{"id":31033047,"url":"https://github.com/tijme/dittobytes","last_synced_at":"2025-09-14T01:11:31.148Z","repository":{"id":313901243,"uuid":"963502357","full_name":"tijme/dittobytes","owner":"tijme","description":"Metamorphic cross-compilation of C++ \u0026 C-code to PIC, BOF \u0026 EXE. ","archived":false,"fork":false,"pushed_at":"2025-09-09T10:34:29.000Z","size":23229,"stargazers_count":309,"open_issues_count":1,"forks_count":35,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-09-09T13:40:47.662Z","etag":null,"topics":["beacon-object-file","clang","evasion","linux","llvm","macos","malware","metamorphic","metamorphic-engine","metamorphism","obfuscation","obfuscator","pic","polymorphic","polymorphism","position-independent-code","redteam","shellcode","windows"],"latest_commit_sha":null,"homepage":"https://www.dittobytes.com","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tijme.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":["tijme"],"custom":["dittobytes.com/sponsor-via-paypal","dittobytes.com/sponsor-via-bunq"]}},"created_at":"2025-04-09T19:25:47.000Z","updated_at":"2025-09-09T13:37:09.000Z","dependencies_parsed_at":"2025-09-09T13:40:51.606Z","dependency_job_id":"448e3d86-6f0d-4144-ac72-d9de030240cd","html_url":"https://github.com/tijme/dittobytes","commit_stats":null,"previous_names":["tijme/dittobytes"],"tags_count":11,"template":false,"template_full_name":null,"purl":"pkg:github/tijme/dittobytes","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tijme%2Fdittobytes","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tijme%2Fdittobytes/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tijme%2Fdittobytes/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tijme%2Fdittobytes/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tijme","download_url":"https://codeload.github.com/tijme/dittobytes/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tijme%2Fdittobytes/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":275048561,"owners_count":25396484,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-13T02:00:10.085Z","response_time":70,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["beacon-object-file","clang","evasion","linux","llvm","macos","malware","metamorphic","metamorphic-engine","metamorphism","obfuscation","obfuscator","pic","polymorphic","polymorphism","position-independent-code","redteam","shellcode","windows"],"created_at":"2025-09-14T01:11:28.103Z","updated_at":"2025-09-14T01:11:31.138Z","avatar_url":"https://github.com/tijme.png","language":"C++","funding_links":["https://github.com/sponsors/tijme","dittobytes.com/sponsor-via-paypal","dittobytes.com/sponsor-via-bunq"],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n \u003cimg src=\"https://gist.githubusercontent.com/tijme/c77f321c8dacd6d8ce8e0f9e2ab8c719/raw/029692c26cb1dd1c05f1c4544a96d333544b9f3a/dittobytes.svg\" alt=\"Dittobytes Logo\" /\u003e\n\u003c/p\u003e\n\u003cp align=\"center\"\u003e\n \u003ca href=\"https://github.com/tijme/dittobytes/releases\"\u003e\u003cimg src=\"https://img.shields.io/github/v/release/tijme/dittobytes?style=for-the-badge\u0026labelColor=850447\u0026color=ba0745\u0026cache=1\" alt=\"Latest Dittobytes release\" /\u003e\u003c/a\u003e\n \u0026nbsp;\n \u003ca href=\"https://github.com/tijme/dittobytes/actions\"\u003e\u003cimg src=\"https://img.shields.io/github/actions/workflow/status/tijme/dittobytes/validation.yml?style=for-the-badge\u0026labelColor=850447\u0026color=ba0745\u0026cache=1\" alt=\"Latest Dittobytes status\" /\u003e\u003c/a\u003e\n \u0026nbsp;\n \u003ca href=\"https://github.com/tijme/dittobytes/blob/master/LICENSE.md\"\u003e\u003cimg src=\"https://img.shields.io/badge/License-MPL%20V2.0-ba0745?style=for-the-badge\u0026labelColor=850447\u0026cache=1\" alt=\"Dittobytes license badge\" /\u003e\u003c/a\u003e\n\u003c/p\u003e\n\u003cp align=\"center\"\u003e\n \u003cimg src=\"https://gist.githubusercontent.com/tijme/ac043c7360ebcb89ac3be393a152dde0/raw/2f4bfb6f639419b49c9a2e3bfa440fdfd7576949/arch_amd64.svg\" alt=\"AMD64 logo\" width=\"50\" height=\"50\" /\u003e\n \u0026nbsp;\u0026nbsp;\n \u003cimg src=\"https://gist.githubusercontent.com/tijme/7262f114a2e018e323fd97837525f87d/raw/5e58faa4765f054e86e7c774be06bacb6e630b7b/os_macos.svg\" alt=\"MacOS logo\" width=\"50\" height=\"50\" /\u003e\n \u0026nbsp;\u0026nbsp;\n \u003cimg src=\"https://gist.githubusercontent.com/tijme/7262f114a2e018e323fd97837525f87d/raw/5e58faa4765f054e86e7c774be06bacb6e630b7b/os_windows.svg\" alt=\"Windows logo\" width=\"50\" height=\"50\" /\u003e\n \u0026nbsp;\u0026nbsp;\n \u003cimg src=\"https://gist.githubusercontent.com/tijme/7262f114a2e018e323fd97837525f87d/raw/5e58faa4765f054e86e7c774be06bacb6e630b7b/os_linux.svg\" alt=\"Linux logo\" width=\"50\" height=\"50\" /\u003e\n \u0026nbsp;\u0026nbsp;\n \u003cimg src=\"https://gist.githubusercontent.com/tijme/a5e815ace37e12dc8e36060cc31cee4d/raw/2f6fba67d2d597294de5ccaec48d1325f0c76354/arch_arm64.svg\" alt=\"ARCH64 logo\" width=\"50\" height=\"50\" /\u003e\n\u003c/p\u003e\n\u003cp align=\"center\"\u003e\n \u003cb\u003eMetamorphic cross-compilation of C++ \u0026 C-code to PIC, BOF \u0026 EXE.\u003c/b\u003e\n \u003cbr/\u003e\n \u003csup\u003eBuilt with ♥ by \u003ca href=\"https://www.linkedin.com/in/tijme/\"\u003eTijme Gommers\u003c/a\u003e – Buy me a coffee via \u003ca href=\"https://dittobytes.com/sponsor-via-paypal\"\u003ePayPal\u003c/a\u003e or \u003ca href=\"https://dittobytes.com/sponsor-via-bunq\"\u003eBunq\u003c/a\u003e.