Skip to main content

API & SDK

Welcome to the official documentation for the CodeDefender API, CLI tools, and SDK. CodeDefender is a binary obfuscation platform designed to protect compiled programs against reverse engineering and static analysis.

This guide covers:

  • Using the Rust SDK
  • CLI usage
  • SDK integration in Rust and C/C++
  • Configuration file structure (YAML)
  • Data model used for obfuscation profiles

Crate Structure

This is a Cargo workspace with the following crates:

CratePathDescription
codedefender-configconfig/Shared data structures and YAML config support.
codedefender-apiapi/Blocking Rust client for interacting with the SaaS backend.
codedefender-clicli/Command-line tool built on top of codedefender-api.

Rust SDK Usage

Install via cargo:

cargo add codedefender

Annotate functions you want to protect:

use codedefender::*;

#[codedefender("Profile1")]
fn addint(x: i32, y: i32) -> i32 {
    println!("add({}, {})", x, y);
    x + y
}

C/C++ SDK Usage

Include the CodeDefender header and use the macro:

#include <stdio.h>
#include "CodeDefender.h"

CODEDEFENDER("Profile1", int, addint, (int a, int b));

int addint(int a, int b) {
  return a + b;
}

This will instruct the obfuscation engine to apply Profile1 to the addint function.

YAML Configuration

Obfuscation profiles are defined using a YAML file generated from the CodeDefender SaaS. This config controls which symbols to protect and how.

Example Config

version: "1.0.2"
module_settings:
  ida_crasher: false
  import_protection: false
  obscure_entry_point: false
  clear_unwind_info: false
  fake_pdb_string:
    enabled: false
    value: ""
  custom_section_name:
    enabled: false
    value: ""
profiles:
  - name: "Profile1"
    passes:
      - type: ObscureReferences
      - type: SuppressConstants
    compiler_settings:
      assembler_settings:
        shuffle_basic_blocks: false
        instruction_prefix: ""
        random_prefix_chance: 0
      optimization_settings:
        constant_propagation: true
        instruction_combine: true
        dead_code_elim: true
        prune_useless_block_params: true
        iterations: 0
      lifter_settings:
        lift_calls: true
        calling_convention: 'WindowsAbi'
        max_stack_copy_size: 1024
        split_on_calls_fallback: true
    symbols:
      - !Name "main" # Specify via name
      - !Rva 0x1000  # Specify via RVA

YAML files are parsed using the codedefender-config crate. This is helpful if you're building automation around the SDK or CLI.

Data Structures

The codedefender-config crate defines the following models used in YAML and analysis:

Profiles and Settings

  • Profile — Defines a named obfuscation profile.
  • ObfuscationPass — Enum of passes like SuppressConstants, MutationEngine, IDADecompilerCrasher, etc.
  • CompilerSettings — Includes assembler_settings, optimization_settings, and lifter_settings.

Symbols

You can specify functions to obfuscate via:

  • Name("main")
  • Rva(0x1000)

These are represented in Rust as the YamlSymbol enum.

Analysis Output (From API)

  • AnalysisResult — Main struct returned from the server.
  • AnalysisFunction, AnalysisReject — Lists of accepted/rejected symbols.
  • AnalysisMacroProfile — Groups of symbols mapped to macro annotations.

API Usage

The codedefender-api crate provides the following functionality:

  • Uploading binaries for analysis or protection
  • Polling the SaaS backend for status
  • Downloading obfuscated binaries
  • Parsing config files and building requests

See the crate-level docs: docs.rs/codedefender-api

CLI Tool

The codedefender-cli tool offers a way to programmatically protect binaries through the terminal. Below are the available arguments:

--config <FILE>           Path to the YAML configuration file
--log-level <LEVEL>       Log level (error, warn, info, debug, trace) [default: info]
--api-key <KEY>           API key provided by the CodeDefender service
--timeout <MILLIS>        Poll timeout in milliseconds [default: 500]
--input-file <INPUT>      Input binary to process
--pdb-file <PDB>          Optional PDB file for symbol info
--output <OUTPUT>         Output path for the obfuscated binary

Example usage:

codedefender-cli \
  --input-file binary.exe \
  --pdb-file binary.pdb \
  --config config.yaml \
  --output protected.zip \
  --api-key $CD_API_KEY

These options control the full protection pipeline from upload, analysis, configuration synthesis, and final obfuscation and download.

GitHub Repos

For advanced integration or automation, explore the codedefender-config crate and its YAML schema definitions.