From 786b21ca4ab6fe39a0a8a3b0f9973fe539aaf98e Mon Sep 17 00:00:00 2001
From: Dobin <dobin.rutishauser@gmail.com>
Date: Fri, 9 Feb 2024 19:57:02 +0000
Subject: [PATCH] feature: observer with all the steps into a file

---
 .gitignore   |  3 ++-
 model.py     | 23 +++++++++++++++++++++++
 observer.py  | 36 ++++++++++++++++++++++++++++++++++++
 supermega.py | 48 ++++++++++++++++++------------------------------
 4 files changed, 79 insertions(+), 31 deletions(-)
 create mode 100644 observer.py

diff --git a/.gitignore b/.gitignore
index 503a47d..f1a2e97 100644
--- a/.gitignore
+++ b/.gitignore
@@ -10,4 +10,5 @@ bak/
 build/
 out/
 tools/
-doc/
\ No newline at end of file
+doc/
+*.pickle
\ No newline at end of file
diff --git a/model.py b/model.py
index a222eea..6718823 100644
--- a/model.py
+++ b/model.py
@@ -1,6 +1,29 @@
 from typing import Dict
 import pehelper
 import pefile
+from enum import Enum
+
+class AllocStyle(Enum):
+    RWX = 1
+    RW_X = 2
+    REUSE = 3
+
+class ExecStyle(Enum):
+    CALL = 1,
+    JMP = 2,
+    FIBER = 3,
+
+class CopyStyle(Enum):
+    SIMPLE = 1
+
+class DataRefStyle(Enum):
+    APPEND = 1
+
+#class InjectStyle(Enum):
+    
+class SourceStyle(Enum):
+    peb_walk = 1
+    iat_reuse = 2
 
 
 class Capability():
diff --git a/observer.py b/observer.py
new file mode 100644
index 0000000..ff23444
--- /dev/null
+++ b/observer.py
@@ -0,0 +1,36 @@
+from model import *
+
+
+class Observer():
+    def __init__(self):
+        self.capabilities_a: ExeCapabilities = None
+        self.options: SourceStyle = None
+        self.main_c: str = ""
+        self.payload_asm_orig: bytes = ""
+        self.payload_asm_cleanup: bytes = ""
+        self.payload_asm_fixup: bytes = ""
+        self.loader_shellcode: bytes = b""
+        self.final_shellcode: bytes = b""
+
+    def __str__(self):
+        s = ""
+        s += "{} {}\n\n".format(
+            self.capabilities_a,
+            self.options,)
+
+        s += "Main: {} Payload Orig: {} Payload Cleanup: {}\n".format(
+            len(self.main_c),
+            len(self.payload_asm_orig),
+            len(self.payload_asm_cleanup),
+
+        )
+        s += "fixup: {} loader: {} final: {}\n".format(
+            len(self.payload_asm_fixup),
+            len(self.loader_shellcode),
+            len(self.final_shellcode),
+        )
+    
+        return s
+
+
+observer = Observer()
\ No newline at end of file
diff --git a/supermega.py b/supermega.py
index f85ec3c..caf675c 100644
--- a/supermega.py
+++ b/supermega.py
@@ -3,6 +3,7 @@ from enum import Enum
 from helper import *
 import argparse
 from typing import Dict
+import pickle
 
 from model import *
 from config import config
@@ -10,30 +11,7 @@ from pehelper import *
 from phases.ctoasm import *
 from phases.asmtoshc import *
 from phases.shctoexe import *
-
-
-class AllocStyle(Enum):
-    RWX = 1
-    RW_X = 2
-    REUSE = 3
-
-class ExecStyle(Enum):
-    CALL = 1,
-    JMP = 2,
-    FIBER = 3,
-
-class CopyStyle(Enum):
-    SIMPLE = 1
-
-class DataRefStyle(Enum):
-    APPEND = 1
-
-#class InjectStyle(Enum):
-    
-class SourceStyle(Enum):
-    peb_walk = 1
-    iat_reuse = 2
-
+from observer import observer
 
 
 options_default = {
@@ -227,13 +205,18 @@ def start(options):
     else:
         options["source_style"] = SourceStyle.peb_walk
 
+    observer.capabilities_a = capabilities
+    observer.options = options
+
     print("--[ SourceStyle: {}".format(options["source_style"].name))
 
     # Copy: loader C files into working directory: build/
     if options["source_style"] == SourceStyle.peb_walk:
+        observer.main_c = file_readall_text("source/peb_walk/main.c")
         shutil.copy("source/peb_walk/main.c", "build/main.c")
         shutil.copy("source/peb_walk/peb_lookup.h", "build/peb_lookup.h")
     elif options["source_style"] == SourceStyle.iat_reuse:
+        observer.main_c = file_readall_text("source/iat_reuse/main.c")
         shutil.copy("source/iat_reuse/main.c", "build/main.c")
 
     # Convert: C -> ASM
@@ -242,16 +225,16 @@ def start(options):
         with open(options["payload"], 'rb') as input2:
             data_payload = input2.read()
             payload_length = len(data_payload)
-            debug_data["payload_shellcode"] = data_payload
+            observer.payload_asm_orig = data_payload
         asm = make_c_to_asm(main_c_file, main_asm_file, payload_length, capabilities)
-        debug_data["asm_initial"] = asm["initial"]
-        debug_data["asm_cleanup"] = asm["cleanup"]
-        debug_data["asm_fixup"] = asm["fixup"]
+        #observer.payload_asm_orig = asm["initial"]
+        observer.payload_asm_cleanup = asm["cleanup"]
+        observer.payload_asm_fixup = asm["fixup"]
 
     # Convert: ASM -> Shellcode
     if options["generate_shc_from_asm"]:
         code = make_shc_from_asm(main_asm_file, main_exe_file, main_shc_file)
-        debug_data["loader_shellcode"] = code
+        observer.loader_shellcode = code
     
     # Try: Starting the shellcode (rarely useful)
     if options["try_start_loader_shellcode"]:
@@ -279,7 +262,7 @@ def start(options):
         with open(main_shc_file, 'wb') as output:
             data = data_stager + data_payload
             output.write(data)
-            debug_data["final_shellcode"] = data
+            observer.final_shellcode = data
 
         if options["verify"] and options["source_style"] == SourceStyle.peb_walk:
             print("--[ Verify final shellcode ]")
@@ -314,6 +297,11 @@ def start(options):
                 options["inject_exe_out"],
             ], stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
 
+    # dump
+    file = open('latest.pickle', 'wb')
+    pickle.dump(data, file)
+    file.close()
+
     if options["cleanup_files_on_exit"]:
         clean_files()