admin/SuperMega
1
0
Fork 0
mirror of https://github.com/dobin/SuperMega synced 2026-06-03 01:27:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

feature: datareuse now supports multiple references -> fix change_ carriers

Browse Source
This commit is contained in:
Dobin Rutishauser
2024-06-22 12:59:21 +02:00
parent ae3567847c
commit de77f50f06
7 changed files with 156 additions and 191 deletions
Download Patch File Download Diff File Expand all files Collapse all files
phases/asmtextparser.py
+18 -48
View File
@@ -55,53 +55,25 @@ def parse_asm_text_file(carrier: Carrier, asm_text: str, settings: Settings) ->
continue
# PATCH external shellcode reference
if settings.payload_location == PayloadLocation.CODE:
## mov rdi, QWORD PTR supermega_payload
## to
## lea rdi, [shcstart] ; get payload shellcode address
if "supermega_payload" in line:
updated_line = line
updated_line = updated_line.replace(
"mov ",
"lea "
)
updated_line = updated_line.replace(
"QWORD PTR supermega_payload",
"[shcstart] ; get payload shellcode address"
)
lines_out.append(updated_line)
continue
elif settings.payload_location == PayloadLocation.DATA:
## mov rdi, QWORD PTR supermega_payload
## to
## lea rdi, XXX
if "supermega_payload" in line:
randbytes: bytes = os.urandom(7) # LEA is 7 bytes
string_ref = "supermega_payload"
## mov rdi, QWORD PTR supermega_payload
## to
## lea rdi, XXX
if "supermega_payload" in line:
string_ref = "supermega_payload"
datareuse_fixup = carrier.get_reusedata_fixup(string_ref)
if datareuse_fixup == None:
raise Exception("Data reuse entry not found: {}".format(string_ref))
register = line.split("mov\t")[1].split(",")[0]
# should already exist (added before)
datareuse_fixup = carrier.get_reusedata_fixup(string_ref)
if datareuse_fixup == None:
raise Exception("Data reuse entry not found: {}".format(string_ref))
datareuse_fixup.register = register
datareuse_fixup.randbytes = randbytes
# add a reference
randbytes: bytes = os.urandom(7) # LEA is 7 bytes
register = line.split("mov\t")[1].split(",")[0]
datareuse_fixup.add_reference(randbytes, register)
line = bytes_to_asm_db(randbytes) + " ; .rdata Payload".format()
lines_out.append(line)
continue
else:
raise Exception("Unknown payload location: {}".format(settings.payload_location))
# ADD label at end of code
# we cant reliably identify in which function, so we just add it at the end
## get_time_raw ENDP
## -> add here
## _TEXT ENDS
## END
if line_idx > len(lines) - 5 and tokens[1] == "ENDP":
# add lines
line = bytes_to_asm_db(randbytes) + " ; supermega_payload Payload".format()
lines_out.append(line)
lines_out.append("shcstart: ; start of payload shellcode")
continue
# COLLECT AND PATCH all functions that need to be resolved in loader shellcode
@@ -152,15 +124,13 @@ def parse_asm_text_file(carrier: Carrier, asm_text: str, settings: Settings) ->
## DB 07cH, 04cH, 028H, 0b0H, 006H, 07eH ; IAT Reuse for GetEnvironmentVariableW
if "OFFSET FLAT:$SG" in line:
string_ref = line.split("OFFSET FLAT:")[1]
register = line.split("lea\t")[1].split(",")[0]
randbytes: bytes = os.urandom(7)
datareuse_fixup = carrier.get_reusedata_fixup(string_ref)
if datareuse_fixup == None:
raise("Data reuse entry not found: {}".format(string_ref))
datareuse_fixup.register = register
datareuse_fixup.randbytes = randbytes
register = line.split("lea\t")[1].split(",")[0]
randbytes: bytes = os.urandom(7)
datareuse_fixup.add_reference(randbytes, register)
line = bytes_to_asm_db(randbytes) + " ; .rdata Reuse for {} ({})".format(
string_ref, register)