refactor: rename dobin var to supermega_payload

2026-06-03 01:27:11 +00:00 · 2024-02-09 20:36:37 +00:00
parent 786b21ca4a
commit a4cf4ab3d3
3 changed files with 12 additions and 24 deletions
@@ -68,17 +68,14 @@ def fixup_asm_file(filename, payload_len, capabilities: ExeCapabilities):
    with open(filename, 'r', encoding='utf-8') as asmfile:
        lines = asmfile.readlines()

-    #pprint.pprint(exe_capabilities)
-
-    # FUCK
-    for idx, line in enumerate(lines):
-        if "jmp\tSHORT" in lines[idx]:
-            lines[idx] = lines[idx].replace("SHORT", "")
+    # When it breaks, enable this
+    #for idx, line in enumerate(lines):
+    #    if "jmp\tSHORT" in lines[idx]:
+    #        lines[idx] = lines[idx].replace("SHORT", "")

    # do IAT reuse
    for idx, line in enumerate(lines):
-        # Remove definition: 
-        #   EXTRN	__imp_MessageBoxW:PROC
+        # Remove EXTRN, we dont need it
        if "EXTRN	__imp_" in lines[idx]:
            lines[idx] = "; " + lines[idx]
            continue
@@ -90,27 +87,18 @@ def fixup_asm_file(filename, payload_len, capabilities: ExeCapabilities):

            exeCapability = capabilities.get(func_name)
            if exeCapability == None:
-            #if func_name not in exe_capabilities or exe_capabilities[func_name] == None:
                print("Error Capabilities not: {}".format(func_name))
            else:
                randbytes: bytes = os.urandom(6)
                lines[idx] = bytes_to_asm_db(randbytes) + "\r\n"
                exeCapability.id = randbytes
-                #func_addr = exe_capabilities[func_name]
-                #lines[idx] = "\tcall  main\r\n"
-                #lines[idx] = "\tcall  rax\r\n"
-                #lines.insert(idx, "\tmov rax, [rax]\r\n")
-                #lines.insert(idx, "\tmov rax, {:X}H\r\n".format(func_addr))
-
-            #print("    > Replace__imp_MessageBoxW at line: {}".format(idx))
-            #lines[idx] = lines[idx].replace("__imp_MessageBoxW", "ds:[0x123]")
        
    # replace external reference with shellcode reference
    for idx, line in enumerate(lines): 
-        if "dobin" in lines[idx]:
+        if "supermega_payload" in lines[idx]:
            print("    > Replace external reference at line: {}".format(idx))
            lines[idx] = lines[idx].replace(
-                "mov	r8, QWORD PTR dobin",
+                "mov	r8, QWORD PTR supermega_payload",
                "lea	r8, [shcstart]"
            )

@@ -1,6 +1,6 @@
 #include <Windows.h>

-char *dobin;
+char *supermega_payload;

 int main()
 {
@@ -22,7 +22,7 @@ int main()
 	// 11223344 is a magic number which will be replaced in the asm source
 	// with the payload length.
 	for(int n=0; n<11223344; n++) {
-		dest[n] = dobin[n];
+		dest[n] = supermega_payload[n];
 	}

 	// Exec shellcode
@@ -2,8 +2,8 @@
 #include "peb_lookup.h"


-//extern char *dobin;
-char *dobin;
+//extern char *supermega_payload;
+char *supermega_payload;

 int main()
 {
@@ -88,7 +88,7 @@ int main()
 	// 11223344 is a magic number which will be replaced in the asm source
 	// with the payload length.
 	for(int n=0; n<11223344; n++) {
-		dest[n] = dobin[n];
+		dest[n] = supermega_payload[n];
 	}

 	// Exec shellcode