From 82a15d535802b5659458250b0565e04868543fd6 Mon Sep 17 00:00:00 2001 From: keowu Date: Fri, 23 May 2025 22:04:08 -0300 Subject: [PATCH] feat: Ryujin Models, PDB, Utils - Organizing Ryujin code models - PDB Parsing - Utils - More --- RyujinConsole/RyujinConsole/Ryujin.cc | 61 ++++++++++++++++++- RyujinConsole/RyujinConsole/Ryujin.hh | 7 +++ .../RyujinConsole/RyujinBasicBlock.hh | 12 ++++ .../{RyujinConsole.cpp => RyujinConsole.cc} | 2 + .../RyujinConsole/RyujinConsole.vcxproj | 10 ++- .../RyujinConsole.vcxproj.filters | 40 +++++++++--- .../RyujinConsole/RyujinInstruction.hh | 7 +++ .../RyujinConsole/RyujinPdbParsing.hh | 19 ++++++ .../RyujinConsole/RyujinProcedure.hh | 13 ++++ 9 files changed, 160 insertions(+), 11 deletions(-) create mode 100644 RyujinConsole/RyujinConsole/RyujinBasicBlock.hh rename RyujinConsole/RyujinConsole/{RyujinConsole.cpp => RyujinConsole.cc} (94%) create mode 100644 RyujinConsole/RyujinConsole/RyujinInstruction.hh create mode 100644 RyujinConsole/RyujinConsole/RyujinPdbParsing.hh create mode 100644 RyujinConsole/RyujinConsole/RyujinProcedure.hh diff --git a/RyujinConsole/RyujinConsole/Ryujin.cc b/RyujinConsole/RyujinConsole/Ryujin.cc index 9b68c71..e305633 100644 --- a/RyujinConsole/RyujinConsole/Ryujin.cc +++ b/RyujinConsole/RyujinConsole/Ryujin.cc @@ -3,9 +3,66 @@ Ryujin::Ryujin(const std::string& strInputFilePath, const std::string& strPdbFilePath, const std::string& strOutputFilePath) : m_strInputFilePath(strInputFilePath), m_strOutputFilePath(strOutputFilePath), m_strPdbFilePath(strPdbFilePath) { - RyujinUtils::MapPortableExecutableFileIntoMemory(m_strInputFilePath, m_mappedPE); + auto mappedInfo = RyujinUtils::MapPortableExecutableFileIntoMemory(m_strInputFilePath, m_mappedPE); - std::printf("Goingggg :D\n0"); + m_szFile = mappedInfo.second; + m_isInitialized = mappedInfo.first; + + if (!m_isInitialized) { + + OutputDebugStringA("Ryujin::Ryujin: failed to initilize.\n"); + + } + +} + +bool Ryujin::run() { + + auto imgDos = reinterpret_cast(m_mappedPE.get()); + + if (imgDos->e_magic != IMAGE_DOS_SIGNATURE) { + + OutputDebugStringA( + + _In_ "Ryujin::run: Invalid PE File.\n" + + ); + + return FALSE; + } + + auto imgNt = reinterpret_cast(m_mappedPE.get() + imgDos->e_lfanew); + + if (imgNt->Signature != IMAGE_NT_SIGNATURE) { + + OutputDebugStringA( + + _In_ "Ryujin::run: Invalid NT headers for the input PE File.\n" + + ); + + return FALSE; + } + + if (!m_isInitialized) { + + OutputDebugStringA( + + _In_ "Ryujin::Ryujin: not initilized.\n" + + ); + + return FALSE; + } + + auto syms = RyujinPdbParsing::ExtractProceduresFromPdb( + + reinterpret_cast(m_mappedPE.get()), + m_szFile, + m_strInputFilePath, + m_strPdbFilePath + + ); } diff --git a/RyujinConsole/RyujinConsole/Ryujin.hh b/RyujinConsole/RyujinConsole/Ryujin.hh index 73ad84d..fb6b296 100644 --- a/RyujinConsole/RyujinConsole/Ryujin.hh +++ b/RyujinConsole/RyujinConsole/Ryujin.hh @@ -1,6 +1,10 @@ #pragma once +#include +#include #include #include +#include +#include "RyujinPdbParsing.hh" #include "RyujinUtils.hh" class Ryujin { @@ -10,9 +14,12 @@ private: const std::string& m_strInputFilePath; const std::string& m_strPdbFilePath; const std::string& m_strOutputFilePath; + uintptr_t m_szFile; + BOOL m_isInitialized; public: Ryujin(const std::string& strInputFilePath, const std::string& strPdbFilePath, const std::string& strOutputFilePath); + bool run(); ~Ryujin(); }; diff --git a/RyujinConsole/RyujinConsole/RyujinBasicBlock.hh b/RyujinConsole/RyujinConsole/RyujinBasicBlock.hh new file mode 100644 index 0000000..001c9d9 --- /dev/null +++ b/RyujinConsole/RyujinConsole/RyujinBasicBlock.hh @@ -0,0 +1,12 @@ +#pragma once +#include "RyujinInstruction.hh" + +class RyujinBasicBlock { + +public: + std::vector instructions; + std::vector> opcodes; + uintptr_t start_address; + uintptr_t end_address; + +}; \ No newline at end of file diff --git a/RyujinConsole/RyujinConsole/RyujinConsole.cpp b/RyujinConsole/RyujinConsole/RyujinConsole.cc similarity index 94% rename from RyujinConsole/RyujinConsole/RyujinConsole.cpp rename to RyujinConsole/RyujinConsole/RyujinConsole.cc index 7b13c99..e18b475 100644 --- a/RyujinConsole/RyujinConsole/RyujinConsole.cpp +++ b/RyujinConsole/RyujinConsole/RyujinConsole.cc @@ -7,6 +7,8 @@ auto main() -> int { std::unique_ptr ryujin = std::make_unique("C:\\Users\\Keowu\\Documents\\GitHub\\MoFei\\x64\\Debug\\DemoObfuscation.exe", "C:\\Users\\Keowu\\Documents\\GitHub\\MoFei\\x64\\Debug\\DemoObfuscation.pdb", "C:\\Users\\Keowu\\Documents\\GitHub\\MoFei\\x64\\Debug\\DemoObfuscation2.exe"); + ryujin.get()->run(); + ryujin.reset(); return 0; diff --git a/RyujinConsole/RyujinConsole/RyujinConsole.vcxproj b/RyujinConsole/RyujinConsole/RyujinConsole.vcxproj index 840da56..d6857fc 100644 --- a/RyujinConsole/RyujinConsole/RyujinConsole.vcxproj +++ b/RyujinConsole/RyujinConsole/RyujinConsole.vcxproj @@ -80,6 +80,7 @@ Console true + DbgHelp.lib;%(AdditionalDependencies) @@ -96,6 +97,7 @@ true true true + DbgHelp.lib;%(AdditionalDependencies) @@ -108,6 +110,7 @@ Console true + DbgHelp.lib;%(AdditionalDependencies) @@ -124,15 +127,20 @@ true true true + DbgHelp.lib;%(AdditionalDependencies) - + + + + + diff --git a/RyujinConsole/RyujinConsole/RyujinConsole.vcxproj.filters b/RyujinConsole/RyujinConsole/RyujinConsole.vcxproj.filters index cd2aaad..6856148 100644 --- a/RyujinConsole/RyujinConsole/RyujinConsole.vcxproj.filters +++ b/RyujinConsole/RyujinConsole/RyujinConsole.vcxproj.filters @@ -13,24 +13,48 @@ {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms + + {a6c99d12-960c-49be-b336-4f46735958f6} + + + {f30d7f79-63e4-4d53-b9b2-a6e9a867335f} + + + {82c4bcff-ab3c-4c0e-b8ee-d04135859e2b} + + + {df02e440-42fd-4d5d-ace9-62fb1891e33c} + - - Source Files - Source Files - Source Files + Ryujin\Utils + + + Ryujin - - Header Files - - Header Files + Ryujin\Utils + + + Ryujin\PDB + + + Ryujin + + + Ryujin\Models + + + Ryujin\Models + + + Ryujin\Models \ No newline at end of file diff --git a/RyujinConsole/RyujinConsole/RyujinInstruction.hh b/RyujinConsole/RyujinConsole/RyujinInstruction.hh new file mode 100644 index 0000000..ca0353a --- /dev/null +++ b/RyujinConsole/RyujinConsole/RyujinInstruction.hh @@ -0,0 +1,7 @@ + +struct RyujinInstruction { + + ZydisDisassembledInstruction instruction; + uintptr_t addressofinstruction; + +}; \ No newline at end of file diff --git a/RyujinConsole/RyujinConsole/RyujinPdbParsing.hh b/RyujinConsole/RyujinConsole/RyujinPdbParsing.hh new file mode 100644 index 0000000..16c6ce0 --- /dev/null +++ b/RyujinConsole/RyujinConsole/RyujinPdbParsing.hh @@ -0,0 +1,19 @@ +#pragma once +#include "RyujinProcedure.hh" +//#include + +//#pragma comment(lib, "DbgHelp.lib") + +class RyujinPdbParsing { + +public: + + + static std::vector ExtractProceduresFromPdb(uintptr_t mappedPebase, uintptr_t m_szFile, const std::string& m_strInputFilePath, const std::string& m_strPdbFilePath) { + + std::vector procs; + + return procs; + } + +}; \ No newline at end of file diff --git a/RyujinConsole/RyujinConsole/RyujinProcedure.hh b/RyujinConsole/RyujinConsole/RyujinProcedure.hh new file mode 100644 index 0000000..6776adb --- /dev/null +++ b/RyujinConsole/RyujinConsole/RyujinProcedure.hh @@ -0,0 +1,13 @@ +#pragma once +#include "RyujinBasicBlock.hh" + +class RyujinProcedure { + +public: + std::string name; + uintptr_t imagebase; + uintptr_t address; + uintptr_t size; + std::vector basic_blocks; + +}; \ No newline at end of file