codedefender_config/
lib.rs

1//! `codedefender-config` provides the Rust data structures used for serializing and deserializing
2//! CodeDefender YAML configuration files and analysis results. These structures are used by both
3//! the CodeDefender CLI and its backend services.
4//!
5//! This crate is intended to be consumed by tools that integrate with or generate CodeDefender config files.
6
7use serde::{Deserialize, Serialize};
8
9/// Current supported YAML config version.
10pub const YAML_CONFIG_VERSION: &str = "1.0.1";
11
12/// Available SIMD extension types used by mutation engines.
13#[derive(Debug, Serialize, Deserialize, Clone)]
14pub enum MutationEngineExtension {
15    /// Generic (no special SIMD usage)
16    Generic,
17    /// SSE-enabled
18    SSE,
19}
20
21/// Supported PE environments.
22#[derive(Debug, Clone, Copy, Eq, PartialEq, PartialOrd, Ord, Serialize, Deserialize)]
23pub enum PeEnvironment {
24    /// User-mode PE (exe, dll)
25    UserMode,
26    /// Kernel-mode PE (sys)
27    KernelMode,
28    /// UEFI firmware image
29    UEFI,
30}
31
32/// Configuration settings for lifting x86 instructions into IR.
33#[derive(Debug, Serialize, Deserialize, Clone)]
34pub struct LifterSettings {
35    /// Whether to lift calls into IR.
36    pub lift_calls: bool,
37    /// Calling convention used for lifting, only `WindowsAbi`, and `Conservative` are supported.
38    pub calling_convention: String,
39    /// Max stack copy size in bytes when lifting.
40    pub max_stack_copy_size: u32,
41    /// Fallback: split on calls if lifting fails.
42    pub split_on_calls_fallback: bool,
43}
44
45/// IR optimization settings.
46#[derive(Debug, Serialize, Deserialize, Clone)]
47pub struct OptimizationSettings {
48    /// Enable constant propagation.
49    pub constant_propagation: bool,
50    /// Enable instruction combining.
51    pub instruction_combine: bool,
52    /// Enable dead code elimination.
53    pub dead_code_elim: bool,
54    /// Enable pruning of unused block parameters.
55    pub prune_useless_block_params: bool,
56    /// Number of optimization iterations to run.
57    pub iterations: u32,
58}
59
60/// Assembler-level codegen settings.
61#[derive(Debug, Serialize, Deserialize, Clone)]
62pub struct AssemblerSettings {
63    /// Whether to shuffle basic blocks.
64    pub shuffle_basic_blocks: bool,
65    /// Instruction prefix to prepend to emitted instructions.
66    pub instruction_prefix: String,
67    /// Chance of randomly applying the prefix.
68    pub random_prefix_chance: f64,
69}
70
71/// Compiler configuration (IR + codegen) for a profile.
72#[derive(Debug, Serialize, Deserialize, Clone)]
73pub struct CDCompilerSettings {
74    /// Assembler settings.
75    pub assembler_settings: AssemblerSettings,
76    /// Optimization settings.
77    pub optimization_settings: OptimizationSettings,
78    /// IR lifter settings.
79    pub lifter_settings: LifterSettings,
80}
81
82/// Fake PDB string settings to confuse debuggers.
83#[derive(Debug, Serialize, Deserialize)]
84pub struct FakePdbString {
85    /// Whether the fake PDB string is enabled.
86    pub enabled: bool,
87    /// Value to emit as the fake PDB string.
88    pub value: String,
89}
90
91/// Custom `.text` section name override.
92#[derive(Debug, Serialize, Deserialize)]
93pub struct CustomSectionName {
94    /// Whether this feature is enabled.
95    pub enabled: bool,
96    /// Custom section name value.
97    pub value: String,
98}
99
100/// Global obfuscation settings for the module.
101#[derive(Debug, Serialize, Deserialize)]
102pub struct CDModuleSettings {
103    /// Whether to crash the IDA decompiler intentionally.
104    pub ida_crasher: bool,
105    /// Whether to enable IAT/Import protection.
106    pub import_protection: bool,
107    /// Obscure the entry point of the module with anti tamper and anti debug tactics
108    pub obscure_entry_point: bool,
109    /// Clear unwind information. makes it harder for attackers to locate functions, however
110    /// structured exception handling will not work.
111    pub clear_unwind_info: bool,
112    /// Fake PDB string settings.
113    pub fake_pdb_string: FakePdbString,
114    /// Custom PE section name settings.
115    pub custom_section_name: CustomSectionName,
116}
117
118/// Instruction-level semantics used in transformations.
119#[derive(Debug, Serialize, Deserialize, Clone)]
120pub struct Semantics {
121    pub add: bool,
122    pub sub: bool,
123    pub and: bool,
124    pub xor: bool,
125    pub or: bool,
126    pub not: bool,
127    pub neg: bool,
128}
129
130/// Bit widths to apply transformations to.
131#[derive(Debug, Serialize, Deserialize, Clone)]
132pub struct BitWidths {
133    pub bit8: bool,
134    pub bit16: bool,
135    pub bit32: bool,
136    pub bit64: bool,
137}
138
139/// Configuration for the Loop Encode Semantics pass.
140#[derive(Debug, Serialize, Deserialize, Clone)]
141pub struct LoopEncodeSemantics {
142    /// Number of times to attempt transformation.
143    pub iterations: u32,
144    /// Percent chance to apply transformation (0–100).
145    pub probability: u32,
146    /// Instruction semantics to consider.
147    pub semantics: Semantics,
148    /// Bit widths to target.
