admin/Ryujin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Base for Simple-Virtualization Feature

Browse Source 
- Prepare the codebase for the upcoming simple-virtualization feature for Ryujin.
This commit is contained in:
keowu
2025-06-10 20:59:53 -03:00
parent a3a4f9884a
commit b1b309d32f
3 changed files with 20 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
RyujinConsole/RyujinConsole/Ryujin/RyujinCore/RyujinObfuscationCore.cc
View File

@@ -436,6 +436,12 @@ void RyujinObfuscationCore::insertJunkCode() {
} }
void RyujinObfuscationCore::insertVirtualization() {
//TODO
}
void RyujinObfuscationCore::updateBasicBlocksContext() { void RyujinObfuscationCore::updateBasicBlocksContext() {
auto new_obfuscated_opcodes = getProcessedProc().getUpdateOpcodes(); auto new_obfuscated_opcodes = getProcessedProc().getUpdateOpcodes();
@@ -455,7 +461,7 @@ BOOL RyujinObfuscationCore::Run() {
//Obfuscate IAT for the configured procedures //Obfuscate IAT for the configured procedures
if (m_config.m_isIatObfuscation) { if (m_config.m_isIatObfuscation) {
//First obfuscate IAT // Obfuscate IAT
obfuscateIat(); obfuscateIat();
//Update our basic blocks context to rely 1-1 for the new obfuscated opcodes. //Update our basic blocks context to rely 1-1 for the new obfuscated opcodes.
@@ -463,9 +469,19 @@ BOOL RyujinObfuscationCore::Run() {
} }
if (m_config.m_isVirtualized) {
// Insert Virtualization
insertVirtualization();
//Update our basic blocks context to rely 1-1 for the new obfuscated opcodes.
this->updateBasicBlocksContext();
}
if (m_config.m_isJunkCode) { if (m_config.m_isJunkCode) {
//First let's insert junk code // Insert junk code
insertJunkCode(); insertJunkCode();
//Update our basic blocks context to rely 1-1 for the new obfuscated opcodes. //Update our basic blocks context to rely 1-1 for the new obfuscated opcodes.
@@ -473,10 +489,6 @@ BOOL RyujinObfuscationCore::Run() {
} }
/*
if (m_config.m_isVirtualized) todoAction();
*/
return TRUE; return TRUE;
} }

1
RyujinConsole/RyujinConsole/Ryujin/RyujinCore/RyujinObfuscationCore.hh
View File

@@ -28,6 +28,7 @@ private:
void addPaddingSpaces(); void addPaddingSpaces();
void obfuscateIat(); void obfuscateIat();
void insertJunkCode(); void insertJunkCode();
void insertVirtualization();
std::vector<uint8_t> fix_branch_near_far_short(uint8_t original_opcode, uint64_t jmp_address, uint64_t target_address); std::vector<uint8_t> fix_branch_near_far_short(uint8_t original_opcode, uint64_t jmp_address, uint64_t target_address);
uint32_t findOpcodeOffset(const uint8_t* data, size_t dataSize, const void* opcode, size_t opcodeSize); uint32_t findOpcodeOffset(const uint8_t* data, size_t dataSize, const void* opcode, size_t opcodeSize);

2
RyujinConsole/RyujinConsole/RyujinConsole.cc
View File

@@ -13,7 +13,7 @@ auto main() -> int {
config.m_isIgnoreOriginalCodeRemove = FALSE; config.m_isIgnoreOriginalCodeRemove = FALSE;
config.m_isJunkCode = TRUE; config.m_isJunkCode = TRUE;
config.m_isRandomSection = FALSE; config.m_isRandomSection = FALSE;
config.m_isVirtualized = FALSE; config.m_isVirtualized = TRUE;
config.m_isIatObfuscation = TRUE; config.m_isIatObfuscation = TRUE;
config.m_isEncryptObfuscatedCode = FALSE; config.m_isEncryptObfuscatedCode = FALSE;
std::vector<std::string> procsToObfuscate{ std::vector<std::string> procsToObfuscate{