\u003c/sup\u003e\n \u003cbr/\u003e\n\u003c/p\u003e\n\u003cp align=\"center\"\u003e\n \u003ca href=\"#-system-requirements\"\u003eRequirements\u003c/a\u003e\n \u0026nbsp;•\u0026nbsp;\n \u003ca href=\"#-getting-started\"\u003eGetting started\u003c/a\u003e\n \u0026nbsp;•\u0026nbsp;\n \u003ca href=\"#-advanced-usage\"\u003eAdvanced usage\u003c/a\u003e\n \u0026nbsp;•\u0026nbsp;\n \u003ca href=\"#-metamorphications\"\u003eMetamorphications\u003c/a\u003e\n \u0026nbsp;•\u0026nbsp;\n \u003ca href=\"#-limitations\"\u003eLimitations\u003c/a\u003e\n \u0026nbsp;•\u0026nbsp;\n \u003ca href=\"#-issues--requests\"\u003eIssues\u003c/a\u003e\n \u0026nbsp;•\u0026nbsp;\n \u003ca href=\"#-license--copyright\"\u003eLicense\u003c/a\u003e\n\u003c/p\u003e\n\u003chr\u003e\n\nDittobytes compiles your C-code to truly Position Independent Code (PIC) for Windows, MacOS, and Linux, and both AMD64 and ARM64. It features a [metamorphic engine](https://en.wikipedia.org/wiki/Metamorphic_code) that ensures each compilation produces unique, functional shellcode. It does *not* rely on the classic decrypt stubs often seen in e.g. polymorphic compilations, and additionally it does *not* require reflective loaders such as Donut or sRDI as it can compile your C-code directly to PIC. A subsequent advantage is that the output size of the shellcode is extremely small (almost no overhead), and remains very simple.\n\n\u003ctable align=center\u003e\n \u003ctr\u003e\n \u003ctd align=center\u003eOriginal\u003c/td\u003e\n \u003ctd align=center\u003e\u003c/td\u003e\n \u003ctd align=center\u003eMetamorphicated (example)\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n\n```diff\n# push rbp\n# mov rbp, rsp\n- push r15\n- push r11\n- sub rsp, 40h\n- xor rax, rax\n- mov [rbp+var_1B], rax\n```\n\n\u003c/td\u003e\n\u003ctd align=center\u003e→\u003c/td\u003e\n\u003ctd\u003e\n \n```diff\n# push rbp\n# mov rbp, rsp\n+ push r9\n+ push r15\n+ sub rsp, 38h\n+ mov rdx, 0\n+ mov [rbp+var_33], rdx\n```\n\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/table\u003e\n\u003cp align=center\u003e\u003csup\u003eIllustration 1: Example metamorphications by Dittobytes (left and right are functionally equivalent).\u003c/sup\u003e\u003c/p\u003e\n\n\u003cp\u003e\n Dittobytes uses a custom LLVM build with two transpilers. Any compilation of your code using Dittobytes is done with this LLVM build. The first transpiler uses a modern \u003ca href=\"https://llvm.org/docs/WritingAnLLVMNewPMPass.html\"\u003eLLVM Function Pass\u003c/a\u003e (on intermediate level) to inline constant variables otherwise located in e.g. \u003ccode\u003e.rodata\u003c/code\u003e segments (this aids the development of Position Independent Code). The second one is the machine transpiler that uses a legacy \u003ca href=\"https://llvm.org/docs/WritingAnLLVMPass.html#the-machinefunctionpass-class\"\u003eLLVM MachineFunction Pass\u003c/a\u003e to perform the metamorphic transformations (e.g. instruction substitutions), introducing randomness in the assembly code during compilation. Check the \u003ca href=\"#-metamorphications\"\u003eroadmap\u003c/a\u003e for all implemented (and yet to implement) metamorphic transformations.\n\u003c/p\u003e\n\nThe pre-shippped minimal C-code file (`./code/beacon.c`) can cross-compile to all supported platforms (Windows, Linux \u0026 MacOS), architectures (AMD64 \u0026 ARM64) and formats (PIC, BOF, EXE). Additionally, Dittobytes ships with loaders (for each platform and architecture) that can be used for testing purposes.\n\n\u003ch1\u003e\u003cimg src=\"https://gist.githubusercontent.com/tijme/c77f321c8dacd6d8ce8e0f9e2ab8c719/raw/b74e2cd4679ddc3dc6e14c0651d1489cddfd1ea8/logo-heading.svg\" width=25 height=25 /\u003e System requirements\u003c/h1\u003e\n\n\u003cp\u003eThe build environment itself works best (and is tested) on Linux (AMD64 \u0026 ARM64). Use Docker for an easy setup.\u003c/p\u003e\n\n\u003cdetails\u003e\n \u003csummary\u003eSystem requirements if you use \u003cb\u003eDocker\u003c/b\u003e\u003cbr\u003e\u003csup\u003eDifficulty: \u003cstrong\u003eeasy\u003c/strong\u003e\u003c/summary\u003e\n \u003chr\u003e\n \u003cp\u003e\n A custom version of \u003ca href=\"https://github.com/tijme/forked-dittobytes-llvm-project/tree/release/18.x\"\u003eLLVM\u003c/a\u003e needs to be built from source, which requires quite some memory and disk space to be allocated by Docker. The build takes around 2.5 hours. I got it to work with the following Docker resource configuration.\n \u003cblockquote\u003e⚠️ If Docker cannot allocate enough resources, the build might fail with an error like \u003ccode\u003eResourceExhausted: cannot allocate memory\u003c/code\u003e.\u003c/blockquote\u003e\n \u003cul\u003e\n \u003cli\u003eSet CPU limit to: \u003ccode\u003e8\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003eSet memory limit to: \u003ccode\u003e10 GB\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003eSet swap to: \u003ccode\u003e2 GB\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003eSet disk usage limit: \u003ccode\u003e1 TB\u003c/code\u003e (though this can likely be much lower).\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/p\u003e\n \u003chr\u003e\n\u003c/details\u003e\n\n\u003cdetails\u003e\n \u003csummary\u003eSystem requirements if you use \u003cb\u003eWindows Subsystem for Linux\u003c/b\u003e\u003cbr\u003e\u003csup\u003eDifficulty: \u003cstrong\u003eintermediate\u003c/strong\u003e\u003c/summary\u003e\n \u003chr\u003e\n \u003cp\u003e\n A custom version of \u003ca href=\"https://github.com/tijme/forked-dittobytes-llvm-project/tree/release/18.x\"\u003eLLVM\u003c/a\u003e needs to be built from source. Quite some memory and disk space is required. The build takes around 2.5 hours. I got it to work with the following resources.\n \u003cul\u003e\n \u003cli\u003eCPU cores: \u003ccode\u003e8\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003eMemory: \u003ccode\u003e10 GB\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003eDisk space: \u003ccode\u003e1 TB\u003c/code\u003e (though this can likely be much lower).\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/p\u003e\n \u003chr\u003e\n\u003c/details\u003e\n\n\u003cdetails\u003e\n \u003csummary\u003eSystem requirements if you directly use \u003cb\u003eyour host\u003c/b\u003e\u003cbr\u003e\u003csup\u003eDifficulty: \u003cstrong\u003eadvanced\u003c/strong\u003e\u003c/summary\u003e\n \u003chr\u003e\n \u003cp\u003e\n A custom version of \u003ca href=\"https://github.com/tijme/forked-dittobytes-llvm-project/tree/release/18.x\"\u003eLLVM\u003c/a\u003e needs to be built from source. Quite some memory and disk space is required. The build takes around 2.5 hours. I got it to work with the following resources.\n \u003cul\u003e\n \u003cli\u003eCPU cores: \u003ccode\u003e8\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003eMemory: \u003ccode\u003e10 GB\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003eDisk space: \u003ccode\u003e1 TB\u003c/code\u003e (though this can likely be much lower).\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/p\u003e\n \u003chr\u003e\n\u003c/details\u003e\n\n\u003ch1\u003e\u003cimg src=\"https://gist.githubusercontent.com/tijme/c77f321c8dacd6d8ce8e0f9e2ab8c719/raw/b74e2cd4679ddc3dc6e14c0651d1489cddfd1ea8/logo-heading.svg\" width=25 height=25 /\u003e Getting started\u003c/h1\u003e\n\n### Presentation\n\nThis research has been presented at OrangeCon 2025. [The slides](https://github.com/tijme/dittobytes/blob/master/.github/presentation/In%20Memory%20of%20In-Memory%20Detection.pdf) are available and a recording will be published soon.\n\n### Overview\n\n\u003cdetails\u003e\n \u003csummary\u003eDirectory structure\u003c/summary\u003e\n \u003chr\u003e\n\n dittobytes/\n ├── code/ # Your C-code that will compile to shellcode.\n │ ├── beacon.c # Example file that you can compile using Dittobytes.\n ├── build/ # Build dir containing loaders and your shellcodes.\n │ ├── beacon-[platform]-[arch].raw # Your C-code compiled to raw shellcode (.text segment only).\n │ ├── beacon-[platform]-[arch].obj # Your C-code compiled to BOF/COFF format.\n │ ├── beacon-[platform]-[arch].exe # Your C-code compiled to executable format.\n │ ├── loader-[platform]-[arch] # Pre-built raw shellcode loaders for testing purposes.\n │ └── ...\n └── ditto/ # Internal files supporting the Dittobytes project.\n ├── loaders/ # Simple shellcode loaders for testing purposes (pre-built).\n │ └── [platform]/\n │ ├── src/\n │ │ └── main.c\n │ └── lib/\n │ └── ...\n ├── scripts/ # Helper scripts used by the makefile(s).\n │ ├── extract-text-segment.py\n │ └── ...\n ├── tests/ # C-code files used for feature testing.\n │ ├── [feature-test].c\n │ └── ...\n └── transpilers/ # The LLVM plugins that act as metamorphic engine.\n ├── intermediate/\n │ └── src/\n │ ├── IntermediateTranspiler.cpp\n │ └── ...\n └── machine/\n └── src/\n ├── MachineTranspiler.cpp\n └── ...\n\n\u003chr\u003e\n\u003c/details\u003e\n\n### Preparing\n\n\u003cdetails\u003e\n \u003csummary\u003eCloning the repository\u003c/summary\u003e\n \u003chr\u003e\n \u003cul\u003e\n \u003cli\u003eClone this repository using Git:\u003cbr\u003e\u003cpre\u003e\u003ccode\u003egit clone https://github.com/tijme/dittobytes.git\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n \u003cli\u003eManually \u003ca href=\"https://github.com/tijme/dittobytes/blob/master/.github/laughing.gif\"\u003ereview\u003c/a\u003e the code so you know what you're compiling and running.\u003c/li\u003e\n \u003cli\u003eFinally, move into the project directory and start developing:\u003cbr\u003e\u003cpre\u003e\u003ccode\u003ecd ./dittobytes/\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n \u003c/ul\u003e\n \u003chr\u003e\n\u003c/details\u003e\n\n\u003cdetails\u003e\n \u003csummary\u003eConfiguring the build environment in a \u003cb\u003eDocker\u003c/b\u003e container\u003cbr\u003e\u003csup\u003eDifficulty: \u003cstrong\u003eeasy\u003c/strong\u003e\u003c/summary\u003e\n \u003chr\u003e\n \u003cp\u003e\n The easiest way to use Dittobytes is via Docker. For this, you need to build a Docker image using the provided \u003ccode\u003eDockerfile\u003c/code\u003e.\n \u003cbr\u003e\n \u003cul\u003e\n \u003cli\u003eBuild the Docker image:\u003cbr\u003e\u003cpre\u003e\u003ccode\u003edocker buildx build -t dittobytes .\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n \u003cli\u003eBuilding the image will take around 2.5 hours as LLVM needs to be built from source.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/p\u003e\n \u003chr\u003e\n\u003c/details\u003e\n\n\u003cdetails\u003e\n \u003csummary\u003eConfiguring the build environment in a \u003cb\u003eWindows Subsystem for Linux\u003c/b\u003e container instead\u003cbr\u003e\u003csup\u003eDifficulty: \u003cstrong\u003eintermediate\u003c/strong\u003e\u003c/summary\u003e\n \u003chr\u003e\n \u003cp\u003e\n If you are on Windows, a more performant option to build the build tools is to use Windows Subsystem for Linux (WSL). However, in contrast to Docker, the installation of the build tools is a manual process.