admin/SuperMega
1
0
Fork 0
mirror of https://github.com/dobin/SuperMega synced 2026-06-03 01:27:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

feature: check if payload fits in code section

Browse Source
This commit is contained in:
Dobin
2024-02-17 19:44:52 +00:00
parent 3bb7562bfa
commit 16f4300d62
5 changed files with 17 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
model.py
+5 -1
View File
@@ -59,8 +59,12 @@ class ExeInfo():
# .text virtual address # .text virtual address
self.code_section = pehelper.get_code_section(pe) self.code_section = pehelper.get_code_section(pe)
logger.info("--[ Injectable: Chosen code section: {} at 0x{:x} size: {}".format(
self.code_section.Name.decode().rstrip('\x00'),
self.code_section.VirtualAddress,
self.code_section.SizeOfRawData))
self.code_virtaddr = self.code_section.VirtualAddress self.code_virtaddr = self.code_section.VirtualAddress
self.code_rawsize = self.code_section.SizeOfRawData self.code_size = self.code_section.SizeOfRawData
# iat # iat
self.iat = pehelper.extract_iat(pe) self.iat = pehelper.extract_iat(pe)
pehelper.py
-1
View File
@@ -13,7 +13,6 @@ logger = logging.getLogger("PEHelper")
def extract_code_from_exe(exe_file: FilePath) -> bytes: def extract_code_from_exe(exe_file: FilePath) -> bytes:
pe = pefile.PE(exe_file) pe = pefile.PE(exe_file)
section = get_code_section(pe) section = get_code_section(pe)
logger.info("--[ Code section: {}".format(section.Name.decode().rstrip('\x00')))
data: bytes = section.get_data() data: bytes = section.get_data()
data = remove_trailing_null_bytes(data) data = remove_trailing_null_bytes(data)
logger.info(" > 0x{:X} Code Size: {} (raw code section size: {})".format( logger.info(" > 0x{:X} Code Size: {} (raw code section size: {})".format(
r2helper.py
+1 -1
View File
@@ -19,7 +19,7 @@ def r2_disas(data: bytes):
f.write(data) f.write(data)
code_len = len(data) code_len = len(data)
r2 = r2pipe.open(filename, flags=['-e', 'scr.prompt=false', '-e']) r2 = r2pipe.open(filename, flags=['-e', 'scr.prompt=false'])
r2.cmd('aaa') r2.cmd('aaa')
r2.cmd('e scr.color=0') r2.cmd('e scr.color=0')
redbackdoorer.py
+4
View File
@@ -1285,6 +1285,7 @@ def main(argv):
peinj = PeBackdoor(options, Logger) peinj = PeBackdoor(options, Logger)
result = peinj.backdoor(saveMode, runMode, args.shellcode, args.infile, outfile) result = peinj.backdoor(saveMode, runMode, args.shellcode, args.infile, outfile)
ret = 0
if result : if result :
if len(args.outfile) > 0: if len(args.outfile) > 0:
Logger.ok(f'Backdoored PE file saved to: {args.outfile}') Logger.ok(f'Backdoored PE file saved to: {args.outfile}')
@@ -1292,12 +1293,15 @@ def main(argv):
shutil.copy(outfile, args.infile) shutil.copy(outfile, args.infile)
Logger.ok(f'Backdoored PE file in place.') Logger.ok(f'Backdoored PE file in place.')
else: else:
ret = 1
Logger.fatal('Could not backdoor input PE file!') Logger.fatal('Could not backdoor input PE file!')
if temp: if temp:
Logger.dbg('Removing temporary file...') Logger.dbg('Removing temporary file...')
temp.close() temp.close()
os.unlink(temp.name) os.unlink(temp.name)
exit(ret)
if __name__ == '__main__': if __name__ == '__main__':
main(sys.argv) main(sys.argv)
supermega.py
+7
View File
@@ -200,6 +200,13 @@ def start():
# inject merged loader into an exe # inject merged loader into an exe
exit_code = 0 exit_code = 0
if project.inject: if project.inject:
l = len(file_readall_binary(main_shc_file))
if l + 128 > project.exe_info.code_size:
logger.error("Error: Shellcode {}+128 too small for target code section {}".format(
l, project.exe_info.code_size
))
return
phases.injector.inject_exe( phases.injector.inject_exe(
shellcode_in = main_shc_file, shellcode_in = main_shc_file,
exe_in = project.inject_exe_in, exe_in = project.inject_exe_in,