refactor: cleanup

pe/derbackdoorer.py

@@ -45,10 +45,10 @@ class FunctionBackdoorer:
         it = IntervalTree()
         it.addi(addr, addr+len(compiled_trampoline))
         if it.overlap(shellcode_addr, shellcode_addr+shellcode_len):
-            logger.warn("Attempt to patch jump (0x{:X}-0x{:X}) to shellcode (0x{:X}-0x{:X}) but they overlap and probably dont work".format(
+            logger.warning("Attempt to patch jump (0x{:X}-0x{:X}) to shellcode (0x{:X}-0x{:X}) but they overlap and probably dont work".format(
                 addr, addr+len(compiled_trampoline), shellcode_addr, shellcode_addr+shellcode_len
             ))
-            logger.warn("Text section too small?")
+            logger.warning("Text section too small?")
 
         # write
         #logger.info("Trampoline: {}".format(compiled_trampoline))
@@ -108,34 +108,3 @@ class FunctionBackdoorer:
 
         return None
 
-
-    def get_trampoline(self, addr, shellcode_addr):
-        addrOffset = -1
-
-        if not self.superpe.is_64():
-            raise Exception("Not 64 bit")
-        reg = random.choice(['rax', 'rbx', 'rcx', 'rdx', 'rsi', 'rdi']).upper()
-        full_shellcode_addr = shellcode_addr + self.superpe.pe.OPTIONAL_HEADER.ImageBase 
-
-        enc, count = self.ks.asm(f'MOV {reg}, 0x{full_shellcode_addr:X}')
-        for instr2 in cs.disasm(bytes(enc), 0):
-            addrOffset = len(instr2.bytes) - instr2.addr_size
-            break
-
-        jump = random.choice([
-            f'CALL {reg}',
-
-            #
-            # During my tests I found that CALL reg works stabily all the time, whereas below two gadgets
-            # are known to crash on seldom occassions.
-            #
-
-            #f'JMP {reg}',
-            #f'PUSH {reg} ; RET',
-        ])
-
-        trampoline_text = f'MOV {reg}, 0x{full_shellcode_addr:X} ; {jump}'
-        trampoline_compiled, count = ks.asm(trampoline_text)
-
-        return trampoline_compiled, trampoline_text, addrOffset
-    

pe/superpe.py

@@ -199,8 +199,8 @@ class SuperPe():
         sizeOfReloc = 2 * len(relocs) + 2 * 4
 
         if sizeOfReloc >= self.getRemainingRelocsDirectorySize():
-            self.logger.warn('WARNING! Cannot add any more relocations to this file. Probably TLS Callback execution technique wont work.')
-            self.logger.warn('         Will try disabling relocations on output file. Expect corrupted executable though!')
+            self.logger.warning('WARNING! Cannot add any more relocations to this file. Probably TLS Callback execution technique wont work.')
+            self.logger.warning('         Will try disabling relocations on output file. Expect corrupted executable though!')
 
             self.pe.OPTIONAL_HEADER.DATA_DIRECTORY[SuperPe.IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress = 0
             self.pe.OPTIONAL_HEADER.DATA_DIRECTORY[SuperPe.IMAGE_DIRECTORY_ENTRY_BASERELOC].Size = 0
@@ -269,7 +269,7 @@ class SuperPe():
             if self.pe.DIRECTORY_ENTRY_EXPORT.symbols == 0:
                 return []
         except Exception as e:
-            logger.warn("get_exports_full(): No exports found in PE")
+            logger.debug("get_exports_full(): No exports found in PE")
             return []
         res = []
         for e in self.pe.DIRECTORY_ENTRY_EXPORT.symbols: