admin/Ryujin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bc91576ecb962abc55a925dac5169359e7ccfe78
Ryujin/RyujinGUI/RyujinCore.hh

73 lines
2.8 KiB
C++
Raw Normal View History

feat: Improve RyujinGUI to support RyujinCore - RyujinGUI now uses RyujinCore to properly obfuscate code with full configuration support. - Added new Ryujin logo. - Added new Ryujin banner. - Improved UI design, components, and more.
2025-07-03 09:37:46 -03:00
#pragma once
#include <vector>
#include <Windows.h>
#include <string>
feat: Add custom pass support for Ryujin users via callback - Ryujin users can now register their own callbacks following the standard interface to create custom passes and extend Ryujin’s behavior. - Updated configuration files to support safe usage. - Adjusted README.md.
2025-07-27 09:12:11 -03:00
#include <Zydis/Zydis.h>
#include <Zydis/SharedTypes.h>
#include "../RyujinCore/Ryujin/Models/RyujinProcedure.hh"
feat: Improve RyujinGUI to support RyujinCore - RyujinGUI now uses RyujinCore to properly obfuscate code with full configuration support. - Added new Ryujin logo. - Added new Ryujin banner. - Improved UI design, components, and more.
2025-07-03 09:37:46 -03:00
feat: MSVC optimization bug fixes, FFI standard support, and Anti-Debug options in RyujinGui - Fixed a bug related to MSVC optimizations that broke Ryujin's relocation algorithm and its fix-up logic. - Introduced a standardized FFI argument-passing method for Ryujin Core; the legacy method remains compatible. - Ryujin GUI now fully supports the Anti-Debug features. - Various minor bug fixes and improvements to project structure.
2025-07-10 20:55:39 -03:00
#define MAX_PROCEDURES 128
#define MAX_PROCEDURE_NAME_LEN 128
feat: Add custom pass support for Ryujin users via callback - Ryujin users can now register their own callbacks following the standard interface to create custom passes and extend Ryujin’s behavior. - Updated configuration files to support safe usage. - Adjusted README.md.
2025-07-27 09:12:11 -03:00
#define MAX_CALLBACKS 10
feat: MSVC optimization bug fixes, FFI standard support, and Anti-Debug options in RyujinGui - Fixed a bug related to MSVC optimizations that broke Ryujin's relocation algorithm and its fix-up logic. - Introduced a standardized FFI argument-passing method for Ryujin Core; the legacy method remains compatible. - Ryujin GUI now fully supports the Anti-Debug features. - Various minor bug fixes and improvements to project structure.
2025-07-10 20:55:39 -03:00
struct RyujinObfuscatorProcs {
int procedureCount;
char procedures[MAX_PROCEDURES][MAX_PROCEDURE_NAME_LEN];
};
feat: Add custom pass support for Ryujin users via callback - Ryujin users can now register their own callbacks following the standard interface to create custom passes and extend Ryujin’s behavior. - Updated configuration files to support safe usage. - Adjusted README.md.
2025-07-27 09:12:11 -03:00
using RyujinCallback = void (*)(RyujinProcedure*);
struct RyujinCallbacks {
int callbackCount;
RyujinCallback callbacks[MAX_CALLBACKS]; // Array de ponteiros de fun<75><6E>o
};
feat: Improve RyujinGUI to support RyujinCore - RyujinGUI now uses RyujinCore to properly obfuscate code with full configuration support. - Added new Ryujin logo. - Added new Ryujin banner. - Improved UI design, components, and more.
2025-07-03 09:37:46 -03:00
class RyujinObfuscatorConfig {
public:
bool m_isRandomSection; // Randomize the name of the new section with the processed code -> ".Ryujin" standard
bool m_isVirtualized; // Virtualize the code [Try as much as possible]
bool m_isIatObfuscation; //Process IAT Obfuscation
bool m_isJunkCode; // Insert junk code to confuse
bool m_isIgnoreOriginalCodeRemove; // Do not remove the original code after processing (replace the original instructions with NOPs)
bool m_isEncryptObfuscatedCode; // The user wants to encrypt all obfuscated code to avoid detection
feat: MSVC optimization bug fixes, FFI standard support, and Anti-Debug options in RyujinGui - Fixed a bug related to MSVC optimizations that broke Ryujin's relocation algorithm and its fix-up logic. - Introduced a standardized FFI argument-passing method for Ryujin Core; the legacy method remains compatible. - Ryujin GUI now fully supports the Anti-Debug features. - Various minor bug fixes and improvements to project structure.
