Giters

fengjixuchui / EagleVM

WIP Native code virtualizer for x64 binaries

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

EagleProtect

Playground for generating virtual machine protected x64 assembly.

EagleVM

First instruction virtualized 2/13/2024!

Main protection application that virtualizes code.

EagleVMSandbox

Project for future testing on full binaries.

EagleVMStub

This is a DLL which is used in a project that needs to be protected. The EagleVM protector application searches for the usages of the stub imports to hollow the marked code sections and create virtualized code.

How it Works

Imports

Todo

Code Sections

Todo

PE VM Section

Todo

Potential Contributions

The project is difficult to maintain and develop solo, if you are looking to contribute I encourage you to take a look at any of the following bugs or possible features!

Bugs

  • The virtualizer does not handle cases where there are jumps into virtualized code resulting in undefined behavior
  • The idea for base instruction virtualization is not concrete. There will be edge cases for future handlers where the virtualization of operands might have to be different and will not function generically.

Features

  • Implement encryption routine for entering VM (can be replaced by MBA)
  • Utilize the MBA generation by taking in target registers and an expression to turn into a set of instructions.
  • Control flow flattening and other kinds of mutation
  • For chunks of VM code, a VM enter could decrypt them using some kind of algorithm at runtime.
  • Simple VM packer.
  • Implement a proper stack check instead of allocating a static amount of stack space for virtualized code.
  • Import table builder. Allow for addition and removal of imports.
  • Some kind of logging so its visible what kind of VM functions are called as a result of each instruction being virtualized along with operands.

Refacatoring

  • Potential CMKR implementation instead of normal vanilla CMake
  • Implementation of C++ exceptions to handle deeply nested exceptions that occur while virtualizing instead of using INT3s
  • Dealing with RECOMPILE macro and making the code cleaner when creating a function container. I do not see how this is possible without causing container builders to become longer.
  • Use of smart pointers over C-style pointers since code_labels will never be deallocated properly until the program closes
  • Unit tests starting with MBA generation

Thank You To:

  • r0da - VMP3 Virtulization and clarification.
  • _xeroxz - VMP2 Virtualization and clarification.
  • mrexodia - Project contribution and advice.
  • Iizerd - General virtualization clarification.

Resources:

About

WIP Native code virtualizer for x64 binaries

License:GNU General Public License v3.0

Languages

Language:C++ 91.4%Language:CMake 7.6%Language:C 1.0%