admin/SuperMega
1
0
Fork 0
mirror of https://github.com/dobin/SuperMega synced 2026-06-03 01:27:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor: DataReuseEntry(), IatEntry()

Browse Source
This commit is contained in:
Dobin
2024-02-26 20:33:29 +00:00
parent a13d86d9cd
commit 019b7c97d8
4 changed files with 19 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files
model/carrier.py
+8 -1
View File
@@ -1,7 +1,6 @@
from typing import Dict, List from typing import Dict, List
import logging import logging
from model.exehost import DataReuseEntry
logger = logging.getLogger("Carrier") logger = logging.getLogger("Carrier")
@@ -12,6 +11,14 @@ class IatRequest():
self.placeholder: bytes = placeholder # Random bytes as placeholder self.placeholder: bytes = placeholder # Random bytes as placeholder
class DataReuseEntry():
def __init__(self, string_ref: str, register: str, randbytes: bytes):
self.string_ref = string_ref
self.register = register
self.randbytes = randbytes
self.data = b''
self.addr = 0
class Carrier(): class Carrier():
def __init__(self): def __init__(self):
model/exehost.py
+8 -30
View File
@@ -18,19 +18,10 @@ class RelocEntry():
class IatEntry(): class IatEntry():
def __init__(self, dll_name, func_name, func_addr): def __init__(self, dll_name: str, func_name: str, iat_vaddr: int):
self.dll_name = dll_name self.dll_name: str = dll_name
self.func_name = func_name self.func_name: str = func_name
self.func_addr = func_addr self.iat_vaddr: int = iat_vaddr
class DataReuseEntry():
def __init__(self, string_ref: str, register: str, randbytes: bytes):
self.string_ref = string_ref
self.register = register
self.randbytes = randbytes
self.data = b''
self.addr = 0
class ExeHost(): class ExeHost():
@@ -42,7 +33,7 @@ class ExeHost():
self.pe: pefile.PE = None self.pe: pefile.PE = None
self.superpe: SuperPe = None self.superpe: SuperPe = None
self.iat = {} # Dict[str, List[Dict[str, str]]] self.iat: Dict[str, IatEntry] = {}
self.base_relocs = [] self.base_relocs = []
self.image_base: int = 0 self.image_base: int = 0
@@ -128,26 +119,13 @@ class ExeHost():
if not dll_name in self.iat: if not dll_name in self.iat:
self.iat[dll_name] = [] self.iat[dll_name] = []
self.iat[dll_name].append({ self.iat[dll_name].append(IatEntry(dll_name, imp_name, imp_addr))
"dll_name": dll_name,
"func_name": imp_name,
"iat_vaddr": imp_addr
})
def get_vaddr_of_iatentry(self, func_name: str) -> int: def get_vaddr_of_iatentry(self, func_name: str) -> int:
for dll_name in self.iat: for dll_name in self.iat:
for entry in self.iat[dll_name]: for entry in self.iat[dll_name]:
if entry["func_name"] == func_name: if entry.func_name == func_name:
return entry["iat_vaddr"] return entry.iat_vaddr
return None return None
## Other
def print(self):
logger.info("--( Required IAT Resolves: ")
for _, cap in self.iat_requests.items():
if cap.addr == 0:
logger.info(" {:28} {}".format(cap.name, "N/A"))
else:
logger.info(" {:28} 0x{:x}".format(cap.name, cap.addr))
phases/datareuse.py
+1 -1
View File
@@ -4,7 +4,7 @@ from intervaltree import Interval, IntervalTree
from typing import List, Dict from typing import List, Dict
import os import os
from model.exehost import DataReuseEntry from model.carrier import DataReuseEntry
def bytes_to_asm_db(byte_data: bytes) -> bytes: def bytes_to_asm_db(byte_data: bytes) -> bytes:
phases/injector.py
+1 -1
View File
@@ -6,7 +6,7 @@ import time
import tempfile import tempfile
import logging import logging
from model.carrier import Carrier from model.carrier import Carrier, DataReuseEntry
from peparser.pehelper import * from peparser.pehelper import *
from model.exehost import * from model.exehost import *
from observer import observer from observer import observer