codedefender_config/
lib.rs

1//! `codedefender-config` provides the Rust data structures used for serializing and deserializing
2//! CodeDefender YAML configuration files and analysis results. These structures are used by both
3//! the CodeDefender CLI and its backend services.
4//!
5//! This crate is intended to be consumed by tools that integrate with or generate CodeDefender config files.
6
7use serde::{Deserialize, Serialize};
8
9/// Current supported YAML config version.
10pub const YAML_CONFIG_VERSION: &str = "1.0.5";
11
12/// Available SIMD extension types used by mutation engines.
13#[derive(Debug, Serialize, Deserialize, Clone)]
14pub enum MutationEngineExtension {
15    /// All base instructions
16    Generic,
17    /// All base instructions + Legacy SSE instructions up until SSE3
18    SSE3,
19    /// All base instructions + Legacy SSE instructions up until SSE4.2
20    SSE42,
21}
22
23/// Supported PE environments.
24#[derive(Debug, Clone, Copy, Eq, PartialEq, PartialOrd, Ord, Serialize, Deserialize)]
25pub enum PeEnvironment {
26    /// User-mode PE (exe, dll)
27    UserMode,
28    /// Kernel-mode PE (sys)
29    KernelMode,
30    /// UEFI firmware image
31    UEFI,
32}
33
34/// Configuration settings for lifting x86 instructions into IR.
35#[derive(Debug, Serialize, Deserialize, Clone)]
36pub struct LifterSettings {
37    /// Whether to lift calls into IR.
38    pub lift_calls: bool,
39    /// Calling convention used for lifting, only `WindowsAbi`, and `Conservative` are supported.
40    pub calling_convention: String,
41    /// Max stack copy size in bytes when lifting.
42    pub max_stack_copy_size: u32,
43    /// Fallback: split on calls if lifting fails.
44    pub split_on_calls_fallback: bool,
45}
46
47/// IR optimization settings.
48#[derive(Debug, Serialize, Deserialize, Clone)]
49pub struct OptimizationSettings {
50    /// Enable constant propagation.
51    pub constant_propagation: bool,
52    /// Enable instruction combining.
53    pub instruction_combine: bool,
54    /// Enable dead code elimination.
55    pub dead_code_elim: bool,
56    /// Enable pruning of unused block parameters.
57    pub prune_useless_block_params: bool,
58    /// Number of optimization iterations to run.
59    pub iterations: u32,
60}
61
62/// Assembler-level codegen settings.
63#[derive(Debug, Serialize, Deserialize, Clone)]
64pub struct AssemblerSettings {
65    /// Whether to shuffle basic blocks.
66    pub shuffle_basic_blocks: bool,
67    /// Instruction prefix to prepend to emitted instructions.
68    pub instruction_prefix: String,
69    /// Chance of randomly applying the prefix.
70    pub random_prefix_chance: f64,
71}
72
73/// Compiler configuration (IR + codegen) for a profile.
74#[derive(Debug, Serialize, Deserialize, Clone)]
75pub struct CDCompilerSettings {
76    /// Assembler settings.
77    pub assembler_settings: AssemblerSettings,
78    /// Optimization settings.
79    pub optimization_settings: OptimizationSettings,
80    /// IR lifter settings.
81    pub lifter_settings: LifterSettings,
82}
83
84/// Fake PDB string settings to confuse debuggers.
85#[derive(Default, Debug, Serialize, Deserialize)]
86pub struct FakePdbString {
87    /// Whether the fake PDB string is enabled.
88    pub enabled: bool,
89    /// Value to emit as the fake PDB string.
90    pub value: String,
91}
92
93/// Custom `.text` section name override.
94#[derive(Default, Debug, Serialize, Deserialize)]
95pub struct CustomSectionName {
96    /// Whether this feature is enabled.
97    pub enabled: bool,
98    /// Custom section name value.
99    pub value: String,
100}
101
102/// Global obfuscation settings for the module.
103#[derive(Debug, Serialize, Deserialize)]
104pub struct CDModuleSettings {
105    /// Whether to crash the IDA decompiler intentionally.
106    #[serde(default)]
107    pub ida_crasher: bool,
108    /// Whether to enable IAT/Import protection.
109    #[serde(default)]
110    pub import_protection: bool,
111    /// Should the output file be packed/compressed? This option only works for usermode modules.
112    #[serde(default)]
113    pub pack_output_file: bool,
114    /// Obscure the entry point of the module with anti tamper and anti debug tactics
115    #[serde(default)]
116    pub obscure_entry_point: bool,
117    /// Clear unwind information. makes it harder for attackers to locate functions, however
118    /// structured exception handling will not work.
119    #[serde(default)]
120    pub clear_unwind_info: bool,
121    /// Fake PDB string settings.
122    #[serde(default)]
123    pub fake_pdb_string: FakePdbString,
124    /// Custom PE section name settings.
125    #[serde(default)]
126    pub custom_section_name: CustomSectionName,
127}
128
129/// Instruction-level semantics used in transformations.
