admin/Ryujin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Begin working on AntiDebug + TrollReversers features

Browse Source 
- Started working on the initial concept and base implementation for AntiDebug detection.
- The goal is to use stealthy techniques (similar to Themida) to detect debugging attempts.
- An additional feature is being developed to troll reverse engineers by triggering a forced BSOD upon detection, causing them to lose their analysis progress.
This commit is contained in:
keowu
2025-07-04 16:39:43 -03:00
parent 370e855413
commit bc265c6d6b
5 changed files with 57 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
RyujinConsole/RyujinConsole/RyujinConsole.cc
View File

@@ -29,7 +29,7 @@ Options:
--help Show this help message
In Action Usage Example:
RyujinConsole.exe --input C:\\Users\\Keowu\\Documents\\GitHub\\Ryujin\\compiled\\release\\DemoObfuscation.exe --pdb C:\\Users\\Keowu\\Documents\\GitHub\\Ryujin\\compiled\\release\\RyujinConsole.pdb --output C:\\Users\\Keowu\\Documents\\GitHub\\Ryujin\\compiled\\release\\DemoObfuscation.ryujin.exe --virtualize --junk --encrypt --procs main,sub,subadd,sum,invoke_main,__scrt_common_main,j___security_init_cookie
RyujinConsole.exe --input C:\\Users\\Keowu\\Documents\\GitHub\\Ryujin\\compiled\\release\\DemoObfuscation.exe --pdb C:\\Users\\Keowu\\Documents\\GitHub\\Ryujin\\compiled\\release\\RyujinConsole.pdb --output C:\\Users\\Keowu\\Documents\\GitHub\\Ryujin\\compiled\\release\\DemoObfuscation.ryujin.exe --virtualize --junk --encrypt --AntiDebug --troll --procs main,sub,subadd,sum,invoke_main,__scrt_common_main,j___security_init_cookie
)";
@@ -84,6 +84,8 @@ auto main(int argc, char* argv[]) -> int {
config.m_isVirtualized = has_flag(args, "--virtualize");
config.m_isIatObfuscation = has_flag(args, "--iat");
config.m_isEncryptObfuscatedCode = has_flag(args, "--encrypt");
config.m_isTrollRerversers = has_flag(args, "--troll");
config.m_isAntiDebug = has_flag(args, "--AntiDebug");
std::vector<std::string> procsToObfuscate;
if (has_flag(args, "--procs")) {

2
RyujinConsole/RyujinConsole/RyujinCore.hh
View File

@@ -12,6 +12,8 @@ public:
bool m_isJunkCode; // Insert junk code to confuse
bool m_isIgnoreOriginalCodeRemove; // Do not remove the original code after processing (replace the original instructions with NOPs)
bool m_isEncryptObfuscatedCode; // The user wants to encrypt all obfuscated code to avoid detection
bool m_isAntiDebug; // The user wants to avoid debuggers use while running a binary protected by Ryujin
bool m_isTrollRerversers; // The user wants to trick and use a special feature to troll reversers when their debugs be detected making they loose all the progress
std::vector<std::string> m_strProceduresToObfuscate; // Names of the procedures to obfuscate
bool RunRyujin(const std::string& strInputFilePath, const std::string& strPdbFilePath, const std::string& strOutputFilePath, RyujinObfuscatorConfig& config) {