Function Rejections

CodeDefender is fundamentally a partial binary rewriter—meaning there will always be a small subset of functions that we cannot locate, analyze, or safely transform. This is a known limitation of binary rewriting in general. Significant research has gone into ensuring robustness and stability in our rewriting process; without this foundation, any attempt at binary recompilation or obfuscation would be as fragile as the underlying transformation techniques themselves.

As a result, some functions in your program may be “rejected”—meaning CodeDefender cannot safely transform or obfuscate them. This is expected in any robust binary rewriting system. Below is a list of known rejection reasons along with explanations for why they occur and how to interpret them.

DecodeOutOfBounds

The function begins at an address that, when decoded, reads past the end of the binary image. This suggests malformed or truncated code.

DecodeOutOfExecutable

The function decoded into non-executable memory. CodeDefender only processes functions within known executable sections.

JumpOutOfBounds

A direct or indirect jump targets an address outside the bounds of the binary. This is unsafe to transform.

JumpOutOfExecutable

A jump targets memory that is not marked as executable, which typically indicates invalid or obfuscated control flow.

LoadOutOfBounds

An indirect jump or call performs a memory read from an address outside the binary image. This often happens with corrupted jump tables or dynamic dispatch.

X86XBeginXAbortXEnd

The function contains Intel TSX transactional memory instructions like XBEGIN, XABORT, or XEND, which are currently unsupported.

FallthroughCall

Control flow falls through into a function without a proper call boundary. This violates function ownership and makes transformation unsafe.

X86FarCall

A far call (segment-based) was encountered. Far control transfers are rare in modern binaries and not currently supported.

X86FarJump

A far jump was found. These segment-based jumps are not handled by the rewriter.

X86FarReturn

A far return (RETF) was found. These instructions are not supported due to segment-based return behavior.

BadIndirectBranch

An indirect jump was found in a format we couldn’t analyze—typically a jump table with unknown or dynamic bounds. Most common in optimized Rust code.

InvalidInterrupt

An unknown or unhandled interrupt instruction (e.g. INT) was encountered. We don’t yet know how to safely model it.

MismatchedBranchCounts

An internal error indicating inconsistent control flow modeling. Please contact us if you see this.

ErroredUnwindInfo

An error occurred while parsing unwind information for the function. This is often caused by language-specific exception handlers we don’t yet support.

ChainToOutsideFunction

Unwind data from this function links to another function’s unwind region. This usually means we misidentified function boundaries.

ChainFromOutsideFunction

Unwind information from another function links into this one. This usually means we misidentified function boundaries.

NotOwnedByFunction

The function attempts to use unwind metadata owned by another function. This usually means we misidentified function boundaries.

NoThunkSpace

The function is too small for us to insert a jump thunk to the obfuscated version. This is common for tiny functions like return a + b or constant returns, which are often inlined by the compiler. These functions typically don’t benefit from obfuscation.

ReadWriteToCode

This function was rejected because some part of the binary reads from or writes to memory within it. This may indicate self-modifying or introspective behavior, which is not supported.

If you believe this rejection is a false positive, you can manually force the function to be obfuscated. However, proceed with extreme caution—forcing obfuscation on unsupported code may lead to runtime errors.

To force the function:

Click the expand icon in the top-left corner to open the expanded function view.
Navigate to the rejected function.
At the bottom of the view, click the Add to profile button. A warning will appear—review it carefully before proceeding.

OverlappingInstructions

We detected that one or more instructions overlap in memory, indicating malformed or intentionally obfuscated code.

OverlappingInstructionsBranch

A branch lands in the middle of another instruction, which violates alignment and makes lifting unsafe.

OverlappingInstructionsDecode

Overlapping instructions were detected within the function itself during decoding. This was not detected during earlier branch analysis and implies broken or obfuscated control flow.

DecodeOutOfBounds​

DecodeOutOfExecutable​

JumpOutOfBounds​

JumpOutOfExecutable​

LoadOutOfBounds​

X86XBeginXAbortXEnd​

FallthroughCall​

X86FarCall​

X86FarJump​

X86FarReturn​

BadIndirectBranch​

InvalidInterrupt​

MismatchedBranchCounts​

ErroredUnwindInfo​

ChainToOutsideFunction​

ChainFromOutsideFunction​

NotOwnedByFunction​

NoThunkSpace​

ReadWriteToCode​

OverlappingInstructions​

OverlappingInstructionsBranch​

OverlappingInstructionsDecode​