130#[derive(Debug, Serialize, Deserialize, Clone)]
131pub struct Semantics {
132    #[serde(default)]
133    pub add: bool,
134    #[serde(default)]
135    pub sub: bool,
136    #[serde(default)]
137    pub and: bool,
138    #[serde(default)]
139    pub xor: bool,
140    #[serde(default)]
141    pub or: bool,
142    #[serde(default)]
143    pub not: bool,
144    #[serde(default)]
145    pub neg: bool,
146}
147
148/// Bit widths to apply transformations to.
149#[derive(Debug, Serialize, Deserialize, Clone)]
150pub struct BitWidths {
151    #[serde(default)]
152    pub bit8: bool,
153    #[serde(default)]
154    pub bit16: bool,
155    #[serde(default)]
156    pub bit32: bool,
157    #[serde(default)]
158    pub bit64: bool,
159}
160
161/// The origin of SSA value from within the instruction.
162/// Please refer to this documentation for more info:
163/// https://docs.codedefender.io/features/ethnicity
164#[derive(Debug, Serialize, Deserialize, Clone)]
165pub struct SsaOrigins {
166    pub normal: bool,
167    pub memop: bool,
168    pub fp_based_memop: bool,
169    pub sp_based_memop: bool,
170}
171
172/// Configuration for the Loop Encode Semantics pass.
173#[derive(Debug, Serialize, Deserialize, Clone)]
174pub struct LoopEncodeSemantics {
175    /// Number of times to attempt transformation.
176    pub iterations: u32,
177    /// Percent chance to apply transformation (0–100).
178    pub probability: u32,
179    /// Instruction semantics to consider.
180    pub semantics: Semantics,
181    /// Bit widths to target.
182    pub bitwidths: BitWidths,
183    pub ethnicities: SsaOrigins,
184}
185
186/// Configuration for Mixed Boolean Arithmetic pass.
187#[derive(Debug, Serialize, Deserialize, Clone)]
188pub struct MixedBooleanArithmetic {
189    pub iterations: u32,
190    pub probability: u32,
191    pub semantics: Semantics,
192    pub bitwidths: BitWidths,
193    pub ethnicities: SsaOrigins,
194}
195
196/// Configuration for Mutation Engine pass.
197#[derive(Debug, Serialize, Deserialize, Clone)]
198pub struct MutationEngine {
199    pub iterations: u32,
200    pub probability: u32,
201    pub extension: MutationEngineExtension,
202    pub semantics: Semantics,
203    pub bitwidths: BitWidths,
204    pub ethnicities: SsaOrigins,
205}
206
207/// Pass that crashes IDA’s decompiler.
208#[derive(Debug, Serialize, Deserialize, Clone)]
209pub struct IDADecompilerCrasher;
210
211/// Suppress constants and prevent them from rematerializing at runtime.
212#[derive(Debug, Serialize, Deserialize, Clone)]
213pub struct SuppressConstants {
214    pub mba_enhance: bool,
215    pub ethnicities: SsaOrigins,
216}
217
218/// Statically obscure constants, this does not prevent rematerialization at runtime.
219/// Use the SuppressConstants pass in tandem with this!
220#[derive(Debug, Serialize, Deserialize, Clone)]
221pub struct ObscureConstants {
222    pub mba_enhance: bool,
223    pub probability: u32,
224    pub iterations: u32,
225    pub bitwidths: BitWidths,
226    pub ethnicities: SsaOrigins,
227}
228
229/// Memory reference obfuscation pass.
230#[derive(Debug, Serialize, Deserialize, Clone)]
231pub struct ObscureReferences {
232    pub mba_enhance: bool,
233}
234
235/// Control-flow obfuscation pass.
236#[derive(Debug, Serialize, Deserialize, Clone)]
237pub struct ObscureControlFlow {
238    pub mba_enhance: bool,
239    pub probability: u32,
240}
241
242/// Tether extraction pass.
243#[derive(Debug, Serialize, Deserialize, Clone)]
244pub struct TetherExtraction {
245    /// Min length of a sequence of instructions that should be extracted.
246    /// Its a bad idea for this to be 1 usually because its easy to synthesize
247    pub min_extract_len: usize,
248    /// Tether server endpoint
249    pub endpoint: String,
250    /// Tether server port
251    pub port: u16,
252    /// Hex string of the servers public key. This is used for public key pinning.
253    /// This needs to be length 64...
254    pub server_public_key: String,
255}
256
257/// Opaque block duplication pass.
258#[derive(Debug, Serialize, Deserialize, Clone)]
259pub struct OpaqueBlockDuplication {
260    /// Number of iterations to attempt transformation.
261    pub iterations: u32,
262    /// Percent chance to apply transformation (0–100).
263    pub probability: u32,
264}
265
266/// Split block pass, used to create more control flow points for other passes to transform.
267#[derive(Debug, Serialize, Deserialize, Clone)]
268pub struct SplitBlockPass {
269    /// The number of SSA values required to be within a block for it to be split into two seperate blocks.
