文章总结： 该文档详细介绍了使用OLLVM进行程序混淆的免杀技术，通过控制流平坦化(-fla)等编译时混淆手段增加反编译难度。文章以猜数字程序为例，对比了普通编译与OLLVM混淆后的差异，并提供了Windows平台下OLLVM环境搭建、编译参数配置及CMake集成完整流程，包含三种混淆模式的具体应用方法。 综合评分： 78 文章分类： 免杀,二进制安全,安全工具,安全开发

【免杀】使用ollvm混淆程序

原创

joe1sn joe1sn

不止Sec

2026年5月14日 20:19 重庆

在小说阅读器读本章

去阅读

如何有源代码、快速的、不使用壳的情况下混淆程序，最好的就是在编译的时候添加。这里以最简单的猜大小的例子举例。

源代码是

#include&nbsp;<iostream>
#include&nbsp;<random>
#include&nbsp;<limits>

int&nbsp;main()
{
&nbsp; &nbsp;&nbsp;std::random_devicerd;
&nbsp; &nbsp;&nbsp;std::mt19937gen(rd());
&nbsp; &nbsp;&nbsp;std::uniform_int_distribution<int>dist(1,&nbsp;100);

&nbsp; &nbsp;&nbsp;while&nbsp;(true) {
&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;int&nbsp;target=dist(gen);
&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;int&nbsp;guess=0;
&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;int&nbsp;attempts=0;

&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;std::cout<<"\n========== Guess the Number ==========\n";
&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;std::cout<<"A number between 1 and 100 has been generated.\n";
&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;std::cout<<"Enter 0 to quit.\n\n";

&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;while&nbsp;(true) {
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;std::cout<<"Guess #"<<attempts+1<<": ";

&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;if&nbsp;(!(std::cin>>guess)) {
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;std::cin.clear();
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;std::cin.ignore(std::numeric_limits<std::streamsize>::max(),&nbsp;'\n');
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;std::cout<<"Please enter a valid number!\n";
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;continue;
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }

&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;if&nbsp;(guess==0) {
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;std::cout<<"Exited the game.\n";
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;return0;
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }

&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;attempts++;

&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;if&nbsp;(guess<target) {
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;std::cout<<"Too low, try again!\n";
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;elseif&nbsp;(guess>target) {
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;std::cout<<"Too high, try again!\n";
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;else&nbsp;{
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;std::cout<<"\nCongratulations! The number was "<<target<<"!\n";
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;std::cout<<"You got it in "<<attempts<<" attempt(s).\n";
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;break;
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; }
&nbsp; &nbsp; &nbsp; &nbsp; }

&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;std::cout<<"\nPress 1 to play again, any other key to exit: ";
&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;int&nbsp;play_again;
&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;if&nbsp;(!(std::cin>>play_again)&nbsp;||play_again!=1) {
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;std::cout<<"Thanks for playing, goodbye!\n";
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;break;
&nbsp; &nbsp; &nbsp; &nbsp; }
&nbsp; &nbsp; }

&nbsp; &nbsp;&nbsp;return0;
}

1. 使用 Release+ O2 进行优化+无符号表

   

2. 使用 ollvm(-mllvm -fla) + 有符号表

   

搭建 ollvm 编译环境

参考的是 [2]，使用的是windows平台，已有 VS2022 Cmake环境

https://github.com/heroims/obfuscator/tree/llvm-9.0.1

git 后得修改下 CMakelists.txt

git clone -b llvm-9.0.1 https://github.com/heroims/obfuscator/
mkdir build
cd build

使用 MinGW

cmake -G "MinGW Makefiles" -DCMAKE_BUILD_TYPE=Release ../obfuscator
cmake --build ./ -j 24

使用 MSVC（不推荐）

cmake -G "Visual Studio 17 2022" -DCMAKE_BUILD_TYPE=Release ../obfuscator/
cmake --build ./ -j 24

混淆一共有三种模式，添加之前都得加上-mllvm

• -fla：控制流平坦化
• -sub：无效指令
• -bcf：虚假控制流

测试一下

C:\Develop\C\ollvm\build\bin\clang++.exe .\main.cpp -mllvm -fla -o ollvm.exe

现在尝试将其集成到cmake当中

配置cmake的编译器，选择产出的路径（build/bin），没有的话让vscode扫描一下就行了

使用如下Cmake，CMAKE_CXX_COMPILER 写自己的路径

cmake_minimum_required(VERSION 3.11)
project(example LANGUAGES CXX)
set(CMAKE_CXX_COMPILER "C:\\Develop\\C\\ollvm\\build\\bin\\clang++.exe")
set(CMAKE_INCLUDE_CURRENT_DIR ON)
set(CMAKE_CXX_STANDARD 17)
set(CMAKE_CXX_STANDARD_REQUIRED ON)
# OLLVM flags passed via target_compile_options below

set(PROJECT_INCLUDE

)
set(PROJECT_SOURCE
    src/main.cpp
)

add_executable(${PROJECT_NAME}${PROJECT_INCLUDE}${PROJECT_SOURCE})
target_compile_definitions(${PROJECT_NAME} PRIVATE UNICODE _UNICODE)
target_compile_options(${PROJECT_NAME} PRIVATE -mllvm -fla -U__cpp_aligned_new)

你需要配置一个具有环境变量的 ninja 或者 make

使用Ninja的话

cmake -G Ninja ..
ninja

使用CMake的话类似

引用

[1] obfuscator https://github.com/obfuscator-llvm/obfuscator/

[2] Windows上编译ollvm9.0等高版本并使用  https://www.cnblogs.com/revercc/p/16318849.html

[3] heroims/obfuscator https://github.com/heroims/obfuscator/tree/llvm-9.0.1

免责声明：

本文所载程序、技术方法仅面向合法合规的安全研究与教学场景，旨在提升网络安全防护能力，具有明确的技术研究属性。

任何单位或个人未经授权，将本文内容用于攻击、破坏等非法用途的，由此引发的全部法律责任、民事赔偿及连带责任，均由行为人独立承担，本站不承担任何连带责任。

本站内容均为技术交流与知识分享目的发布，若存在版权侵权或其他异议，请通过邮件联系处理，具体联系方式可点击页面上方的联系我。

本文转载自：不止Sec joe1sn joe1sn《【免杀】使用ollvm混淆程序》