codedefender_config/
lib.rs

1//! `codedefender-config` provides the Rust data structures used for serializing and deserializing
2//! CodeDefender YAML configuration files and analysis results. These structures are used by both
3//! the CodeDefender CLI and its backend services.
4//!
5//! This crate is intended to be consumed by tools that integrate with or generate CodeDefender config files.
6
7use serde::{Deserialize, Serialize};
8
9/// Current supported YAML config version.
10pub const YAML_CONFIG_VERSION: &str = "1.0.5";
11
12/// Available SIMD extension types used by mutation engines.
13#[derive(Debug, Serialize, Deserialize, Clone)]
14pub enum MutationEngineExtension {
15    /// All base instructions
16    Generic,
17    /// All base instructions + Legacy SSE instructions up until SSE3
18    SSE3,
19    /// All base instructions + Legacy SSE instructions up until SSE4.2
20    SSE42,
21}
22
23/// Supported PE environments.
24#[derive(Debug, Clone, Copy, Eq, PartialEq, PartialOrd, Ord, Serialize, Deserialize)]
25pub enum PeEnvironment {
26    /// User-mode PE (exe, dll)
27    UserMode,
28    /// Kernel-mode PE (sys)
29    KernelMode,
30    /// UEFI firmware image
31    UEFI,
32}
33
34/// Configuration settings for lifting x86 instructions into IR.
35#[derive(Debug, Serialize, Deserialize, Clone)]
36pub struct LifterSettings {
37    /// Whether to lift calls into IR.
38    pub lift_calls: bool,
39    /// Calling convention used for lifting, only `WindowsAbi`, and `Conservative` are supported.
40    pub calling_convention: String,
41    /// Max stack copy size in bytes when lifting.
42    pub max_stack_copy_size: u32,
43    /// Fallback: split on calls if lifting fails.
44    pub split_on_calls_fallback: bool,
45}
46
47/// IR optimization settings.
48#[derive(Debug, Serialize, Deserialize, Clone)]
49pub struct OptimizationSettings {
50    /// Enable constant propagation.
51    pub constant_propagation: bool,
52    /// Enable instruction combining.
53    pub instruction_combine: bool,
54    /// Enable dead code elimination.
55    pub dead_code_elim: bool,
56    /// Enable pruning of unused block parameters.
57    pub prune_useless_block_params: bool,
58    /// Number of optimization iterations to run.
59    pub iterations: u32,
60}
61
62/// Assembler-level codegen settings.
63#[derive(Debug, Serialize, Deserialize, Clone)]
64pub struct AssemblerSettings {
65    /// Whether to shuffle basic blocks.
66    pub shuffle_basic_blocks: bool,
67    /// Instruction prefix to prepend to emitted instructions.
68    pub instruction_prefix: String,
69    /// Chance of randomly applying the prefix.
70    pub random_prefix_chance: f64,
71}
72
73/// Compiler configuration (IR + codegen) for a profile.
74#[derive(Debug, Serialize, Deserialize, Clone)]
75pub struct CDCompilerSettings {
76    /// Assembler settings.
77    pub assembler_settings: AssemblerSettings,
78    /// Optimization settings.
79    pub optimization_settings: OptimizationSettings,
80    /// IR lifter settings.
81    pub lifter_settings: LifterSettings,
82}
83
84/// Fake PDB string settings to confuse debuggers.
85#[derive(Default, Debug, Serialize, Deserialize)]
86pub struct FakePdbString {
87    /// Whether the fake PDB string is enabled.
88    pub enabled: bool,
89    /// Value to emit as the fake PDB string.
90    pub value: String,
91}
92
93/// Custom `.text` section name override.
94#[derive(Default, Debug, Serialize, Deserialize)]
95pub struct CustomSectionName {
96    /// Whether this feature is enabled.
97    pub enabled: bool,
98    /// Custom section name value.
99    pub value: String,
100}
101
102/// Global obfuscation settings for the module.
103#[derive(Debug, Serialize, Deserialize)]
104pub struct CDModuleSettings {
105    /// Whether to crash the IDA decompiler intentionally.
106    #[serde(default)]
107    pub ida_crasher: bool,
108    /// Whether to enable IAT/Import protection.
109    #[serde(default)]
110    pub import_protection: bool,
111    /// Should the output file be packed/compressed? This option only works for usermode modules.
112    #[serde(default)]
113    pub pack_output_file: bool,
114    /// Obscure the entry point of the module with anti tamper and anti debug tactics
115    #[serde(default)]
116    pub obscure_entry_point: bool,
117    /// Clear unwind information. makes it harder for attackers to locate functions, however
118    /// structured exception handling will not work.
119    #[serde(default)]
120    pub clear_unwind_info: bool,
121    /// Fake PDB string settings.
122    #[serde(default)]
123    pub fake_pdb_string: FakePdbString,
124    /// Custom PE section name settings.
125    #[serde(default)]
126    pub custom_section_name: CustomSectionName,
127}
128
129/// Instruction-level semantics used in transformations.
