From 849df50dc8694f56e3afbf747208058c8a21b6db Mon Sep 17 00:00:00 2001 From: Dobin Date: Sun, 19 May 2024 10:33:06 +0100 Subject: [PATCH] refactor: remove source_style enum, do it with directories --- app/storage.py | 8 ++++-- app/templates/project.html | 8 +++--- app/views_project.py | 15 +++++----- model/defs.py | 2 -- model/payload.py | 1 + model/project.py | 5 +++- model/settings.py | 10 +++---- phases/injector.py | 39 ++++++++++++------------- phases/templater.py | 55 ++++++++++++++++-------------------- supermega.py | 28 ++++++++---------- tester.py | 58 ++++++++++++++++++-------------------- 11 files changed, 110 insertions(+), 119 deletions(-) diff --git a/app/storage.py b/app/storage.py index ce2961d..f535230 100644 --- a/app/storage.py +++ b/app/storage.py @@ -2,12 +2,15 @@ import pickle import os import yaml import pickle +import logging from typing import List, Tuple from model.defs import * from model.project import WebProject +logger = logging.getLogger("Storage") + class Storage(): def __init__(self): pass @@ -19,19 +22,20 @@ class Storage(): project = self.get_project(project_name) if project is None: continue - project.settings.prep_web(project_name) + project.settings.prep_web() projects.append(project) return projects def get_project(self, project_name: str) -> WebProject: + logger.debug("Load project: {}".format(project_name)) path = "{}/{}".format(PATH_WEB_PROJECT, project_name) json_path = "{}/project.pickle".format(path) if not os.path.exists(json_path): return None with open(json_path, "rb") as f: project = pickle.load(f) - project.settings.prep_web(project_name) + project.settings.prep_web() return project diff --git a/app/templates/project.html b/app/templates/project.html index 90d1414..9b867cb 100644 --- a/app/templates/project.html +++ b/app/templates/project.html @@ -112,11 +112,11 @@
- + {% for name in carrier_names %} + {% if name in project.settings.carrier_name %} selected {% endif %} + >{{name}} {% endfor %} diff --git a/app/views_project.py b/app/views_project.py index d677e7f..11dcb9f 100644 --- a/app/views_project.py +++ b/app/views_project.py @@ -18,6 +18,7 @@ from supermega import start from app.storage import storage, WebProject from sender import scannerDetectsBytes from phases.injector import verify_injected_exe +from phases.templater import get_template_names from helper import run_process_checkret, run_exe from model.project import prepare_project from pe.superpe import SuperPe @@ -90,13 +91,13 @@ def project(name): superpe.get_rdata_relocmanager().find_largest_gap() unresolved_dlls = pe.dllresolver.unresolved_dlls(superpe) - project_dir = os.path.dirname(os.path.abspath(project.settings.inject_exe_out)) + project_dir = os.path.dirname(os.getcwd() + "\\" + project.settings.main_dir) log_files = get_logfiles(project.settings.main_dir) exes = list_files_and_sizes(PATH_EXES, prepend=PATH_EXES) exes += list_files_and_sizes(PATH_EXES_MORE, prepend=PATH_EXES_MORE) shellcodes = list_files_and_sizes(PATH_SHELLCODES) - function_invoke_styles = [(color.name, color.value) for color in FunctionInvokeStyle] + carrier_names = get_template_names() decoderstyles = [(color.name, color.value) for color in DecoderStyle] carrier_invoke_styles = [(color.name, color.value) for color in CarrierInvokeStyle] payload_locations = [(color.name, color.value) for color in PayloadLocation] @@ -109,7 +110,7 @@ def