feat: Enable "Ignore Remove Original Code After Obfuscation"

Users can now enable an option in the obfuscation config to "ignore the removal of the original code" after obfuscation.

RyujinConsole/RyujinConsole/Ryujin/Ryujin.cc

@@ -149,9 +149,6 @@ bool Ryujin::run(const RyujinObfuscatorConfig& config) {
 
 	}
 
-	//Remove old code and jump to the new code region
-	if (config.m_isIgnoreOriginalCodeRemove) todoAction();
-
 	//Add section
 	char chSectionName[8]{ '.', 'R', 'y', 'u', 'j', 'i', 'n', '\0' };
 	if (config.m_isRandomSection) RyujinUtils::randomizeSectionName(chSectionName);
@@ -169,7 +166,7 @@ bool Ryujin::run(const RyujinObfuscatorConfig& config) {
 		obc.applyRelocationFixupsToInstructions(reinterpret_cast<uintptr_t>(imgDos), peSections.getRyujinSectionVA() + offsetVA, tempValued);
 
 		//Removendo e adicionando um salto no procedimento original e removendo opcodes originais para um salto ao novo c<>digo ofuscado
-		obc.removeOldOpcodeRedirect(peSections.mappedPeDiskBaseAddress(), peSections.getRyujinMappedPeSize(), reinterpret_cast<uintptr_t>(imgDos) + peSections.getRyujinSectionVA() + offsetVA);
+		obc.removeOldOpcodeRedirect(peSections.mappedPeDiskBaseAddress(), peSections.getRyujinMappedPeSize(), reinterpret_cast<uintptr_t>(imgDos) + peSections.getRyujinSectionVA() + offsetVA, config.m_isIgnoreOriginalCodeRemove);
 
 		//Destructing class
 		obc.~RyujinObfuscationCore();

RyujinConsole/RyujinConsole/Ryujin/RyujinCore/RyujinObfuscationCore.cc

@@ -437,7 +437,7 @@ void RyujinObfuscationCore::applyRelocationFixupsToInstructions(uintptr_t imageB
 
 }
 
-void RyujinObfuscationCore::removeOldOpcodeRedirect(uintptr_t newMappedPE, std::size_t szMapped, uintptr_t newObfuscatedAddress) {
+void RyujinObfuscationCore::removeOldOpcodeRedirect(uintptr_t newMappedPE, std::size_t szMapped, uintptr_t newObfuscatedAddress, bool isIgnoreOriginalCodeRemove) {
 
 	/*
 		Creating signatures to search for the opcode in the PE mapped from disk.
@@ -448,10 +448,8 @@ void RyujinObfuscationCore::removeOldOpcodeRedirect(uintptr_t newMappedPE, std::
 	std::memcpy(ucSigature, reinterpret_cast<void*>(m_proc.address), 10);
 	auto offsetz = findOpcodeOffset(reinterpret_cast<unsigned char*>(newMappedPE), szMapped, &ucSigature, 10);
 
-	/*
-		Removing all the opcodes from the original procedure and replacing them with NOP instructions.
-	*/
-	std::memset(reinterpret_cast<void*>(newMappedPE + offsetz), 0x90, m_proc.size);
+	// Based on the obfuscation configuration, some users can decide to not remove the original code from the original procedure after obfuscation.
+	if (!isIgnoreOriginalCodeRemove) std::memset(reinterpret_cast<void*>(newMappedPE + offsetz), 0x90, m_proc.size); // Removing all the opcodes from the original procedure and replacing them with NOP instructions.
 
 	/*
 		Creating a new JMP opcode in such a way that it can be added to the old region that was completely replaced by NOP,

RyujinConsole/RyujinConsole/Ryujin/RyujinCore/RyujinObfuscationCore.hh

@@ -26,7 +26,7 @@ private:
 public:
 	RyujinObfuscationCore(const RyujinObfuscatorConfig& config, const RyujinProcedure& proc);
 	void applyRelocationFixupsToInstructions(uintptr_t imageBase, DWORD virtualAddress, std::vector<unsigned char>& new_opcodes);
-	void removeOldOpcodeRedirect(uintptr_t newMappedPE, std::size_t szMapped, uintptr_t newObfuscatedAddress);
+	void removeOldOpcodeRedirect(uintptr_t newMappedPE, std::size_t szMapped, uintptr_t newObfuscatedAddress, bool isIgnoreOriginalCodeRemove = false);
 	BOOL Run();
 	RyujinProcedure getProcessedProc();
 	~RyujinObfuscationCore();

RyujinConsole/RyujinConsole/RyujinConsole.cc

@@ -14,6 +14,7 @@ auto main() -> int {
     config.m_isJunkCode = TRUE;
     config.m_isRandomSection = FALSE;
     config.m_isVirtualized = FALSE;
+    config.m_isIatObfuscation = TRUE;
     std::vector<std::string> procsToObfuscate{
         "main",
         "mainCRTStartup",