130#[derive(Debug, Serialize, Deserialize, Clone)]
131pub struct Semantics {
132    #[serde(default)]
133    pub add: bool,
134    #[serde(default)]
135    pub sub: bool,
136    #[serde(default)]
137    pub and: bool,
138    #[serde(default)]
139    pub xor: bool,
140    #[serde(default)]
141    pub or: bool,
142    #[serde(default)]
143    pub not: bool,
144    #[serde(default)]
145    pub neg: bool,
146}
147
148/// Bit widths to apply transformations to.
149#[derive(Debug, Serialize, Deserialize, Clone)]
150pub struct BitWidths {
151    #[serde(default)]
152    pub bit8: bool,
153    #[serde(default)]
154    pub bit16: bool,
155    #[serde(default)]
156    pub bit32: bool,
157    #[serde(default)]
158    pub bit64: bool,
159}
160
161/// The origin of SSA value from within the instruction.
162/// Please refer to this documentation for more info:
163/// https://docs.codedefender.io/features/ethnicity
164#[derive(Debug, Serialize, Deserialize, Clone)]
165pub struct SsaOrigins {
166    pub normal: bool,
167    pub memop: bool,
168    pub fp_based_memop: bool,
169    pub sp_based_memop: bool,
170}
171
172/// Configuration for the Loop Encode Semantics pass.
173#[derive(Debug, Serialize, Deserialize, Clone)]
174pub struct LoopEncodeSemantics {
175    /// Number of times to attempt transformation.
176    pub iterations: u32,
177    /// Percent chance to apply transformation (0–100).
178    pub probability: u32,
179    /// Instruction semantics to consider.
180    pub semantics: Semantics,
181    /// Bit widths to target.
182    pub bitwidths: BitWidths,
183    pub ethnicities: SsaOrigins,
184}
185
186/// Configuration for Mixed Boolean Arithmetic pass.
187#[derive(Debug, Serialize, Deserialize, Clone)]
188pub struct MixedBooleanArithmetic {
189    pub iterations: u32,
190    pub probability: u32,
191    pub semantics: Semantics,
192    pub bitwidths: BitWidths,
193    pub ethnicities: SsaOrigins,
194}
195
196/// Configuration for Mutation Engine pass.
197#[derive(Debug, Serialize, Deserialize, Clone)]
198pub struct MutationEngine {
199    pub iterations: u32,
200    pub probability: u32,
201    pub extension: MutationEngineExtension,
202    pub semantics: Semantics,
203    pub bitwidths: BitWidths,
204    pub ethnicities: SsaOrigins,
205}
206
207/// Pass that crashes IDA’s decompiler.
208#[derive(Debug, Serialize, Deserialize, Clone)]
209pub struct IDADecompilerCrasher;
210
211/// Suppress constants and prevent them from rematerializing at runtime.
212#[derive(Debug, Serialize, Deserialize, Clone)]
213pub struct SuppressConstants {
214    pub mba_enhance: bool,
215    pub ethnicities: SsaOrigins,
216}
217
218/// Statically obscure constants, this does not prevent rematerialization at runtime.
219/// Use the SuppressConstants pass in tandem with this!
220#[derive(Debug, Serialize, Deserialize, Clone)]
221pub struct ObscureConstants {
222    pub mba_enhance: bool,
223    pub probability: u32,
224    pub iterations: u32,
225    pub bitwidths: BitWidths,
226    pub ethnicities: SsaOrigins,
227}
228
229/// Memory reference obfuscation pass.
230#[derive(Debug, Serialize, Deserialize, Clone)]
231pub struct ObscureReferences {
232    pub mba_enhance: bool,
233}
234
235/// Control-flow obfuscation pass.
236#[derive(Debug, Serialize, Deserialize, Clone)]
237pub struct ObscureControlFlow {
238    pub mba_enhance: bool,
239    pub probability: u32,
240}
241
242/// Tether extraction pass.
243#[derive(Debug, Serialize, Deserialize, Clone)]
244pub struct TetherExtraction {
245    /// Min length of a sequence of instructions that should be extracted.
246    /// Its a bad idea for this to be 1 usually because its easy to synthesize
247    pub min_extract_len: usize,
248    /// Tether server endpoint
249    pub endpoint: String,
250    /// Tether server port
251    pub port: u16,
252    /// Hex string of the servers public key. This is used for public key pinning.
253    /// This needs to be length 64...
254    pub server_public_key: String,
255}
256
257/// Opaque block duplication pass.
258#[derive(Debug, Serialize, Deserialize, Clone)]
259pub struct OpaqueBlockDuplication {
260    /// Number of iterations to attempt transformation.
261    pub iterations: u32,
262    /// Percent chance to apply transformation (0–100).
263    pub probability: u32,
264}
265
266/// Split block pass, used to create more control flow points for other passes to transform.
267#[derive(Debug, Serialize, Deserialize, Clone)]
268pub struct SplitBlockPass {
269    /// The number of SSA values required to be within a block for it to be split into two seperate blocks.