project(name): exes=exes, shellcodes=shellcodes, - function_invoke_styles=function_invoke_styles, + carrier_names=carrier_names, decoderstyles=decoderstyles, carrier_invoke_styles=carrier_invoke_styles, payload_locations=payload_locations, @@ -147,9 +148,9 @@ def list_files_and_sizes(directory, prepend=""): @views_project.route("/project_add", methods=['POST', 'GET']) def add_project(): if request.method == 'POST': - settings = Settings() - project_name = request.form['project_name'] + + settings = Settings(project_name) comment = request.form['comment'] # new project? @@ -176,8 +177,8 @@ def add_project(): settings.fix_missing_iat = True if request.form.get('fix_missing_iat') != None else False - source_style = request.form['source_style'] - settings.source_style = FunctionInvokeStyle[source_style] + carrier_name = request.form['carrier_name'] + settings.carrier_name = carrier_name carrier_invoke_style = request.form['carrier_invoke_style'] settings.carrier_invoke_style = CarrierInvokeStyle[carrier_invoke_style] diff --git a/model/defs.py b/model/defs.py index 1a8ca65..f570e94 100644 --- a/model/defs.py +++ b/model/defs.py @@ -12,8 +12,6 @@ PATH_EXES = "data/binary/exes/" PATH_EXES_MORE = "data/binary/exes_more/" PATH_SHELLCODES = "data/binary/shellcodes/" PATH_CARRIER = "data/source/carrier/" -PATH_PEB_WALK = "data/source/carrier/peb_walk/" -PATH_IAT_REUSE = "data/source/carrier/iat_reuse/" PATH_PAYLOAD = "data/source/payload/" PATH_DECODER = "data/source/carrier/decoder/" diff --git a/model/payload.py b/model/payload.py index c498ebd..a8d7f76 100644 --- a/model/payload.py +++ b/model/payload.py @@ -5,6 +5,7 @@ from model.defs import * logger = logging.getLogger("Payload") + class Payload(): def __init__(self, filepath: FilePath): self.payload_path: FilePath = filepath diff --git a/model/project.py b/model/project.py index a508138..d2418c4 100644 --- a/model/project.py +++ b/model/project.py @@ -34,9 +34,12 @@ class Project(): def prepare_project(project_name, settings): - src = "{}{}/".format(PATH_CARRIER, settings.source_style.value) + src = "{}{}/".format(PATH_CARRIER, settings.carrier_name) dst = "{}{}/".format(PATH_WEB_PROJECT, project_name) + if not os.path.exists(dst): + os.makedirs(dst) + # delete all files in dst directory for file in os.listdir(dst): if file == "project.pickle": diff --git a/model/settings.py b/model/settings.py index 84cd5e2..9e169e3 100644 --- a/model/settings.py +++ b/model/settings.py @@ -5,11 +5,12 @@ logger = logging.getLogger("Views") class Settings(): - def __init__(self): + def __init__(self, project_name: str = "default"): + self.project_name = project_name self.payload_path: FilePath = "" # Settings - self.source_style: FunctionInvokeStyle = FunctionInvokeStyle.peb_walk + self.carrier_name: str = "" self.decoder_style: DecoderStyle = DecoderStyle.XOR_1 self.short_call_patching: bool = False @@ -34,9 +35,8 @@ class Settings(): self.payload_location = PayloadLocation.DATA - def prep_web(self, project_name): - self.main_dir = "{}{}/".format(PATH_WEB_PROJECT, project_name) - self.template_path = self.main_dir + "template.c" + def prep_web(self): + self.main_dir = "{}{}/".format(PATH_WEB_PROJECT, self.project_name) self.main_c_path = self.main_dir + "main.c" self.main_asm_path = self.main_dir + "main.asm" self.main_exe_path = self.main_dir + "main.exe" diff --git a/phases/injector.py b/phases/injector.py index 4d91230..f6410b5 100644 --- a/phases/injector.py +++ b/phases/injector.py @@ -21,7 +21,6 @@ def inject_exe(main_shc: bytes, settings: Settings, carrier: Carrier): exe_in = settings.inject_exe_in exe_out = settings.inject_exe_out carrier_invoke_style: CarrierInvokeStyle = settings.carrier_invoke_style - source_style: FunctionInvokeStyle = settings.source_style logger.info("--[ Injecting: into {} -> {}".format(exe_in, exe_out)) @@ -38,25 +37,24 @@ def inject_exe(main_shc: bytes, settings: Settings, carrier: Carrier): function_backdoorer = FunctionBackdoorer(superpe) # Patch IAT (if necessary and wanted) - if source_style == FunctionInvokeStyle.iat_reuse: - for iatRequest in carrier.get_all_iat_requests(): - # skip available - addr = superpe.get_vaddr_of_iatentry(iatRequest.name) - if addr != None: - logger.info(" IAT {} is at: 0x{:X}".format(iatRequest.name, addr)) - continue - iat_name = superpe.get_replacement_iat_for("KERNEL32.dll", iatRequest.name) + for iatRequest in carrier.get_all_iat_requests(): + # skip available + addr = superpe.get_vaddr_of_iatentry(iatRequest.name) + if addr != None: + logger.info(" IAT {} is at: 0x{:X}".format(iatRequest.name, addr)) + continue + iat_name = superpe.get_replacement_iat_for("KERNEL32.dll", iatRequest.name) - if not settings.fix_missing_iat: - raise Exception("Error: {} not available, but fix_missing_iat is False".format( - iatRequest.name - )) - # do the patch - superpe.patch_iat_entry("KERNEL32.dll", iat_name, iatRequest.name) + if not settings.fix_missing_iat: + raise Exception("Error: {} not available, but fix_missing_iat is False".format( + iatRequest.name + )) + # do the patch + superpe.patch_iat_entry("KERNEL32.dll", iat_name, iatRequest.name) - # we modify the IAT raw, so reparsing is required - superpe.pe.parse_data_directories() - superpe.init_iat_entries() + # we modify the IAT raw, so reparsing is required + superpe.pe.parse_data_directories() + superpe.init_iat_entries() shellcode_offset: int = 0 # file offset @@ -121,9 +119,8 @@ def inject_exe(main_shc: bytes, settings: Settings, carrier: Carrier): addr)) function_backdoorer.backdoor_function(addr, shellcode_rva, shellcode_len) - if source_style == FunctionInvokeStyle.iat_reuse: - logger.info("--( Fix shellcode to re-use IAT entries") - injected_fix_iat(superpe, carrier) + logger.info("--( Fix shellcode to re-use IAT entries") + injected_fix_iat(superpe, carrier) logger.info("--( Fix shellcode to reference data stored in .rdata") injected_fix_data(superpe, carrier) diff --git a/phases/templater.py b/phases/templater.py index 0bc01ee..2d8eac7 100644 --- a/phases/templater.py +++ b/phases/templater.py @@ -1,6 +1,7 @@ from jinja2 import Template import shutil import logging +from typing import List from helper import * from observer import observer @@ -10,6 +11,17 @@ from model.settings import Settings logger = logging.getLogger("Assembler") +def get_template_names() -> List[str]: + templates = [] + for filename in os.listdir(PATH_CARRIER): + if filename.startswith("."): + continue + if filename == "common" or filename == "decoder": + continue + templates.append(filename) + return templates + + def create_c_from_template(settings: Settings, payload_len: int): logger.info("--( Create C from template: {} -> {}".format( PATH_DECODER, settings.main_c_path)) @@ -24,34 +36,17 @@ def create_c_from_template(settings: Settings, payload_len: int): 'XOR_KEY': config.xor_key, }) - # C Template: peb_walk - if settings.source_style == FunctionInvokeStyle.peb_walk: - with open(settings.template_path, 'r', encoding='utf-8') as file: - template_content = file.read() - observer.add_text_file("main_c_template", template_content) + # Choose correct template + dirpath = PATH_CARRIER + settings.carrier_name + "/template.c" + with open(dirpath, 'r', encoding='utf-8') as file: + template_content = file.read() + observer.add_text_file("main_c_template", template_content) - template = Template(template_content) - rendered_template = template.render({ - 'plugin_decoder': plugin_decoder, - 'PAYLOAD_LEN': payload_len, - }) - with open(settings.main_c_path, "w", encoding='utf-8') as file: - file.write(rendered_template) - observer.add_text_file("main_c_rendered", rendered_template) - - # C Template: iat_reuse - elif settings.source_style == FunctionInvokeStyle.iat_reuse: - with open(PATH_IAT_REUSE + "template.c", 'r', encoding='utf-8') as file: - template_content = file.read() - observer.add_text_file("main_c_template", template_content) - template = Template(template_content) - rendered_template = template.render({ - 'plugin_decoder': plugin_decoder, - 'PAYLOAD_LEN': payload_len, - }) - with open(settings.main_c_path, "w", encoding='utf-8') as file: - file.write(rendered_template) - observer.add_text_file("main_c_rendered", rendered_template) - - else: - raise Exception("Invalid source style: {}".format(settings.source_style)) + template = Template(template_content) + rendered_template = template.render({ + 'plugin_decoder': plugin_decoder, + 'PAYLOAD_LEN': payload_len, + }) + with open(settings.main_c_path, "w", encoding='utf-8') as file: + file.write(rendered_template) + observer.add_text_file("main_c_rendered", rendered_template) diff --git a/supermega.py b/supermega.py index a306075..8a76016 100644 --- a/supermega.py +++ b/supermega.py @@ -30,7 +30,7 @@ def main(): parser = argparse.ArgumentParser(description='SuperMega shellcode loader') parser.add_argument('--shellcode', type=str, help='The path to the file of your payload shellcode') parser.add_argument('--inject', type=str, help='The path to the file where we will inject ourselves in') - parser.add_argument('--function_invoke_style', type=str, help='peb_walk or iat_reuse') + parser.add_argument('--carrier', type=str, help='carrier name (peb_walk, iat_reuse, ...)') parser.add_argument('--decoder', type=str, help='Template: which decoder plugin') parser.add_argument('--carrier_invoke', type=str, help='Redbackdoorer run argument (1 EAP, 2 hijack)') parser.add_argument('--start-injected', action='store_true', help='Dev: Start the generated infected executable at the end') @@ -52,11 +52,8 @@ def main(): if args.short_call_patching: settings.short_call_patching = True - if args.function_invoke_style: - if args.function_invoke_style == "peb_walk": - settings.source_style = FunctionInvokeStyle.peb_walk - elif args.function_invoke_style == "iat_reuse": - settings.source_style = FunctionInvokeStyle.iat_reuse + if args.carrier: + settings.carrier_name = args.carrier if args.decoder: if args.decoder == "plain_1": settings.decoder_style = DecoderStyle.PLAIN_1 @@ -89,7 +86,7 @@ def main(): settings.inject_exe_in = args.inject settings.inject_exe_out = args.inject.replace(".exe", ".infected.exe").replace(".dll", ".infected.dll") - settings.prep_web("default") + settings.prep_web() write_webproject("default", settings) exit_code = start(settings) exit(exit_code) @@ -107,7 +104,7 @@ def start(settings: Settings) -> int: observer.reset() # Prepare the project: copy all files to projects// - prepare_project("default", settings) + prepare_project(settings.project_name, settings) # Do