Awesome
guardian-rs
This is my x86-64 code virtualizer I decided to open-source, although work will continue mostly on a private version, im open to contributions and questions!
Update
after working on the private version for several months there were some critical bugs i discovered and fixed, however due to the private version being basically a complete rewrite im fairly certain i will not update this repo, if you encounter any problems, you can make a pull request with a fix. for anyone that wants to make their own virtualizer i recommend to instead go down the path of jit assembling the vm at protection time via something like icedx86
Obfuscator Features
- Virtualization of functions within a binary given a .map file
- Embeds .text section of VM into target binary
- Easily extendable set of supported instructions
Vm Features
- Relocation and execution of any not supported instruction via vmexit and reenter.
- Direct threaded (optional, 'threaded' feature)
- Preserves GPRs, RFlags and XMM registers
- Stack Based using dynamically allocated Virtual Stack
- Seperate CPU stack to prevent stack corruption
- Conditional Jumps (although incomplete)
- Manual calculation of RFLAGs (instead of pushfq)
- Builds as PIE (position independent executeable)
Known Issues:
- Need to fix relocations for Dlls Since there is a bug in the library im using it seems (exe-rs) I have partially ported to using the object crate to support virtualization of dlls in my private version. I will probably bring this over to the public version soon.
Project Overview
Project Structure
The project is organized into three main components:
-
Obfuscator: The obfuscator is responsible for lifting x86-64 instructions and integrating the VM. It employs various techniques to obscure the code and enhance the overall security of the virtualized environment. Additionally, the obfuscator patches targeted functions with a redirect to the VM entry, ensuring seamless execution.
-
VM (Virtual Machine): The VM crate is the core of the virtualization process. It interprets and executes the virtualized x86-64 code.
-
VM-Build: This crate is used to compile and test the virtual machine.
Getting Started
To build and run the project, we use cargo make
, a task runner and build tool for Rust projects. Make sure you have Rust and Cargo installed on your system before proceeding.
Install rust
To start using Rust, download the installer, then run the program and follow the onscreen instructions. You may need to install the Visual Studio C++ Build tools when prompted to do so.
Install and change to rust nightly
Execute the following commands to install the nightly version of Rust:
rustup toolchain install nightly
Installation of cargo-make
In order to install, just run the following command
cargo install --force cargo-make
This will install cargo-make in your ~/.cargo/bin
.<br>
Make sure to add ~/.cargo/bin
directory to your PATH
variable.<br>
Build Steps
-
Clone the repository:
git clone https://github.com/felix-rs/guardian-rs.git
-
Navigate to the project directory:
cd guardian-rs
-
Run the build tasks using Cargo Make:
cargo make build
-
Run tests to verify everything works as it should:
cargo make test
-
To compile the vm as position independent dll (all code in .text section)
cargo make vm
Usage
> guardian --help
Virtualize x86 PE files
Usage: guardian.exe --in <IN> --out <OUT> --map-file <MAP_FILE> [FUNCTIONS]...
Arguments:
[FUNCTIONS]... Array of functions names (demangled) to virtualize
Options:
-i, --in <IN> Path to the input file
-o, --out <OUT> Path to output destination
-m, --map-file <MAP_FILE> Path to .map file
-h, --help Print help
-V, --version Print version
Contributing
If you're interested in improving the project feel free to create a PR and if you have any questions u can contact me on discord @vmexec
Credits
- cursey/x64-virtualizer-rs for the awesome help and repo this project is based on ^-^
- unknowntrojan/mapparse for his .map file parser
- johannst/juicebox-asm for their jit assembler
License
This project is licensed under the GPL-3.0 License.