270    pub threshold: u32,
271}
272
273/// Encode immediate ssa values into lea's
274#[derive(Debug, Serialize, Deserialize, Clone)]
275pub struct LeaEncodeImm {
276    pub mba_enhance: bool,
277    /// Number of iterations to attempt transformation.
278    pub iterations: u32,
279    /// Percent chance to apply transformation (0–100).
280    pub probability: u32,
281    pub ethnicities: SsaOrigins,
282}
283
284/// All possible obfuscation passes.
285#[derive(Debug, Serialize, Deserialize, Clone)]
286#[serde(tag = "type")]
287pub enum ObfuscationPass {
288    LoopEncodeSemantics(LoopEncodeSemantics),
289    MixedBooleanArithmetic(MixedBooleanArithmetic),
290    MutationEngine(MutationEngine),
291    TetherExtraction(TetherExtraction),
292    SplitBlockPass(SplitBlockPass),
293    OpaqueBlockDuplication(OpaqueBlockDuplication),
294    ObscureControlFlow(ObscureControlFlow),
295    LeaEncodeImm(LeaEncodeImm),
296    ObscureConstants(ObscureConstants),
297    SuppressConstants(SuppressConstants),
298    ObscureReferences(ObscureReferences),
299    IDADecompilerCrasher,
300    AntiEmulator,
301    SigBreaker,
302}
303
304/// Profile definition used to apply passes to symbols.
305#[derive(Debug, Serialize, Deserialize)]
306pub struct CDProfile {
307    /// Name of the profile.
308    pub name: String,
309    /// Obfuscation passes for this profile.
310    pub passes: Vec<ObfuscationPass>,
311    /// Compiler settings for this profile.
312    pub compiler_settings: CDCompilerSettings,
313    /// List of symbol RVAs this profile targets.
314    pub symbols: Vec<u64>,
315}
316
317/// Top-level config file structure.
318#[derive(Debug, Serialize, Deserialize)]
319pub struct CDConfig {
320    /// Module-wide settings.
321    pub module_settings: CDModuleSettings,
322    /// All profiles to apply during obfuscation.
323    pub profiles: Vec<CDProfile>,
324}
325
326/// Information about a single function found during analysis.
327#[derive(Deserialize, Serialize, Clone, Debug)]
328pub struct AnalysisFunction {
329    /// RVA of the function.
330    pub rva: u64,
331    /// Function name.
332    pub symbol: String,
333    /// Number of references to this function.
334    pub ref_count: usize,
335}
336
337/// Reason why a function was rejected from analysis.
338#[derive(Deserialize, Serialize, Clone, Debug)]
339pub struct AnalysisReject {
340    /// RVA of the rejected function.
341    pub rva: u64,
342    /// Symbol name.
343    pub symbol: String,
344    /// Mnemonic reason string (e.g., internal enum).
345    pub ty: String,
346    /// Stringified reason (human-readable).
347    pub reason: String,
348}
349
350/// Grouping of functions under a named macro profile.
351#[derive(Deserialize, Serialize, Clone, Debug)]
352pub struct AnalysisMacroProfile {
353    /// Name of the macro profile.
354    pub name: String,
355    /// List of function RVAs in this macro.
356    pub rvas: Vec<u64>,
357}
358
359/// Results from binary analysis, returned to the frontend.
360#[derive(Deserialize, Serialize, Clone, Debug)]
361pub struct AnalysisResult {
362    /// Environment type (UserMode, KernelMode, UEFI).
363    pub environment: PeEnvironment,
364    /// Functions found during analysis.
365    pub functions: Vec<AnalysisFunction>,
366    /// Rejected functions and reasons.
367    pub rejects: Vec<AnalysisReject>,
368    /// Macro profiles generated from analysis.
369    pub macros: Vec<AnalysisMacroProfile>,
370}
371
372/// Symbol representation used in YAML: either name or RVA.
373#[derive(Debug, Serialize, Deserialize)]
374pub enum YamlSymbol {
375    /// Symbol name
376    Name(String),
377    /// Symbol RVA.
378    Rva(u64),
379}
380
381/// Obfuscation profile for YAML configuration.
382#[derive(Debug, Serialize, Deserialize)]
383pub struct YamlProfile {
384    /// Profile name (referenced by source macros).
385    pub name: String,
386    /// Passes to apply to this profile.
387    pub passes: Vec<ObfuscationPass>,
388    /// Compiler configuration for this profile.
389    pub compiler_settings: CDCompilerSettings,
390    /// Symbols targeted by this profile.
391    pub symbols: Vec<YamlSymbol>,
392    /// Only used by the SaaS UI. Not used by the CLI.
393    pub color: Option<String>,
394}
395
396/// Root YAML config structure.
397#[derive(Debug, Serialize, Deserialize)]
398pub struct YamlConfig {
399    /// Version of the config file format.
400    pub version: String,
401    /// Global module-wide obfuscation settings.
402    pub module_settings: CDModuleSettings,
403    /// Obfuscation profiles to apply.
404    pub profiles: Vec<YamlProfile>,
405}
codedefender_config/lib.rs

codedefender_config/
lib.rs
