feat: Ryujin Models, PDB, Utils

- Organizing Ryujin code models
- PDB Parsing
- Utils
- More

RyujinConsole/RyujinConsole/Ryujin.cc

@@ -3,9 +3,66 @@
 Ryujin::Ryujin(const std::string& strInputFilePath, const std::string& strPdbFilePath, const std::string& strOutputFilePath) :
 m_strInputFilePath(strInputFilePath), m_strOutputFilePath(strOutputFilePath), m_strPdbFilePath(strPdbFilePath) {
 
-	RyujinUtils::MapPortableExecutableFileIntoMemory(m_strInputFilePath, m_mappedPE);
+	auto mappedInfo = RyujinUtils::MapPortableExecutableFileIntoMemory(m_strInputFilePath, m_mappedPE);
 
-	std::printf("Goingggg :D\n0");
+	m_szFile = mappedInfo.second;
+	m_isInitialized = mappedInfo.first;
+
+	if (!m_isInitialized) {
+
+		OutputDebugStringA("Ryujin::Ryujin: failed to initilize.\n");
+
+	}
+
+}
+
+bool Ryujin::run() {
+
+	auto imgDos = reinterpret_cast<PIMAGE_DOS_HEADER>(m_mappedPE.get());
+
+	if (imgDos->e_magic != IMAGE_DOS_SIGNATURE) {
+
+		OutputDebugStringA(
+			
+			_In_ "Ryujin::run: Invalid PE File.\n"
+		
+		);
+
+		return FALSE;
+	}
+
+	auto imgNt = reinterpret_cast<PIMAGE_NT_HEADERS>(m_mappedPE.get() + imgDos->e_lfanew);
+
+	if (imgNt->Signature != IMAGE_NT_SIGNATURE) {
+
+		OutputDebugStringA(
+			
+			_In_ "Ryujin::run: Invalid NT headers for the input PE File.\n"
+		
+		);
+
+		return FALSE;
+	}
+
+	if (!m_isInitialized) {
+
+		OutputDebugStringA(
+			
+			_In_ "Ryujin::Ryujin: not initilized.\n"
+		
+		);
+
+		return FALSE;
+	}
+
+	auto syms = RyujinPdbParsing::ExtractProceduresFromPdb(
+		
+		reinterpret_cast<uintptr_t>(m_mappedPE.get()),
+		m_szFile,
+		m_strInputFilePath,
+		m_strPdbFilePath
+	
+	);
 
 }
 

RyujinConsole/RyujinConsole/Ryujin.hh

@@ -1,6 +1,10 @@
 #pragma once
+#include <Zydis/Zydis.h>
+#include <Zydis/SharedTypes.h>
 #include <iostream>
 #include <memory>
+#include <vector>
+#include "RyujinPdbParsing.hh"
 #include "RyujinUtils.hh"
 
 class Ryujin {
@@ -10,9 +14,12 @@ private:
 	const std::string& m_strInputFilePath;
 	const std::string& m_strPdbFilePath;
 	const std::string& m_strOutputFilePath;
+	uintptr_t m_szFile;
+	BOOL m_isInitialized;
 
 public:
 	Ryujin(const std::string& strInputFilePath, const std::string& strPdbFilePath, const std::string& strOutputFilePath);
+	bool run();
 	~Ryujin();
 
 };

RyujinConsole/RyujinConsole/RyujinBasicBlock.hh

@@ -0,0 +1,12 @@
+#pragma once
+#include "RyujinInstruction.hh"
+
+class RyujinBasicBlock {
+
+public:
+	std::vector<RyujinInstruction> instructions;
+	std::vector<std::vector<ZyanU8>> opcodes;
+	uintptr_t start_address;
+	uintptr_t end_address;
+
+};

RyujinConsole/RyujinConsole/RyujinConsole.cc

@@ -7,6 +7,8 @@ auto main() -> int {
 
     std::unique_ptr<Ryujin> ryujin = std::make_unique<Ryujin>("C:\\Users\\Keowu\\Documents\\GitHub\\MoFei\\x64\\Debug\\DemoObfuscation.exe", "C:\\Users\\Keowu\\Documents\\GitHub\\MoFei\\x64\\Debug\\DemoObfuscation.pdb", "C:\\Users\\Keowu\\Documents\\GitHub\\MoFei\\x64\\Debug\\DemoObfuscation2.exe");
 
+    ryujin.get()->run();
+
     ryujin.reset();
 
     return 0;

