Karyo

Karyo is a small C++ programming library aimed at security researchers and reverse engineers who analyze obfuscated software. Its main purpose is to help understand how a specific class of software protection, known as VMP handlers, actually behaves at the machine level. The project description notes that all code was generated by AI.

The library works by taking machine code that has been translated into an intermediate format called LLVM bitcode and then running it in a mode that mixes real, known values with placeholder symbolic ones. Rather than executing the code as a normal program would, it traces through the logic and produces either a concrete result or an expression tree showing how the output depends on the inputs. This approach is called symbolic execution.

The primary use case is asking a question like: given a particular code handler from a protected program, what value ends up in a specific processor register when the handler finishes? The library can answer that as a fixed number when inputs are known, or as a formula when they are not.

Integration requires a C++ build environment using CMake and a compatible version of the LLVM compiler infrastructure. The readme includes short code examples showing how to set up register values, run a handler function, and read back results. Tests and examples are optional build targets that can be enabled at compile time.

This is a narrow, specialist tool. It is not aimed at general developers or beginners, and it is not a standalone application. If you are not already working with LLVM-based binary lifting and software protection analysis, this library is unlikely to be relevant to your work.