admin/SuperMega
1
0
Fork 0
mirror of https://github.com/dobin/SuperMega synced 2026-06-03 01:27:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

featur: make anti-debug more configurable

Browse Source
This commit is contained in:
Dobin Rutishauser
2024-06-26 03:03:13 +02:00
parent a17ea74e6e
commit 2b576df872
3 changed files with 40 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
data/source/antiemulation/sirallocalot.c
+28 -13
View File
@@ -1,8 +1,12 @@
#define ALLOC_NUM 256
/* This will allocate ALLOC_NUM RW memory regions, #define SIR_ITERATION_COUNT {{SIR_ITERATION_COUNT}}
#define SIR_ALLOC_COUNT {{SIR_ALLOC_COUNT}}
#define SIR_SLEEP_TIME 200 // ms
/* This will allocate SIR_ALLOC_COUNT RW memory regions,
set them to RX, and free them set them to RX, and free them
The idea is that the AV emulator will probably give up, either because The idea is that the AV emulator will probably give up, either because
@@ -14,24 +18,35 @@
*/ */
void antiemulation() { void antiemulation() {
void* allocs[ALLOC_NUM]; void* allocs[SIR_ALLOC_COUNT];
DWORD result; DWORD result;
for(int i=0; i<4; i++) { for(int i=0; i<SIR_ITERATION_COUNT; i++) {
for(int n=0; n<SIR_ALLOC_COUNT; n++) {
for(int n=0; n<ALLOC_NUM; n++) {
allocs[n] = VirtualAlloc( allocs[n] = VirtualAlloc(
NULL, NULL,
0x1000, {{PAYLOAD_LEN}},
0x3000, 0x3000,
p_RW p_RW
); );
char *ptr = allocs[n];
// write every byte of it
for(int i=0; i<{{PAYLOAD_LEN}}; i++) {
ptr[i] = 0x23;
}
} }
for(int n=0; n<ALLOC_NUM; n++) { // Write something.
/*for(int n=0; n<SIR_ALLOC_COUNT; n++) {
char *alloc = allocs[n];
alloc[0] = 0; // overwrite the first byte
}*/
for(int n=0; n<SIR_ALLOC_COUNT; n++) {
if (VirtualProtect( if (VirtualProtect(
allocs[n], allocs[n],
1000, {{PAYLOAD_LEN}},
p_RX, p_RX,
&result) == 0) &result) == 0)
{ {
@@ -39,13 +54,13 @@ void antiemulation() {
} }
} }
Sleep(200); Sleep(SIR_SLEEP_TIME);
BOOL bSuccess; BOOL bSuccess;
for(int n=0; n<ALLOC_NUM; n++) { for(int n=0; n<SIR_ALLOC_COUNT; n++) {
bSuccess = VirtualFree( bSuccess = VirtualFree(
allocs[n], allocs[n],
1000, {{PAYLOAD_LEN}},
0x00008000); // MEM_RELEASE 0x00008000); // MEM_RELEASE
} }
} }
phases/templater.py
+11
View File
@@ -60,9 +60,20 @@ def create_c_from_template(settings: Settings, payload_len: int):
filepath_antiemulation = PATH_ANTIEMULATION + "{}.c".format( filepath_antiemulation = PATH_ANTIEMULATION + "{}.c".format(
settings.plugin_antiemulation) settings.plugin_antiemulation)
with open(filepath_antiemulation, "r", encoding='utf-8') as file: with open(filepath_antiemulation, "r", encoding='utf-8') as file:
sir_iteration_count = 5
sir_alloc_count = int(config.get("sir_target_mem") / payload_len)+1
# if too large, compiler will add a __checkstk dependency
if sir_alloc_count > 256:
sir_alloc_count = 256
logging.info(" AntiEmulation target: iterations: {} alloc: {}".format(
sir_iteration_count, sir_alloc_count)
)
plugin_antiemualation = file.read() plugin_antiemualation = file.read()
plugin_antiemualation = Template(plugin_antiemualation).render({ plugin_antiemualation = Template(plugin_antiemualation).render({
'PAYLOAD_LEN': payload_len, 'PAYLOAD_LEN': payload_len,
'SIR_ALLOC_COUNT': sir_alloc_count,
'SIR_ITERATION_COUNT': sir_iteration_count,
}) })
# Plugin: Decoy # Plugin: Decoy
supermega.py
+1 -1
View File
@@ -109,7 +109,7 @@ def start(settings: Settings) -> int:
prepare_project(settings.project_name, settings) prepare_project(settings.project_name, settings)
# Do the thing and catch the errors # Do the thing and catch the errors
if True: if False:
start_real(settings) start_real(settings)
else: else:
try: try: