run on windows

[ghost]

it is possible to windows?

[turbo]

Did you even try anything?

[ghost]

@minxomat Nope

[ghost]

There are two solutions:

1. Use self-modification of the code to insert CALL instructions to Windows code. First, SUB is obfuscated and run with MOV, arguments are filled using MOV instructions (straightforward, like gcc does) and a CALL instruction is inserted, then reverted.
2. Use non-MOV instructions to call Windows code. First, to call, say WriteConsoleA, we first subtract 20 bytes from ESP using MOV instructions, we fill in the arguments and CALL the function.

[xoreaxeaxeax]

It may be possible with something like mingw. Barring that, the calling conventions, exception handling, etc. would have to be replaced. For now, there is no plan to add this.

[wirespecter]

Sorry for bumping, I know this is an old issue but I would love to see it on Windows too. I want to create a few "CrackMes" for a competition and the movfuscator would be ideal for this.

I hope that @xoreaxeaxeax will be able to make it one day, I'm looking forward to it ;)

[gogo2464]

@wirespecter I would like to make a PR for windows support. Do you want to do PRs on my fork?

[wirespecter]

@gogo2464 Do you have a working fork for windows? I can't find it in your repos.

[gogo2464]

@wirespecter I just forked it 2 second ago. I did not because I was thinking about to do it in llvm plugin instead of doing everything myself.

You now could check it out there: https://github.com/gogo2464/movfuscator

[gogo2464]

But this work does not compiles on windows!

[gogo2464]

I think I may use this llvm tutorial https://polarply.medium.com/build-your-first-llvm-obfuscator-80d16583392b