From ac2d80c371dd2c58d9aed2deb3d550c789b05907 Mon Sep 17 00:00:00 2001
From: keowu <joaovitordev@protonmail.ch>
Date: Thu, 17 Jul 2025 21:02:09 -0300
Subject: [PATCH] feat: Expanding Break Decompilers and Disassemblers feature

- The disassembler and decompiler's break feature now supports multiple techniques, inspired by a talk from BinjaDev at Off by One Conf. I've researched new capabilities to expand on this idea. The code has also been significantly improved to be more efficient and dynamic, allowing for future enhancements.
- Updated README.md to include the new Memory Protection feature.
---
 README.md                                     |  1 +
 .../RyujinCore/RyujinObfuscationCore.cc       | 26 ++++++++++++-------
 2 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/README.md b/README.md
index 3df771d..9d6dedb 100644
--- a/README.md
+++ b/README.md
@@ -19,6 +19,7 @@
 - Troll Reversers(Exclusive)
 - Anti-Dump
 - Anti-Disassembly + Anti-Decompiler
+- Memory Protection(CRC32 - Planned - **TODO**)
 - Custom Passes(Planned - **TODO**)
 
 ---
diff --git a/RyujinCore/Ryujin/RyujinCore/RyujinObfuscationCore.cc b/RyujinCore/Ryujin/RyujinCore/RyujinObfuscationCore.cc
index c122c42..5d8ba2c 100644
--- a/RyujinCore/Ryujin/RyujinCore/RyujinObfuscationCore.cc
+++ b/RyujinCore/Ryujin/RyujinCore/RyujinObfuscationCore.cc
@@ -1951,17 +1951,25 @@ void RyujinObfuscationCore::updateBasicBlocksContext() {
 
 void RyujinObfuscationCore::insertBreakDecompilers(asmjit::x86::Assembler& a) {
 
-	//Breaking Decompilers(https://youtu.be/6UlxrDYng88?t=1287)
-	a.push(asmjit::x86::rbx);
-
-	std::vector<unsigned char> breakDecompilerOneByteTrick{
-
-		0xEB, 0xFF, 0xC3
+	//Inspired by Breaking Decompilers(https://youtu.be/6UlxrDYng88?t=1287)
+	const std::vector<std::pair<asmjit::x86::Gp, std::vector<uint8_t>>> tricks = {
+		
+		{ asmjit::x86::rbx, { 0xEB, 0xFF, 0xC3 } },
+		{ asmjit::x86::rdx, { 0xEB, 0xFF, 0xC2, 0x90, 0x90 } },
+		{ asmjit::x86::rcx, { 0xEB, 0xFF, 0xC9 } },
+		{ asmjit::x86::rax, { 0xEB, 0xFF, 0xC0, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 } }
 
 	};
-	a.embed(breakDecompilerOneByteTrick.data(), breakDecompilerOneByteTrick.size());
-	
-	a.pop(asmjit::x86::rbx);
+
+	static std::mt19937 rng(static_cast<unsigned>(std::time(nullptr)));
+	std::uniform_int_distribution<size_t> dist(0, tricks.size() - 1);
+	const auto& selected = tricks[dist(rng)];
+	const auto& reg = selected.first;
+	const auto& bytes = selected.second;
+
+	a.push(reg);
+	a.embed(bytes.data(), bytes.size());
+	a.pop(reg);
 
 }