Pylogite is a metamorphic code generator for x86 (64bit) ISA. The tool's aim is to take a Position independent shellcode obfuscate it by changing/deleting/adding x86 instructions and inject it into the given benign PE file. Every generated sample will be different from the last one.

The program takes a Position independent shellcode (code section must not have any offsets to .data/.rdata sections) and obfuscates it by changing already existing instructions with new x86 instructions which perform the same action but are different in size. Program can also insert garbage instructions consisting of branches, calls, unsafe registry arithmetics anywhere in the code Hopefully achieving metamorphism.

Currently static immediate values that are being moved with mov instructions are obfuscated to hide signature values. Later on immediate values that are being used in cmp, push, add and sub instructions will also be obfuscated.

Below are two different outputs of the same shellcode:

Below is the section info for the original Microsoft Signed cmd.exe and the modified version of it.