feature: log to directory (not to pickle)

.gitignore

@@ -11,4 +11,5 @@ build/
 out/
 tools/
 doc/
-*.pickle
+*.pickle
+logs/

observer.py

@@ -1,16 +1,34 @@
+import json
+import pprint
+from capstone import Cs, CS_ARCH_X86, CS_MODE_64
+
 from model import *
 
 
 class Observer():
     def __init__(self):
-        self.capabilities_a: ExeCapabilities = None
-        self.options: SourceStyle = None
-        self.main_c: str = ""
-        self.payload_asm_orig: bytes = ""
-        self.payload_asm_cleanup: bytes = ""
-        self.payload_asm_fixup: bytes = ""
-        self.loader_shellcode: bytes = b""
-        self.final_shellcode: bytes = b""
+        self.logs = []
+        self.idx = 0
+
+    def add_text(self, name, data):
+        self.write_to_file(name, data)
+
+    def add_code(self, name, data):
+        md = Cs(CS_ARCH_X86, CS_MODE_64)
+
+        # Disassemble the shellcode
+        ret = ""
+        for i in md.disasm(data, 0x0):
+            ret += "0x%x:\t%s\t%s\n" % (i.address, i.mnemonic, i.op_str)
+        self.write_to_file(name, ret)
+
+    def add_json(self, name, data):
+        self.write_to_file(name, pprint.pformat(data, indent=4))
+
+    def write_to_file(self, filename, data):
+        with open("logs/{}-{}.txt".format(self.idx, filename), "w") as f:
+            f.write(data)
+        self.idx += 1
 
     def __str__(self):
         s = ""

phases/shctoexe.py

@@ -45,16 +45,7 @@ def inject_exe(shc_file, exe_in, exe_out, mode, exe_capabilities: ExeCapabilitie
         code = code.replace(cap.id, jmp)
         write_code_section(exe_out, code)
 
-        #print(" Off: 0x{:X}".format(off))
-        #print(" Off2: 0x{:X}".format(current_address)) # base addr
-        #print(" Diff: 0x{:X}".format())
-        #print("ONE: {}".format(jmp))
-        #print("TWO: {}".format(cap.id))
-        #print("Found! replacing")
-
-        
-
-
+     
 def verify_injected_exe(exefile):
     print("---[ Verify infected exe: {} ]".format(exefile))
     # remove indicator file

supermega.py

@@ -197,18 +197,18 @@ def start(options):
     else:
         options["source_style"] = SourceStyle.peb_walk
 
-    observer.capabilities_a = capabilities
-    observer.options = options
+    observer.add_json("capabilities_a", capabilities)
+    observer.add_json("options", options)
 
     print("--[ SourceStyle: {}".format(options["source_style"].name))
 
     # Copy: loader C files into working directory: build/
     if options["source_style"] == SourceStyle.peb_walk:
-        observer.main_c = file_readall_text("source/peb_walk/main.c")
+        observer.add_text("main_c", file_readall_text("source/peb_walk/main.c"))
         shutil.copy("source/peb_walk/main.c", "build/main.c")
         shutil.copy("source/peb_walk/peb_lookup.h", "build/peb_lookup.h")
     elif options["source_style"] == SourceStyle.iat_reuse:
-        observer.main_c = file_readall_text("source/iat_reuse/main.c")
+        observer.add_text("main_c", file_readall_text("source/iat_reuse/main.c"))
         shutil.copy("source/iat_reuse/main.c", "build/main.c")
 
     # Convert: C -> ASM
@@ -217,16 +217,16 @@ def start(options):
         with open(options["payload"], 'rb') as input2:
             data_payload = input2.read()
             payload_length = len(data_payload)
-            observer.payload_asm_orig = data_payload
+            #observer.add_text("payload_asm_orig", str(data_payload))
         asm = make_c_to_asm(main_c_file, main_asm_file, payload_length, capabilities)
-        #observer.payload_asm_orig = asm["initial"]
-        observer.payload_asm_cleanup = asm["cleanup"]
-        observer.payload_asm_fixup = asm["fixup"]
+        observer.add_text("payload_asm_orig", asm["initial"])
+        observer.add_text("payload_asm_cleanup", asm["cleanup"])
+        observer.add_text("payload_asm_fixup", asm["fixup"])
 
     # Convert: ASM -> Shellcode
     if options["generate_shc_from_asm"]:
         code = make_shc_from_asm(main_asm_file, main_exe_file, main_shc_file)
-        observer.loader_shellcode = code
+        observer.add_code("generate_shc_from_asm", code) 
     
     # Try: Starting the shellcode (rarely useful)
     if options["try_start_loader_shellcode"]:
@@ -253,7 +253,7 @@ def start(options):
         with open(main_shc_file, 'wb') as output:
             data = data_stager + data_payload
             output.write(data)
-            observer.final_shellcode = data
+            observer.add_code("final_shellcode", data)
 
         if options["verify"] and options["source_style"] == SourceStyle.peb_walk:
             print("--[ Verify final shellcode ]")