admin/SuperMega
1
0
Fork 0
mirror of https://github.com/dobin/SuperMega synced 2026-06-02 17:27:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor: improve comments

Browse Source
This commit is contained in:
Dobin Rutishauser
2024-06-22 18:09:02 +02:00
parent c9bd61f001
commit ac0072260b
6 changed files with 19 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files
data/source/carrier/alloc_rw_rwx/template.c
+4 -3
View File
@@ -8,13 +8,14 @@ char *supermega_payload;
#define p_RX 0x20
#define p_RWX 0x40
/* iat_reuse
Standard IAT reuse shellcode
/* VirtualAlloc -> rw -> rwx
* create new memory region for the payload
* will set it to RWX (safe to run shellcodes, opsec-unsafe)
* will set it to RWX (opsec-unsafe, allows in-memory decryption with sgn)
*/
{{plugin_antiemulation}}
{{plugin_decoy}}
data/source/carrier/alloc_rw_rx/template.c
+1 -2
View File
@@ -16,9 +16,8 @@ char *supermega_payload;
{{plugin_executionguardrail}}
/* iat_reuse_rx
/* VirtualAlloc -> rw -> rx
Standard IAT reuse shellcode
* create new memory region for the payload
* will set it to RX (may break some shellcodes, opsec-safe)
*/
data/source/carrier/change_rw_rx/template.c
+5 -17
View File
@@ -8,11 +8,12 @@ char *supermega_payload;
#define p_RX 0x20
#define p_RWX 0x40
/* iat_reuse_rwx_rx
/* change payload memory regions permissions
will reuse IMAGE locations
IAT reuse shellcode
* reuse payload location (both in .rdata and .text)
* does (rw/rx) -> rwx -> rx
depending on payload injection:
* .text -> rw -> rx
* .rdata -> rw -> rx
*/
{{plugin_antiemulation}}
@@ -38,13 +39,6 @@ int main()
// Call: Decoy plugin
decoy();
// Note: RWX if carrier and payload are on the same page (or we cant exec copy..)
// can do only RW otherwise?
/*for(int n=0; n<({{PAYLOAD_LEN}}/4096)+1; n++) {
if (VirtualProtect(dest + (n * 4096), 16, p_RWX, &result) == 0) {
return 16;
}
}*/
if (VirtualProtect(dest, {{PAYLOAD_LEN}}, p_RW, &result) == 0) {
return 16;
}
@@ -55,12 +49,6 @@ int main()
return 16;
}
/*for(int n=0; n<{{PAYLOAD_LEN}}/4096; n++) {
if (VirtualProtect(dest + (n * 4096), 16, p_RX, &result) == 0) {
return 16;
}
}*/
// Execute *dest
(*(void(*)())(dest))();
data/source/carrier/dll_loader_alloc/template.c
+3 -2
View File
@@ -10,8 +10,9 @@ char *supermega_payload;
/* DLL loader
This code will load a DLL (not a shellcode!) into memory,
resolve its imports, apply relocations, and execute it.
This code will load a DLL (not a shellcode!)
into new memory region,
resolve its imports, apply relocations, and execute it.
Loader is based on:
https://www.ired.team/offensive-security/code-injection-process-injection/reflective-dll-injection
data/source/carrier/dll_loader_change/template.c
+3 -2
View File
@@ -10,8 +10,9 @@ char *supermega_payload;
/* DLL loader
This code will load a DLL (not a shellcode!) into memory,
resolve its imports, apply relocations, and execute it.
This code will load a DLL (not a shellcode!) into
existing memory region,
resolve its imports, apply relocations, and execute it.
Loader is based on:
https://www.ired.team/offensive-security/code-injection-process-injection/reflective-dll-injection
data/source/carrier/peb_walk/template.c
+3 -1
View File
@@ -5,7 +5,9 @@
char *supermega_payload;
/* peb_walk
Standard shellcode which will resolve IAT by itself with a peb_walk
Standard shellcode which will resolve IAT by itself with a peb walk
no IAT reuse is performed
no data reuse is performed
*/
int main()