admin/SuperMega
1
0
Fork 0
mirror of https://github.com/dobin/SuperMega synced 2026-06-02 17:27:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

feature: verify infeceted exe

Browse Source
This commit is contained in:
Dobin
2024-02-03 18:40:43 +00:00
parent 6f12a555ac
commit cf527aca97
2 changed files with 25 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
helper.py
+20 -5
View File
@@ -98,11 +98,11 @@ def make_shc_from_asm(asm_clean_file, exe_file, shc_file):
else:
print(" > Generated {}".format(exe_file))
print("--[ Get code section from exe ]")
print("---[ Get code section from exe ]")
code = get_code_section(exe_file)
with open(shc_file, 'wb') as f:
f.write(code)
print("--[ Shellcode written to: {} (size: {}) ]".format(exe_file, len(code)))
print("---[ Shellcode from {} written to: {} (size: {}) ]".format(exe_file, shc_file, len(code)))
def get_code_section(pe_file):
@@ -183,16 +183,16 @@ def verify_shellcode(shc_name):
], stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL) # , check=True
time.sleep(SHC_VERIFY_SLEEP)
if os.path.isfile(verify_filename):
print("---> OK. Shellcode payload verified (file was created)")
print("---> Verify OK. Shellcode payload verified (file was created)")
# better to remove it immediately. If cleanup on start is not performed,
# there may be false positives
os.remove(verify_filename)
else:
print("---> FAIL. Payload did not create file.")
print("---> Verify FAIL. Payload did not create file.")
def inject_exe(shc_file, exe_in, exe_out):
print("--[ Injecting: shc {} into: {} -> {} ]".format(
print("--[ Injecting: {} into: {} -> {} ]".format(
shc_file, exe_in, exe_out
))
shutil.copyfile(exe_in, exe_out)
@@ -206,3 +206,18 @@ def inject_exe(shc_file, exe_in, exe_out):
exe_out
], check=True, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
def verify_injected_exe(exefile):
print("---[ Verify infected exe: {} ]".format(exefile))
subprocess.run([
exefile,
], stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL) # , check=True
time.sleep(SHC_VERIFY_SLEEP)
if os.path.isfile(verify_filename):
print("---> Verify OK. Infected exe verified (file was created)")
# better to remove it immediately. If cleanup on start is not performed,
# there may be false positives
os.remove(verify_filename)
else:
print("---> Verify FAIL. Infected exe did not create file.")