From ec0776d82bdb37e026b9ad88eaba6c240dab5a56 Mon Sep 17 00:00:00 2001 From: Dobin Rutishauser Date: Tue, 10 Jun 2025 09:19:58 +0200 Subject: [PATCH] refactor: fix tester.py (all tests ok) --- .gitignore | 6 +- data/binary/dlls/libbz2.dll | Bin 0 -> 70656 bytes phases/injector.py | 6 +- supermega.py | 14 +- tester.py | 305 +++++++++++++++++------------------- 5 files changed, 162 insertions(+), 169 deletions(-) create mode 100644 data/binary/dlls/libbz2.dll diff --git a/.gitignore b/.gitignore index 904a5f4..b6cc594 100644 --- a/.gitignore +++ b/.gitignore @@ -9,7 +9,11 @@ data/source/payload/ log-* *.verify.exe +*.verify.dll *.infected.exe projects/* *.test.exe -data/binary/exes/* \ No newline at end of file +data/binary/exes/* + +main.obj +mlink$.lnk diff --git a/data/binary/dlls/libbz2.dll b/data/binary/dlls/libbz2.dll new file mode 100644 index 0000000000000000000000000000000000000000..cd5e11ae56a93a8f81a60f414cba9d35215eb76f GIT binary patch literal 70656 zcmdqK4SW>U)jvL)-M|8Y37TkB)TnC>E@C9MP25;_l3ARU4Wgi;QjHB#s62|Wt57zO zFdN8tGr%L*`c@zMXj@x-TCIo#5O)*E3-T6H6@00nwr*Gz#0mj{`F+ow*}Q?(Sj_+P z`RDW5%*=f|=bn4+x#ymH?!6_qEfws7AUNuNfk&9I)kr z)waNv3nomRHY;m^REBOF1zdAd+!To|LpGUnW1~Lr`?+^Uq3$kzwVoS_sGG6 z2fD1Hi^qQPasSJIvoiS`a?6mFgYi9i=94d{;`!1`Ggmrz{F5v5@O*5^ZTx%k%%@(a z@X0eDeL0OkAA6bdO`G}H%L0G?=H-6;`LmVg^MCmFjnm4e60Bs+#`y$c^1}YYQ~ljP zO@{3kF3cX3GDHxzB1ADmU9EVg^Y;o=+k8(Egnm4z^C^@fmWYYJ6#ijmvhpId=eHT+ z-7g5wqP+M4L0CbVy*6P5HB7cmSl6EdtiN$Kj#B9df-o!@c9LfW;+J;~-;K8Ah<6R_ zd>-T0l2-wyn`{CR=>NHdv` zelA4-a26h)(0k{fR}i8jXP60j9Z^@oiFikMM3K%r^5;{gO`c^@FBkEkm5_FlbTeno zEJGBhofq*`hao3RclY%BkdQYoXv)hw?Syni$o>E8KZR{j)K6vy*bQDqo0zV!Tk{od zY8LzBQV>|tX0)^Wrz_g*{R%rA&}Q!pusJ!*Ke6(7`Xz!O*4RL>fHpNA&}Qt`M_>4? zEtq0N17%U^Rib2xy-xCMDNmKymc+o-lM&)+60dJEnpfX^(@i%WYE$%xtAf(8Z8AHc zXtFC;ihXvz!d{o{2ej#~99jI!K|kA}1zp*)wvwlf-;*f_>M?uxX4!3qu!gFG;_#r$ zTT3h3Pur3%kZCC~Jnoo_8$;f{oYa8u+Vfo|h$_?-f*!5KJ?oidygR z#KNB^?Ao=t>ik?oLB^>Hd(u^nJfR`A3CIFP-7vfDxu?yS`px_gjpq!ow|$y&5{oIoBTI5e6(XLZ6}tRoakbq(Z;YhhdNfeh8t}Xkz6L*T06QYB zBi{6@N6W%PYCl2B_{9H3Yaw!Mnf%NMzpEx{qz~v$w#W z@rB0?qwNdCPHWx>4p{x%pZ@eGBUZV`m@f#2_7I?!y}IK@cT=ce5ld4O!