2025-07-10 20:55:39 -03:00
bool m_isAntiDebug; // The user wants to avoid debuggers use while running a binary protected by Ryujin
bool m_isTrollRerversers; // The user wants to trick and use a special feature to troll reversers when their debugs be detected making they loose all the progress
feat: Start implementing the base for the "AntiDump" feature - Begin work on the foundational structure for the "AntiDump" feature - Introduced a new capability in Ryujin called "RyujinRunOncePass", which runs only on the first obfuscated function — ideal for volatile features - Updated "RyujinCoreConfiguration" structures - Updated "RyujinGUI" to include the "AntiDump" option - Updated "RyujinConsole" to display the "AntiDump" feature - Updated "README.md" accordingly
2025-07-12 21:26:12 -03:00
bool m_isAntiDump; // Enable Anti Dump technic for Ryujin protected binary
feat: Working on the base for Memory CRC32 Protection - Working on a new feature to allow users to protect obfuscated code with a memory protection mechanism, inspired by VMProtect, where the protector uses CRC32 to validate if a page was modified on disk or in memory. - This is just the base to start building the feature. It’s still in development and I hope it evolves a lot.
2025-07-19 22:06:32 -03:00
bool m_isMemoryProtection; // Memory CRC32 protection
feat: New HVPass (extension for code obfuscation) + MiniVM code mutation (for HVPass and standard MiniVM); Bug fixes for extracted unused registers (with future XMM support); Bug fixes for junk/mutation overwriting the RAX register unexpectedly; Improvements and added support for fixing relocation offsets in memory mov instructions; articles/projects diagrams and more. - New HVPass feature – This feature allows the code VM to run through Microsoft’s Hypervisor API, adding an extra layer of analysis difficulty. - MiniVM (normal) or MiniVM + HVPass – Now support junk/mutation in the stub, making the logic and instructions randomized at each interaction, further protecting the stub’s code. - Bug fix – Fixed an issue in the extraction of unused registers from candidate procedures, where some registers were not being handled correctly. - Bug fix – Fixed an issue in the extraction of XMM registers to enable junk/mutation support for multimedia registers. - Bug fix – Fixed a problem in the junk/mutation logic for the instructions cdqe and cbw, which were incorrectly overwriting the RAX register, breaking results even when the registers were in use. - Bug fix – Some instructions were not having relocations properly fixed by the RIP-relative relocation algorithm; this has now been corrected. - Articles + Project Diagrams as well. Some of these issues, as well as feature suggestions like HVPass, were discovered or suggested by the reviewers of Ryujin’s article.
2025-08-28 21:20:58 -03:00
bool m_isHVPass; // Run some features of ryujin using Microsoft Hypervisor Framework API
feat: Improved pointer safety and performance for better adaptability. Also updated the README. - Improved and organized pointer safety. - Removed old, unused fields from the config. - Introduced RyuJinConfigInternal to separate internal fields not directly related to the exposed config, used only by the Ryujin core. - Updated README.md.
2025-07-26 22:16:21 -03:00
RyujinObfuscatorProcs m_strProceduresToObfuscate; // Names of the procedures to obfuscate
feat: Add custom pass support for Ryujin users via callback - Ryujin users can now register their own callbacks following the standard interface to create custom passes and extend Ryujin’s behavior. - Updated configuration files to support safe usage. - Adjusted README.md.
2025-07-27 09:12:11 -03:00
RyujinCallbacks m_callbacks; // Ryujin Custom Pass Callbacks
feat: Improve RyujinGUI to support RyujinCore - RyujinGUI now uses RyujinCore to properly obfuscate code with full configuration support. - Added new Ryujin logo. - Added new Ryujin banner. - Improved UI design, components, and more.
2025-07-03 09:37:46 -03:00
feat: MSVC optimization bug fixes, FFI standard support, and Anti-Debug options in RyujinGui - Fixed a bug related to MSVC optimizations that broke Ryujin's relocation algorithm and its fix-up logic. - Introduced a standardized FFI argument-passing method for Ryujin Core; the legacy method remains compatible. - Ryujin GUI now fully supports the Anti-Debug features. - Various minor bug fixes and improvements to project structure.
2025-07-10 20:55:39 -03:00
static bool RunRyujin(const std::string& strInputFilePath, const std::string& strPdbFilePath, const std::string& strOutputFilePath, RyujinObfuscatorConfig& config) {
feat: Improve RyujinGUI to support RyujinCore - RyujinGUI now uses RyujinCore to properly obfuscate code with full configuration support. - Added new Ryujin logo. - Added new Ryujin banner. - Improved UI design, components, and more.
2025-07-03 09:37:46 -03:00
feat: MSVC optimization bug fixes, FFI standard support, and Anti-Debug options in RyujinGui - Fixed a bug related to MSVC optimizations that broke Ryujin's relocation algorithm and its fix-up logic. - Introduced a standardized FFI argument-passing method for Ryujin Core; the legacy method remains compatible. - Ryujin GUI now fully supports the Anti-Debug features. - Various minor bug fixes and improvements to project structure.
2025-07-10 20:55:39 -03:00
using tpdRunRyujinCore = BOOL(__stdcall*)(const char*, const char*, const char*, RyujinObfuscatorConfig&);
feat: Improve RyujinGUI to support RyujinCore - RyujinGUI now uses RyujinCore to properly obfuscate code with full configuration support. - Added new Ryujin logo. - Added new Ryujin banner. - Improved UI design, components, and more.
2025-07-03 09:37:46 -03:00
auto hModule = LoadLibraryW(L"RyujinCore.dll");
if (!hModule) return FALSE;
auto RunRyujinCore = reinterpret_cast<tpdRunRyujinCore>(GetProcAddress(hModule, "RunRyujinCore"));
if (!RunRyujinCore) return FALSE;
feat: MSVC optimization bug fixes, FFI standard support, and Anti-Debug options in RyujinGui - Fixed a bug related to MSVC optimizations that broke Ryujin's relocation algorithm and its fix-up logic. - Introduced a standardized FFI argument-passing method for Ryujin Core; the legacy method remains compatible. - Ryujin GUI now fully supports the Anti-Debug features. - Various minor bug fixes and improvements to project structure.
2025-07-10 20:55:39 -03:00
return RunRyujinCore(strInputFilePath.c_str(), strPdbFilePath.c_str(), strOutputFilePath.c_str(), config);
feat: Improve RyujinGUI to support RyujinCore - RyujinGUI now uses RyujinCore to properly obfuscate code with full configuration support. - Added new Ryujin logo. - Added new Ryujin banner. - Improved UI design, components, and more.
2025-07-03 09:37:46 -03:00
}
feat: Add custom pass support for Ryujin users via callback - Ryujin users can now register their own callbacks following the standard interface to create custom passes and extend Ryujin’s behavior. - Updated configuration files to support safe usage. - Adjusted README.md.
2025-07-27 09:12:11 -03:00
RyujinObfuscatorConfig() : m_callbacks{ 0 } {}
bool RegisterCallback(RyujinCallback callback) {
if (m_callbacks.callbackCount < MAX_CALLBACKS) {
m_callbacks.callbacks[m_callbacks.callbackCount] = callback;
m_callbacks.callbackCount++;
return true;
}
return false;
}
feat: Improve RyujinGUI to support RyujinCore - RyujinGUI now uses RyujinCore to properly obfuscate code with full configuration support. - Added new Ryujin logo. - Added new Ryujin banner. - Improved UI design, components, and more.
2025-07-03 09:37:46 -03:00
};
Reference in New Issue Copy Permalink