the thing and catch the errors if False: @@ -142,7 +139,7 @@ def start_real(settings: Settings): raise Exception("Binary is not 64bit: {}".format(project.settings.inject_exe_in)) logger.info("--[ Config: {} {} {} {}".format( - project.settings.source_style.value, + project.settings.carrier_name, settings.payload_location.value, project.settings.decoder_style.value, project.settings.carrier_invoke_style.value)) @@ -170,13 +167,12 @@ def start_real(settings: Settings): # we have the carrier-required IAT entries in carrier.iat_requests # CHECK if all are available in infectable, or abort (early check) - if settings.source_style == FunctionInvokeStyle.iat_reuse: - functions = project.carrier.get_unresolved_iat() - if len(functions) != 0: - if settings.fix_missing_iat: - logger.info("--[ Fixing missing IAT entries: {}".format(", ".join(functions))) - else: - raise Exception("IAT entry not found: {}".format(", ".join(functions))) + functions = project.carrier.get_unresolved_iat() + if len(functions) != 0: + if settings.fix_missing_iat: + logger.info("--[ Fixing missing IAT entries: {}".format(", ".join(functions))) + else: + raise Exception("IAT entry not found: {}".format(", ".join(functions))) # ASSEMBLE: Assemble .asm to .shc (ASM -> SHC) if settings.generate_shc_from_asm: diff --git a/tester.py b/tester.py index 5c4c4ed..13cfa91 100644 --- a/tester.py +++ b/tester.py @@ -22,17 +22,16 @@ def main(): def test_exe_code(): print("Testing: EXEs: Inject payload into .text") - settings = Settings() + settings = Settings("unittest") settings.payload_path = PATH_SHELLCODES + "createfile.bin" settings.verify = True settings.try_start_final_infected_exe = False settings.payload_location = PayloadLocation.CODE - settings.prep_web("unittest") - prepare_project("unittest", settings) + settings.prep_web() # 7z, peb-walk, change-entrypoint print("Test EXE 1/4: 7z, peb-walk, change-entrypoint") - settings.source_style = FunctionInvokeStyle.peb_walk + settings.carrier_name = "peb_walk" settings.carrier_invoke_style = CarrierInvokeStyle.ChangeEntryPoint settings.inject_exe_in = PATH_EXES + "7z.exe" settings.inject_exe_out = PATH_EXES + "7z.verify.exe" @@ -41,7 +40,7 @@ def test_exe_code(): # 7z, peb-walk, hijack print("Test EXE 2/4: 7z, peb-walk, hijack main") - settings.source_style = FunctionInvokeStyle.peb_walk + settings.carrier_name = "peb_walk" settings.carrier_invoke_style = CarrierInvokeStyle.BackdoorCallInstr settings.inject_exe_in = PATH_EXES + "7z.exe" settings.inject_exe_out = PATH_EXES + "7z.verify.exe" @@ -50,7 +49,7 @@ def test_exe_code(): # procexp, iat-reuse, change-entrypoint print("Test EXE 3/4: procexp, iat-reuse, change-entrypoint") - settings.source_style = FunctionInvokeStyle.iat_reuse + settings.carrier_name = "iat_reuse" settings.carrier_invoke_style = CarrierInvokeStyle.ChangeEntryPoint settings.inject_exe_in = PATH_EXES + "procexp64.exe" settings.inject_exe_out = PATH_EXES + "procexp64.verify.exe" @@ -59,7 +58,7 @@ def test_exe_code(): # procexp, iat-reuse, backdoor print("Test EXE 4/4: procexp, iat-reuse, backdoor") - settings.source_style = FunctionInvokeStyle.iat_reuse + settings.carrier_name = "iat_reuse" settings.carrier_invoke_style = CarrierInvokeStyle.BackdoorCallInstr settings.inject_exe_in = PATH_EXES + "procexp64.exe" settings.inject_exe_out = PATH_EXES + "procexp64.verify.exe" @@ -69,17 +68,16 @@ def test_exe_code(): def test_exe_data(): print("Testing: EXEs: Inject into .data") - settings = Settings() + settings = Settings("unittest") settings.payload_path = PATH_SHELLCODES + "createfile.bin" settings.verify = True settings.try_start_final_infected_exe = False settings.payload_location = PayloadLocation.DATA - settings.prep_web("unittest") - prepare_project("unittest", settings) + settings.prep_web() # 7z, peb-walk, change-entrypoint print("Test EXE 1/4: 7z, peb-walk, change-entrypoint") - settings.source_style = FunctionInvokeStyle.peb_walk + settings.carrier_name = "peb_walk" settings.carrier_invoke_style = CarrierInvokeStyle.ChangeEntryPoint settings.inject_exe_in = PATH_EXES + "7z.exe" settings.inject_exe_out = PATH_EXES + "7z.verify.exe" @@ -88,7 +86,7 @@ def test_exe_data(): # 7z, peb-walk, hijack print("Test EXE 2/4: 7z, peb-walk, hijack main") - settings.source_style = FunctionInvokeStyle.peb_walk + settings.carrier_name = "peb_walk" settings.carrier_invoke_style = CarrierInvokeStyle.BackdoorCallInstr settings.inject_exe_in = PATH_EXES + "7z.exe" settings.inject_exe_out = PATH_EXES + "7z.verify.exe" @@ -97,7 +95,7 @@ def test_exe_data(): # procexp, iat-reuse, change-entrypoint print("Test EXE 3/4: procexp, iat-reuse, change-entrypoint") - settings.source_style = FunctionInvokeStyle.iat_reuse + settings.carrier_name = "iat_reuse" settings.carrier_invoke_style = CarrierInvokeStyle.ChangeEntryPoint settings.inject_exe_in = PATH_EXES + "procexp64.exe" settings.inject_exe_out = PATH_EXES + "procexp64.verify.exe" @@ -106,7 +104,7 @@ def test_exe_data(): # procexp, iat-reuse, backdoor print("Test EXE 4/4: procexp, iat-reuse, backdoor") - settings.source_style = FunctionInvokeStyle.iat_reuse + settings.carrier_name = "iat_reuse" settings.carrier_invoke_style = CarrierInvokeStyle.BackdoorCallInstr settings.inject_exe_in = PATH_EXES + "procexp64.exe" settings.inject_exe_out = PATH_EXES + "procexp64.verify.exe" @@ -116,16 +114,15 @@ def test_exe_data(): def test_dll_code(): print("Testing: DLLs code") - settings = Settings() + settings = Settings("unittest") settings.payload_path = PATH_SHELLCODES + "createfile.bin" settings.verify = True settings.try_start_final_infected_exe = False settings.payload_location = PayloadLocation.CODE - settings.prep_web("unittest") - prepare_project("unittest", settings) + settings.prep_web() print("Test DLL 1/6: libbz2-1.dll, peb-walk, change-entrypoint dllMain (func=None)") - settings.source_style = FunctionInvokeStyle.peb_walk + settings.carrier_name = "peb_walk" settings.carrier_invoke_style = CarrierInvokeStyle.ChangeEntryPoint settings.inject_exe_in = PATH_EXES + "libbz2-1.dll" settings.inject_exe_out = PATH_EXES + "libbz2-1.verify.dll" @@ -133,7 +130,7 @@ def test_dll_code(): print("Error") print("Test DLL 2/6: libbz2-1.dll, peb-walk, hijack dllMain (func=None)") - settings.source_style = FunctionInvokeStyle.peb_walk + settings.carrier_name = "peb_walk" settings.carrier_invoke_style = CarrierInvokeStyle.BackdoorCallInstr settings.inject_exe_in = PATH_EXES + "libbz2-1.dll" settings.inject_exe_out = PATH_EXES + "libbz2-1.verify.dll" @@ -142,7 +139,7 @@ def test_dll_code(): print("Test DLL 3/6: libbz2-1.dll, peb-walk, change-entrypoint, func=BZ2_bzDecompress") settings.dllfunc = "BZ2_bzDecompress" - settings.source_style = FunctionInvokeStyle.peb_walk + settings.carrier_name = "peb_walk" settings.carrier_invoke_style = CarrierInvokeStyle.ChangeEntryPoint settings.inject_exe_in = PATH_EXES + "libbz2-1.dll" settings.inject_exe_out = PATH_EXES + "libbz2-1.verify.dll" @@ -151,7 +148,7 @@ def test_dll_code(): print("Test DLL 4/6: libbz2-1.dll, peb-walk, hijack main, func=BZ2_bzdopen") settings.dllfunc = "BZ2_bzdopen" - settings.source_style = FunctionInvokeStyle.peb_walk + settings.carrier_name = "peb_walk" settings.carrier_invoke_style = CarrierInvokeStyle.BackdoorCallInstr settings.inject_exe_in = PATH_EXES + "libbz2-1.dll" settings.inject_exe_out = PATH_EXES + "libbz2-1.verify.dll" @@ -159,19 +156,17 @@ def test_dll_code(): print("Error") - def test_dll_data(): print("Testing: DLLs data") - settings = Settings() + settings = Settings("unittest") settings.payload_path = PATH_SHELLCODES + "createfile.bin" settings.verify = True settings.try_start_final_infected_exe = False settings.payload_location = PayloadLocation.DATA - settings.prep_web("unittest") - prepare_project("unittest", settings) + settings.prep_web() print("Test DLL 1/6: libbz2-1.dll, peb-walk, change-entrypoint dllMain (func=None)") - settings.source_style = FunctionInvokeStyle.peb_walk + settings.carrier_name = "peb_walk" settings.carrier_invoke_style = CarrierInvokeStyle.ChangeEntryPoint settings.inject_exe_in = PATH_EXES + "libbz2-1.dll" settings.inject_exe_out = PATH_EXES + "libbz2-1.verify.dll" @@ -179,7 +174,7 @@ def test_dll_data(): print("Error") print("Test DLL 2/6: libbz2-1.dll, peb-walk, hijack dllMain (func=None)") - settings.source_style = FunctionInvokeStyle.peb_walk + settings.carrier_name = "peb_walk" settings.carrier_invoke_style = CarrierInvokeStyle.BackdoorCallInstr settings.inject_exe_in = PATH_EXES + "libbz2-1.dll" settings.inject_exe_out = PATH_EXES + "libbz2-1.verify.dll" @@ -188,7 +183,7 @@ def test_dll_data(): print("Test DLL 3/6: libbz2-1.dll, peb-walk, change-entrypoint, func=BZ2_bzDecompress") settings.dllfunc = "BZ2_bzDecompress" - settings.source_style = FunctionInvokeStyle.peb_walk + settings.carrier_name = "peb_walk" settings.carrier_invoke_style = CarrierInvokeStyle.ChangeEntryPoint settings.inject_exe_in = PATH_EXES + "libbz2-1.dll" settings.inject_exe_out = PATH_EXES + "libbz2-1.verify.dll" @@ -197,7 +192,7 @@ def test_dll_data(): print("Test DLL 4/6: libbz2-1.dll, peb-walk, hijack main, func=BZ2_bzdopen") settings.dllfunc = "BZ2_bzdopen" - settings.source_style = FunctionInvokeStyle.peb_walk + settings.carrier_name = "peb_walk" settings.carrier_invoke_style = CarrierInvokeStyle.BackdoorCallInstr settings.inject_exe_in = PATH_EXES + "libbz2-1.dll" settings.inject_exe_out = PATH_EXES + "libbz2-1.verify.dll" @@ -208,7 +203,7 @@ def test_dll_data(): def dll_iat_reuse(): # procexp, iat-reuse, change-entrypoint print("Test: libbz2-1.dll, iat-reuse, change-entrypoint") - settings.source_style = FunctionInvokeStyle.iat_reuse + settings.carrier_name = "iat_reuse" settings.carrier_invoke_style = CarrierInvokeStyle.ChangeEntryPoint settings.inject_exe_in = PATH_EXES + "libbz2-1.dll" settings.inject_exe_out = PATH_EXES + "libbz2-1.verify.dll" @@ -218,7 +213,7 @@ def dll_iat_reuse(): # procexp, iat-reuse, backdoor print("Test: libbz2-1.dll, iat-reuse, backdoor") - settings.source_style = FunctionInvokeStyle.iat_reuse + settings.carrier_name = "iat_reuse" settings.carrier_invoke_style = CarrierInvokeStyle.BackdoorCallInstr settings.inject_exe_in = PATH_EXES + "libbz2-1.dll" settings.inject_exe_out = PATH_EXES + "libbz2-1.verify.dll" @@ -229,5 +224,6 @@ def dll_iat_reuse(): if __name__ == "__main__": + #setup_logging(level=logging.INFO) setup_logging(level=logging.WARNING) main()