admin/Ryujin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Refactored code for Ryujin console arguments, fixed typos, and resolved instruction-padding logic issues. Fixed temporary variable bug in MBA equivalence generation and more

Browse Source 
- Fixed bugs reported by third parties (instruction-override issues, padding-space logic, and more)
- Corrected typos (translated comments/examples to English)
- Fully refactored the Ryujin console (arguments now handled via the argparser library)
- MBA pass: fixed equivalence-logic issues when generating MBA instructions for original operations
- Updated DemoObfuscation usage examples
This commit is contained in:
keowu
2025-11-19 21:07:19 -03:00
parent bc91576ecb
commit 04063714da
11 changed files with 2720 additions and 119 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
TestsBinary/DemoObfuscation/DemoObfuscation.cc
View File

@@ -4,7 +4,7 @@
#include <string>
#include <cstdint>
// Test MBA with: RyujinConsole.exe --input DemoObfuscation.exe --pdb DemoObfuscation.pdb --output DemoObfuscation.ryujin.exe --iat --procs main,mba_sub,mba_subadd,mba_sum,mba_f01,mba_f02,mba_f03,mba_f04,mba_f05,mba_f06,mba_f07,mba_f08,mba_f09,mba_f10,mba_f11,mba_f12,mba_f13,mba_f14,mba_f15,mba_f16,mba_f17,mba_f18,mba_f19,mba_f20,mba_f21,mba_f22,mba_f23,mba_f24,mba_f25,mba_f26,mba_f27,mba_f28,mba_f29,mba_f30,mba_f31,mba_f32,mba_f33,mba_f34,mba_f35,mba_f36,mba_f37,mba_f38,mba_f39,mba_f40,mba_f41,mba_f42,mba_f43,mba_f44,mba_f45,mba_f46,mba_f47,mba_f48,mba_f49,mba_f50,mba_f51,mba_f52,mba_f53,mba_f54,mba_f55,mba_f56,mba_f57,mba_f58,mba_f59,mba_f60,mba_f61,mba_f62,mba_f63,mba_f64,mba_f65,mba_f66,mba_f67,mba_f68,mba_f69,mba_f70,mba_f71,mba_f72,mba_f73,mba_f74,mba_f75,mba_f76,mba_f77,mba_f78,mba_f79,mba_f80,mba_f81,mba_f82,mba_f83,mba_f84,mba_f85,mba_f86,mba_f87,mba_f88,mba_f89,mba_f90,mba_f91,mba_f92,mba_f93,mba_f94,mba_f95,mba_f96,mba_f97,mba_f98,mba_f99,mba_f100,mba_encrypt32,invoke_main,__scrt_common_main,j___security_init_cookie
// Test MBA with: RyujinConsole.exe --input DemoObfuscation.exe --pdb DemoObfuscation.pdb --output DemoObfuscation.ryujin.exe --procs main,sub,subadd,sum,invoke_main,__scrt_common_main,j___security_init_cookie,mba_sub,mba_subadd,mba_sum,mba_f01,mba_f02,mba_f03,mba_f04,mba_f05,mba_f06,mba_f07,mba_f08,mba_f09,mba_f10,mba_f11,mba_f12,mba_f13,mba_f14,mba_f15,mba_f16,mba_f17,mba_f18,mba_f19,mba_f20,mba_f21,mba_f22,mba_f23,mba_f24,mba_f25,mba_f26,mba_f27,mba_f28,mba_f29,mba_f30,mba_f31,mba_f32,mba_f33,mba_f34,mba_f35,mba_f36,mba_f37,mba_f38,mba_f39,mba_f40,mba_f41,mba_f42,mba_f43,mba_f44,mba_f45,mba_f46,mba_f47,mba_f48,mba_f49,mba_f50,mba_f51,mba_f52,mba_f53,mba_f54,mba_f55,mba_f56,mba_f57,mba_f58,mba_f59,mba_f60,mba_f61,mba_f62,mba_f63,mba_f64,mba_f65,mba_f66,mba_f67,mba_f68,mba_f69,mba_f70,mba_f71,mba_f72,mba_f73,mba_f74,mba_f75,mba_f76,mba_f77,mba_f78,mba_f79,mba_f80,mba_f81,mba_f82,mba_f83,mba_f84,mba_f85,mba_f86,mba_f87,mba_f88,mba_f89,mba_f90,mba_f91,mba_f92,mba_f93,mba_f94,mba_f95,mba_f96,mba_f97,mba_f98,mba_f99,mba_f100
static uint32_t mba_f01(uint32_t x) { return x + 0x9E3779B1u; }
static uint32_t mba_f02(uint32_t x) { return x - 0x3C6EF372u; }
static uint32_t mba_f03(uint32_t x) { return x * 1664525u; }