feat: MSVC optimization bug fixes, FFI standard support, and Anti-Debug options in RyujinGui
- Fixed a bug related to MSVC optimizations that broke Ryujin's relocation algorithm and its fix-up logic. - Introduced a standardized FFI argument-passing method for Ryujin Core; the legacy method remains compatible. - Ryujin GUI now fully supports the Anti-Debug features. - Various minor bug fixes and improvements to project structure.
This commit is contained in:
keowu
@@ -1,3 +1,3 @@
|
||||
LIBRARY RyujinObfuscator
|
||||
EXPORTS
|
||||
RunRyujinCore = ?RunRyujinCore@@YAHAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@00AEAVRyujinObfuscatorConfig@@@Z
|
||||
RunRyujinCore = ?RunRyujinCore@@YAHPEBD00AEAVRyujinObfuscatorConfig@@@Z
|
||||
@@ -1,18 +1,27 @@
|
||||
#pragma once
|
||||
#include <string>
|
||||
|
||||
#define MAX_PROCEDURES 128
|
||||
#define MAX_PROCEDURE_NAME_LEN 128
|
||||
|
||||
struct RyujinObfuscatorProcs {
|
||||
int procedureCount;
|
||||
char procedures[MAX_PROCEDURES][MAX_PROCEDURE_NAME_LEN];
|
||||
};
|
||||
|
||||
class RyujinObfuscatorConfig {
|
||||
|
||||
public:
|
||||
bool m_isRandomSection; // Randomize the name of the new section with the processed code -> ".Ryujin" standard
|
||||
bool m_isVirtualized; // Virtualize the code [Try as much as possible]
|
||||
bool m_isIatObfuscation; //Process IAT Obfuscation
|
||||
bool m_isJunkCode; // Insert junk code to confuse
|
||||
bool m_isIgnoreOriginalCodeRemove; // Do not remove the original code after processing (replace the original instructions with NOPs)
|
||||
bool m_isEncryptObfuscatedCode; // The user wants to encrypt all obfuscated code to avoid detection
|
||||
bool m_isAntiDebug; // The user wants to avoid debuggers use while running a binary protected by Ryujin
|
||||
bool m_isTrollRerversers; // The user wants to trick and use a special feature to troll reversers when their debugs be detected making they loose all the progress
|
||||
std::vector<std::string> m_strProceduresToObfuscate; // Names of the procedures to obfuscate
|
||||
bool m_isRandomSection; // Randomize the name of the new section with the processed code -> ".Ryujin" standard
|
||||
bool m_isVirtualized; // Virtualize the code [Try as much as possible]
|
||||
bool m_isIatObfuscation; //Process IAT Obfuscation
|
||||
bool m_isJunkCode; // Insert junk code to confuse
|
||||
bool m_isIgnoreOriginalCodeRemove; // Do not remove the original code after processing (replace the original instructions with NOPs)
|
||||
bool m_isEncryptObfuscatedCode; // The user wants to encrypt all obfuscated code to avoid detection
|
||||
bool m_isAntiDebug; // The user wants to avoid debuggers use while running a binary protected by Ryujin
|
||||
bool m_isTrollRerversers; // The user wants to trick and use a special feature to troll reversers when their debugs be detected making they loose all the progress
|
||||
RyujinObfuscatorProcs m_strProceduresToObfuscate; // Names of the procedures to obfuscate - FFI
|
||||
std::vector<std::string> m_strdProceduresToObfuscate; // Names of the procedures to obfuscate
|
||||
// todo: passes
|
||||
|
||||
};
|
||||
@@ -83,7 +83,7 @@ bool Ryujin::run(const RyujinObfuscatorConfig& config) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (config.m_strProceduresToObfuscate.size() == 0) {
|
||||
if (config.m_strdProceduresToObfuscate.size() == 0) {
|
||||
|
||||
::OutputDebugStringA(
|
||||
|
||||
@@ -98,9 +98,9 @@ bool Ryujin::run(const RyujinObfuscatorConfig& config) {
|
||||
|
||||
for (auto& proc : m_ryujinProcedures) {
|
||||
|
||||
auto it = std::find(config.m_strProceduresToObfuscate.begin(), config.m_strProceduresToObfuscate.end(), proc.name);
|
||||
auto it = std::find(config.m_strdProceduresToObfuscate.begin(), config.m_strdProceduresToObfuscate.end(), proc.name);
|
||||
|
||||
if (it == config.m_strProceduresToObfuscate.end()) continue;
|
||||
if (it == config.m_strdProceduresToObfuscate.end()) continue;
|
||||
|
||||
std::printf(
|
||||
|
||||
|
||||
@@ -16,7 +16,7 @@
|
||||
class RyujinObfuscationCore {
|
||||
|
||||
private:
|
||||
const int MAX_PADDING_SPACE_INSTR = 13;
|
||||
const int MAX_PADDING_SPACE_INSTR = 14;
|
||||
const int MAX_JUNK_GENERATION_ITERATION = 5;
|
||||
std::vector<ZydisRegister> m_unusedRegisters;
|
||||
std::vector<RyujinBasicBlock> m_obfuscated_bb;
|
||||
|
||||
@@ -1,6 +1,25 @@
|
||||
#include "RyujinCore.hh"
|
||||
|
||||
RYUJINCORE_API BOOL __stdcall RunRyujinCore(const std::string& strInputFilePath, const std::string& strPdbFilePath, const std::string& strOutputFilePath, RyujinObfuscatorConfig& config) {
|
||||
/*
|
||||
Disable all optimizations before compile for release - MSVC sucks - Build ryujincore in debug or use contexpr mainly on fix relocs
|
||||
*/
|
||||
|
||||
RYUJINCORE_API BOOL __stdcall RunRyujinCore(const char* strInputFilePath, const char* strPdbFilePath, const char* strOutputFilePath, RyujinObfuscatorConfig& config) {
|
||||
|
||||
if (!strInputFilePath || !strPdbFilePath || !strOutputFilePath) return FALSE;
|
||||
|
||||
if (config.m_strdProceduresToObfuscate.empty()) {
|
||||
|
||||
std::vector<std::string> strProcsProcessed;
|
||||
|
||||
strProcsProcessed.reserve(config.m_strProceduresToObfuscate.procedureCount);
|
||||
|
||||
for (int i = 0; i < config.m_strProceduresToObfuscate.procedureCount; ++i)
|
||||
strProcsProcessed.emplace_back(config.m_strProceduresToObfuscate.procedures[i]);
|
||||
|
||||
config.m_strdProceduresToObfuscate.assign(strProcsProcessed.begin(), strProcsProcessed.end());
|
||||
|
||||
}
|
||||
|
||||
std::unique_ptr<Ryujin> ryujin = std::make_unique<Ryujin>(strInputFilePath, strPdbFilePath, strOutputFilePath);
|
||||
|
||||
|
||||
@@ -5,4 +5,4 @@
|
||||
#endif
|
||||
#include "Ryujin/Ryujin.hh"
|
||||
|
||||
RYUJINCORE_API BOOL __stdcall RunRyujinCore(const std::string& strInputFilePath, const std::string& strPdbFilePath, const std::string& strOutputFilePath, RyujinObfuscatorConfig &config);
|
||||
RYUJINCORE_API BOOL __stdcall RunRyujinCore(const char* strInputFilePath, const char* strPdbFilePath, const char* strOutputFilePath, RyujinObfuscatorConfig &config);
|
||||
|
||||
@@ -94,6 +94,7 @@
|
||||
<ConformanceMode>true</ConformanceMode>
|
||||
<PrecompiledHeader>NotUsing</PrecompiledHeader>
|
||||
<PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
|
||||
<InlineFunctionExpansion>Disabled</InlineFunctionExpansion>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Windows</SubSystem>
|
||||
@@ -106,20 +107,28 @@
|
||||
<ClCompile>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<FunctionLevelLinking>true</FunctionLevelLinking>
|
||||
<IntrinsicFunctions>true</IntrinsicFunctions>
|
||||
<IntrinsicFunctions>false</IntrinsicFunctions>
|
||||
<SDLCheck>true</SDLCheck>
|
||||
<PreprocessorDefinitions>WIN32;NDEBUG;RYUJINCORE_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<ConformanceMode>true</ConformanceMode>
|
||||
<PrecompiledHeader>NotUsing</PrecompiledHeader>
|
||||
<PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
|
||||
<Optimization>Disabled</Optimization>
|
||||
<WholeProgramOptimization>false</WholeProgramOptimization>
|
||||
<InlineFunctionExpansion>Disabled</InlineFunctionExpansion>
|
||||
<ExceptionHandling>Async</ExceptionHandling>
|
||||
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Windows</SubSystem>
|
||||
<EnableCOMDATFolding>true</EnableCOMDATFolding>
|
||||
<OptimizeReferences>true</OptimizeReferences>
|
||||
<EnableCOMDATFolding>
|
||||
</EnableCOMDATFolding>
|
||||
<OptimizeReferences>
|
||||
</OptimizeReferences>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
<EnableUAC>false</EnableUAC>
|
||||
<ModuleDefinitionFile>Ryujin.def</ModuleDefinitionFile>
|
||||
<LinkTimeCodeGeneration />
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||
@@ -130,6 +139,8 @@
|
||||
<ConformanceMode>true</ConformanceMode>
|
||||
<PrecompiledHeader>NotUsing</PrecompiledHeader>
|
||||
<PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
|
||||
<OmitFramePointers>false</OmitFramePointers>
|
||||
<InlineFunctionExpansion>Disabled</InlineFunctionExpansion>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Windows</SubSystem>
|
||||
@@ -142,20 +153,29 @@
|
||||
<ClCompile>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<FunctionLevelLinking>true</FunctionLevelLinking>
|
||||
<IntrinsicFunctions>true</IntrinsicFunctions>
|
||||
<IntrinsicFunctions>false</IntrinsicFunctions>
|
||||
<SDLCheck>true</SDLCheck>
|
||||
<PreprocessorDefinitions>NDEBUG;RYUJINCORE_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<ConformanceMode>true</ConformanceMode>
|
||||
<PrecompiledHeader>NotUsing</PrecompiledHeader>
|
||||
<PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
|
||||
<Optimization>Disabled</Optimization>
|
||||
<OmitFramePointers>false</OmitFramePointers>
|
||||
<WholeProgramOptimization>false</WholeProgramOptimization>
|
||||
<InlineFunctionExpansion>Disabled</InlineFunctionExpansion>
|
||||
<ExceptionHandling>Async</ExceptionHandling>
|
||||
<RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Windows</SubSystem>
|
||||
<EnableCOMDATFolding>true</EnableCOMDATFolding>
|
||||
<OptimizeReferences>true</OptimizeReferences>
|
||||
<EnableCOMDATFolding>
|
||||
</EnableCOMDATFolding>
|
||||
<OptimizeReferences>
|
||||
</OptimizeReferences>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
<EnableUAC>false</EnableUAC>
|
||||
<ModuleDefinitionFile>Ryujin.def</ModuleDefinitionFile>
|
||||
<LinkTimeCodeGeneration />
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemGroup>
|
||||
|
||||
Reference in New Issue
Block a user