admin/SuperMega
1
0
Fork 0
mirror of https://github.com/dobin/SuperMega synced 2026-06-03 01:27:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor: remove exehost code_virtaddr and code_size with code_section

Browse Source
This commit is contained in:
Dobin
2024-03-04 18:41:39 +00:00
parent dacef30bb0
commit 4a489a3183
2 changed files with 8 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
model/exehost.py
+4 -10
View File
@@ -41,11 +41,7 @@ class ExeHost():
self.image_base: int = 0 self.image_base: int = 0
self.dynamic_base: bool = False self.dynamic_base: bool = False
self.code_virtaddr: int = 0
self.code_size: int = 0
self.code_section = None self.code_section = None
self.rwx_section = None self.rwx_section = None
self.ep = None self.ep = None
@@ -71,14 +67,12 @@ class ExeHost():
else: else:
self.dynamic_base = False self.dynamic_base = False
# .text virtual address # Info output: .text virtual address
self.code_section = pehelper.get_code_section(self.superpe.pe) self.code_section = self.superpe.get_code_section()
self.code_virtaddr = self.code_section.VirtualAddress
self.code_size = self.code_section.Misc_VirtualSize
logger.info("---[ Injectable: Chosen code section: {} at 0x{:X} size: {}".format( logger.info("---[ Injectable: Chosen code section: {} at 0x{:X} size: {}".format(
self.code_section.Name.decode().rstrip('\x00'), self.code_section.Name.decode().rstrip('\x00'),
self.code_virtaddr, self.code_section.VirtualAddress,
self.code_size)) self.code_section.Misc_VirtualSize))
# relocs # relocs
if hasattr(self.superpe.pe, 'DIRECTORY_ENTRY_BASERELOC'): if hasattr(self.superpe.pe, 'DIRECTORY_ENTRY_BASERELOC'):
phases/injector.py
+4 -4
View File
@@ -34,9 +34,9 @@ def inject_exe(
# And check if it fits into the target code section # And check if it fits into the target code section
main_shc = file_readall_binary(main_shc_file) main_shc = file_readall_binary(main_shc_file)
l = len(main_shc) l = len(main_shc)
if l + 128 > project.exe_host.code_size: if l + 128 > project.exe_host.code_section.Misc_VirtualSize:
logger.error("Error: Shellcode {}+128 too small for target code section {}".format( logger.error("Error: Shellcode {}+128 too small for target code section {}".format(
l, project.exe_host.code_size l, project.exe_host.code_section.Misc_VirtualSize
)) ))
return False return False
@@ -85,7 +85,7 @@ def injected_fix_iat(superpe: SuperPe, carrier: Carrier, exe_host: ExeHost):
raise Exception("IatResolve: Function {} not found".format(iatRequest.name)) raise Exception("IatResolve: Function {} not found".format(iatRequest.name))
offset_from_code = code.index(iatRequest.placeholder) offset_from_code = code.index(iatRequest.placeholder)
instruction_virtual_address = offset_from_code + exe_host.image_base + exe_host.code_virtaddr instruction_virtual_address = offset_from_code + exe_host.image_base + exe_host.code_section.VirtualAddress
logger.info(" Replace {} at VA 0x{:X} with call to IAT at VA 0x{:X}".format( logger.info(" Replace {} at VA 0x{:X} with call to IAT at VA 0x{:X}".format(
iatRequest.placeholder.hex(), instruction_virtual_address, destination_virtual_address iatRequest.placeholder.hex(), instruction_virtual_address, destination_virtual_address
)) ))
@@ -145,7 +145,7 @@ def injected_fix_data(superpe: SuperPe, carrier: Carrier, exe_host: ExeHost):
datareuse_fixup.randbytes)) datareuse_fixup.randbytes))
offset_from_datasection = code.index(datareuse_fixup.randbytes) offset_from_datasection = code.index(datareuse_fixup.randbytes)
instruction_virtual_address = offset_from_datasection + exe_host.image_base + exe_host.code_virtaddr instruction_virtual_address = offset_from_datasection + exe_host.image_base + exe_host.code_section.VirtualAddress
destination_virtual_address = datareuse_fixup.addr destination_virtual_address = datareuse_fixup.addr
logger.info(" Replace {} at VA 0x{:X} with .rdata LEA at VA 0x{:X}".format( logger.info(" Replace {} at VA 0x{:X} with .rdata LEA at VA 0x{:X}".format(
datareuse_fixup.randbytes.hex(), instruction_virtual_address, destination_virtual_address datareuse_fixup.randbytes.hex(), instruction_virtual_address, destination_virtual_address