From 19bba59fd21b4727d19340a5e47b76a553b4d94b Mon Sep 17 00:00:00 2001 From: keowu Date: Sat, 20 Sep 2025 12:50:36 -0300 Subject: [PATCH] feat: Translate RunMiniVm and Ryujin.Run code comments to English - Translating code comments into English to make them universally understandable. --- RyujinCore/Ryujin/Ryujin.cc | 3 + .../RyujinCore/RyujinObfuscationCore.cc | 56 +++++++++---------- 2 files changed, 31 insertions(+), 28 deletions(-) diff --git a/RyujinCore/Ryujin/Ryujin.cc b/RyujinCore/Ryujin/Ryujin.cc index 9fb0f47..4738499 100644 --- a/RyujinCore/Ryujin/Ryujin.cc +++ b/RyujinCore/Ryujin/Ryujin.cc @@ -2293,8 +2293,11 @@ bool Ryujin::run(const RyujinObfuscatorConfig& config, const std::shared_ptr RyujinObfuscationCore::RunMiniVmObfuscation() { - // Copiando os basic blocks da MiniVm antes de ofusca-la e adicionar bytes padding.. + // Copying the basic blocks of the MiniVm before obfuscating and adding padding bytes.. auto origBlocks = m_proc.basic_blocks; auto originalOpcodes = this->getProcessedProc().getUpdateOpcodes(); - // Ofuscando e adicionando bytes paddings.. + // Obfuscating and adding padding bytes.. addPaddingSpaces(); //mutateMiniVm(); - // Redesenhando os basic blocks + // Redrawing the basic blocks this->updateBasicBlocksContext(); - // Obtendo os opcodes novos ofuscados para podermos corrigir + // Getting the new obfuscated opcodes so we can fix them auto newOpcodes = this->getProcessedProc().getUpdateOpcodes(); - // Calculando quantas instruções temos antes de cada instruções nos Basic Blocks originais sem ofuscação + // Calculating how many instructions we have before each instruction in the original Basic Blocks without obfuscation std::vector instGlobalOffsets; for (auto& blk : origBlocks) { @@ -2613,26 +2613,26 @@ std::vector RyujinObfuscationCore::RunMiniVmObfuscation() { } - // Organizando os deslocamentos originais.. + // Organizing the original displacements.. std::sort(instGlobalOffsets.begin(), instGlobalOffsets.end()); - // Calculando as instruções antes de uma instrução inserida.. + // Calculating the instructions before an inserted instruction.. auto countInstructionsBefore = [&](size_t offset) { return static_cast(std::distance(instGlobalOffsets.begin(), std::lower_bound(instGlobalOffsets.begin(), instGlobalOffsets.end(), offset))); }; - // Criando novos Basic Blocks com base nos opcodes devidamente ofuscados.. + // Creating new Basic Blocks based on the properly obfuscated opcodes.. auto bb = new RyujinBasicBlockerBuilder(ZYDIS_MACHINE_MODE_LONG_64, ZydisStackWidth_::ZYDIS_STACK_WIDTH_64); m_obfuscated_bb = bb->createBasicBlocks(newOpcodes.data(), newOpcodes.size(), 0); - // Lambda para vermos se o deslocamente cabe em um short.. + // Lambda to check if the displacement fits in a short.. auto fits_int8 = [](int32_t v) { return v >= -128 && v <= 127; }; - // Salvando os opcodes originais sem ofuscação com base em um offset + // Saving the original opcodes without obfuscation based on an offset auto read_original_byte = [&](size_t off, uint8_t fallback)->uint8_t { if (off < originalOpcodes.size()) return originalOpcodes[off]; @@ -2644,37 +2644,37 @@ std::vector RyujinObfuscationCore::RunMiniVmObfuscation() { for (auto& inst : block.instructions) { - // Filtrando apenas por instruções de banch condicional ou incondicional(JE, JZ... jmp...).. + // Filtering only conditional or unconditional branch instructions (JE, JZ... jmp...).. if (!(inst.instruction.info.meta.category == ZYDIS_CATEGORY_COND_BR || inst.instruction.info.meta.category == ZYDIS_CATEGORY_UNCOND_BR)) continue; - // Calculando offset RIP relative para salto PIC da instrução.. + // Calculating RIP-relative offset for PIC jump of the instruction.. size_t origJumpOffset = block.start_address + inst.addressofinstruction; int64_t origDisp = inst.instruction.operands[0].imm.value.s; size_t origTargetOffset = origJumpOffset + inst.instruction.info.length + origDisp; - // Contando quantas instruções temos antes de cada instrução. antes de depois da mesma para podermos calcular o offset correto da branch ser feita: E8 [AQUI].. + // Counting how many instructions we have before each instruction, before and after it, so we can calculate the correct branch offset to be done: E8 [HERE].. int instBeforeJump = countInstructionsBefore(origJumpOffset); int instBeforeTarget = countInstructionsBefore(origTargetOffset); - // Calculando os novos offsets considerando o tamanho dos NOPS e JunkCode.. + // Calculating the new offsets considering the size of the NOPs and JunkCode.. size_t newJumpOffset = origJumpOffset + instBeforeJump * MAX_PADDING_SPACE_INSTR; size_t newTargetOffset = origTargetOffset + instBeforeTarget * MAX_PADDING_SPACE_INSTR; - // Lendo os bytes originais para podermos calcular o devido deslocamento e sincronizar os basic blocks.. + // Reading the original bytes so we can calculate the proper displacement and synchronize the basic blocks.. uint8_t rawOpcode = read_original_byte(origJumpOffset, (uint8_t)inst.instruction.info.opcode); - uint8_t rawOpcodeSpecificWithIntelPrefix = read_original_byte(origJumpOffset + 1, 0); // Opcode real para caso a instrução tenha algum prefixo como o 0x0F(pode variar essa merda) etc + uint8_t rawOpcodeSpecificWithIntelPrefix = read_original_byte(origJumpOffset + 1, 0); // Real opcode in case the instruction has a prefix like 0x0F (this crap may vary) etc std::vector opcodeBytes; int dispSize = 0; // 1 or 4 int32_t finalDisp = 0; - // Temos uma lógica customizada de correção para cada Opcode para garantir que nada seja quebrada quando formos patchar na instrução ofuscada... + // We have a custom correction logic for each Opcode to ensure nothing breaks when we patch the obfuscated instruction... if (inst.instruction.info.meta.category == ZYDIS_CATEGORY_UNCOND_BR) { - // Lógica para saltos incondicionais.. + // Logic for unconditional jumps.. if (rawOpcode == 0xEB) { - // Calculo para relocation short RIP-PIC: length = 2 (opcode + int8) + // Calculation for short RIP-PIC relocation: length = 2 (opcode + int8) int32_t d = static_cast(static_cast(newTargetOffset) - (static_cast(newJumpOffset) + 2)); if (fits_int8(d)) { @@ -2702,7 +2702,7 @@ std::vector RyujinObfuscationCore::RunMiniVmObfuscation() { } else { - // fallback: Para preservar opcode original.. + // fallback: To preserve original opcode.. opcodeBytes.push_back(rawOpcode); dispSize = 4; finalDisp = static_cast(static_cast(newTargetOffset) - (static_cast(newJumpOffset) + static_cast(opcodeBytes.size()) + 4)); @@ -2711,11 +2711,11 @@ std::vector RyujinObfuscationCore::RunMiniVmObfuscation() { } else { - // Lógica para as branchs condicionais.. - // Tem apenas dois algoritmos para eles RIP-PIC relative sendo o short (0x7x) => 2 bytes e o near (0F 8x) => 6 bytes. + // Logic for conditional branches.. + // There are only two algorithms for them, RIP-PIC relative being short (0x7x) => 2 bytes and near (0F 8x) => 6 bytes. if (rawOpcode >= 0x70 && rawOpcode <= 0x7F) { - // Calculando o short RIP-PIC + // Calculating the short RIP-PIC int32_t d = static_cast(static_cast(newTargetOffset) - (static_cast(newJumpOffset) + 2)); if (fits_int8(d)) { @@ -2726,7 +2726,7 @@ std::vector RyujinObfuscationCore::RunMiniVmObfuscation() { } else { - // Calculando a lógica para um near com prefixo como 0F 8x com base no rawOpcode recebido.. + // Calculating the logic for a near with prefix like 0F 8x based on the rawOpcode received.. uint8_t op2 = (rawOpcode & 0x0F) + 0x80; opcodeBytes.push_back(0x0F); opcodeBytes.push_back(op2); @@ -2738,7 +2738,7 @@ std::vector RyujinObfuscationCore::RunMiniVmObfuscation() { } else if (rawOpcode == 0x0F) { - // Calculando lógica customizada para o prefixo de salto com 0x0F + // Calculating custom logic for the jump prefix with 0x0F uint8_t second = rawOpcodeSpecificWithIntelPrefix; if (second == 0) @@ -2752,7 +2752,7 @@ std::vector RyujinObfuscationCore::RunMiniVmObfuscation() { } else { - // Fallback para condicionais inesperadas(se isso for usado para algo diferente no futuro, é claro)... + // Fallback for unexpected conditionals (if this is used for something different in the future, of course)... opcodeBytes.push_back(rawOpcode); dispSize = 4; finalDisp = static_cast(static_cast(newTargetOffset) - (static_cast(newJumpOffset) + static_cast(opcodeBytes.size()) + 4)); @@ -2760,7 +2760,7 @@ std::vector RyujinObfuscationCore::RunMiniVmObfuscation() { } } - // Compondo os novos opcodes.. + // Composing the new opcodes.. std::vector composed; composed.insert(composed.end(), opcodeBytes.begin(), opcodeBytes.end()); if (dispSize == 1) @@ -2771,7 +2771,7 @@ std::vector RyujinObfuscationCore::RunMiniVmObfuscation() { if (newJumpOffset + composed.size() > newOpcodes.size()) continue; - // Escrevendo as novas instruções devidamente corrigidas.. + // Writing the new properly fixed instructions.. std::memcpy(newOpcodes.data() + newJumpOffset, composed.data(), composed.size()); } }