Code virtualizer for compiled 64-bit portable executables.
- Parsing: Input file is parsed using the exe library.
- Disassembly: Using the iced-x86 library the section containing the entry point is disassembled into basic blocks.
- Conversion: Instructions are converted into a bytecode format that the runtime can interpret.
- Mutation: Instructions can be substituted with algebraically equivalent sequences using dead flag analysis to preserve correctness.
- Patching: Virtualized blocks are replaced with dispatch stubs that transfer control to the VM.
- Dispatch: When a virtualized block is executed, the dispatch stub transfers CPU state to the VM, which interprets the corresponding bytecode sequence.
- Handling: The VM maintains its own register state and shadow stack, executing bytecode through a interpreter with indirect dispatch to handler functions.
- Anti-Debug: Virtualized sequences are injected to specific VM blocks to hinder debugging.
cargo run --bin obfuscator -- <filename> --virtualize --mutate
- Fork it
- Create your branch (
git checkout -b my-change) - Commit your changes (
git commit -m "changed something") - Push to the branch (
git push origin my-change) - Create new pull request