\n \u003cbr\u003e\n \u003cul\u003e\n \u003cli\u003eFirst of all, install a Debian WSL container:\u003cbr\u003e\u003cpre\u003e\u003ccode\u003ewsl --install -d Debian\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n \u003cli\u003eThen start \u0026 enter the container:\u003cbr\u003e\u003cpre\u003e\u003ccode\u003ewsl -d Debian\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n \u003c/ul\u003e\n \u003cp\u003e\n Custom versions of Clang and LLVM are eventually used to cross-compile your code, the loaders and the transpilers. Performing this compilation in WSL requires you to configure your WSL the same way as the Docker container is configured. Take a look at the \u003ca href=\"https://github.com/tijme/dittobytes/blob/master/Dockerfile\"\u003eDockerfile\u003c/a\u003e or \u003ca href=\"https://github.com/tijme/dittobytes/blob/master/.github/workflows/validation.yml\"\u003eGitHub Workflow\u003c/a\u003e for reference. Follow the exact same steps as in one of those files. For now, there is no further documentation on setting up the environment in WSL.\n \u003c/p\u003e\n \u003c/p\u003e\n \u003chr\u003e\n\u003c/details\u003e\n\n\u003cdetails\u003e\n \u003csummary\u003eConfiguring the build environment on \u003cb\u003eyour host\u003c/b\u003e instead\u003cbr\u003e\u003csup\u003eDifficulty: \u003cstrong\u003eadvanced\u003c/strong\u003e\u003c/summary\u003e\n \u003chr\u003e\n \u003cp\u003e\n Custom versions of Clang and LLVM are used to cross-compile your code, the loaders and the transpilers. If you want to perform this compilation on your host machine, configure your host the same way as the Docker container is configured. Take a look at the \u003ca href=\"https://github.com/tijme/dittobytes/blob/master/Dockerfile\"\u003eDockerfile\u003c/a\u003e or \u003ca href=\"https://github.com/tijme/dittobytes/blob/master/.github/workflows/validation.yml\"\u003eGitHub Workflow\u003c/a\u003e for reference. Follow the exact same steps as in one of those files. And please make sure you're on a Linux host. For now, there is no further documentation on setting up the environment on your host machine. \n \u003c/p\u003e\n \u003chr\u003e\n\u003c/details\u003e\n\n### Developing\n\n\u003cdetails\u003e\n \u003csummary\u003eThe basics\u003c/summary\u003e\n \u003chr\u003e\n \u003cp\u003e\n You can modify \u003ccode\u003e./code/beacon.c\u003c/code\u003e however you like. Just keep the following in mind:\n \u003cbr\u003e\n \u003cul\u003e\n \u003cli\u003eThe first function in your code must be named \u003ccode\u003eEntryFunction\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003eEntryFunction\u003c/code\u003e must literally (in order) be the first function in your code.\u003c/li\u003e\n \u003cli\u003eYou cannot use global variables (PIC limitation).\u003c/li\u003e\n \u003cli\u003eYou cannot use any data from other segments (PIC limitation).\u003c/li\u003e\n \u003cli\u003eYou must resolve any API function you want to use by yourself (PIC limitation).\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/p\u003e\n \u003cp\u003e\n The following example may give you some guidance. It simulates global variables by using a context struct that you would need to pass to any function you call. It initializes a string by using a \u003ccode\u003echar[]\u003c/code\u003e array. It calls another function by defining its definition first (as the other function needs to be defined before you can call it, but it cannot be the first function in your code).\n \u003c/p\u003e\n \u003cp\u003e\n \u003ca href=\"https://github.com/tijme/dittobytes/blob/master/code/examples/example-basics/example-basics.c\"\u003eExample 'The Basics' (\u003ccode\u003eexample-basics.c\u003c/code\u003e)\u003c/a\u003e\n \u003c/p\u003e\n \u003chr\u003e\n\u003c/details\u003e\n\n\u003cdetails\u003e\n \u003csummary\u003eA hello world\u003c/summary\u003e\n \u003chr\u003e\n \u003cp\u003e\n A hello world requires printing to the console, thus requiring an OS API call to e.g. \u003ccode\u003eputs\u003c/code\u003e. This is OS specific. For example, for Windows it would require loading \u003ccode\u003eKERNEL32.dll\u003c/code\u003e, ultimately resolving \u003ccode\u003eLoadLibraryA\u003c/code\u003e and \u003ccode\u003eGetProcAddress\u003c/code\u003e. With these two functions resolved, you can then load any function address, such as the address of \u003ccode\u003eputs\u003c/code\u003e.\n \u003c/p\u003e\n \u003cp\u003e\n An example would become quite large, thus for now I'd like to forward you to example file below. It is a Position Independent Code (PIC) for Windows AMD64 \u0026 ARM64 which pops a calculator as example.\n \u003c/p\u003e\n \u003cp\u003e\n \u003ca href=\"https://github.com/tijme/dittobytes/blob/master/code/examples/example-calc/example-calc.c\"\u003eExample 'Popping Calc' (\u003ccode\u003eexample-calc.c\u003c/code\u003e)\u003c/a\u003e\n \u003c/p\u003e\n \u003chr\u003e\n\u003c/details\u003e\n\n### Compiling\n\n\u003cdetails\u003e\n \u003csummary\u003eCompile your code\u003c/summary\u003e\n \u003chr\u003e\n \u003cul\u003e\n \u003cli\u003eIf using Docker, run the Dittobytes container (or use an equivalent command for your build environment):\u003cbr\u003e\u003cpre\u003e\u003ccode\u003edocker run --rm -v \".:/tmp/workdir\" -it dittobytes\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n \u003cli\u003eCompile your code (for all platforms, architectures \u0026 formats):\u003cbr\u003e\u003cpre\u003e\u003ccode\u003emake\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n \u003cli\u003eYou can also create specific builds: \u003ccode\u003emake beacon-[platform]-[arch]-[format]\u003c/code\u003e.\n \u003cul\u003e\n \u003cli\u003eOptions:\n \u003cul\u003e\n \u003cli\u003ePlatforms: \u003ccode\u003ewin\u003c/code\u003e,\u003ccode\u003elin\u003c/code\u003e,\u003ccode\u003emac\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003eArchitectures: \u003ccode\u003eamd64\u003c/code\u003e,\u003ccode\u003earm64\u003c/code\u003e.\u003c/li\u003e\n \u003cli\u003eFormats: \u003ccode\u003eexe\u003c/code\u003e,\u003ccode\u003eraw\u003c/code\u003e,\u003ccode\u003ebof\u003c/code\u003e.