admin/SuperMega
1
0
Fork 0
mirror of https://github.com/dobin/SuperMega synced 2026-06-02 17:27:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor: improve sirallocalot

Browse Source
This commit is contained in:
Dobin
2024-07-07 12:36:15 +01:00
parent b868c29c7d
commit 4bed8d1a95
4 changed files with 38 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files
data/source/antiemulation/sirallocalot.c
+16 -23
View File
@@ -1,13 +1,16 @@
#define SIR_ITERATION_COUNT {{SIR_ITERATION_COUNT}}
#define SIR_ALLOC_COUNT {{SIR_ALLOC_COUNT}}
#define SIR_SLEEP_TIME 200 // ms
/* This will allocate SIR_ALLOC_COUNT RW memory regions,
set them to RX, and free them
set them to RX, and free them.
And this SIR_ITERATION_COUNT times.
SIR_ITERATION_COUNT: Single digits, around 5
SIR_ALLOC_COUNT: Tripple digits, around 100
Memory : SIR_ALLOC_COUNT * payload_length
Cycles : SIR_ALLOC_COUNT * payload_length * SIR_ITERATION_COUNT
Time : SIR_ALLOC_COUNT * SIR_ITERATION_COUNT * payload_length * ?
API calls: SIR_ALLOC_COUNT * SIR_ITERATION_COUNT * 3
The idea is that the AV emulator will probably give up, either because
of used memory is above maximum, or amount of instructions, or
@@ -18,11 +21,11 @@
*/
void antiemulation() {
void* allocs[SIR_ALLOC_COUNT];
void* allocs[{{SIR_ALLOC_COUNT}}];
DWORD result;
for(int i=0; i<SIR_ITERATION_COUNT; i++) {
for(int n=0; n<SIR_ALLOC_COUNT; n++) {
for(int i=0; i<{{SIR_ITERATION_COUNT}}; i++) {
for(int n=0; n<{{SIR_ALLOC_COUNT}}; n++) {
allocs[n] = VirtualAlloc(
NULL,
{{PAYLOAD_LEN}},
@@ -37,33 +40,23 @@ void antiemulation() {
}
}
// Write something.
/*for(int n=0; n<SIR_ALLOC_COUNT; n++) {
char *alloc = allocs[n];
alloc[0] = 0; // overwrite the first byte
}*/
for(int n=0; n<SIR_ALLOC_COUNT; n++) {
for(int n=0; n<{{SIR_ALLOC_COUNT}}; n++) {
if (VirtualProtect(
allocs[n],
{{PAYLOAD_LEN}},
p_RX,
&result) == 0)
{
return 7;
return;
}
}
Sleep(SIR_SLEEP_TIME);
BOOL bSuccess;
for(int n=0; n<SIR_ALLOC_COUNT; n++) {
for(int n=0; n<{{SIR_ALLOC_COUNT}}; n++) {
bSuccess = VirtualFree(
allocs[n],
{{PAYLOAD_LEN}},
0x00008000); // MEM_RELEASE
}
}
}
data/source/carrier/change_rw_rx/template.c
+2
View File
@@ -22,6 +22,8 @@ char *supermega_payload;
{{plugin_executionguardrail}}
{{plugin_virtualprotect}}
int main()
{
model/settings.py
+4
View File
@@ -23,6 +23,10 @@ class Settings():
self.dllfunc: str = "" # For DLL injection
# Anti-debugging
self.sir_iteration_count: int = 5
self.sir_alloc_count: int = 100
# Injectable
self.carrier_invoke_style: CarrierInvokeStyle = CarrierInvokeStyle.BackdoorCallInstr
self.inject_exe_in: FilePath = ""
phases/templater.py
+10 -6
View File
@@ -60,15 +60,19 @@ def create_c_from_template(settings: Settings, payload_len: int):
filepath_antiemulation = PATH_ANTIEMULATION + "{}.c".format(
settings.plugin_antiemulation)
with open(filepath_antiemulation, "r", encoding='utf-8') as file:
sir_iteration_count = 5
sir_alloc_count = (int(config.get("sir_target_mem")) / payload_len)+1
sir_iteration_count = settings.sir_iteration_count
sir_alloc_count = settings.sir_alloc_count
# sir_alloc_count = int((int(config.get("sir_target_mem")) / payload_len))+1
max_alloc_count = 256
if sir_alloc_count > max_alloc_count:
# if too large, compiler will add a __checkstk dependency
if sir_alloc_count > 256:
sir_alloc_count = 256
logging.info(" AntiEmulation target: iterations: {} alloc: {}".format(
logging.warning("Too large sir allocation count {}, setting to max {}".format(
sir_alloc_count, max_alloc_count
))
sir_alloc_count = max_alloc_count
logging.info("> AntiEmulation: iterations: {} allocs: {}".format(
sir_iteration_count, sir_alloc_count)
)
plugin_antiemualation = file.read()
plugin_antiemualation = Template(plugin_antiemualation).render({
'PAYLOAD_LEN': payload_len,