admin/SuperMega
1
0
Fork 0
mirror of https://github.com/dobin/SuperMega synced 2026-06-03 01:27:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor: make .rdata offset grabber better

Browse Source
This commit is contained in:
Dobin
2024-03-03 17:14:40 +00:00
parent 286ad055d3
commit 903add2c4f
2 changed files with 18 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pe/superpe.py
+6 -17
View File
@@ -16,6 +16,7 @@ class PeSection():
self.raw_size: int = pefile_section.SizeOfRawData self.raw_size: int = pefile_section.SizeOfRawData
self.virt_addr: int = pefile_section.VirtualAddress self.virt_addr: int = pefile_section.VirtualAddress
self.virt_size: int = pefile_section.Misc_VirtualSize self.virt_size: int = pefile_section.Misc_VirtualSize
self.pefile_section: pefile.SectionStructure = pefile_section
class SuperPe(): class SuperPe():
@@ -43,13 +44,6 @@ class SuperPe():
self.arch = self.getFileArch() self.arch = self.getFileArch()
if self.arch == 'x64': if self.arch == 'x64':
self.ptrSize = 8 self.ptrSize = 8
##################
def get_section_by_name(self, name: str) -> PeSection:
for section in self.pe_sections:
if section.name == name:
return section
return None
def get_physical_address(self, virtual_address): def get_physical_address(self, virtual_address):
@@ -90,17 +84,12 @@ class SuperPe():
return bytes(sect.get_data()) return bytes(sect.get_data())
def get_section_data(self, sect_name) -> bytes: def get_section_by_name(self, name: str) -> PeSection:
sect = self.get_section_by_name_b(sect_name) for section in self.pe_sections:
return bytes(sect.get_data()) if section.name == name:
return section
def get_section_by_name_b(self, name):
for sect in self.pe.sections:
if sect.Name.decode().lower().startswith(name.lower()):
return sect
return None return None
def write_code_section_data(self, data: bytes): def write_code_section_data(self, data: bytes):
sect = self.get_code_section() sect = self.get_code_section()
phases/injector.py
+12 -16
View File
@@ -105,28 +105,24 @@ def injected_fix_data(superpe: SuperPe, carrier: Carrier, exe_host: ExeHost):
if len(reusedata_fixups) == 0: if len(reusedata_fixups) == 0:
# nothing todo # nothing todo
return return
# Offset of strings in .rodata # Put stuff into .rdata section in the PE
sect = exe_host.superpe.get_section_by_name_b(".rdata") peSection = exe_host.superpe.get_section_by_name(".rdata")
sect_data = sect.get_data() if peSection == None:
string_off = find_first_utf16_string_offset(sect_data) raise Exception("No .rdata section found, abort")
sect_data_copy = peSection.pefile_section.get_data()
string_off = find_first_utf16_string_offset(sect_data_copy)
if string_off == None: if string_off == None:
raise Exception("Strings not found in .rdata section, abort") raise Exception("Strings not found in .rdata section, abort")
if string_off < 100: if string_off < 100:
logging.warn("weird: Strings in .rdata section at offset {} < 100".format(string_off)) logging.warn("weird: Strings in .rdata section at offset {} < 100".format(string_off))
fixup_offset_rdata = peSection.raw_addr + string_off
sect = exe_host.superpe.get_section_by_name(".rdata") # Do all .rdata patches
addr = sect.raw_addr + string_off
for datareuse_fixup in reusedata_fixups: for datareuse_fixup in reusedata_fixups:
var_data = datareuse_fixup.data var_data = datareuse_fixup.data
#print(" Addr: {} / 0x{:X} Data: {}".format( superpe.pe.set_bytes_at_offset(fixup_offset_rdata, var_data)
# addr, addr, len(var_data))) datareuse_fixup.addr = fixup_offset_rdata + peSection.virt_addr + exe_host.image_base - peSection.raw_addr
superpe.pe.set_bytes_at_offset(addr, var_data) fixup_offset_rdata += len(var_data) + 8
#f.seek(addr)
#f.write(var_data)
datareuse_fixup.addr = addr + sect.virt_addr + exe_host.image_base - sect.raw_addr
addr += len(var_data) + 8
# patch code section # patch code section
# replace the placeholder with a LEA instruction to the data we written above # replace the placeholder with a LEA instruction to the data we written above