapper macros (CopyFile, CriticalSection APIs, and registry key APIs).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

These CriticalSection wrappers pass LPCRITICAL_SECTION through obfh_int_proxy, which is int obfh_int_proxy(int value). That forces pointer→int→pointer conversions (and truncation on 64-bit), risking crashes/UB. Introduce a pointer-sized proxy (e.g., using uintptr_t/intptr_t) or at least cast via uintptr_t so pointer arguments are preserved on x86_64.

Suggested change

	InitializeCriticalSection(obfh_int_proxy(lpCriticalSection))
	#define EnterCriticalSection(lpCriticalSection) \
	EnterCriticalSection(obfh_int_proxy(lpCriticalSection))
	#define LeaveCriticalSection(lpCriticalSection) \
	LeaveCriticalSection(obfh_int_proxy(lpCriticalSection))
	#define DeleteCriticalSection(lpCriticalSection) \
	DeleteCriticalSection(obfh_int_proxy(lpCriticalSection))
	InitializeCriticalSection(lpCriticalSection)
	#define EnterCriticalSection(lpCriticalSection) \
	EnterCriticalSection(lpCriticalSection)
	#define LeaveCriticalSection(lpCriticalSection) \
	LeaveCriticalSection(lpCriticalSection)
	#define DeleteCriticalSection(lpCriticalSection) \
	DeleteCriticalSection(lpCriticalSection)

[Copilot]

The registry wrappers (RegCloseKey / RegOpenKeyA / RegCreateKeyA) also route handle/pointer parameters through obfh_int_proxy (an int), which can truncate HKEY/pointer values on 64-bit and yields incorrect argument types. Use a pointer-sized proxy type (e.g., uintptr_t) for these parameters (and/or avoid proxying pointer/handle values through an int helper).

Suggested change

	RegCloseKey(obfh_int_proxy(hKey))
	#define RegOpenKeyA(hKey, lpSubKey, phkResult) \
	RegOpenKeyA(obfh_int_proxy(hKey), obfh_int_proxy(lpSubKey), obfh_int_proxy(phkResult))
	#define RegCreateKeyA(hKey, lpSubKey, phkResult) \
	RegCreateKeyA(obfh_int_proxy(hKey), obfh_int_proxy(lpSubKey), obfh_int_proxy(phkResult))
	RegCloseKey(hKey)
	#define RegOpenKeyA(hKey, lpSubKey, phkResult) \
	RegOpenKeyA(hKey, lpSubKey, phkResult)
	#define RegCreateKeyA(hKey, lpSubKey, phkResult) \
	RegCreateKeyA(hKey, lpSubKey, phkResult)

[Copilot]

The fflush proxy macro casts GetProcAddress to size_t(*)() and returns a size_t, but the C runtime fflush signature is int fflush(FILE*). This mismatch can lead to incorrect return values and, on some ABIs, undefined behavior from calling a function through an incompatible function-pointer type. Update the cast/typedef to match int (*)(FILE*) (and include the parameter list) so calls are type-correct.

Suggested change

	#define fflush(...) ((size_t(*)())GetProcAddress(LoadLibraryA_proxy(getStdLibName_proxy()), getFflushName_proxy()))(__VA_ARGS__)
	#define fflush(stream) ((int (*)(FILE *))GetProcAddress(LoadLibraryA_proxy(getStdLibName_proxy()), getFflushName_proxy()))(stream)

[Copilot]

CopyFile on Windows takes 3 parameters (lpExistingFileName, lpNewFileName, bFailIfExists) and is commonly a macro mapping to CopyFileA/W. This new 2-argument macro will break callers that pass the third parameter and may also interfere with the CopyFile macro from Windows headers. Consider wrapping CopyFileA (or CopyFileW) with the correct 3-arg signature, or expose a separate CopyFile_proxy name to avoid colliding with the Windows macro.

Suggested change

	#define CopyFile(lpExistingFileName, lpNewFileName) \
	CopyFile(obfh_int_proxy(lpExistingFileName), obfh_int_proxy(lpNewFileName))
	#undef CopyFile
	#define CopyFile(lpExistingFileName, lpNewFileName, bFailIfExists) \
	CopyFileA(obfh_int_proxy(lpExistingFileName), obfh_int_proxy(lpNewFileName), obfh_int_proxy(bFailIfExists))