- Status
- Offline
- Joined
- Mar 3, 2026
- Messages
- 667
- Reaction score
- 457
Sick of BattlEye or EAC ripping through your entry points because of predictable signatures? Getting your hands on a decent virtualizer that isn't a mess of spaghetti code or a commercial black box is rare.
This project, guardian-rs, is an open-source x86-64 code virtualizer written in Rust. It's designed to protect specific functions within a binary by translating them into a custom bytecode executed by a virtual machine embedded directly into your target. If you're tired of basic packers, this is a step into real-deal code protection.
Virtual Machine Architecture
The tool works by taking a .map file to identify the functions you want to hide. It then embeds the VM's .text section into the binary. While it's not a full VMProtect replacement yet, the logic for handling unsupported instructions via vmexit and reenter is solid for a base. One of the cleanest parts is how it handles the environment — it builds as PIE (Position Independent Executable), which makes injection and relocation much cleaner for manual mapping.
Technical Breakdown
Operational Risks
Since this is an open-source Rust project, you'll need the proper toolchain to compile the source. If you're using this for game software, remember that while virtualization kills static signatures, the VM entry/exit stubs themselves can be sigged if you don't apply additional mutation. It's a powerful base, but don't just paste it and expect 100% UD status without doing some of your own work on the handler signatures.
Source:
Any of you guys tried extending the instruction set for more complex obfuscation or custom handlers?
This project, guardian-rs, is an open-source x86-64 code virtualizer written in Rust. It's designed to protect specific functions within a binary by translating them into a custom bytecode executed by a virtual machine embedded directly into your target. If you're tired of basic packers, this is a step into real-deal code protection.
Virtual Machine Architecture
The tool works by taking a .map file to identify the functions you want to hide. It then embeds the VM's .text section into the binary. While it's not a full VMProtect replacement yet, the logic for handling unsupported instructions via vmexit and reenter is solid for a base. One of the cleanest parts is how it handles the environment — it builds as PIE (Position Independent Executable), which makes injection and relocation much cleaner for manual mapping.
Technical Breakdown
- Virtual Stack Dynamics — Uses a dynamically allocated virtual stack separate from the actual CPU stack. This prevents stack corruption and makes tracing a nightmare for anyone trying to reverse your builds.
- Register Preservation — Deep handling of GPRs, RFlags, and XMM registers during context switches.
- Manual RFLAGS Calculation — It avoids the common pushfq pitfall by calculating flags manually, a nice touch to bypass some simple emulation-based detection methods.
- Relocation Support — If the VM hits an unsupported instruction, it triggers a vmexit, executes it natively, and re-enters the virtualized state.
- The virtualizer requires a .map file for function targeting.
- Conditional jumps are currently implemented but marked as incomplete by the author — test your branches thoroughly before deployment.
- The instruction set is designed to be easily extendable if you want to add your own custom handlers.
- Uses separate stacks to ensure the original application state remains untouched.
- Conditional jumps are currently implemented but marked as incomplete by the author — test your branches thoroughly before deployment.
- The instruction set is designed to be easily extendable if you want to add your own custom handlers.
- Uses separate stacks to ensure the original application state remains untouched.
Operational Risks
Since this is an open-source Rust project, you'll need the proper toolchain to compile the source. If you're using this for game software, remember that while virtualization kills static signatures, the VM entry/exit stubs themselves can be sigged if you don't apply additional mutation. It's a powerful base, but don't just paste it and expect 100% UD status without doing some of your own work on the handler signatures.
Source:
You cant view this link please login.
Any of you guys tried extending the instruction set for more complex obfuscation or custom handlers?
