HexVeil - Code Protection

Overview

HexVeil is a comprehensive code protection library for Windows applications, designed to prevent reverse engineering, debugging, and analysis.

Core Features

[+] Anti-Debug Protection

PEB flags detection
Hardware breakpoint detection
Thread context verification
Anti-VM detection

[+] Code Protection

Nanomite injection
Polymorphic code generation
Control flow flattening
Dead code injection

[+] String Protection

Multi-layer encryption
Dynamic key generation
String table obfuscation

[+] Memory Protection

PE header protection
Import table obfuscation
Stack cleanup
Memory flooding

VM Operations

[+] Protected Operations

ADD with obfuscation (0x12345678)
SUB with obfuscation (0x87654321)
MUL with obfuscation (0xFEDCBA98)
DIV with obfuscation (0x89ABCDEF)
XOR operations
AND operations
OR operations

[+] Advanced VM Features

Custom instruction set
State machine obfuscation
Operation result mutation
Bit rotation protection

Code Mutation

[+] Polymorphic Engine

Dynamic stub generation
Multiple template patterns
Random junk code insertion
Instruction substitution

[+] Assembly Mutation

MOV instruction mutation
PUSH/POP substitution
LEA transformation
Instruction compression

Advanced Protection

[+] Nanomite Protection

INT3 breakpoint injection
Dynamic byte restoration
Exception-based flow control
Instruction encryption

[+] Control Flow

State machine obfuscation
Random state mutation
Fake execution paths
Dead code blocks

Anti-Analysis Features

[+] PE Protection

UPX header simulation
Section name obfuscation
Header corruption
Resource encryption

[+] Import Protection

Fake DLL imports
API function obfuscation
Import table mutation
Dynamic resolution

Advanced Usage Examples

CODE:

// Polymorphic function protection
void* protected_func = hexveil_generate_polymorphic_stub(original_function);

// Advanced string protection
ProtectedString* secure_str = hexveil_encrypt_string_ex("critical data");
char* decrypted = hexveil_decrypt_string(secure_str);

// Control flow obfuscation
HEXVEIL_FLATTEN_BEGIN(1)
    HEXVEIL_FLATTEN_CASE(1, {
        // Protected code block 1
        __next_state = 2;
    })
    HEXVEIL_FLATTEN_CASE(2, {
        // Protected code block 2
        __next_state = 0;
    })
HEXVEIL_FLATTEN_END()

// Code mutation
hexveil_mutate_code_block(function_ptr, size);
void* mutated = hexveil_randomize_instructions(function_ptr, size);

// Anti-analysis
HEXVEIL_BREAK_ANALYSIS();
HEXVEIL_FAKE_PATH();
HEXVEIL_ANTIDEBUG();

Quick Start

Basic usage example:

CODE:

#include "hexveil.h"

int main() {
    HEXVEIL_PROTECT_ALL();  // Enable all protections
    
    HEXVEIL_TRY {
        // Your protected code here
    } 
    HEXVEIL_EXCEPT {
        // Handle tampering
    }
    
    return 0;
}

Installation

CODE:

git clone https://github.com/Enigmatikk/hexveil
cd hexveil
gcc test.c -o test.exe -I. -O2 -Wall

Common Functions

CODE:

// Initialize all protections
HEXVEIL_PROTECT_ALL();

// Protect specific function
HEXVEIL_PROTECT_FUNCTION(function_name);

// String encryption
const char* protected_str = hexveil_encrypt_string_safe("secret");

// Anti-debug check
if(hexveil_detect_debugger_safe()) {
    ExitProcess(1);
}

// Memory protection
hexveil_protect_code_section();
hexveil_corrupt_pe_headers();

Notes

• Windows x86/x64 support only

• Some features require administrator rights

• May trigger antivirus software

• Not suitable for kernel-mode drivers