admin/Ryujin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: MSVC optimization bug fixes, FFI standard support, and Anti-Debug options in RyujinGui

Browse Source 
- Fixed a bug related to MSVC optimizations that broke Ryujin's relocation algorithm and its fix-up logic.
- Introduced a standardized FFI argument-passing method for Ryujin Core; the legacy method remains compatible.
- Ryujin GUI now fully supports the Anti-Debug features.
- Various minor bug fixes and improvements to project structure.
This commit is contained in:
keowu
2025-07-10 20:55:39 -03:00
parent d6caf05940
commit a96d97b9b0
14 changed files with 194 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files

75
RyujinGUI/RyujinApp.cc
View File

@@ -185,6 +185,20 @@ bool RyujinApp::OnInit() {
);
m_isAntiDebugWithTroll = DrawnStyledCheckbox(
panel,
"Antidebug(User + Kernel) + Troll Reversers"
);
m_isAntiDebugNormal = DrawnStyledCheckbox(
panel,
"Antidebug(User + Kernel) + Terminate"
);
optionsSizer->Add(
m_virtualize
@@ -214,6 +228,16 @@ bool RyujinApp::OnInit() {
m_ignoreOriginalCodeRemove
);
optionsSizer->Add(
m_isAntiDebugWithTroll
);
optionsSizer->Add(
m_isAntiDebugNormal
);
optionsBox->Add(
@@ -661,20 +685,49 @@ auto RyujinApp::BindRunEvent(wxFrame* frame) -> void {
core.m_isRandomSection = m_randomSection->IsChecked();
core.m_isVirtualized = m_virtualize->IsChecked();
// Procedures to obfuscate
std::vector<std::string> procsToObfuscate;
auto count = m_procList->GetCount();
procsToObfuscate.reserve(count);
if (m_isAntiDebugWithTroll->IsChecked()) {
for (auto i = 0; i < count; ++i) {
auto item = m_procList->GetString(i);
procsToObfuscate.push_back(item.ToStdString());
core.m_isAntiDebug = TRUE;
core.m_isTrollRerversers = TRUE;
}
core.m_strProceduresToObfuscate.assign(procsToObfuscate.begin(), procsToObfuscate.end());
}
if (m_isAntiDebugNormal->IsChecked()) {
auto bSuccess = core.RunRyujin(m_input->GetValue().ToStdString(), m_pdb->GetValue().ToStdString(), m_output->GetValue().ToStdString(), core);
core.m_isAntiDebug = TRUE;
core.m_isTrollRerversers = FALSE;
}
auto count = m_procList->GetCount();
int index = 0;
for (auto i = 0; i < count && index < MAX_PROCEDURES; ++i) {
auto item = m_procList->GetString(i).ToStdString();
if (!item.empty()) {
strncpy_s(
core.m_strProceduresToObfuscate.procedures[index],
item.c_str(),
MAX_PROCEDURE_NAME_LEN - 1
);
++index;
}
}
core.m_strProceduresToObfuscate.procedureCount = index;
std::string input = m_input->GetValue().ToStdString();
std::string pdb = m_pdb->GetValue().ToStdString();
std::string output = m_output->GetValue().ToStdString();
auto bSuccess = core.RunRyujin(input, pdb, output, core);
frame->CallAfter([=]() {

2
RyujinGUI/RyujinApp.hh
View File

@@ -20,6 +20,8 @@ private:
wxCheckBox* m_randomSection = nullptr;
wxCheckBox* m_obfuscateIat = nullptr;
wxCheckBox* m_ignoreOriginalCodeRemove = nullptr;
wxCheckBox* m_isAntiDebugWithTroll = nullptr;
wxCheckBox* m_isAntiDebugNormal = nullptr;
wxListBox* m_procList = nullptr;
wxGauge* m_progress = nullptr;

19
RyujinGUI/RyujinCore.hh
View File

@@ -3,6 +3,14 @@
#include <Windows.h>
#include <string>
#define MAX_PROCEDURES 128
#define MAX_PROCEDURE_NAME_LEN 128
struct RyujinObfuscatorProcs {
int procedureCount;
char procedures[MAX_PROCEDURES][MAX_PROCEDURE_NAME_LEN];
};
class RyujinObfuscatorConfig {
public:
@@ -12,11 +20,14 @@ public:
bool m_isJunkCode; // Insert junk code to confuse
bool m_isIgnoreOriginalCodeRemove; // Do not remove the original code after processing (replace the original instructions with NOPs)
bool m_isEncryptObfuscatedCode; // The user wants to encrypt all obfuscated code to avoid detection
std::vector<std::string> m_strProceduresToObfuscate; // Names of the procedures to obfuscate
bool m_isAntiDebug; // The user wants to avoid debuggers use while running a binary protected by Ryujin
bool m_isTrollRerversers; // The user wants to trick and use a special feature to troll reversers when their debugs be detected making they loose all the progress
RyujinObfuscatorProcs m_strProceduresToObfuscate; // Names of the procedures to obfuscate - FFI
std::vector<std::string> m_strdProceduresToObfuscate; // Names of the procedures to obfuscate
bool RunRyujin(const std::string& strInputFilePath, const std::string& strPdbFilePath, const std::string& strOutputFilePath, RyujinObfuscatorConfig& config) {
static bool RunRyujin(const std::string& strInputFilePath, const std::string& strPdbFilePath, const std::string& strOutputFilePath, RyujinObfuscatorConfig& config) {
using tpdRunRyujinCore = BOOL(__stdcall*)(const std::string& strInputFilePath, const std::string& strPdbFilePath, const std::string& strOutputFilePath, RyujinObfuscatorConfig& config);
using tpdRunRyujinCore = BOOL(__stdcall*)(const char*, const char*, const char*, RyujinObfuscatorConfig&);
auto hModule = LoadLibraryW(L"RyujinCore.dll");
@@ -26,7 +37,7 @@ public:
if (!RunRyujinCore) return FALSE;
return RunRyujinCore(strInputFilePath, strPdbFilePath, strOutputFilePath, config);
return RunRyujinCore(strInputFilePath.c_str(), strPdbFilePath.c_str(), strOutputFilePath.c_str(), config);
}
};

2
RyujinGUI/RyujinGUI.vcxproj
View File

@@ -106,6 +106,7 @@
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
<AdditionalIncludeDirectories>$(WXWIN)\include\msvc;$(WXWIN)\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<Optimization>Disabled</Optimization>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
@@ -140,6 +141,7 @@
<PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
<AdditionalIncludeDirectories>$(WXWIN)\include\msvc;$(WXWIN)\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<Optimization>Disabled</Optimization>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>