feat: Ryujin configuration, procedures choise, and more
- Now we can configure the obfuscator. identify the functions to work and what kind of action to do.
This commit is contained in:
keowu
@@ -41,7 +41,7 @@ m_strInputFilePath(strInputFilePath), m_strOutputFilePath(strOutputFilePath), m_
|
||||
|
||||
}
|
||||
|
||||
bool Ryujin::run() {
|
||||
bool Ryujin::run(const RyujinObfuscatorConfig& config) {
|
||||
|
||||
auto imgDos = reinterpret_cast<PIMAGE_DOS_HEADER>(m_mappedPE.get());
|
||||
|
||||
@@ -80,6 +80,42 @@ bool Ryujin::run() {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (config.m_strProceduresToObfuscate.size() == 0) {
|
||||
|
||||
::OutputDebugStringA(
|
||||
|
||||
_In_ "Ryujin::Ryujin: not provided functions to obfuscate.\n"
|
||||
|
||||
);
|
||||
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
for (const auto& proc : m_ryujinProcedures) {
|
||||
|
||||
auto it = std::find(config.m_strProceduresToObfuscate.begin(), config.m_strProceduresToObfuscate.end(), proc.name);
|
||||
|
||||
if (it == config.m_strProceduresToObfuscate.end()) continue;
|
||||
|
||||
std::printf("[WORKING ON]: %s\n", proc.name);
|
||||
|
||||
// Is a valid procedure ?
|
||||
if (proc.size == 0) {
|
||||
|
||||
::OutputDebugStringA(
|
||||
|
||||
_In_ "Ryujin::Ryujin: The candidate is a ghost function cannot obfuscate this..\n"
|
||||
|
||||
);
|
||||
|
||||
continue;
|
||||
}
|
||||
|
||||
//Create basic blocks
|
||||
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
void Ryujin::listRyujinProcedures() {
|
||||
@@ -87,20 +123,29 @@ void Ryujin::listRyujinProcedures() {
|
||||
if (!m_isInitialized) {
|
||||
|
||||
::OutputDebugStringA(
|
||||
|
||||
_In_ "Ryujin::Ryujin: not initilized.\n"
|
||||
|
||||
|
||||
_In_ "Ryujin::listRyujinProcedures: not initialized.\n"
|
||||
|
||||
);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
for (auto& procedure : m_ryujinProcedures) {
|
||||
std::printf("=== Ryujin Procedures ===\n");
|
||||
|
||||
std::printf("%s - 0x%llx - 0x%llx\n", procedure.name.c_str(), procedure.address, procedure.size);
|
||||
for (const auto& procedure : m_ryujinProcedures) {
|
||||
|
||||
std::printf(
|
||||
"Name: %-30s | Address: 0x%016llx | Size: 0x%llx\n",
|
||||
procedure.name.c_str(),
|
||||
procedure.address,
|
||||
procedure.size
|
||||
);
|
||||
|
||||
}
|
||||
|
||||
std::printf("==========================\n");
|
||||
|
||||
}
|
||||
|
||||
Ryujin::~Ryujin() {
|
||||
|
||||
@@ -6,6 +6,7 @@
|
||||
#include <vector>
|
||||
#include "RyujinPdbParsing.hh"
|
||||
#include "RyujinUtils.hh"
|
||||
#include "RyujinObfuscatorConfig.hh"
|
||||
|
||||
class Ryujin {
|
||||
|
||||
@@ -20,7 +21,7 @@ private:
|
||||
|
||||
public:
|
||||
Ryujin(const std::string& strInputFilePath, const std::string& strPdbFilePath, const std::string& strOutputFilePath);
|
||||
bool run();
|
||||
bool run(const RyujinObfuscatorConfig& config);
|
||||
void listRyujinProcedures();
|
||||
~Ryujin();
|
||||
|
||||
|
||||
@@ -9,7 +9,17 @@ auto main() -> int {
|
||||
|
||||
ryujin.get()->listRyujinProcedures();
|
||||
|
||||
ryujin.get()->run();
|
||||
RyujinObfuscatorConfig config;
|
||||
config.m_isIgnoreOriginalCodeRemove = FALSE;
|
||||
config.m_isJunkCode = TRUE;
|
||||
config.m_isRandomSection = FALSE;
|
||||
config.m_isVirtualized = FALSE;
|
||||
std::vector<std::string> procsToObfuscate{
|
||||
"main"
|
||||
};
|
||||
config.m_strProceduresToObfuscate.assign(procsToObfuscate.begin(), procsToObfuscate.end());
|
||||
|
||||
ryujin.get()->run(config);
|
||||
|
||||
ryujin.reset();
|
||||
|
||||
|
||||
@@ -139,6 +139,7 @@
|
||||
<ClInclude Include="Ryujin.hh" />
|
||||
<ClInclude Include="RyujinBasicBlock.hh" />
|
||||
<ClInclude Include="RyujinInstruction.hh" />
|
||||
<ClInclude Include="RyujinObfuscatorConfig.hh" />
|
||||
<ClInclude Include="RyujinPdbParsing.hh" />
|
||||
<ClInclude Include="RyujinProcedure.hh" />
|
||||
<ClInclude Include="RyujinUtils.hh" />
|
||||
|
||||
@@ -56,5 +56,8 @@
|
||||
<ClInclude Include="RyujinInstruction.hh">
|
||||
<Filter>Ryujin\Models</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="RyujinObfuscatorConfig.hh">
|
||||
<Filter>Ryujin\Models</Filter>
|
||||
</ClInclude>
|
||||
</ItemGroup>
|
||||
</Project>
|
||||
12
RyujinConsole/RyujinConsole/RyujinObfuscatorConfig.hh
Normal file
12
RyujinConsole/RyujinConsole/RyujinObfuscatorConfig.hh
Normal file
@@ -0,0 +1,12 @@
|
||||
|
||||
class RyujinObfuscatorConfig {
|
||||
|
||||
public:
|
||||
bool m_isRandomSection; // Randomize the name of the new section with the processed code -> Ryujin standard
|
||||
bool m_isVirtualized; // Virtualize the code [Try as much as possible]
|
||||
bool m_isJunkCode; // Insert junk code to confuse
|
||||
bool m_isIgnoreOriginalCodeRemove; // Do not remove the original code after processing (replace the original instructions with NOPs)
|
||||
std::vector<std::string> m_strProceduresToObfuscate; // Names of the procedures to obfuscate
|
||||
// todo: passes
|
||||
|
||||
};
|
||||
Reference in New Issue
Block a user