From 8856bdae1de6a439b3fdc4fef3c0831eaead2a25 Mon Sep 17 00:00:00 2001 From: Dobin Date: Thu, 15 Feb 2024 07:27:43 +0000 Subject: [PATCH] refactor: new source files --- README.md | 17 ++++-- phases/{asmtoshc.py => assembler.py} | 0 phases/{ctoasm.py => compiler.py} | 64 +---------------------- phases/{shctoexe.py => injector.py} | 0 phases/merger.py | 0 phases/templater.py | 78 ++++++++++++++++++++++++++++ supermega.py | 21 ++++---- 7 files changed, 105 insertions(+), 75 deletions(-) rename phases/{asmtoshc.py => assembler.py} (100%) rename phases/{ctoasm.py => compiler.py} (61%) rename phases/{shctoexe.py => injector.py} (100%) create mode 100644 phases/merger.py create mode 100644 phases/templater.py diff --git a/README.md b/README.md index 9fcdb8b..eed64b1 100644 --- a/README.md +++ b/README.md @@ -51,11 +51,12 @@ Plugins: ## Installation +### Paths + Configure `config.yaml` with: * Path to Visual Studio 2022 compiler and assembler * Path to mash_shc and runshc: https://github.com/hasherezade/masm_shc. - `config.yaml`: ```yaml path_cl: 'C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\bin\Hostx64\x64\cl.exe' @@ -69,12 +70,22 @@ Make sure its the `Hostx64/x64/` one exe. Make sure to compile msmshc and runshc as 64bit. You can also replace runshc with your own shellcode loader. -Alternatively, you can maybe use a 64bit Visual Studio developer console or insert env paths: +### Environment Variables + +Use ``` "C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Auxiliary\Build\vcvars64.bat" ``` -And just use executable "cl.exe" and "ml64.exe". +or the VS developer console to find the damn environment variables, and set +it in your python console. In my case: +``` +$env:INCLUDE = "C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\include;C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\ATLMFC\include;C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Auxiliary\VS\include;C:\Program Files (x86)\Windows Kits\10\include\10.0.22621.0\ucrt;C:\Program Files (x86)\Windows Kits\10\\include\10.0.22621.0\\um;C:\Program Files (x86)\Windows Kits\10\\include\10.0.22621.0\\shared;C:\Program Files (x86)\Windows Kits\10\\include\10.0.22621.0\\winrt;C:\Program Files (x86)\Windows Kits\10\\include\10.0.22621.0\\cppwinrt;C:\Program Files (x86)\Windows Kits\NETFXSDK\4.8\include\um" +$env:LIB="C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\ATLMFC\lib\x64;C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\lib\x64;C:\Program Files (x86)\Windows Kits\NETFXSDK\4.8\lib\um\x64;C:\Program Files (x86)\Windows Kits\10\lib\10.0.22621.0\ucrt\x64;C:\Program Files (x86)\Windows Kits\10\\lib\10.0.22621.0\\um\x64" +$env:LIBPATH="C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\ATLMFC\lib\x64;C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\lib\x64;C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\lib\x86\store\references;C:\Program Files (x86)\Windows Kits\10\UnionMetadata\10.0.22621.0;C:\Program Files (x86)\Windows Kits\10\References\10.0.22621.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319" +``` + +### VS2022 Components A list of packages/components which may be required for Visual Studio 2022: * C++ 2022 Redistributable Update diff --git a/phases/asmtoshc.py b/phases/assembler.py similarity index 100% rename from phases/asmtoshc.py rename to phases/assembler.py diff --git a/phases/ctoasm.py b/phases/compiler.py similarity index 61% rename from phases/ctoasm.py rename to phases/compiler.py index 5f5827c..cd89858 100644 --- a/phases/ctoasm.py +++ b/phases/compiler.py @@ -3,7 +3,7 @@ from config import config import os import pprint from observer import observer -from jinja2 import Template + from project import project from model import * @@ -11,66 +11,6 @@ from model import * use_templates = True -def create_c_from_template(): - plugin_allocator = "" - plugin_decoder = "" - plugin_executor = "" - - with open("plugins/allocator/rwx_1.c", "r", encoding='utf-8') as file: - plugin_allocator = file.read() - - if project.decoder_style == DecoderStyle.PLAIN_1: - with open("plugins/decoder/plain_1.c", "r", encoding='utf-8') as file: - plugin_decoder = file.read() - elif project.decoder_style == DecoderStyle.XOR_1: - with open("plugins/decoder/xor_1.c", "r", encoding='utf-8') as file: - plugin_decoder = file.read() - - with open("plugins/executor/direct_1.c", "r", encoding='utf-8') as file: - plugin_executor = file.read() - - - if project.source_style == SourceStyle.peb_walk: - if use_templates: - with open("source/peb_walk/template.c", 'r', encoding='utf-8') as file: - template_content = file.read() - observer.add_text("main_c_template", template_content) - - template = Template(template_content) - rendered_template = template.render({ - 'plugin_allocator': plugin_allocator, - 'plugin_decoder': plugin_decoder, - 'plugin_executor': plugin_executor, - }) - with open("build/main.c", "w", encoding='utf-8') as file: - file.write(rendered_template) - observer.add_text("main_c_rendered", rendered_template) - shutil.copy("source/peb_walk/peb_lookup.h", "build/peb_lookup.h") - - else: - observer.add_text("main_c", file_readall_text("source/peb_walk/main.c")) - shutil.copy("source/peb_walk/main.c", "build/main.c") - shutil.copy("source/peb_walk/peb_lookup.h", "build/peb_lookup.h") - - elif project.source_style == SourceStyle.iat_reuse: - if use_templates: - with open("source/iat_reuse/template.c", 'r', encoding='utf-8') as file: - template_content = file.read() - observer.add_text("main_c_template", template_content) - template = Template(template_content) - rendered_template = template.render({ - 'plugin_allocator': plugin_allocator, - 'plugin_decoder': plugin_decoder, - 'plugin_executor': plugin_executor, - }) - with open("build/main.c", "w", encoding='utf-8') as file: - file.write(rendered_template) - observer.add_text("main_c_rendered", rendered_template) - else: - observer.add_text("main_c", file_readall_text("source/iat_reuse/main.c")) - shutil.copy("source/iat_reuse/main.c", "build/main.c") - - def make_c_to_asm(c_file, asm_file, payload_len, capabilities: ExeCapabilities): print("--[ C to ASM: {} -> {} ]".format(c_file, asm_file)) @@ -81,8 +21,6 @@ def make_c_to_asm(c_file, asm_file, payload_len, capabilities: ExeCapabilities): "fixup": "", } - # - # Phase 1: C To Assembly print("---[ Make ASM from C: {} ]".format(c_file)) run_process_checkret([ diff --git a/phases/shctoexe.py b/phases/injector.py similarity index 100% rename from phases/shctoexe.py rename to phases/injector.py diff --git a/phases/merger.py b/phases/merger.py new file mode 100644 index 0000000..e69de29 diff --git a/phases/templater.py b/phases/templater.py new file mode 100644 index 0000000..85e19a4 --- /dev/null +++ b/phases/templater.py @@ -0,0 +1,78 @@ +from jinja2 import Template +import pprint +import shutil + +from helper import * +from config import config +from project import project +from model import * +from observer import observer + +use_templates = True + + +# INPUT: +# plugins/ +# source/ +# +# Output: +# build/main.c +# build/*.h +def create_c_from_template(): + plugin_allocator = "" + plugin_decoder = "" + plugin_executor = "" + + with open("plugins/allocator/rwx_1.c", "r", encoding='utf-8') as file: + plugin_allocator = file.read() + + if project.decoder_style == DecoderStyle.PLAIN_1: + with open("plugins/decoder/plain_1.c", "r", encoding='utf-8') as file: + plugin_decoder = file.read() + elif project.decoder_style == DecoderStyle.XOR_1: + with open("plugins/decoder/xor_1.c", "r", encoding='utf-8') as file: + plugin_decoder = file.read() + + with open("plugins/executor/direct_1.c", "r", encoding='utf-8') as file: + plugin_executor = file.read() + + + if project.source_style == SourceStyle.peb_walk: + if use_templates: + with open("source/peb_walk/template.c", 'r', encoding='utf-8') as file: + template_content = file.read() + observer.add_text("main_c_template", template_content) + + template = Template(template_content) + rendered_template = template.render({ + 'plugin_allocator': plugin_allocator, + 'plugin_decoder': plugin_decoder, + 'plugin_executor': plugin_executor, + }) + with open("build/main.c", "w", encoding='utf-8') as file: + file.write(rendered_template) + observer.add_text("main_c_rendered", rendered_template) + shutil.copy("source/peb_walk/peb_lookup.h", "build/peb_lookup.h") + + else: + observer.add_text("main_c", file_readall_text("source/peb_walk/main.c")) + shutil.copy("source/peb_walk/main.c", "build/main.c") + shutil.copy("source/peb_walk/peb_lookup.h", "build/peb_lookup.h") + + elif project.source_style == SourceStyle.iat_reuse: + if use_templates: + with open("source/iat_reuse/template.c", 'r', encoding='utf-8') as file: + template_content = file.read() + observer.add_text("main_c_template", template_content) + template = Template(template_content) + rendered_template = template.render({ + 'plugin_allocator': plugin_allocator, + 'plugin_decoder': plugin_decoder, + 'plugin_executor': plugin_executor, + }) + with open("build/main.c", "w", encoding='utf-8') as file: + file.write(rendered_template) + observer.add_text("main_c_rendered", rendered_template) + else: + observer.add_text("main_c", file_readall_text("source/iat_reuse/main.c")) + shutil.copy("source/iat_reuse/main.c", "build/main.c") \ No newline at end of file diff --git a/supermega.py b/supermega.py index 4d41abe..2ed18f6 100644 --- a/supermega.py +++ b/supermega.py @@ -8,9 +8,12 @@ import pickle from model import * from config import config from pehelper import * -from phases.ctoasm import * -from phases.asmtoshc import * -from phases.shctoexe import * + +import phases.templater +import phases.compiler +import phases.assembler +import phases.injector + from observer import observer from project import project @@ -109,7 +112,7 @@ def start(): print("--[ SourceStyle: {}".format(project.source_style.name)) # Copy: loader C files into working directory: build/ - create_c_from_template() + phases.templater.create_c_from_template() # Convert: C -> ASM if project.generate_asm_from_c: @@ -118,14 +121,14 @@ def start(): data_payload = input2.read() payload_length = len(data_payload) #observer.add_text("payload_asm_orig", str(data_payload)) - asm = make_c_to_asm(main_c_file, main_asm_file, payload_length, project.exe_capabilities) + asm = phases.compiler.make_c_to_asm(main_c_file, main_asm_file, payload_length, project.exe_capabilities) observer.add_text("payload_asm_orig", asm["initial"]) observer.add_text("payload_asm_cleanup", asm["cleanup"]) observer.add_text("payload_asm_fixup", asm["fixup"]) # Convert: ASM -> Shellcode if project.generate_shc_from_asm: - code = make_shc_from_asm(main_asm_file, main_exe_file, main_shc_file) + code = phases.assembler.make_shc_from_asm(main_asm_file, main_exe_file, main_shc_file) observer.add_code("generate_shc_from_asm", code) # Try: Starting the shellcode (rarely useful) @@ -135,7 +138,7 @@ def start(): # Merge shellcode/loader with payload if project.dataref_style == DataRefStyle.APPEND: - merge_loader_payload(main_shc_file) + phases.assembler.merge_loader_payload(main_shc_file) if project.verify and project.source_style == SourceStyle.peb_walk: print("--[ Verify final shellcode ]") @@ -169,10 +172,10 @@ def start(): if project.inject: #debug_data["original_exe"] = file_readall_binary(options["inject_exe_in"]) - inject_exe(main_shc_file) + phases.injector.inject_exe(main_shc_file) if project.verify: print("--[ Verify final exe ]") - if verify_injected_exe(project.inject_exe_out): + if phases.injector.verify_injected_exe(project.inject_exe_out): #debug_data["infected_exe"] = file_readall_binary(options["inject_exe_out"]) pass