A C/C++ proof-of-concept tool that removes static string and API call references at compile-time to hinder static analysis and evade detection.
Research into removing strings & API call references at compile-time (Anti-Analysis)
This tool is designed for security researchers and malware developers aiming to increase the difficulty of static analysis by obfuscating strings and API calls within binaries. It is useful for evading signature-based detection by anti-malware systems and complicating reverse engineering efforts using tools like IDA or x64Dbg.
Ensure to compile with /O2 optimization to avoid visible string artifacts in disassembly. Calls to GetModuleHandle may still be detectable and can be replaced by manually walking the PEB->Ldr structure. This technique may trigger some antivirus heuristics due to the lack of typical static references, so use with caution. Creating a library of runtime-resolved function wrappers can simplify integration.
Compile with /O2 optimization
Recommended to enable compiler optimizations that pack string characters and reduce plaintext traces in disassembly.
Use 'HideStaticReferences.cpp' as example implementation
Demonstrates how to apply string XOR encryption and runtime API resolution techniques.