RyujinConsole/RyujinConsole/RyujinConsole.vcxproj

@@ -80,6 +80,7 @@
     <Link>
       <SubSystem>Console</SubSystem>
       <GenerateDebugInformation>true</GenerateDebugInformation>
+      <AdditionalDependencies>DbgHelp.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
@@ -96,6 +97,7 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
       <OptimizeReferences>true</OptimizeReferences>
       <GenerateDebugInformation>true</GenerateDebugInformation>
+      <AdditionalDependencies>DbgHelp.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
@@ -108,6 +110,7 @@
     <Link>
       <SubSystem>Console</SubSystem>
       <GenerateDebugInformation>true</GenerateDebugInformation>
+      <AdditionalDependencies>DbgHelp.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
@@ -124,15 +127,20 @@
       <EnableCOMDATFolding>true</EnableCOMDATFolding>
       <OptimizeReferences>true</OptimizeReferences>
       <GenerateDebugInformation>true</GenerateDebugInformation>
+      <AdditionalDependencies>DbgHelp.lib;%(AdditionalDependencies)</AdditionalDependencies>
     </Link>
   </ItemDefinitionGroup>
   <ItemGroup>
     <ClCompile Include="Ryujin.cc" />
-    <ClCompile Include="RyujinConsole.cpp" />
+    <ClCompile Include="RyujinConsole.cc" />
     <ClCompile Include="RyujinUtils.cc" />
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="Ryujin.hh" />
+    <ClInclude Include="RyujinBasicBlock.hh" />
+    <ClInclude Include="RyujinInstruction.hh" />
+    <ClInclude Include="RyujinPdbParsing.hh" />
+    <ClInclude Include="RyujinProcedure.hh" />
     <ClInclude Include="RyujinUtils.hh" />
   </ItemGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />

RyujinConsole/RyujinConsole/RyujinConsole.vcxproj.filters

@@ -13,24 +13,48 @@
       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
     </Filter>
+    <Filter Include="Ryujin">
+      <UniqueIdentifier>{a6c99d12-960c-49be-b336-4f46735958f6}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="Ryujin\Utils">
+      <UniqueIdentifier>{f30d7f79-63e4-4d53-b9b2-a6e9a867335f}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="Ryujin\PDB">
+      <UniqueIdentifier>{82c4bcff-ab3c-4c0e-b8ee-d04135859e2b}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="Ryujin\Models">
+      <UniqueIdentifier>{df02e440-42fd-4d5d-ace9-62fb1891e33c}</UniqueIdentifier>
+    </Filter>
   </ItemGroup>
   <ItemGroup>
-    <ClCompile Include="RyujinConsole.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
     <ClCompile Include="Ryujin.cc">
       <Filter>Source Files</Filter>
     </ClCompile>
     <ClCompile Include="RyujinUtils.cc">
-      <Filter>Source Files</Filter>
+      <Filter>Ryujin\Utils</Filter>
+    </ClCompile>
+    <ClCompile Include="RyujinConsole.cc">
+      <Filter>Ryujin</Filter>
     </ClCompile>
   </ItemGroup>
   <ItemGroup>
-    <ClInclude Include="Ryujin.hh">
-      <Filter>Header Files</Filter>
-    </ClInclude>
     <ClInclude Include="RyujinUtils.hh">
-      <Filter>Header Files</Filter>
+      <Filter>Ryujin\Utils</Filter>
+    </ClInclude>
+    <ClInclude Include="RyujinPdbParsing.hh">
+      <Filter>Ryujin\PDB</Filter>
+    </ClInclude>
+    <ClInclude Include="Ryujin.hh">
+      <Filter>Ryujin</Filter>
+    </ClInclude>
+    <ClInclude Include="RyujinProcedure.hh">
+      <Filter>Ryujin\Models</Filter>
+    </ClInclude>
+    <ClInclude Include="RyujinBasicBlock.hh">
+      <Filter>Ryujin\Models</Filter>
+    </ClInclude>
+    <ClInclude Include="RyujinInstruction.hh">
+      <Filter>Ryujin\Models</Filter>
     </ClInclude>
   </ItemGroup>
 </Project>

RyujinConsole/RyujinConsole/RyujinInstruction.hh

@@ -0,0 +1,7 @@
+
+struct RyujinInstruction {
+
+    ZydisDisassembledInstruction instruction;
+    uintptr_t addressofinstruction;
+
+};

RyujinConsole/RyujinConsole/RyujinPdbParsing.hh

@@ -0,0 +1,19 @@
+#pragma once
+#include "RyujinProcedure.hh"
+//#include <dbghelp.h>
+
+//#pragma comment(lib, "DbgHelp.lib")
+
+class RyujinPdbParsing {
+
+public:
+
+
+	static std::vector<RyujinProcedure> ExtractProceduresFromPdb(uintptr_t mappedPebase, uintptr_t m_szFile, const std::string& m_strInputFilePath, const std::string& m_strPdbFilePath) {
+
+		std::vector<RyujinProcedure> procs;
+
+		return procs;
+	}
+
+};

RyujinConsole/RyujinConsole/RyujinProcedure.hh

@@ -0,0 +1,13 @@
+#pragma once
+#include "RyujinBasicBlock.hh"
+
+class RyujinProcedure {
+
+public:
+    std::string name;
+    uintptr_t imagebase;
+    uintptr_t address;
+    uintptr_t size;
+    std::vector<RyujinBasicBlock> basic_blocks;
+
+};