Skip to content

nodiuus/nocturne

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

28 Commits
cli
cli
 
 
core
core
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 
nocturne.sln
nocturne.sln
 
 

Repository files navigation

nocturne

Named after one of my favorite games, "nocturne" is a bin2bin x86-64 PE code virtualizer and binary rewriter.

Features

  • Native Call Bridge
  • 30+ VM Handlers
  • Built-in junk code obfuscation
  • Thread-safe per-invocation VM state

Usage

To use the Nocturne virtualizer, copy and include "nocturne_sdk.hpp" from core/ into your project.

#include "nocturne_sdk.hpp"

VIRTUALIZE int secret(int x) {
	if (x % 2 == 0) {
		return x / 2;
	} else {
		return x * 3 + 1;
	}
}
VIRTUALIZE_MARK(secret);

Afterwards, run the cli executable.

cli.exe -i <input.exe> -o <output.exe>

Example:

cli.exe -i example.exe -o example_protected.exe

By default, the CLI uses auto mode.

Or, explicitly:

cli.exe -i <input.exe> -o <output.exe> --mode auto

Example:

cli.exe -i example.exe -o example_protected.exe --mode auto

To scan for markers:

cli.exe -i <input.exe> -o <output.exe> --mode markers

Example:

cli.exe -i example.exe -o example_protected.exe --mode markers

Or, if you want to virtualize specific segments of a binary without the SDK:

cli.exe -i <input.exe> -o <output.exe> --mode rva <start_rva> <end_rva>

Example:

cli.exe -i calc.exe -o calc_vmp.exe --mode rva 0x1600 0x1864

Screenshots

Before Virtualization: image

After Virtualization:

image

Obfuscated dispatcher loop: image

Dependencies

LIEF
Zydis
argparse

Disclaimer

First and foremost, this is mostly a POC project. Please don't expect it to be too stable. With that being said, I will be progressively adding more features/fixes to this as time goes on.

If there are any features / handlers you want implemented, I implore you to open an issue. I welcome any and all contributions.

License

This project is source-available, not open source.

The source code is available under the PolyForm Noncommercial License 1.0.0.

You may use, study, modify, and share this software for noncommercial purposes, subject to the license terms.

Commercial use, enterprise use, internal company use, production business use, hosted services, paid products, client work, consulting work, or organizational deployment is not permitted without a separate written license.

For commercial or enterprise licensing, contact: nshaul2006@gmail.com / @nodiuus

About

A bin2bin code virtualizer for x86-64 PE's

Topics

windows security obfuscation virtual-machine x86-64 reverse-engineering virtualization transpilation anti-analysis code-virtualizer bin2bin

Resources

Readme

License

View license
Activity

Stars

148 stars

Watchers

5 watching

Forks

13 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages