YAP Docs

Still being worked on :)

Building from Source

Dependencies

To build YAP on Windows, you need: CMake, MinGW GCC/G++, Python3, NSIS, and Git

For Linux, the following packages are needed: git cmake nsis python3 g++-mingw-w64 gcc-mingw-w64

Obtaining the Source Code


git clone https://github.com/undisassemble/yap.git
cd yap
git checkout 0.0.0 # Optionally checkout release version
git submodule update --init --recursive

Building


cmake . -DCMAKE_BUILD_TYPE=Release # Or Debug if thats what you're into
cmake --build .

Important SDK Notes

  • You only need yap.h and yap.dll, which can be found in the SDK folder of your installation, or bin if built manually
  • yap.dll is only required if using Packer functions
  • You must link to yap.dll statically
  • DO NOT rename yap.dll
  • yap.dll is automatically unlinked during protection, avoid distributing it with your program
  • Functions are not accessible through GetProcAddress
  • Reassembler macros work in a linear direction, and control flow is ignored

Example


#include <stdio.h>
#include "yap.h"

void protect();
void unprotect();

int main() {
    printf("Hello World!\n");

    // Right
    YAP_SUBSTITUTION(1);
    YAP_MUTATIONLEVEL(5);
    printf("Obfuscated code\n");
    YAP_SUBSTITUTION(0);
    YAP_MUTATIONLEVEL(0);

    // Wrong
    protect();
    printf("Unobfuscated code\n");
    unprotect();

    return 0;
}

// Because of how to reassembler assembles code, these don't protect anything*.
void protect() {
    YAP_SUBSTITUTION(1);
    YAP_MUTATIONLEVEL(5);
}

// *they actually protect whatever is written here, assuming when it's compiled these functions follow each other in memory.

void unprotect() {
    YAP_SUBSTITUTION(0);
    YAP_MUTATIONLEVEL(0);
}

Functions

Packer Functions

CheckForDebuggers

__declspec(dllimport) bool __stdcall CheckForDebuggers(_In_ bool bIsMainThread = false,
                                                       _In_ bool bCheckRunningProcs = false);

Check for attached debuggers.

It is highly recommended that you use this in your main thread, as no protective threads are spawned by the packer.

Only the main thread of the application can check for hardware breakpoints.
Parameters
  • [in] bIsMainThread - Whether or not to perform the HWBP check, only should be used when called by the main thread.
  • [in] bCheckRunningProcs - Whether or not to check if any blacklisted processes are running. Disabled by default because it is SLOW and probably isn't that useful.
Returns
  • true - Debugger present.
  • false - No debugger present.
ShowErrorAndExit

__declspec(dllimport) void __stdcall ShowErrorAndExit(_In_ const char* pMessage = "Error");

Kills all other running threads, shows an error message with the specified message, and exits.

Parameters
  • [in] pMessage - Message that should be displayed on the message box.
GetSelf

__declspec(dllimport) HMODULE __stdcall GetSelf();

Retrieves the base address of the running executable. If using anti-dump, GetModuleHandle(NULL) will return NULL, use this instead.

Returns

Handle to self.

Reassembler Functions

YAP_MUTATIONLEVEL

#define YAP_MUTATIONLEVEL(level) YAP_OP(YAP_OP_REASM_MUTATION | (level & 0b1111111))

Changes the reassemblers mutation setting.

This is all linear, any control flow changes/optimizations might change how you expect this to behave!
YAP_SUBSTITUTION

#define YAP_SUBSTITUTION(enabled) YAP_OP(YAP_OP_REASM_SUB | (enabled & 1))

Changes the reassemblers substitution setting.

This is all linear, any control flow changes/optimizations might change how you expect this to behave!