admin/Ryujin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Ryujin Models, PDB, Utils

Browse Source 
- Organizing Ryujin code models
- PDB Parsing
- Utils
- More
This commit is contained in:
keowu
2025-05-23 22:04:08 -03:00
parent 4aa9381177
commit 82a15d5358
9 changed files with 160 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
RyujinConsole/RyujinConsole/Ryujin.cc
View File

@@ -3,9 +3,66 @@
Ryujin::Ryujin(const std::string& strInputFilePath, const std::string& strPdbFilePath, const std::string& strOutputFilePath) :
m_strInputFilePath(strInputFilePath), m_strOutputFilePath(strOutputFilePath), m_strPdbFilePath(strPdbFilePath) {
RyujinUtils::MapPortableExecutableFileIntoMemory(m_strInputFilePath, m_mappedPE);
auto mappedInfo = RyujinUtils::MapPortableExecutableFileIntoMemory(m_strInputFilePath, m_mappedPE);
std::printf("Goingggg :D\n0");
m_szFile = mappedInfo.second;
m_isInitialized = mappedInfo.first;
if (!m_isInitialized) {
OutputDebugStringA("Ryujin::Ryujin: failed to initilize.\n");
}
}
bool Ryujin::run() {
auto imgDos = reinterpret_cast<PIMAGE_DOS_HEADER>(m_mappedPE.get());
if (imgDos->e_magic != IMAGE_DOS_SIGNATURE) {
OutputDebugStringA(
_In_ "Ryujin::run: Invalid PE File.\n"
);
return FALSE;
}
auto imgNt = reinterpret_cast<PIMAGE_NT_HEADERS>(m_mappedPE.get() + imgDos->e_lfanew);
if (imgNt->Signature != IMAGE_NT_SIGNATURE) {
OutputDebugStringA(
_In_ "Ryujin::run: Invalid NT headers for the input PE File.\n"
);
return FALSE;
}
if (!m_isInitialized) {
OutputDebugStringA(
_In_ "Ryujin::Ryujin: not initilized.\n"
);
return FALSE;
}
auto syms = RyujinPdbParsing::ExtractProceduresFromPdb(
reinterpret_cast<uintptr_t>(m_mappedPE.get()),
m_szFile,
m_strInputFilePath,
m_strPdbFilePath
);
}

7
RyujinConsole/RyujinConsole/Ryujin.hh
View File

@@ -1,6 +1,10 @@
#pragma once
#include <Zydis/Zydis.h>
#include <Zydis/SharedTypes.h>
#include <iostream>
#include <memory>
#include <vector>
#include "RyujinPdbParsing.hh"
#include "RyujinUtils.hh"
class Ryujin {
@@ -10,9 +14,12 @@ private:
const std::string& m_strInputFilePath;
const std::string& m_strPdbFilePath;
const std::string& m_strOutputFilePath;
uintptr_t m_szFile;
BOOL m_isInitialized;
public:
Ryujin(const std::string& strInputFilePath, const std::string& strPdbFilePath, const std::string& strOutputFilePath);
bool run();
~Ryujin();
};

12
RyujinConsole/RyujinConsole/RyujinBasicBlock.hh Normal file
View File

@@ -0,0 +1,12 @@
#pragma once
#include "RyujinInstruction.hh"
class RyujinBasicBlock {
public:
std::vector<RyujinInstruction> instructions;
std::vector<std::vector<ZyanU8>> opcodes;
uintptr_t start_address;
uintptr_t end_address;
};

2
RyujinConsole/RyujinConsole/RyujinConsole.cpp → RyujinConsole/RyujinConsole/RyujinConsole.cc
View File

@@ -7,6 +7,8 @@ auto main() -> int {
std::unique_ptr<Ryujin> ryujin = std::make_unique<Ryujin>("C:\\Users\\Keowu\\Documents\\GitHub\\MoFei\\x64\\Debug\\DemoObfuscation.exe", "C:\\Users\\Keowu\\Documents\\GitHub\\MoFei\\x64\\Debug\\DemoObfuscation.pdb", "C:\\Users\\Keowu\\Documents\\GitHub\\MoFei\\x64\\Debug\\DemoObfuscation2.exe");
ryujin.get()->run();
ryujin.reset();
return 0;

