Virtual Machine x Intermediate Language Project

Overview   /   Document   /   Download   /   About

: Protector

VxLang Packer

  VxLang supports packer functionality for user-mode modules (*.EXE/*.DLL/.NET). A packer is a structure that converts an executable to a VxLang file system at pack-time and restores it at run-time.

  The packer engine provides Up to seven extension modules can be packaged simultaneously, and they can act before the original restore, giving you full control over the packer through events (e.g. adding detections, controlling detections, changing detection messages, etc.). This allows you to easily and freely add more powerful features to develop specialized packers.

How to use VxLang Packer ?

  VxLang's packer is enabled by default.
  (To disable the packer, you must use the `--disable-packer` option.)

  Here's how to apply vxlang:
  vxlang.exe ${file-path}

  VxLang supports extension modules(add-on) that can make packers special. These are in the form of DLLs, converted to VxLang's own file format and enclosed.

VxLang Add-on Module

  The following describes how to write an add-on module. VxLang's extension modules are developed as DLLs for ease of development. (This is an extension of the packer shell code, not an actual DLL module.)

  Extension modules are developed the same way as regular DLLs. All events, callbacks, etc. will work the same. (However, if you make a `static` reference, you will be referencing the original TLS object, so be careful with that). The packer's state or special events can be notified via DllMain, so you can develop behaviors for the state.

  The basic form of DllMain is shown below:

Each event represents the following meanings:
VXLANG_LOAD_ADDON_EVENT :
- The event that is notified when the add-on module is loaded for the first time.
VXLANG_START_EVENT :
- An event that is notified when the packer's source file is ready to run.
VXLANG_TERMINATE_EVENT :
- The event that is notified when the packer is signaled to terminate.
  (packing failure and add-on termination)

If the return value of DllMain is `FALSE`, the packer terminates the behavior and calls `VXLANG_TERMINATE_EVENT`.

These add-on modules can be applied via the `vxlang.exe $src-path} --add-on ${dll-path}` command.

These events will be added through updates.

Sample Add-on Module(Simple Anti-Debugging)

  This example add-on implements very simple anti-debugging and outputs a message box.

  The behavior is as follows:

Anti-Temper Mode

 

AXION-Mode