admin/SuperMega
1
0
Fork 0
mirror of https://github.com/dobin/SuperMega synced 2026-06-03 01:27:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

feature: select if add missing IAT entries

Browse Source
This commit is contained in:
Dobin
2024-05-08 12:19:57 +01:00
parent 61f7cf0a5b
commit 012d1253af
4 changed files with 27 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/templates/project.html
+11
View File
@@ -137,7 +137,18 @@
</select> </select>
</div> </div>
<!-- Row 5 -->
<div class="col-2">
<div class="form-check">
<input class="form-check-input" type="checkbox" value="YES" id="flexCheckDefault"
name="fix_missing_iat" onchange="this.form.submit()" {{ 'checked' if fix_missing_iat }}>
<label class="form-check-label" for="flexCheckDefault">
Add missing IAT entries
</label>
</div> </div>
</div>
</div>
</form> </form>
<div class="row"> <div class="row">
app/views_project.py
+3
View File
@@ -123,6 +123,7 @@ def project(name):
has_rodata_section=has_rodata_section, has_rodata_section=has_rodata_section,
has_remote=has_remote, has_remote=has_remote,
fix_missing_iat=project.settings.fix_missing_iat,
) )
@@ -170,6 +171,8 @@ def add_project():
settings.inject_exe_in = request.form['exe'] settings.inject_exe_in = request.form['exe']
settings.inject_exe_out = request.form['exe'].replace(".exe", ".infected.exe") settings.inject_exe_out = request.form['exe'].replace(".exe", ".infected.exe")
settings.fix_missing_iat = True if request.form.get('fix_missing_iat') != None else False
source_style = request.form['source_style'] source_style = request.form['source_style']
settings.source_style = FunctionInvokeStyle[source_style] settings.source_style = FunctionInvokeStyle[source_style]
pe/superpe.py
+8 -1
View File
@@ -2,6 +2,7 @@ import pefile
import capstone import capstone
import logging import logging
from typing import List, Dict from typing import List, Dict
import random
from model.defs import * from model.defs import *
from model.rangemanager import RangeManager from model.rangemanager import RangeManager
@@ -350,10 +351,16 @@ class SuperPe():
if not dll_name in iat: if not dll_name in iat:
raise Exception("DLL not found in IAT") raise Exception("DLL not found in IAT")
possible = []
for entry in iat[dll_name]: for entry in iat[dll_name]:
if len(entry.func_name) >= len(func_name): if len(entry.func_name) >= len(func_name):
return entry.func_name possible.append(entry.func_name)
if len(possible) == 0:
return None return None
else:
# Hope there wont be many collisions
return random.choice(possible)
def get_iat_offset_by_name(self, dll_name: str, func_name: str) -> int: def get_iat_offset_by_name(self, dll_name: str, func_name: str) -> int:
supermega.py
+4 -3
View File
@@ -160,9 +160,10 @@ def start_real(settings: Settings):
if settings.source_style == FunctionInvokeStyle.iat_reuse: if settings.source_style == FunctionInvokeStyle.iat_reuse:
functions = project.carrier.get_unresolved_iat() functions = project.carrier.get_unresolved_iat()
if len(functions) != 0: if len(functions) != 0:
#raise Exception("IAT entry not found: {}".format(", ".join(functions))) if settings.fix_missing_iat:
logger.warn("IAT entry not found: {}".format(", ".join(functions))) logger.info("Fixing missing IAT entries: {}".format(", ".join(functions)))
pass else:
raise Exception("IAT entry not found: {}".format(", ".join(functions)))
# Assemble: Assemble .asm to .shc (ASM -> SHC) # Assemble: Assemble .asm to .shc (ASM -> SHC)
if settings.generate_shc_from_asm: if settings.generate_shc_from_asm: