1
0
mirror of https://github.com/CPunch/Laika.git synced 2024-12-21 18:40:08 +00:00
4 Obfuscation methods
cpunk edited this page 2022-10-05 20:45:59 -05:00

Laika uses several fairly common obfuscation techniques. (Enabled by passing -DLAIKA_OBFUSCATE=On to cmake)

VM boxes, string obfuscations

Laika has a tiny VM embedded in the library (/lib/ && /lib/core/). This mostly handles things like deobfuscating strings during runtime. For more information regarding this, please read this post on my blog which goes into detail on how it works.

Importing WinAPI during runtime (windows only)

This method is extremely common and most AVs have smartened up to it. Basically instead of having WinAPI in our IAT (Import Address Table) of the executable, we load the commonly flagged functions (things like CreatePseudoConsole, ShellExecuteA, etc.) during runtime. For details on adding another API to be loaded during runtime, please refer to the contributing guide.