refactor: remove derbackdoorer/ dir into peparser/ to pe/

config.py

@@ -8,7 +8,7 @@ class Config(object):
     def __init__(self):
         self.data = {}
         self.ShowCommandOutput: bool = False
-        self.debug: bool = True
+        self.debug: bool = False
 
         self.xor_key: int = 0x31
         self.data_fixups = None

model/exehost.py

@@ -4,9 +4,8 @@ import pefile
 from intervaltree import Interval, IntervalTree
 
 from model.defs import *
-import peparser.pehelper as pehelper
-from peparser.superpe import SuperPe
-from peparser.misc import get_physical_address
+import pe.pehelper as pehelper
+from pe.superpe import SuperPe
 from model.carrier import Carrier
 
 logger = logging.getLogger("ExeHost")
@@ -64,7 +63,7 @@ class ExeHost():
             raise Exception("Binary is not 64bit: {}".format(self.filepath))
 
         self.ep = pe.OPTIONAL_HEADER.AddressOfEntryPoint
-        self.ep_raw = get_physical_address(pe, self.ep)
+        self.ep_raw = self.superpe.get_physical_address(self.ep)
 
         # image base
         self.image_base = pe.OPTIONAL_HEADER.ImageBase

observer.py

@@ -3,7 +3,7 @@ import pprint
 from capstone import Cs, CS_ARCH_X86, CS_MODE_64
 
 from model import *
-from peparser.r2helper import r2_disas
+from pe.r2helper import r2_disas
 from helper import delete_all_files_in_directory
 from model.defs import *
 

pe/derbackdoorer.py

@@ -12,7 +12,7 @@ from enum import IntEnum
 import logging
 
 from helper import hexdump
-from derbackdoorer.mype import MyPe
+from pe.mype import MyPe
 from model.defs import *
 
 logger = logging.getLogger("DerBackdoorer")

pe/superpe.py

@@ -32,5 +32,18 @@ class SuperPe():
         return None
     
 
+    def get_physical_address(self, virtual_address):
+        # Iterate through the section headers to find which section contains the VA
+        for section in self.pe.sections:
+            # Check if the VA is within the range of this section
+            if section.VirtualAddress <= virtual_address < section.VirtualAddress + section.Misc_VirtualSize:
+                # Calculate the difference between the VA and the section's virtual address
+                virtual_offset = virtual_address - section.VirtualAddress
+                # Add the difference to the section's pointer to raw data
+                return virtual_offset
+                #physical_address = section.PointerToRawData + virtual_offset
+                #return physical_address
+        return None
+
 
 

peparser/misc.py

@@ -1,14 +0,0 @@
-
-
-def get_physical_address(pe, virtual_address):
-    # Iterate through the section headers to find which section contains the VA
-    for section in pe.sections:
-        # Check if the VA is within the range of this section
-        if section.VirtualAddress <= virtual_address < section.VirtualAddress + section.Misc_VirtualSize:
-            # Calculate the difference between the VA and the section's virtual address
-            virtual_offset = virtual_address - section.VirtualAddress
-            # Add the difference to the section's pointer to raw data
-            return virtual_offset
-            #physical_address = section.PointerToRawData + virtual_offset
-            #return physical_address
-    return None

phases/assembler.py

@@ -3,7 +3,7 @@ import logging
 from model import *
 from config import config
 from observer import observer
-from peparser.pehelper import *
+from pe.pehelper import *
 from helper import *
 
 logger = logging.getLogger("Assembler")

phases/injector.py

@@ -4,11 +4,11 @@ import time
 import logging
 
 from model.carrier import Carrier, DataReuseEntry
-from peparser.pehelper import *
+from pe.pehelper import *
 from model.exehost import *
 from observer import observer
-from derbackdoorer.derbackdoorer import PeBackdoor
-from derbackdoorer.mype import MyPe
+from pe.derbackdoorer import PeBackdoor
+from pe.mype import MyPe
 from model.project import Project
 from model.settings import Settings
 
@@ -76,8 +76,7 @@ def inject_exe(
 
 def injected_fix_iat(mype: MyPe, carrier: Carrier, exe_host: ExeHost):
     """replace IAT-placeholders in shellcode with call's to the IAT"""
-    code = mype.get_code_section_data()  # BUG WITHOUT PLACEHOLDR
-    observer.add_code("exe_extracted_iat", code)
+    code = mype.get_code_section_data()
 
     for iatRequest in carrier.get_all_iat_requests():
         if not iatRequest.placeholder in code:
@@ -104,6 +103,10 @@ def injected_fix_data(mype: MyPe, carrier: Carrier, exe_host: ExeHost):
     # Insert my data into the .rdata section.
     # Chose and save each datareuse_fixup's addres.
     reusedata_fixups: List[DataReuseEntry] = carrier.get_all_reusedata_fixups()
+    if len(reusedata_fixups) == 0:
+        # nothing todo
+        return
+
     sect = exe_host.superpe.get_section_by_name(".rdata")
     addr = sect.raw_addr + 0x1AB0 # NEEDED, > 1A00!
 
@@ -130,7 +133,7 @@ def injected_fix_data(mype: MyPe, carrier: Carrier, exe_host: ExeHost):
         instruction_virtual_address = offset_from_datasection + exe_host.image_base + exe_host.code_virtaddr
         destination_virtual_address = datareuse_fixup.addr
         logger.info("    Replace {} at VA 0x{:x} with .rdata LEA at VA 0x{:x}".format(
-            datareuse_fixup.randbytes, instruction_virtual_address, destination_virtual_address
+            datareuse_fixup.randbytes.hex(), instruction_virtual_address, destination_virtual_address
         ))
         lea = assemble_lea(
             instruction_virtual_address, destination_virtual_address, datareuse_fixup.register

supermega.py

@@ -12,7 +12,7 @@ import phases.compiler
 import phases.assembler
 import phases.injector
 from observer import observer
-from peparser.pehelper import extract_code_from_exe_file_ep
+from pe.pehelper import extract_code_from_exe_file_ep
 
 from model.project import Project
 from model.settings import Settings

tests/test_derbackdoorer.py

@@ -5,11 +5,11 @@ import logging
 
 from model.exehost import ExeHost
 from model.defs import *
-from peparser.pehelper import extract_code_from_exe_file
+from pe.pehelper import extract_code_from_exe_file
 from helper import hexdump
 from observer import observer
 
-from derbackdoorer.derbackdoorer import PeBackdoor
+from pe.derbackdoorer import PeBackdoor
 
 
 # What to make sure of: