fix: peb_reuse bugs and similar

2026-06-03 01:27:11 +00:00 · 2024-02-28 20:12:52 +00:00
parent ac31152b01
commit 87c0cc2944
5 changed files with 30 additions and 50 deletions
@@ -223,7 +223,7 @@ Trailing {sect_name} bytes:
        cs = None
        ks = None

-        if self.arch == 'x86':
+        if self.mype.arch == 'x86':
            cs = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_32 + capstone.CS_MODE_LITTLE_ENDIAN)
            ks = keystone.Ks(keystone.KS_ARCH_X86, keystone.KS_MODE_32 + keystone.KS_MODE_LITTLE_ENDIAN)
        else:    
@@ -247,7 +247,7 @@ Trailing {sect_name} bytes:
        output = self.mype.disasmBytes(cs, ks, disasmData, ep, 128, self.backdoorInstruction)

        # store offset... by calculating it first FUCK
-        section = self._get_code_section()
+        section = self.mype.get_code_section()
        self.backdoorOffsetRel = output - section.VirtualAddress

        if output != 0:
@@ -274,7 +274,7 @@ Trailing {sect_name} bytes:

        registers = ['rax', 'rbx', 'rcx', 'rdx', 'rsi', 'rdi']

-        if self.arch == 'x86':
+        if self.mype.arch == 'x86':
            registers = ['eax', 'ebx', 'ecx', 'edx', 'esi', 'edi'] 

        reg = random.choice(registers).upper()
@@ -84,23 +84,13 @@ class MyPe():
    
    
    def addImageBaseRelocations(self, pageRva, relocs):
-        relocType = MyPe.IMAGE_REL_BASED_HIGHLOW
-
-        if self.arch == 'x64': 
-            relocType = MyPe.IMAGE_REL_BASED_DIR64
+        assert pageRva > 0

        if not self.pe.has_relocs():
            logger.error("No .reloc section")
            raise(Exception("No .reloc section"))
-        else:
-            self.addRelocs(pageRva, relocs)
-
-
-    def addRelocs(self, pageRva, relocs):
-        assert pageRva > 0

        imageBaseRelocType = MyPe.IMAGE_REL_BASED_HIGHLOW
-
        if self.arch == 'x64':
            imageBaseRelocType = MyPe.IMAGE_REL_BASED_DIR64

@@ -128,7 +118,7 @@ class MyPe():
        # SizeOfBlock
        self.pe.set_dword_at_rva(addr + relocsSize + 4, sizeOfReloc)

-        logger.debug(f'Adding {len(relocs)} relocations for Page RVA 0x{pageRva:x} - size of block: 0x{sizeOfReloc:x}')
+        logger.info(f'Adding {len(relocs)} relocations for Page RVA 0x{pageRva:x} - size of block: 0x{sizeOfReloc:x}')

        i = 0
        for reloc in relocs:
@@ -137,7 +127,7 @@ class MyPe():

            relocWord = (reloc_type | reloc_offset)
            self.pe.set_word_at_rva(relocDirRva + relocsSize + 8 + i * 2, relocWord)
-            logger.debug(f'\tReloc{i} for addr 0x{reloc:x}: 0x{relocWord:x} - 0x{reloc_offset:x} - type: {imageBaseRelocType}')
+            logger.info(f'\tReloc{i} for addr 0x{reloc:x}: 0x{relocWord:x} - 0x{reloc_offset:x} - type: {imageBaseRelocType}')
            i += 1


@@ -174,7 +164,7 @@ class MyPe():
        data = disasmData[startOffset:startOffset + length]

        for instr in cs.disasm(data, startOffset):
-            self._printInstr(instr, depth)
+            self.printInstr(instr, depth)

            if len(instr.operands) == 1:
                operand = instr.operands[0]