270    pub threshold: u32,
271}
272
273/// Encode immediate ssa values into lea's
274#[derive(Debug, Serialize, Deserialize, Clone)]
275pub struct LeaEncodeImm {
276    pub mba_enhance: bool,
277    /// Percent chance to apply transformation (0–100).
278    pub probability: u32,
279    pub ethnicities: SsaOrigins,
280}
281
282/// All possible obfuscation passes.
283#[derive(Debug, Serialize, Deserialize, Clone)]
284#[serde(tag = "type")]
285pub enum ObfuscationPass {
286    LoopEncodeSemantics(LoopEncodeSemantics),
287    MixedBooleanArithmetic(MixedBooleanArithmetic),
288    MutationEngine(MutationEngine),
289    TetherExtraction(TetherExtraction),
290    SplitBlockPass(SplitBlockPass),
291    OpaqueBlockDuplication(OpaqueBlockDuplication),
292    ObscureControlFlow(ObscureControlFlow),
293    LeaEncodeImm(LeaEncodeImm),
294    ObscureConstants(ObscureConstants),
295    SuppressConstants(SuppressConstants),
296    ObscureReferences(ObscureReferences),
297    IDADecompilerCrasher,
298    AntiEmulator,
299}
300
301/// Profile definition used to apply passes to symbols.
302#[derive(Debug, Serialize, Deserialize)]
303pub struct CDProfile {
304    /// Name of the profile.
305    pub name: String,
306    /// Obfuscation passes for this profile.
307    pub passes: Vec<ObfuscationPass>,
308    /// Compiler settings for this profile.
309    pub compiler_settings: CDCompilerSettings,
310    /// List of symbol RVAs this profile targets.
311    pub symbols: Vec<u64>,
312}
313
314/// Top-level config file structure.
315#[derive(Debug, Serialize, Deserialize)]
316pub struct CDConfig {
317    /// Module-wide settings.
318    pub module_settings: CDModuleSettings,
319    /// All profiles to apply during obfuscation.
320    pub profiles: Vec<CDProfile>,
321}
322
323/// Information about a single function found during analysis.
324#[derive(Deserialize, Serialize, Clone, Debug)]
325pub struct AnalysisFunction {
326    /// RVA of the function.
327    pub rva: u64,
328    /// Function name.
329    pub symbol: String,
330    /// Number of references to this function.
331    pub ref_count: usize,
332}
333
334/// Reason why a function was rejected from analysis.
335#[derive(Deserialize, Serialize, Clone, Debug)]
336pub struct AnalysisReject {
337    /// RVA of the rejected function.
338    pub rva: u64,
339    /// Symbol name.
340    pub symbol: String,
341    /// Mnemonic reason string (e.g., internal enum).
342    pub ty: String,
343    /// Stringified reason (human-readable).
344    pub reason: String,
345}
346
347/// Grouping of functions under a named macro profile.
348#[derive(Deserialize, Serialize, Clone, Debug)]
349pub struct AnalysisMacroProfile {
350    /// Name of the macro profile.
351    pub name: String,
352    /// List of function RVAs in this macro.
353    pub rvas: Vec<u64>,
354}
355
356/// Results from binary analysis, returned to the frontend.
357#[derive(Deserialize, Serialize, Clone, Debug)]
358pub struct AnalysisResult {
359    /// Environment type (UserMode, KernelMode, UEFI).
360    pub environment: PeEnvironment,
361    /// Functions found during analysis.
362    pub functions: Vec<AnalysisFunction>,
363    /// Rejected functions and reasons.
364    pub rejects: Vec<AnalysisReject>,
365    /// Macro profiles generated from analysis.
366    pub macros: Vec<AnalysisMacroProfile>,
367}
368
369/// Symbol representation used in YAML: either name or RVA.
370#[derive(Debug, Serialize, Deserialize)]
371pub enum YamlSymbol {
372    /// Symbol name
373    Name(String),
374    /// Symbol RVA.
375    Rva(u64),
376}
377
378/// Obfuscation profile for YAML configuration.
379#[derive(Debug, Serialize, Deserialize)]
380pub struct YamlProfile {
381    /// Profile name (referenced by source macros).
382    pub name: String,
383    /// Passes to apply to this profile.
384    pub passes: Vec<ObfuscationPass>,
385    /// Compiler configuration for this profile.
386    pub compiler_settings: CDCompilerSettings,
387    /// Symbols targeted by this profile.
388    pub symbols: Vec<YamlSymbol>,
389    /// Only used by the SaaS UI. Not used by the CLI.
390    pub color: Option<String>,
391}
392
393/// Root YAML config structure.
394#[derive(Debug, Serialize, Deserialize)]
395pub struct YamlConfig {
396    /// Version of the config file format.
397    pub version: String,
398    /// Global module-wide obfuscation settings.
399    pub module_settings: CDModuleSettings,
400    /// Obfuscation profiles to apply.
401    pub profiles: Vec<YamlProfile>,
402}
codedefender_config/lib.rs

codedefender_config/
lib.rs
