diff --git a/.gitignore b/.gitignore index 8819dd1..e48c5dd 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,5 @@ *.asm __pycache__ bak/ +build/ +out/ diff --git a/build/.gitkeep b/build/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/helper.py b/helper.py index a7cffc5..b7a5fb4 100644 --- a/helper.py +++ b/helper.py @@ -4,6 +4,7 @@ import pefile import time import shutil import pathlib +import sys SHC_VERIFY_SLEEP = 0.1 @@ -16,17 +17,31 @@ path_runshc = r'C:\Users\hacker\Source\Repos\masm_shc\out\build\x64-Debug\runshc verify_filename = r'C:\Temp\a' +build_dir = "build" +main_c_file = os.path.join(build_dir, "main.c") +main_asm_file = os.path.join(build_dir, "main.asm") +main_asm_clean_file = os.path.join(build_dir, "main-clean.asm") + +main_exe_clean_file = os.path.join(build_dir, "main-clean.exe") +main_bin_clean_file = os.path.join(build_dir, "main-clean.bin") +main_bin_clean_append_file = os.path.join(build_dir, "main-clean-append.bin") + def clean_files(): print("--[ Cleanup files ]") + files_to_clean = [ - "main.asm", - "main.obj", - "main-clean.asm", - "main-clean.bin", - "main-clean-append.bin", + # compile artefacts in current dir "main-clean.obj", + "main.obj", "mllink$.lnk", + + # out/ stuff + os.path.join(build_dir, "main.asm"), + os.path.join(build_dir, "main-clean.asm"), + os.path.join(build_dir, "main-clean.bin"), + os.path.join(build_dir, "main-clean-append.bin"), + verify_filename, #"main-clean.exe", # at the end as it may still shutdown? ] @@ -41,8 +56,9 @@ def make_c_to_asm(c_file, asm_file, asm_clean_file, payload_len): "/c", "/FA", "/GS-", + "/Fa{}/".format(os.path.dirname(c_file)), c_file, - ], check=True, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL) + ]) if not os.path.isfile(asm_file): print("Error") return @@ -102,6 +118,7 @@ def make_shc_from_asm(asm_clean_file, exe_file, shc_file): path_ml64, asm_clean_file, "/link", + "/OUT:build\main-clean.exe", "/entry:AlignRSP" ], check=True, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL) if not os.path.isfile(exe_file): @@ -187,6 +204,9 @@ def verify_shellcode(shc_name): if not os.path.exists(os.path.dirname(verify_filename)): print("Error, directory does not exist for: {}".format(verify_filename)) return + + # remove indicator file + pathlib.Path(verify_filename).unlink(missing_ok=True) subprocess.run([ path_runshc, @@ -195,8 +215,6 @@ def verify_shellcode(shc_name): time.sleep(SHC_VERIFY_SLEEP) if os.path.isfile(verify_filename): print("---> Verify OK. Shellcode payload verified (file was created)") - # better to remove it immediately. If cleanup on start is not performed, - # there may be false positives os.remove(verify_filename) return True else: @@ -222,14 +240,16 @@ def inject_exe(shc_file, exe_in, exe_out): def verify_injected_exe(exefile): print("---[ Verify infected exe: {} ]".format(exefile)) + # remove indicator file + pathlib.Path(verify_filename).unlink(missing_ok=True) + subprocess.run([ exefile, ], stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL) # , check=True time.sleep(SHC_VERIFY_SLEEP) if os.path.isfile(verify_filename): print("---> Verify OK. Infected exe verified (file was created)") - # better to remove it immediately. If cleanup on start is not performed, - # there may be false positives + # better to remove it immediately os.remove(verify_filename) else: print("---> Verify FAIL. Infected exe did not create file.") diff --git a/supermega.py b/supermega.py index 4b4b8ef..656534e 100644 --- a/supermega.py +++ b/supermega.py @@ -85,13 +85,13 @@ def main(): with open(options["payload"], 'rb') as input2: data_payload = input2.read() l = len(data_payload) - make_c_to_asm("source/main.c", "main.asm", "main-clean.asm", l) + make_c_to_asm(main_c_file, main_asm_file, main_asm_clean_file, l) if options["generate_asm_from_c"]: - make_shc_from_asm("main-clean.asm", "main-clean.exe", "main-clean.bin") + make_shc_from_asm(main_asm_clean_file, main_exe_clean_file, main_bin_clean_file) if options["test_loader_shellcode"]: - test_shellcode("mean-clean.bin") + test_shellcode(main_bin_clean_file) # SGN seems buggy atm #if options["obfuscate_shc_loader"]: @@ -102,7 +102,7 @@ def main(): # return if options["dataref_style"] == DataRefStyle.APPEND: - with open("main-clean.bin", 'rb') as input1: + with open(main_bin_clean_file, 'rb') as input1: data_stager = input1.read() with open(options["payload"], 'rb') as input2: @@ -111,26 +111,26 @@ def main(): print("--[ Integrate Stager: {} Payload: {} (sum: {})]".format( len(data_stager), len(data_payload), len(data_stager)+len(data_payload))) - with open("main-clean-append.bin", 'wb') as output: + with open(main_bin_clean_append_file, 'wb') as output: output.write(data_stager) output.write(data_payload) - print("---[ Final shellcode available at: {} ]".format("main-clean-append.bin")) + print("---[ Final shellcode available at: {} ]".format(main_bin_clean_append_file)) if options["verify"]: print("--[ Verify final shellcode ]") - if not verify_shellcode("main-clean-append.bin"): + if not verify_shellcode(main_bin_clean_append_file): return if options["exec_final_shellcode"]: print("--[ Test Append shellcode ]") - test_shellcode("main-clean-append.bin") + test_shellcode(main_bin_clean_append_file) # copy it to out - shutil.copyfile("main-clean-append.bin", os.path.join("out/", "main-clean-append.bin")) + shutil.copyfile(main_bin_clean_append_file, os.path.join("out/", os.path.basename(main_bin_clean_append_file))) if options["inject_exe"]: - inject_exe("main-clean-append.bin", options["inject_exe_in"], options["inject_exe_out"]) + inject_exe(main_bin_clean_append_file, options["inject_exe_in"], options["inject_exe_out"]) if options["verify"]: print("--[ Verify final exe ]") verify_injected_exe(options["inject_exe_out"])