admin/Ryujin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Ryujin configuration, procedures choise, and more

Browse Source 
- Now we can configure the obfuscator. identify the functions to work and what kind of action to do.
This commit is contained in:
keowu
2025-05-24 09:52:40 -03:00
parent 8d91117554
commit 2fa8db0f98
6 changed files with 80 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
RyujinConsole/RyujinConsole/Ryujin.cc
View File

@@ -41,7 +41,7 @@ m_strInputFilePath(strInputFilePath), m_strOutputFilePath(strOutputFilePath), m_
} }
bool Ryujin::run() { bool Ryujin::run(const RyujinObfuscatorConfig& config) {
auto imgDos = reinterpret_cast<PIMAGE_DOS_HEADER>(m_mappedPE.get()); auto imgDos = reinterpret_cast<PIMAGE_DOS_HEADER>(m_mappedPE.get());
@@ -80,6 +80,42 @@ bool Ryujin::run() {
return FALSE; return FALSE;
} }
if (config.m_strProceduresToObfuscate.size() == 0) {
::OutputDebugStringA(
_In_ "Ryujin::Ryujin: not provided functions to obfuscate.\n"
);
return FALSE;
}
for (const auto& proc : m_ryujinProcedures) {
auto it = std::find(config.m_strProceduresToObfuscate.begin(), config.m_strProceduresToObfuscate.end(), proc.name);
if (it == config.m_strProceduresToObfuscate.end()) continue;
std::printf("[WORKING ON]: %s\n", proc.name);
// Is a valid procedure ?
if (proc.size == 0) {
::OutputDebugStringA(
_In_ "Ryujin::Ryujin: The candidate is a ghost function cannot obfuscate this..\n"
);
continue;
}
//Create basic blocks
}
} }
void Ryujin::listRyujinProcedures() { void Ryujin::listRyujinProcedures() {
@@ -87,20 +123,29 @@ void Ryujin::listRyujinProcedures() {
if (!m_isInitialized) { if (!m_isInitialized) {
::OutputDebugStringA( ::OutputDebugStringA(
_In_ "Ryujin::Ryujin: not initilized.\n" _In_ "Ryujin::listRyujinProcedures: not initialized.\n"
); );
return; return;
} }
for (auto& procedure : m_ryujinProcedures) { std::printf("=== Ryujin Procedures ===\n");
std::printf("%s - 0x%llx - 0x%llx\n", procedure.name.c_str(), procedure.address, procedure.size); for (const auto& procedure : m_ryujinProcedures) {
std::printf(
"Name: %-30s | Address: 0x%016llx | Size: 0x%llx\n",
procedure.name.c_str(),
procedure.address,
procedure.size
);
} }
std::printf("==========================\n");
} }
Ryujin::~Ryujin() { Ryujin::~Ryujin() {

3
RyujinConsole/RyujinConsole/Ryujin.hh
View File

@@ -6,6 +6,7 @@
#include <vector> #include <vector>
#include "RyujinPdbParsing.hh" #include "RyujinPdbParsing.hh"
#include "RyujinUtils.hh" #include "RyujinUtils.hh"
#include "RyujinObfuscatorConfig.hh"
class Ryujin { class Ryujin {
@@ -20,7 +21,7 @@ private:
public: public:
Ryujin(const std::string& strInputFilePath, const std::string& strPdbFilePath, const std::string& strOutputFilePath); Ryujin(const std::string& strInputFilePath, const std::string& strPdbFilePath, const std::string& strOutputFilePath);
bool run(); bool run(const RyujinObfuscatorConfig& config);
void listRyujinProcedures(); void listRyujinProcedures();
~Ryujin(); ~Ryujin();

12
RyujinConsole/RyujinConsole/RyujinConsole.cc
View File

@@ -9,7 +9,17 @@ auto main() -> int {
ryujin.get()->listRyujinProcedures(); ryujin.get()->listRyujinProcedures();
ryujin.get()->run(); RyujinObfuscatorConfig config;
config.m_isIgnoreOriginalCodeRemove = FALSE;
config.m_isJunkCode = TRUE;
config.m_isRandomSection = FALSE;
config.m_isVirtualized = FALSE;
std::vector<std::string> procsToObfuscate{
"main"
};
config.m_strProceduresToObfuscate.assign(procsToObfuscate.begin(), procsToObfuscate.end());
ryujin.get()->run(config);
ryujin.reset(); ryujin.reset();

1
RyujinConsole/RyujinConsole/RyujinConsole.vcxproj
View File

@@ -139,6 +139,7 @@
<ClInclude Include="Ryujin.hh" /> <ClInclude Include="Ryujin.hh" />
<ClInclude Include="RyujinBasicBlock.hh" /> <ClInclude Include="RyujinBasicBlock.hh" />
<ClInclude Include="RyujinInstruction.hh" /> <ClInclude Include="RyujinInstruction.hh" />
<ClInclude Include="RyujinObfuscatorConfig.hh" />
<ClInclude Include="RyujinPdbParsing.hh" /> <ClInclude Include="RyujinPdbParsing.hh" />
<ClInclude Include="RyujinProcedure.hh" /> <ClInclude Include="RyujinProcedure.hh" />
<ClInclude Include="RyujinUtils.hh" /> <ClInclude Include="RyujinUtils.hh" />

3
RyujinConsole/RyujinConsole/RyujinConsole.vcxproj.filters
View File

@@ -56,5 +56,8 @@
<ClInclude Include="RyujinInstruction.hh"> <ClInclude Include="RyujinInstruction.hh">
<Filter>Ryujin\Models</Filter> <Filter>Ryujin\Models</Filter>
</ClInclude> </ClInclude>
<ClInclude Include="RyujinObfuscatorConfig.hh">
<Filter>Ryujin\Models</Filter>
</ClInclude>
</ItemGroup> </ItemGroup>
</Project> </Project>

12
RyujinConsole/RyujinConsole/RyujinObfuscatorConfig.hh Normal file
View File

@@ -0,0 +1,12 @@
class RyujinObfuscatorConfig {
public:
bool m_isRandomSection; // Randomize the name of the new section with the processed code -> Ryujin standard
bool m_isVirtualized; // Virtualize the code [Try as much as possible]
bool m_isJunkCode; // Insert junk code to confuse
bool m_isIgnoreOriginalCodeRemove; // Do not remove the original code after processing (replace the original instructions with NOPs)
std::vector<std::string> m_strProceduresToObfuscate; // Names of the procedures to obfuscate
// todo: passes
};