How to Add VxLang to MSVC Build Events(KD)
Added 2023-11-24 14:00:10 +0000 UTCIn this chapter, we'll use VxLang to obfuscate kernel drivers.
---
1. Installing vxlang
Navigate to %Solution%\vxlang, as shown below.
Install the version of VxLang you want to use and the key file into your project.
2. Project settings
First, specify the path to the header for the VxLang SDK.
The following sets the lib location for the VxLang SDK.
Then, set the VxLang lib file in the build command.
3. Setting up build events
The build event goes to the VxLang location as shown above, flattening the entry point code and setting up backups and outputs.
4. Test C++
The test obfuscation code is as simple as the code below, which includes the SEH sample code.
5. Build
The build uses Re-Build to ensure that your modifications are accurately reflected.
6. Run
First, check the applied status via IDA.
Now register and run the test driver using the batch below.
The batch file looks like this:
A simple deployment that registers and runs a service through SC.exe, and removes the service after 10 seconds. If you run this script as an administrator, and view it through the debugger, you should see something like this:
---
P.S. 1. I fixed the example because installing int 3 in the driver will catch the antivirus.
P.S. 2. Be sure to choose your code optimization options well. In the example, I set it to full /Od.
