Index

VxLang Project JSON

Generating a Project JSON

Target Version: 1.6.1.1
This page provides instructions on how to use VxLang.

VxLang supports JSON files to adjust protection options at the binary level. To obtain the latest version of the JSON file, use the CMD options. Below is an example command:

:\> vxlang.exe ${PE-Binary}

This will create a temp.json file.

{ "input": "test.exe", "output": "", "backup": false, "use-data-section": false, "base-section-name": "", "map-file-path": "", "virtualizer": { "entry-point": false, "virtualization-by-map": [] }, "obfuscator": { "entry-point": false, "obfuscation-by-map": [], "flattening-by-map": [] }, "protector": { "compress": true, "symbol-data": false, "mutate-import-table": true, "vxlang-link-event": false, "anti-tamper": { "enable": true, "hide-unused-memory": true, "pause-protection": true, "message": "" }, "extension": [], "raw-data" : [], "reflection": { "enable": false, "ldr-update": true } } }

The generated JSON can be used as shown below.

:\> vxlang.exe temp.json

JSON Description

input   :   The input file.
output   :   The output file.
backup   :   Decide whether to back up the original file.
use-data-section   :   This flag recycles the data section instead of creating a VxLang section.
base-section-name   :   Sets the default section name for VxLang data or code. If empty, generate a random name.
map-file-path   :   Use a MAP file to map binary information.

virtualizer:

entry-point   :   Virtualizes the program entry point.
virtualization-by-map   :   Based on the function name written in the MAP file, virtualizes the entire function.

obfuscator:

entry-point   :   Flattening the program entry point.
obfuscation-by-map   :   Based on the function name written in the MAP file, obfuscation the entire function.
flattening-by-map   :   Based on the function name written in the MAP file, flattening the entire function.

protector:

compress   :   Compress the binary. If this flag is not set, only the VxLang core is added.
symbol-data   :   Decide if you want to keep the debug symbols.
mutate-import-table   :   Obfuscate the import table.
vxlang-link-event   :   SDK to route obfuscated or virtualized blocks through the VxLang core. This is freely controllable via VxLang extension modules.
anti-tamper:enable   :   Enable the anti-tamper feature included with VxLang.
anti-tamper:hide-unused-memory   :   Delete memory that is not referenced by the protected memory.
anti-tamper:pause-protection   :   Detect thread pauses.
anti-tamper:message   :   The message that is output when detected by the anti-tamper. If it is empty, the program will exit.
extension   :   VxLang extension modules developed by users.
raw-data   :   Enclose (compress) RAW data, such as other binaries (DLL/SYS), in the target binary. This can be freely controlled by the extension module.
reflection:enable   :   Reflex load the target binary.
reflection:ldr-update   :   Determines whether to update the target binaries in the PEB!LDR.