((annotate("nohikari"))) void normal_function() // no obfuscation
C:\Hikari\ bin\ clang-cl.exe lld-link.exe lib\ hikari_pe_x64.dll <-- plugin Add to environment PATH : C:\Hikari\bin Use the plugin flag :
loc_obf_1: mov eax, switch_var cmp eax, 0x1 -> jmp loc_realblock1 cmp eax, 0x2 -> jmp loc_realblock2 ... If prebuilt plugin fails: hikari_pe_x64
Example full obfuscation:
Also available: "bcf" , "split" , "indibran" , "fla_loop" , "sub_loop" , "split_num=3" Combine with manual tricks: switch_var cmp eax
lld-link.exe /SUBSYSTEM:CONSOLE /ENTRY:main /MACHINE:X64 /OUT:obfuscated.exe payload.obj Do apply obfuscation at link stage – only per TU (translation unit). 6. Advanced: Selective Obfuscation with __attribute__ Annotate functions to control passes:
// Opaque predicate example (constant folding resistant) volatile int x = 0; if (x == 0 && (GetTickCount() & 1) == 0) // real code else // dead code jmp loc_realblock1 cmp eax
clang-cl.exe /O2 /GS- /c source.c ^ -mllvm -enable-pass-plugin=C:\Hikari\lib\hikari_pe_x64.dll ^ -mllvm -sub -mllvm -sub_loop=1 | Flag | Effect | |------|--------| | -sub | Instruction substitution | | -sub_loop=1 | Substitution on loops | | -bcf | Bogus control flow | | -bcf_loop=1 | Bogus flow in loops | | -fla | Control flow flattening | | -fla_loop=1 | Flatten loops | | -split | Basic block splitting | | -split_num=2 | Split into 2 blocks | | -indibran | Indirect branching (opaque predicates) |