+ Filtres
Nouvelle Recherche
Filtres
En Stock Mot(s) exact(s) Titre uniquement
BoutiqueChargement...
Etat Chargement...
PrixChargement...
contenu

Hikari_pe_x64 !!top!! 〈Top – How-To〉

((annotate("nohikari"))) void normal_function() // no obfuscation

clang-cl.exe /O2 /GS- /c source.c ^ -mllvm -enable-pass-plugin=C:\Hikari\lib\hikari_pe_x64.dll ^ -mllvm -sub -mllvm -sub_loop=1 | Flag | Effect | |------|--------| | -sub | Instruction substitution | | -sub_loop=1 | Substitution on loops | | -bcf | Bogus control flow | | -bcf_loop=1 | Bogus flow in loops | | -fla | Control flow flattening | | -fla_loop=1 | Flatten loops | | -split | Basic block splitting | | -split_num=2 | Split into 2 blocks | | -indibran | Indirect branching (opaque predicates) |

lld-link.exe /SUBSYSTEM:CONSOLE /ENTRY:main /MACHINE:X64 /OUT:obfuscated.exe payload.obj Do apply obfuscation at link stage – only per TU (translation unit). 6. Advanced: Selective Obfuscation with __attribute__ Annotate functions to control passes: hikari_pe_x64

C:\Hikari\ bin\ clang-cl.exe lld-link.exe lib\ hikari_pe_x64.dll <-- plugin Add to environment PATH : C:\Hikari\bin Use the plugin flag :

loc_obf_1: mov eax, switch_var cmp eax, 0x1 -> jmp loc_realblock1 cmp eax, 0x2 -> jmp loc_realblock2 ... If prebuilt plugin fails: If prebuilt plugin fails: 1

1. What is hikari_pe_x64? hikari_pe_x64 is a LLVM obfuscator plugin (based on Hikari/Obfuscator-LLVM) specifically compiled to work with MSVC/clang-cl on Windows targeting x64 PE executables . It transforms IR code to resist static/dynamic analysis. ⚠️ Not to be confused with “hikari” (anime character). This is a security research tool. 2. Prerequisites | Component | Requirement | |-----------|-------------| | Windows | 10/11 (x64) | | LLVM/Clang | 15.x or 16.x (clang-cl) | | Build tools | Visual Studio 2022 (with “C++ CMake tools”) | | Python | 3.8+ (for scripts) |

clang-cl.exe /O2 /GS- /c payload.c -mllvm -enable-pass-plugin=C:\Hikari\lib\hikari_pe_x64.dll -mllvm -sub -mllvm -bcf -mllvm -fla -mllvm -split Use lld-link.exe (or MSVC link.exe): It transforms IR code to resist static/dynamic analysis

__attribute__((annotate("sub"))) __attribute__((annotate("fla"))) void critical_function() // heavily obfuscated

cgb.fr utilise des cookies pour vous garantir une meilleure expérience utilisateur et réaliser des statistiques de visites.
Pour faire disparaître le bandeau, vous devez accepter ou refuser leur utilisation en cliquant sur les boutons correspondants.
En savoir plus

x
Would you like to visit our site in English? https://www.cgbfr.com