149    pub bitwidths: BitWidths,
150}
151
152/// Configuration for Mixed Boolean Arithmetic pass.
153#[derive(Debug, Serialize, Deserialize, Clone)]
154pub struct MixedBooleanArithmetic {
155    pub iterations: u32,
156    pub probability: u32,
157    pub semantics: Semantics,
158    pub bitwidths: BitWidths,
159}
160
161/// Configuration for Mutation Engine pass.
162#[derive(Debug, Serialize, Deserialize, Clone)]
163pub struct MutationEngine {
164    pub iterations: u32,
165    pub probability: u32,
166    pub extension: MutationEngineExtension,
167    pub semantics: Semantics,
168    pub bitwidths: BitWidths,
169}
170
171/// Pass that crashes IDA’s decompiler.
172#[derive(Debug, Serialize, Deserialize, Clone)]
173pub struct IDADecompilerCrasher;
174
175/// Constant obfuscation pass.
176#[derive(Debug, Serialize, Deserialize, Clone)]
177pub struct ObscureConstants;
178
179/// Memory reference obfuscation pass.
180#[derive(Debug, Serialize, Deserialize, Clone)]
181pub struct ObscureReferences;
182
183/// Control-flow obfuscation pass.
184#[derive(Debug, Serialize, Deserialize, Clone)]
185pub struct ObscureControlFlow;
186
187/// All possible obfuscation passes.
188#[derive(Debug, Serialize, Deserialize, Clone)]
189#[serde(tag = "type")]
190pub enum ObfuscationPass {
191    LoopEncodeSemantics(LoopEncodeSemantics),
192    MixedBooleanArithmetic(MixedBooleanArithmetic),
193    MutationEngine(MutationEngine),
194    IDADecompilerCrasher,
195    ObscureConstants,
196    ObscureReferences,
197    ObscureControlFlow,
198}
199
200/// Profile definition used to apply passes to symbols.
201#[derive(Debug, Serialize, Deserialize)]
202pub struct CDProfile {
203    /// Name of the profile.
204    pub name: String,
205    /// Obfuscation passes for this profile.
206    pub passes: Vec<ObfuscationPass>,
207    /// Compiler settings for this profile.
208    pub compiler_settings: CDCompilerSettings,
209    /// List of symbol RVAs this profile targets.
210    pub symbols: Vec<u64>,
211}
212
213/// Top-level config file structure.
214#[derive(Debug, Serialize, Deserialize)]
215pub struct CDConfig {
216    /// Module-wide settings.
217    pub module_settings: CDModuleSettings,
218    /// All profiles to apply during obfuscation.
219    pub profiles: Vec<CDProfile>,
220}
221
222/// Information about a single function found during analysis.
223#[derive(Deserialize, Serialize, Clone, Debug)]
224pub struct AnalysisFunction {
225    /// RVA of the function.
226    pub rva: u64,
227    /// Function name.
228    pub symbol: String,
229    /// Number of references to this function.
230    pub ref_count: usize,
231}
232
233/// Reason why a function was rejected from analysis.
234#[derive(Deserialize, Serialize, Clone, Debug)]
235pub struct AnalysisReject {
236    /// RVA of the rejected function.
237    pub rva: u64,
238    /// Symbol name.
239    pub symbol: String,
240    /// Mnemonic reason string (e.g., internal enum).
241    pub ty: String,
242    /// Stringified reason (human-readable).
243    pub reason: String,
244}
245
246/// Grouping of functions under a named macro profile.
247#[derive(Deserialize, Serialize, Clone, Debug)]
248pub struct AnalysisMacroProfile {
249    /// Name of the macro profile.
250    pub name: String,
251    /// List of function RVAs in this macro.
252    pub rvas: Vec<u64>,
253}
254
255/// Results from binary analysis, returned to the frontend.
256#[derive(Deserialize, Serialize, Clone, Debug)]
257pub struct AnalysisResult {
258    /// Environment type (UserMode, KernelMode, UEFI).
259    pub environment: PeEnvironment,
260    /// Functions found during analysis.
261    pub functions: Vec<AnalysisFunction>,
262    /// Rejected functions and reasons.
263    pub rejects: Vec<AnalysisReject>,
264    /// Macro profiles generated from analysis.
265    pub macros: Vec<AnalysisMacroProfile>,
266}
267
268/// Symbol representation used in YAML: either name or RVA.
269#[derive(Debug, Serialize, Deserialize)]
270pub enum YamlSymbol {
271    /// Symbol name
272    Name(String),
273    /// Symbol RVA.
274    Rva(u64),
275}
276
277/// Obfuscation profile for YAML configuration.
278#[derive(Debug, Serialize, Deserialize)]
279pub struct YamlProfile {
280    /// Profile name (referenced by source macros).
281    pub name: String,
282    /// Passes to apply to this profile.
283    pub passes: Vec<ObfuscationPass>,
284    /// Compiler configuration for this profile.
285    pub compiler_settings: CDCompilerSettings,
286    /// Symbols targeted by this profile.
287    pub symbols: Vec<YamlSymbol>,
288    /// Only used by the SaaS UI. Not used by the CLI.
289    pub color: Option<String>,
290}
291
292/// Root YAML config structure.
293#[derive(Debug, Serialize, Deserialize)]
294pub struct YamlConfig {
295    /// Version of the config file format.
296    pub version: String,
297    /// Global module-wide obfuscation settings.
298    pub module_settings: CDModuleSettings,
299    /// Obfuscation profiles to apply.
300    pub profiles: Vec<YamlProfile>,
301}