From 9b71cdd48107ce7c9686cf3e4ae81a2635f565bd Mon Sep 17 00:00:00 2001 From: Dobin Date: Sun, 18 Feb 2024 19:52:50 +0000 Subject: [PATCH] refactor: use PAYLOAD_LEN in template instead of 0x11223344 in asm --- phases/compiler.py | 7 ------- phases/templater.py | 9 +++++++-- plugins/decoder/plain_1.c | 2 +- plugins/decoder/xor_1.c | 2 +- source/peb_walk/template.c | 4 ++-- 5 files changed, 11 insertions(+), 13 deletions(-) diff --git a/phases/compiler.py b/phases/compiler.py index f371bf5..f1001ac 100644 --- a/phases/compiler.py +++ b/phases/compiler.py @@ -98,13 +98,6 @@ def fixup_asm_file(filename: FilePath, payload_len: int, short_call_patching: bo "[shcstart]" ) - # replace payload length - for idx, line in enumerate(lines): - if "11223344" in lines[idx]: - logger.info(" > Replace payload length at line: {}".format(idx)) - lines[idx] = lines[idx].replace("11223344", str(payload_len)) - break - # add label at end of code for idx, line in enumerate(lines): if lines[idx].startswith("END"): diff --git a/phases/templater.py b/phases/templater.py index ec0fe54..f766b90 100644 --- a/phases/templater.py +++ b/phases/templater.py @@ -33,12 +33,15 @@ def create_c_from_template( with open(filepath, "r", encoding='utf-8') as file: plugin_allocator = file.read() plugin_allocator = Template(plugin_allocator).render({ - 'PAYLOAD_LEN': payload_len, + 'PAYLOAD_LEN': payload_len, }) filepath = "plugins/decoder/{}.c".format(decoder_style.value) with open(filepath, "r", encoding='utf-8') as file: - plugin_decoder = file.read() + plugin_decoder = file.read() + plugin_decoder = Template(plugin_decoder).render({ + 'PAYLOAD_LEN': payload_len, + }) filepath = "plugins/executor/{}.c".format(exec_style.value) with open("plugins/executor/direct_1.c", "r", encoding='utf-8') as file: @@ -55,6 +58,7 @@ def create_c_from_template( 'plugin_allocator': plugin_allocator, 'plugin_decoder': plugin_decoder, 'plugin_executor': plugin_executor, + 'PAYLOAD_LEN': payload_len, }) with open(main_c_file, "w", encoding='utf-8') as file: file.write(rendered_template) @@ -78,6 +82,7 @@ def create_c_from_template( 'plugin_allocator': plugin_allocator, 'plugin_decoder': plugin_decoder, 'plugin_executor': plugin_executor, + 'PAYLOAD_LEN': payload_len, }) with open(main_c_file, "w", encoding='utf-8') as file: file.write(rendered_template) diff --git a/plugins/decoder/plain_1.c b/plugins/decoder/plain_1.c index d78c95d..35a7a1d 100644 --- a/plugins/decoder/plain_1.c +++ b/plugins/decoder/plain_1.c @@ -1,3 +1,3 @@ - for (int n=0; n<11223344; n++) { + for (int n=0; n<{{PAYLOAD_LEN}}; n++) { dest[n] = supermega_payload[n]; } \ No newline at end of file diff --git a/plugins/decoder/xor_1.c b/plugins/decoder/xor_1.c index 560ca6d..7d9d207 100644 --- a/plugins/decoder/xor_1.c +++ b/plugins/decoder/xor_1.c @@ -1,4 +1,4 @@ - for (int n=0; n<11223344; n++){ + for (int n=0; n<{{PAYLOAD_LEN}}; n++){ dest[n] = supermega_payload[n]; dest[n] = dest[n] ^ 0x42; } \ No newline at end of file diff --git a/source/peb_walk/template.c b/source/peb_walk/template.c index 79b7eed..2a2021c 100644 --- a/source/peb_walk/template.c +++ b/source/peb_walk/template.c @@ -84,10 +84,10 @@ int main() _In_ DWORD flAllocationType, _In_ DWORD flProtect)) _GetProcAddress((HMODULE)base, VirtualAlloc_str); if (_VirtualAlloc == NULL) return 4; - char *dest = _VirtualAlloc(NULL, 4096, 0x3000, 0x40); + char *dest = _VirtualAlloc(NULL, {{PAYLOAD_LEN}}, 0x3000, 0x40); // 11223344 is a magic number which will be replaced in the asm source // with the payload length. - for(int n=0; n<11223344; n++) { + for(int n=0; n<{{PAYLOAD_LEN}}; n++) { dest[n] = supermega_payload[n]; }