10
RyujinConsole/RyujinConsole/RyujinConsole.vcxproj
View File

@@ -80,6 +80,7 @@
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<AdditionalDependencies>DbgHelp.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
@@ -96,6 +97,7 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<GenerateDebugInformation>true</GenerateDebugInformation>
<AdditionalDependencies>DbgHelp.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
@@ -108,6 +110,7 @@
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<AdditionalDependencies>DbgHelp.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
@@ -124,15 +127,20 @@
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<GenerateDebugInformation>true</GenerateDebugInformation>
<AdditionalDependencies>DbgHelp.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemGroup>
<ClCompile Include="Ryujin.cc" />
<ClCompile Include="RyujinConsole.cpp" />
<ClCompile Include="RyujinConsole.cc" />
<ClCompile Include="RyujinUtils.cc" />
</ItemGroup>
<ItemGroup>
<ClInclude Include="Ryujin.hh" />
<ClInclude Include="RyujinBasicBlock.hh" />
<ClInclude Include="RyujinInstruction.hh" />
<ClInclude Include="RyujinPdbParsing.hh" />
<ClInclude Include="RyujinProcedure.hh" />
<ClInclude Include="RyujinUtils.hh" />
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />

40
RyujinConsole/RyujinConsole/RyujinConsole.vcxproj.filters
View File

@@ -13,24 +13,48 @@
<UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
<Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
</Filter>
<Filter Include="Ryujin">
<UniqueIdentifier>{a6c99d12-960c-49be-b336-4f46735958f6}</UniqueIdentifier>
</Filter>
<Filter Include="Ryujin\Utils">
<UniqueIdentifier>{f30d7f79-63e4-4d53-b9b2-a6e9a867335f}</UniqueIdentifier>
</Filter>
<Filter Include="Ryujin\PDB">
<UniqueIdentifier>{82c4bcff-ab3c-4c0e-b8ee-d04135859e2b}</UniqueIdentifier>
</Filter>
<Filter Include="Ryujin\Models">
<UniqueIdentifier>{df02e440-42fd-4d5d-ace9-62fb1891e33c}</UniqueIdentifier>
</Filter>
</ItemGroup>
<ItemGroup>
<ClCompile Include="RyujinConsole.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="Ryujin.cc">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="RyujinUtils.cc">
<Filter>Source Files</Filter>
<Filter>Ryujin\Utils</Filter>
</ClCompile>
<ClCompile Include="RyujinConsole.cc">
<Filter>Ryujin</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="Ryujin.hh">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="RyujinUtils.hh">
<Filter>Header Files</Filter>
<Filter>Ryujin\Utils</Filter>
</ClInclude>
<ClInclude Include="RyujinPdbParsing.hh">
<Filter>Ryujin\PDB</Filter>
</ClInclude>
<ClInclude Include="Ryujin.hh">
<Filter>Ryujin</Filter>
</ClInclude>
<ClInclude Include="RyujinProcedure.hh">
<Filter>Ryujin\Models</Filter>
</ClInclude>
<ClInclude Include="RyujinBasicBlock.hh">
<Filter>Ryujin\Models</Filter>
</ClInclude>
<ClInclude Include="RyujinInstruction.hh">
<Filter>Ryujin\Models</Filter>
</ClInclude>
</ItemGroup>
</Project>

7
RyujinConsole/RyujinConsole/RyujinInstruction.hh Normal file
View File

@@ -0,0 +1,7 @@
struct RyujinInstruction {
ZydisDisassembledInstruction instruction;
uintptr_t addressofinstruction;
};

19
RyujinConsole/RyujinConsole/RyujinPdbParsing.hh Normal file
View File

@@ -0,0 +1,19 @@
#pragma once
#include "RyujinProcedure.hh"
//#include <dbghelp.h>
//#pragma comment(lib, "DbgHelp.lib")
class RyujinPdbParsing {
public:
static std::vector<RyujinProcedure> ExtractProceduresFromPdb(uintptr_t mappedPebase, uintptr_t m_szFile, const std::string& m_strInputFilePath, const std::string& m_strPdbFilePath) {
std::vector<RyujinProcedure> procs;
return procs;
}
};

13
RyujinConsole/RyujinConsole/RyujinProcedure.hh Normal file
View File

@@ -0,0 +1,13 @@
#pragma once
#include "RyujinBasicBlock.hh"
class RyujinProcedure {
public:
std::string name;
uintptr_t imagebase;
uintptr_t address;
uintptr_t size;
std::vector<RyujinBasicBlock> basic_blocks;
};