admin/SuperMega
1
0
Fork 0
mirror of https://github.com/dobin/SuperMega synced 2026-06-03 01:27:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor: improve comments

Browse Source
This commit is contained in:
Dobin Rutishauser
2024-06-22 18:09:02 +02:00
parent c9bd61f001
commit ac0072260b
6 changed files with 19 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files
data/source/carrier/alloc_rw_rwx/template.c
+4 -3
View File
@@ -8,13 +8,14 @@ char *supermega_payload;
#define p_RX 0x20 #define p_RX 0x20
#define p_RWX 0x40 #define p_RWX 0x40
/* iat_reuse
Standard IAT reuse shellcode /* VirtualAlloc -> rw -> rwx
* create new memory region for the payload * create new memory region for the payload
* will set it to RWX (safe to run shellcodes, opsec-unsafe) * will set it to RWX (opsec-unsafe, allows in-memory decryption with sgn)
*/ */
{{plugin_antiemulation}} {{plugin_antiemulation}}
{{plugin_decoy}} {{plugin_decoy}}
data/source/carrier/alloc_rw_rx/template.c
+1 -2
View File
@@ -16,9 +16,8 @@ char *supermega_payload;
{{plugin_executionguardrail}} {{plugin_executionguardrail}}
/* iat_reuse_rx /* VirtualAlloc -> rw -> rx
Standard IAT reuse shellcode
* create new memory region for the payload * create new memory region for the payload
* will set it to RX (may break some shellcodes, opsec-safe) * will set it to RX (may break some shellcodes, opsec-safe)
*/ */
data/source/carrier/change_rw_rx/template.c
+5 -17
View File
@@ -8,11 +8,12 @@ char *supermega_payload;
#define p_RX 0x20 #define p_RX 0x20
#define p_RWX 0x40 #define p_RWX 0x40
/* iat_reuse_rwx_rx /* change payload memory regions permissions
will reuse IMAGE locations
IAT reuse shellcode depending on payload injection:
* reuse payload location (both in .rdata and .text) * .text -> rw -> rx
* does (rw/rx) -> rwx -> rx * .rdata -> rw -> rx
*/ */
{{plugin_antiemulation}} {{plugin_antiemulation}}
@@ -38,13 +39,6 @@ int main()
// Call: Decoy plugin // Call: Decoy plugin
decoy(); decoy();
// Note: RWX if carrier and payload are on the same page (or we cant exec copy..)
// can do only RW otherwise?
/*for(int n=0; n<({{PAYLOAD_LEN}}/4096)+1; n++) {
if (VirtualProtect(dest + (n * 4096), 16, p_RWX, &result) == 0) {
return 16;
}
}*/
if (VirtualProtect(dest, {{PAYLOAD_LEN}}, p_RW, &result) == 0) { if (VirtualProtect(dest, {{PAYLOAD_LEN}}, p_RW, &result) == 0) {
return 16; return 16;
} }
@@ -55,12 +49,6 @@ int main()
return 16; return 16;
} }
/*for(int n=0; n<{{PAYLOAD_LEN}}/4096; n++) {
if (VirtualProtect(dest + (n * 4096), 16, p_RX, &result) == 0) {
return 16;
}
}*/
// Execute *dest // Execute *dest
(*(void(*)())(dest))(); (*(void(*)())(dest))();
data/source/carrier/dll_loader_alloc/template.c
+2 -1
View File
@@ -10,7 +10,8 @@ char *supermega_payload;
/* DLL loader /* DLL loader
This code will load a DLL (not a shellcode!) into memory, This code will load a DLL (not a shellcode!)
into new memory region,
resolve its imports, apply relocations, and execute it. resolve its imports, apply relocations, and execute it.
Loader is based on: Loader is based on:
data/source/carrier/dll_loader_change/template.c
+2 -1
View File
@@ -10,7 +10,8 @@ char *supermega_payload;
/* DLL loader /* DLL loader
This code will load a DLL (not a shellcode!) into memory, This code will load a DLL (not a shellcode!) into
existing memory region,
resolve its imports, apply relocations, and execute it. resolve its imports, apply relocations, and execute it.
Loader is based on: Loader is based on:
data/source/carrier/peb_walk/template.c
+3 -1
View File
@@ -5,7 +5,9 @@
char *supermega_payload; char *supermega_payload;
/* peb_walk /* peb_walk
Standard shellcode which will resolve IAT by itself with a peb_walk Standard shellcode which will resolve IAT by itself with a peb walk
no IAT reuse is performed
no data reuse is performed
*/ */
int main() int main()