\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/li\u003e\n \u003cli\u003eExamples:\n \u003cul\u003e\n \u003cli\u003e\u003ccode\u003emake beacon-win-amd64-bof\u003c/code\u003e (compile your code to Windows AMD64 BOF/COFF).\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003emake beacon-mac-arm64-raw\u003c/code\u003e (compile your code to MacOS ARM64 raw shellcode).\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003emake beacon-lin-all-raw\u003c/code\u003e (compile your shellcode to raw shellcode for Linux and any architecture).\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003emake beacon-all-all-raw\u003c/code\u003e (compile your shellcode to raw shellcode for any platform and architecture).\u003c/li\u003e\n \u003cli\u003e\u003ccode\u003emake beacon-all-all-all\u003c/code\u003e (compile your shellcode to any format any platform and any architecture).\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/li\u003e\n \u003c/ul\u003e\n \u003c/li\u003e\n \u003c/ul\u003e\n \u003chr\u003e\n\u003c/details\u003e\n\n### Outputs\n\n\u003cdetails\u003e\n \u003csummary\u003ePosition Independent Code (\u003ccode\u003e.raw\u003c/code\u003e)\u003c/summary\u003e\n \u003chr\u003e\n \u003cp\u003eDittobytes was originally designed to output Truly Position Independent Code (PIC). Simply put, PIC consists of the executable assembly instructions from the \u003ccode\u003e.text\u003c/code\u003e segment of an executable binary, without any reference to other segments or absolute memory addresses.\u003c/p\u003e\n \u003cp\u003eDittobytes generates \u003ccode\u003e.raw\u003c/code\u003e files for Windows, Linux and MacOS (and both AMD64 and ARM64).\u003c/p\u003e\n \u003chr\u003e\n\u003c/details\u003e\n\n\u003cdetails\u003e\n \u003csummary\u003eBeacon Object File (\u003ccode\u003e.obj\u003c/code\u003e)\u003c/summary\u003e\n \u003chr\u003e\n \u003cp\u003eIn the process of creating Position Independent Code, Dittobytes creates an \u003ccode\u003e.obj\u003c/code\u003e file (COFF/ELF format). This file is later used to extract the \u003ccode\u003e.text\u003c/code\u003e segment (\u003ccode\u003e.raw\u003c/code\u003e) from, or create the executable format (\u003ccode\u003e.exe\u003c/code\u003e) with. However, the \u003ccode\u003e.obj\u003c/code\u003e file itself can be used as Cobalt Strike (or any other C\u0026C framework) Beacon Object File (BOF) as well.\u003c/p\u003e\n \u003cp\u003eDittobytes generates \u003ccode\u003e.obj\u003c/code\u003e files for Windows, Linux and MacOS (and both AMD64 and ARM64).\u003c/p\u003e\n \u003chr\u003e\n\u003c/details\u003e\n\n\u003cdetails\u003e\n \u003csummary\u003eExecutable/Clickable (\u003ccode\u003e.exe\u003c/code\u003e)\u003c/summary\u003e\n \u003chr\u003e\n \u003cp\u003eDittobytes uses the generated Position Independent Code (PIC) in the \u003ccode\u003e.obj\u003c/code\u003e file to eventually generate an executable/clickable file format (\u003ccode\u003e.exe\u003c/code\u003e). This means that all executables generated by Dittobytes solely contain Position Independent Code (PIC). For example, constants are inlined instead of stored in the \u003ccode\u003e.rodata\u003c/code\u003e segment.\u003c/p\u003e\n \u003cp\u003eDittobytes generates \u003ccode\u003e.exe\u003c/code\u003e files for Windows, Linux and MacOS (and both AMD64 and ARM64).\u003c/p\u003e\n \u003chr\u003e\n\u003c/details\u003e\n\n### Testing\n\n\u003cdetails\u003e\n \u003csummary\u003eRunning your shellcode\u003c/summary\u003e\n \u003chr\u003e\n \u003cul\u003e\n \u003cli\u003e\n Run and test your shellcode using the pre-shipped shellcode loader:\n \u003cbr\u003e\n \u003cpre\u003e\u003ccode\u003e./build/loader-[os]-[arch].[ext] ./build/beacon-[os]-[arch].raw\u003c/code\u003e\u003c/pre\u003e\n \u003c/li\u003e\n \u003c/ul\u003e\n \u003chr\u003e\n\u003c/details\u003e\n\n\u003cdetails\u003e\n \u003csummary\u003eRunning feature tests\u003c/summary\u003e\n \u003chr\u003e\n \u003cp\u003e\n Dittobytes comes pre-shipped with feature tests. A feature test is similar to a unit test, but tests from a large feature perspective, instead of a specific code unit perspective. Currently, you can only run feature tests for shellcodes that are compiled for the platform you are running the tests on. For example, in the Docker container only the Linux shellcode would be tested \u0026 verified.\n \u003cbr\u003e\n \u003cul\u003e\n \u003cli\u003eIf using Docker, run a Dittobytes container:\u003cbr\u003e\u003cpre\u003e\u003ccode\u003edocker run --rm -v \".:/tmp/workdir\" -it dittobytes\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n \u003cli\u003eBuild the tests:\u003cbr\u003e\u003cpre\u003e\u003ccode\u003emake test-suite-build\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n \u003cli\u003eRun the tests:\u003cbr\u003e\u003cpre\u003e\u003ccode\u003emake test-suite-test\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/p\u003e\n \u003chr\u003e\n\u003c/details\u003e\n\n\u003ch1\u003e\u003cimg src=\"https://gist.githubusercontent.com/tijme/c77f321c8dacd6d8ce8e0f9e2ab8c719/raw/b74e2cd4679ddc3dc6e14c0651d1489cddfd1ea8/logo-heading.svg\" width=25 height=25 /\u003e Advanced usage\u003c/h1\u003e\n\n\u003cdetails\u003e\n \u003csummary\u003eUsing C++ instead of C for your code\u003c/summary\u003e\n \u003chr\u003e\n \u003cp\u003e\n You can easily utilize functionality of C++ by renaming your code file from \u003ccode\u003e./code/beacon.c\u003c/code\u003e to \u003ccode\u003e./code/beacon.cpp\u003c/code\u003e. Just make sure to prepend the \u003ccode\u003eEntryFunction\u003c/code\u003e in the file with \u003ccode\u003eextern \"C\"\u003c/code\u003e. Also ensure that the \u003ccode\u003eSOURCE_PATH\u003c/code\u003e option in the \u003ccode\u003emakefile\u003c/code\u003e points to the new filename. Do note that you \u003cb\u003ecannot\u003c/b\u003e use functionality from external libraries such as \u003ccode\u003elibstdc++\u003c/code\u003e or \u003ccode\u003elibc++\u003c/code\u003e. This means you \u003cb\u003ecannot\u003c/b\u003e make use of e.g. \u003ccode\u003estd::string\u003c/code\u003e ⚠️.