nodiuus

nodiuus / nocturne

Public

A bin2bin code virtualizer for x86-64

anti-analysis bin2bin code-virtualizer obfuscation reverse-engineering
16
1
69% credibility
Found May 18, 2026 at 42 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
C++
AI Summary

Nocturne is a code protection tool that transforms compiled Windows programs to make them harder to analyze. Developers mark specific functions in their code, then run this tool to convert those functions into a custom virtual machine format. The original code is replaced with encrypted bytecode that only the built-in interpreter can execute. This technique, called code virtualization, is commonly used to protect software from reverse engineering, tampering, and unauthorized analysis. The tool includes features like junk code insertion to further confuse anyone trying to understand the protected code.

How It Works

1
💡 Discovering code protection needs

A developer realizes their software needs stronger protection against reverse engineering and tampering.

2
🔍 Finding Nocturne online

The developer discovers this open-source tool that transforms their compiled code into an unreadable virtual machine format.

3
📝 Marking functions to protect

The developer adds special markers to the functions they want to protect, like putting a protective shield around their most valuable code.

4
⚙️ Running the protection tool

The developer runs the tool on their program, which automatically finds the marked functions and transforms them.

5
Choosing protection scope
🎯
Auto mode

The tool automatically finds all marked functions and protects them all at once

Manual mode

The developer specifies exactly which parts of the program to protect

6
🔒 Code becomes virtualized

The original code disappears and gets replaced with encrypted bytecode that only the built-in interpreter can understand.

Protected program is ready

The developer now has a protected version of their program that is much harder to analyze, reverse engineer, or tamper with.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 42 to 16 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is nocturne?

Nocturne is a bin2bin x86-64 code virtualizer written in C++ that transforms compiled Windows executables by replacing selected functions with bytecode for a custom virtual machine. It disassembles x86-64 machine code, translates it into VM bytecode, and patches the PE file so the original code never executes again. The tool ships with an SDK header that lets you mark functions for virtualization using simple macros, or you can target specific regions manually by specifying RVA and size.

Why is it gaining traction?

The project combines two things developers actually want: code protection and simplicity. Mark a function with a macro, run the CLI, get a hardened binary. The junk code generator produces opaque predicates that make static analysis painful without slowing runtime. The chunked bytecode layout scrambles the logical instruction stream across physical memory, defeating naive byte-level pattern matching. Native calls work through a bridge that preserves register state, so the VM can still invoke external functions without breaking the calling convention.

Who should use this?

Game developers protecting anti-cheat logic, software vendors guarding proprietary algorithms, and malware analysts building custom packers will find the most value. If you need to harden specific hotpaths in a Windows binary without rewriting in a separate language, this fits. Teams evaluating binary obfuscation for compliance or IP protection will want to test it against their threat model.

Verdict

Nocturne is a promising proof-of-concept with a solid architecture and clean API. The credibility score of 0.699999988079071% reflects its early stage: sixteen stars, minimal documentation, and no published test suite. Use it for evaluation and prototyping, not production hardening until the author ships stability fixes and more VM handlers. The foundation is worth watching.

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.