Saturday, February 21, 2015

x86obf code virtualizer released for free

x86obf is now a free and public project. There are no limitations on number of blocks and number of instructions you can protect.

What is x86obf?
x86obf is a tool for executable binary protection. It works by locating marked code blocks of code and converting them to a series of instructions understood only by a randomly generated virtual machine in order to make reverse engineering harder.

x86obf currently supports only 32bit PE files (EXE and DLLs, kernel drivers are not yet supported).

Please note that not all x86 instructions are virtualized yet and there may be bugs - please report if you find any.

The instructions on how to use and a sample project are inside the archive.

Download: x86obf.zip

12 comments:

z said...

is there a linux version of x86obf?

chaplja said...

Not at the moment, but there will be in the future if I find a good C/C++ library for modifying ELF files.

kabamaru said...
This comment has been removed by the author.
dali mrabet said...

Great tool indeed , can I have the source code plz ?..if it is possible .

PLCh said...

If run xobf.exe in WinXP SP2 - Access denied ?!

chaplja said...

dali mrabet: source code will be released when I strip some parts of the code.

PCHh: WinXP SP2 is a very, very old OS. I'm not looking into compatibility with it. It should work on SP3, though.

PLCh said...

I make some tests with ... PowerBASIC !

1. Translated markers -> MACROS - ok
2. I have problems with syntax for declared function in file: x_sdk.cpp

---
#define IMPORT(x) volatile void *x86obf_ ## x = (void *) x

IMPORT(VirtualAlloc);
IMPORT(TlsAlloc);
IMPORT(TlsSetValue);
IMPORT(TlsGetValue);
IMPORT(ExitProcess);
---

Any ideas how to this translate syntax ?

chaplja said...

PLCh: I am not familiar with PowerBasic. Check its documentation on how to declare function pointers and then define 5 pointers to VirtualAlloc, TlsAlloc, etc.

dali mrabet: source has been released, check the latest blog entry.

NoEscapeFromBalcan said...

ERROR: Missing import (kernel32.dll->VirtualAlloc), make sure to include the SDK file(s) when compiling the application

What visual studio is needed for this ? I have tried 2010 and 2013 but I can't get to stick VirtualAlloc in IAT.

Also regarding .exe, it doesn't work on latest XP SP3 either.

Thanks

chaplja said...

Hi,

by "doesn't work" you mean what? Same error as someone above posted? "Access denied"?

Regarding SDK - it should work in VS. Are you also setting your project to compile x_sdk.cpp? Just including x_sdk.h is not enough.

NoEscapeFromBalcan said...

I have renamed .c -> .cpp but failed. After I included .cpp it sticked everything and POC works nicely.

EXE fails with error about 'not valid Win32 application'. Can you compile original x86obf with v110_xp toolset please?

chaplja said...

I'll check out what's the problem. I'm also rewriting x86obf so a new binary should be released as well.