\n \u003c/p\u003e\n \u003cp\u003e\n \u003ca href=\"https://github.com/tijme/dittobytes/blob/master/code/examples/example-cpp/example-cpp.cpp\"\u003eExample 'C++ instead of C-code' (\u003ccode\u003eexample-cpp.c\u003c/code\u003e)\u003c/a\u003e\n \u003c/p\u003e\n \u003cp\u003eCompiling C++ code in Dittobytes works exactly the same as compiling regular C-code.\u003c/p\u003e\n \u003cul\u003e\n \u003cli\u003eIf using Docker, run a Dittobytes container:\u003cbr\u003e\u003cpre\u003e\u003ccode\u003edocker run --rm -v \".:/tmp/workdir\" -it dittobytes\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n \u003cli\u003eThen compile your code:\u003cbr\u003e\u003cpre\u003e\u003ccode\u003emake\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n \u003c/ul\u003e\n \u003chr\u003e\n\u003c/details\u003e\n\n\u003cdetails\u003e\n \u003csummary\u003eCompiling a Cobalt Strike Beacon Object File (BOF)\u003c/summary\u003e\n \u003chr\u003e\n \u003cp\u003e\n To compile a Beacon Object File (BOF) for Cobalt Strike or any other Command \u0026 Control framework, copy \u003ccode\u003e./code/examples/example-bof/example-bof.c\u003c/code\u003e to \u003ccode\u003e./code/beacon.c\u003c/code\u003e. Then adjust the source code to your needs.\n \u003c/p\u003e\n \u003cp\u003e\n \u003ca href=\"https://github.com/tijme/dittobytes/blob/master/code/examples/example-bof/example-bof.c\"\u003eExample 'Beacon Object File' (\u003ccode\u003eexample-bof.c\u003c/code\u003e)\u003c/a\u003e\n \u003c/p\u003e\n \u003cp\u003eRemember to solely compile to the \u003ccode\u003eBOF/COFF\u003c/code\u003e format using the \u003ccode\u003emake\u003c/code\u003e command (see below example) ⚠️.\u003c/p\u003e\n \u003cul\u003e\n \u003cli\u003eIf using Docker, run a Dittobytes container:\u003cbr\u003e\u003cpre\u003e\u003ccode\u003edocker run --rm -v \".:/tmp/workdir\" -it dittobytes\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n \u003cli\u003eThen compile your code:\u003cbr\u003e\u003cpre\u003e\u003ccode\u003emake beacon-win-amd64-bof\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n \u003c/ul\u003e\n \u003chr\u003e\n\u003c/details\u003e\n\n\u003cdetails\u003e\n \u003csummary\u003eModification \u0026 compilation of the pre-shipped loaders\u003c/summary\u003e\n \u003chr\u003e\n \u003cp\u003e\n You can modify the pre-shipped loaders by editing the code in \u003ccode\u003e./ditto/loaders/[platform]/src/main.c\u003c/code\u003e, after which you can compile them using the following commands in the root of the Dittobytes project:\n \u003cbr\u003e\n \u003cul\u003e\n \u003cli\u003eIf using Docker, run a Dittobytes container:\u003cbr\u003e\u003cpre\u003e\u003ccode\u003edocker run --rm -v \".:/tmp/workdir\" -it dittobytes\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n \u003cli\u003eCompile the loaders:\u003cbr\u003e\u003cpre\u003e\u003ccode\u003emake ditto-loaders\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n \u003c/ul\u003e\n \u003c/p\u003e\n \u003chr\u003e\n\u003c/details\u003e\n\n\u003cdetails\u003e\n \u003csummary\u003eModification \u0026 compilation of the pre-shipped transpilers\u003c/summary\u003e\n \u003chr\u003e\n \u003cp\u003e\n You can modify the pre-shipped transpiler(s) by editing the code in \u003ccode\u003e./ditto/transpilers/[type]/src/[type].cpp\u003c/code\u003e, after which you can compile them using the following commands in the root of the Dittobytes project:\n \u003cbr\u003e\n \u003cul\u003e\n \u003cli\u003eIf using Docker, run a Dittobytes container:\u003cbr\u003e\u003cpre\u003e\u003ccode\u003edocker run --rm -v \".:/tmp/workdir\" -it dittobytes\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n \u003cli\u003eCompile the transpilers:\u003cbr\u003e\u003cpre\u003e\u003ccode\u003emake ditto-transpilers\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n \u003c/ul\u003e\n Dittobytes ships with two transpilers. The first one is the intermediate transpiler that uses a modern \u003ca href=\"https://llvm.org/docs/WritingAnLLVMNewPMPass.html\"\u003eLLVM Function Pass\u003c/a\u003e to inline constant variables otherwise located in \u003ccode\u003e.rodata\u003c/code\u003e segments. The second one is the machine transpiler that uses a legacy \u003ca href=\"https://llvm.org/docs/WritingAnLLVMPass.html#the-machinefunctionpass-class\"\u003eLLVM MachineFunction Pass\u003c/a\u003e to perform the metamorphism.\n \u003c/p\u003e\n \u003chr\u003e\n\u003c/details\u003e\n\n\u003cdetails\u003e\n \u003csummary\u003eCompiling \u0026 running one specific feature test\u003c/summary\u003e\n \u003chr\u003e\n \u003cp\u003e\n The test-suite commands in the makefile usually compile and test all feature tests (cross-os and cross-architecture). If you want to test just one specific feature test, or if you want to to test build artifacts for a specific os or architecture, use the commands below. You can adjust the \u003ccode\u003eTEST_*\u003c/code\u003e arguments to your needs.\n \u003cbr\u003e\n \u003cul\u003e\n \u003cli\u003eIf using Docker, run a Dittobytes container:\u003cbr\u003e\u003cpre\u003e\u003ccode\u003edocker run --rm -v \".:/tmp/workdir\" -it dittobytes\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n \u003cli\u003eBuild the test(s):\u003cbr\u003e\u003cpre\u003e\u003ccode\u003emake TEST_OS=win TEST_ARCH=arm64 TEST_SOURCE_PATH=./ditto/tests/all/all/3_metamorphication_010_transform_nullifications.c TEST_METAMORPHICATION=transform_nullifications test-suite-build\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n \u003cli\u003eRun the test(s):\u003cbr\u003e\u003cpre\u003e\u003ccode\u003emake TEST_OS=win TEST_ARCH=arm64 TEST_SOURCE_PATH=./ditto/tests/all/all/3_metamorphication_010_transform_nullifications.c TEST_METAMORPHICATION=transform_nullifications test-suite-test\u003c/code\u003e\u003c/pre\u003e\u003c/li\u003e\n \u003c/ul\u003e\n The above example would build the feature test \u003ccode\u003e3_metamorphication_010_transform_nullifications.c\u003c/code\u003e for Windows ARM64. This may result in many build artifacts (\u003ccode\u003e[amount of feature tests] × [amount of os's] × [amount of arch's] × [amount of metamorphications]\u003c/code\u003e), in this case 1 (\u003ccode\u003e1 × 1 × 1 × 1\u003c/code\u003e). The second command verifies the build artifacts based on the \u003ccode\u003e@verify\u003c/code\u003e statements in the feature test source code file(s).\n \u003c/p\u003e\n \u003chr\u003e\n\u003c/details\u003e\n\n\u003ch1\u003e\u003cimg src=\"https://gist.githubusercontent.com/tijme/c77f321c8dacd6d8ce8e0f9e2ab8c719/raw/b74e2cd4679ddc3dc6e14c0651d1489cddfd1ea8/logo-heading.svg\" width=25 height=25 /\u003e Metamorphications\u003c/h1\u003e\n\nThere is no specific planning, so this might be more of a to-do or progress list.\n\n\u003cdetails\u003e\n \u003csummary\u003e\n ✅ Randomize register allocation\u003cbr\u003e\n \u003csup\u003eImplemented in release 1.0.0.\u003c/sup\u003e\n \u003c/summary\u003e\n \u003cp\u003eRandomizes the allocation order of CPU registers, causing different registers to be used each compile.\u003c/p\u003e\n \u003ctable\u003e\n \u003ctr\u003e\n \u003ctd align=center\u003eOriginal\u003c/td\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd align=center\u003eMetamorphicated (sample 1)\u003c/td\u003e\n \u003ctd align=center\u003eMetamorphicated (sample 2)\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n\n```diff\n- mov rcx, 3Eh\n- mov rdx, 4Fh\n- lea r8, [rbp+var]\n```\n\n\u003c/td\u003e\n\u003ctd align=center\u003e→\u003c/td\u003e\n\u003ctd\u003e\n\n```diff\n+ mov r11, 3Eh\n+ mov r10, 4Fh\n+ lea r9, [rbp+var]\n```\n\n\u003c/td\u003e\n\u003ctd\u003e\n\n```diff\n+ mov r9, 3Eh\n+ mov r12, 4Fh\n+ lea rdi, [rbp+var]\n```\n\n\u003c/td\u003e\n \u003c/tr\u003e\n \u003c/table\u003e\n \u003chr\u003e\n\u003c/details\u003e\n\n\u003cdetails\u003e\n \u003csummary\u003e\n ✅ Transform \u003ccode\u003e`mov reg, imm`\u003c/code\u003e\u003cbr\u003e\n \u003csup\u003eImplemented in release 1.0.0.\u003c/sup\u003e\n \u003c/summary\u003e\n \u003cp\u003eSubstitutes instructions that move an immediate value to a register in various ways each compile.\u003c/p\u003e\n \u003ctable\u003e\n \u003ctr\u003e\n \u003ctd align=center\u003eOriginal\u003c/td\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd align=center\u003eMetamorphicated (sample 1)\u003c/td\u003e\n \u003ctd align=center\u003eMetamorphicated (sample 2)\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n\n```diff\n- mov rcx, BAh\n```\n\n\u003c/td\u003e\n\u003ctd align=center\u003e→\u003c/td\u003e\n\u003ctd\u003e\n\n```diff\n+ mov rax, EFh\n+ mov rcx, 55h\n+ xor rcx, rax\n```\n\n\u003c/td\u003e\n\u003ctd\u003e\n\n```diff\n+ mov rax, 3Bh\n+ mov rcx, 7Fh\n+ add rcx, rax\n```\n\n\u003c/td\u003e\n \u003c/tr\u003e\n \u003c/table\u003e\n \u003chr\u003e\n\u003c/details\u003e\n\n\u003cdetails\u003e\n \u003csummary\u003e\n ✅ Transform \u003ccode\u003e`mov [reg+var], imm`\u003c/code\u003e\u003cbr\u003e\n \u003csup\u003eImplemented in release 1.0.9.\u003c/sup\u003e\n \u003c/summary\u003e\n \u003cp\u003eSubstitutes instructions that move an immediate value to the stack in various ways each compile.\u003c/p\u003e\n \u003ctable\u003e\n \u003ctr\u003e\n \u003ctd align=center\u003eOriginal\u003c/td\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd align=center\u003eMetamorphicated (sample 1)\u003c/td\u003e\n \u003ctd align=center\u003eMetamorphicated (sample 2)\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n\n```diff\n- mov [rcx+var_8], 83h\n```\n\n\u003c/td\u003e\n\u003ctd align=center\u003e→\u003c/td\u003e\n\u003ctd\u003e\n\n```diff\n+ mov rax, D9h\n+ mov [rcx+var_8], AAh\n+ add [rcx+var_8], rax\n```\n\n\u003c/td\u003e\n\u003ctd\u003e\n\n```diff\n+ mov rax, 11h\n+ mov [rcx+var_8], 92h\n+ xor [rcx+var_8], rax\n```\n\n\u003c/td\u003e\n \u003c/tr\u003e\n \u003c/table\u003e\n \u003chr\u003e\n\u003c/details\u003e\n\n\u003cdetails\u003e\n \u003csummary\u003e\n ✅ Transform nullifications\u003cbr\u003e\n \u003csup\u003eImplemented in release 1.0.2.\u003c/sup\u003e\n \u003c/summary\u003e\n \u003cp\u003eSubstitutes various instructions that nullify a register each compile.\u003c/p\u003e\n \u003ctable\u003e\n \u003ctr\u003e\n \u003ctd align=center\u003eOriginal\u003c/td\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd align=center\u003eMetamorphicated (sample 1)\u003c/td\u003e\n \u003ctd align=center\u003eMetamorphicated (sample 2)\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n\n```diff\n- xor r12, r12\n```\n\n\u003c/td\u003e\n\u003ctd align=center\u003e→\u003c/td\u003e\n\u003ctd\u003e\n\n```diff\n+ mov r12, 0\n```\n\n\u003c/td\u003e\n\u003ctd\u003e\n\n```diff\n! Yet to be implemented\n+ sub r12, r12\n```\n\n\u003c/td\u003e\n \u003c/tr\u003e\n \u003c/table\u003e\n \u003chr\u003e\n\u003c/details\u003e\n\n\u003cdetails\u003e\n \u003csummary\u003e\n ⏳ Insert semantic noise (meaningful dead code)\u003cbr\u003e\n \u003csup\u003eTo be implemented.\u003c/sup\u003e\n \u003c/summary\u003e\n \u003cp\u003eInsertion of opaque instructions or basic blocks (from trusted software) that do not affect code functionality.\u003c/p\u003e\n \u003ctable\u003e\n \u003ctr\u003e\n \u003ctd align=center\u003eOriginal\u003c/td\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd align=center\u003eMetamorphicated (sample 1)\u003c/td\u003e\n \u003ctd align=center\u003eMetamorphicated (sample 2)\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n\n```diff\n- mov rax, 1\n```\n\n\u003c/td\u003e\n\u003ctd align=center\u003e→\u003c/td\u003e\n\u003ctd\u003e\n\n```diff\n+ mov rax, 1\n+ mov rbx, [false_flag]\n+ cmp rbx, 1\n+ -- more instructions --\n+ je skip_next_instr\n+ -- more instructions --\n+ mov rax, 42\n```\n\n\u003c/td\u003e\n\u003ctd\u003e\n\n```diff\n+ mov rax, 1\n+ -- more instructions --\n+ mov rbx, [false_flag]\n+ -- more instructions --\n+ cmp rbx, 0\n+ je skip_next_instr\n+ mov rax, 1\n+ -- more instructions --\n```\n\n\u003c/td\u003e\n \u003c/tr\u003e\n \u003c/table\u003e\n \u003chr\u003e\n\u003c/details\u003e\n\n\u003cdetails\u003e\n \u003csummary\u003e\n ⏳ Transform \u003ccode\u003e`mov reg, reg`\u003c/code\u003e\u003cbr\u003e\n \u003csup\u003eTo be implemented.\u003c/sup\u003e\n \u003c/summary\u003e\n \u003cp\u003eSubstitutes instructions that move a register value to another register in various ways each compile.\u003c/p\u003e\n \u003ctable\u003e\n \u003ctr\u003e\n \u003ctd align=center\u003eOriginal\u003c/td\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd align=center\u003eMetamorphicated (sample 1)\u003c/td\u003e\n \u003ctd align=center\u003eMetamorphicated (sample 2)\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n\n```diff\n- mov rax, r8\n```\n\n\u003c/td\u003e\n\u003ctd align=center\u003e→\u003c/td\u003e\n\u003ctd\u003e\n\n```diff\n+ push r8\n+ pop rax\n```\n\n\u003c/td\u003e\n\u003ctd\u003e\n\n```diff\n+ xor rax, rax\n+ add rax, r8\n```\n\n\u003c/td\u003e\n \u003c/tr\u003e\n \u003c/table\u003e\n \u003chr\u003e\n\u003c/details\u003e\n\n\u003cdetails\u003e\n \u003csummary\u003e\n ⏳ Swap simple math\u003cbr\u003e\n \u003csup\u003eTo be implemented.\u003c/sup\u003e\n \u003c/summary\u003e\n \u003cp\u003eTransform mathematical instructions with equivalents each compile.\u003c/p\u003e\n \u003ctable\u003e\n \u003ctr\u003e\n \u003ctd align=center\u003eOriginal\u003c/td\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd align=center\u003eMetamorphicated (sample 1)\u003c/td\u003e\n \u003ctd align=center\u003eMetamorphicated (sample 2)\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n\n```diff\n- sub reg, imm\n```\n\n\u003c/td\u003e\n\u003ctd align=center\u003e→\u003c/td\u003e\n\u003ctd\u003e\n\n```diff\n+ add reg, -imm\n```\n\n\u003c/td\u003e\n\u003ctd\u003e\n\n```diff\n+ lea reg, [reg - imm]\n```\n\n\u003c/td\u003e\n \u003c/tr\u003e\n \u003c/table\u003e\n \u003chr\u003e\n\u003c/details\u003e\n\n\u003cdetails\u003e\n \u003csummary\u003e\n ⏳ Transform \u003ccode\u003e`mov reg, reg`\u003c/code\u003e\u003cbr\u003e\n \u003csup\u003eTo be implemented.\u003c/sup\u003e\n \u003c/summary\u003e\n \u003cp\u003eSubstitutes instructions that move a register value to another register in various ways each compile.\u003c/p\u003e\n \u003ctable\u003e\n \u003ctr\u003e\n \u003ctd align=center\u003eOriginal\u003c/td\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd align=center\u003eMetamorphicated (sample 1)\u003c/td\u003e\n \u003ctd align=center\u003eMetamorphicated (sample 2)\u003c/td\u003e\n \u003c/tr\u003e\n \u003ctr\u003e\n \u003ctd\u003e\n\n```diff\n- mov rax, r8\n```\n\n\u003c/td\u003e\n\u003ctd align=center\u003e→\u003c/td\u003e\n\u003ctd\u003e\n\n```diff\n+ push r8\n+ pop rax\n```\n\n\u003c/td\u003e\n\u003ctd\u003e\n\n```diff\n+ xor rax, rax\n+ add rax, r8\n```\n\n\u003c/td\u003e\n \u003c/tr\u003e\n \u003c/table\u003e\n \u003chr\u003e\n\u003c/details\u003e\n\n\u003ch1\u003e\u003cimg src=\"https://gist.githubusercontent.com/tijme/c77f321c8dacd6d8ce8e0f9e2ab8c719/raw/b74e2cd4679ddc3dc6e14c0651d1489cddfd1ea8/logo-heading.svg\" width=25 height=25 /\u003e Limitations\u003c/h1\u003e\n\nThere are currently two known limitation in the use of Dittobytes.\n\n* LLVM cannot inline compile `float`'s and `double`'s, causing them to end up in the `.rodata` segment. As a result, these types do not work when compiled with Dittobytes.\n* C++ exceptions are not yet supported as they generate exception tables outside the `.text` segment.\n\n\u003ch1\u003e\u003cimg src=\"https://gist.githubusercontent.com/tijme/c77f321c8dacd6d8ce8e0f9e2ab8c719/raw/b74e2cd4679ddc3dc6e14c0651d1489cddfd1ea8/logo-heading.svg\" width=25 height=25 /\u003e Issues \u0026 requests\u003c/h1\u003e\n\nIssues or new feature requests can be reported via the [issue tracker](https://github.com/tijme/dittobytes/issues). Please make sure your issue or feature has not yet been reported by anyone else before submitting a new one.\n\n\u003ch1\u003e\u003cimg src=\"https://gist.githubusercontent.com/tijme/c77f321c8dacd6d8ce8e0f9e2ab8c719/raw/b74e2cd4679ddc3dc6e14c0651d1489cddfd1ea8/logo-heading.svg\" width=25 height=25 /\u003e License \u0026 copyright\u003c/h1\u003e\n\nCopyright \u0026copy; 2025 Tijme Gommers. Dittobytes is released under the Mozilla Public License Version 2.0. View [LICENSE.md](https://github.com/tijme/dittobytes/blob/master/LICENSE.md) for the full license. Dittobytes depends on various open-source components which all have their own license and copyright.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftijme%2Fdittobytes","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftijme%2Fdittobytes","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftijme%2Fdittobytes/lists"}