_>pJ(CNjx zBS$G~Qd$l(2b0){MF}TjpTpY{iS75Xoj&#@V3e@!ezwuijuC$ZJkj}iQ>K8p5nwF{ zMJz*=SlX}MTS8YO^D?8MNJ~>CqrOPXSmrmPexnXq=I!*MC4b5j8}-0IGMXtJ5@;E! zVl*ZG00taIg}>QZ;82#fRx-9CotCjyF}5WfRn4HJq2tX*KZ3;M8_8b&z z&<6yiY`V)Ov9H|6-CueR$*fTp0}Z~a=sb_a>J>fXIbuUp+r1^AXXsRkF7;spC8J4V zj?=UhNlQCT(QkAh>-;!6B`EK6$0T=y5EHK!4fmC=q?;QNL8TdXxS!DY~Gng+H&63qqXOs*??9Zt;x?^nK+FexkcLa zXRf3K6yaAlq!6c+RDC2asXb<(o7R}zmbW?HQcHaJr0WIZzRC^6meQTl9nw#wNq64y zQ;Uzi^9sI7Bq!S&I{Gw<%kmpYP(iPq7#d9ZqyYY+Tw;#WDMQyW%-qLdX?2xa@ zn0KC^Z3UZ)=T~r=uCgh*-)6{>Tt(e$3+F(rjag}3~V$`uF29QRR zhH{igB`sVf7>$0OqNl0Mp^DFK*KB?@ZVSC9F+*CN4eUApY*We_DV@6KeDIc;v`I_R zZ?P$5b!uY@k3&&bF)t;HX^=PtWa|70yUaf3?d7tDjf*!?qskC)dghC5yzSzjpFv?r z&W_1!BPgL%9h`TyNyiR)_{*XMu?k(7$&X-o^R-Lv*c`iLZv>L^J@{C zl|&4qiHVscJ{_Go4niSxb{BcliC@78HTd~SK%8r#XV#}Xe!>0v{lM=~dC+r6TpWdz zXAKzI-HniHkge=ZKieYPcgG(%Y#3^@;W;iYc>;+7W!uK;4ldeC>>DKpl_F!If9&c9Pg8Ed}gs#QYdpJ;Zks@`*6~iS8jkR}7TB1=#TZ4$Edf32iAT{V`yQ(!fI4_Ea_-p7z&;X2>K~Wht zicdjAX!nUhTTTpGb7IgRP7GRpVo>D?L1NV}NNekfh*&lLY!@jIc$3+7+1(m|o&xc%9!U{v+R(jx zdCiIzcFm9rGV4D?$I`D}he!Fj3Tw2+YY9B0dmVB?diY;fp%TV-e_4y7O>ik<^>0v& zqCM|=6hMf%W(Ty%uBibqTxkHG69XuJT&KPnC>!zXB0a+$C_5k{I#>4W7nitDhD_25 zW%yY`0R4Rhy}F^b{+(DjKcKrRsbDX2JSMT@&{$mxOQ70UO7?9iFJA$2O~^yDz8o1@ zvg4nBWf+mD7^y_C%vN$TjMWSO51#_mQa^i_t3~+o*}qKcH_R@%k4c*2e82lszx#a& z!t}Ca*=!J-Kmajm01(OkH^6)r+3}SfS2?uMYcd)vH^6`@O*`_F)k1f?QZg_pso}FW z1$wW#!NEyjR*)*EIsRzTn3LrYI>fiCZ&y6NI%3v(E)e_1T0_60`W9&pPjBnHjKevl z_3i&%>N}{9>iaZ?=t%TGu5Xf;)O;ZY!Q9|K zh16!V?`eNI3S9yGW*QcV=`h8&x*~#Mh2ho$bZ`ur6@bt=PA2ESvbd`Gs!b0J#B-Cl zDkiRKk*?bQfatrbNfK8@@oN^Zjn#{*>Z}p=B=hBQsf1Z--M{cK=gVG%pl&bV5ny|@ zh{^JhMUYAeTaR`Y5Sk4G3xc8u!WT_*NSb*`noXq|&KA#yjpF#v!Wp$Btm48lVrfc& z-ZWJ)wvxezY#@QMVJ|4U;|1!M3I$ThfwBxMFyg8}A`0g)SYb!vi4p{&yPo7$sSJqY z)br_)8!&pSS<6bKd@X0y70ZZyyUqL-u@G4&5T)nkebl+GxBgRg4DB)=_jPro>u(3>J-@h{24GwWDy@*4&#w1SC3BB5-?o8E>)eh~Z`JHfai; zS2&qv4P-TWS{tq{U%4F2E#tY8cOa*%J+smUzSY*P%)vv}o?J;|GYp<9S0ja@HrNv* z6pXe_=y!h15-~ty_A*lY>2;tMabU9c?m;3@khil}>P8#{8f23x9 z(zSxVD>sld=%Sf-DCU;HN!lw+Q`?Hcls9$JekzKa+A0tN5$42diJu*oF-Dr-{jt3% zkQaw``t)IHQeT+j)9!MV=>B$eX~kBedymGBIAeR9gEnER7(47V9E&K)Ktzvo0MMWo zO#6|<3U^XA`-$oMQTmi*dL;IfvE*TD3b~}L-dFX`>`O$lkFvTc*J`fONS>A(YbVI8 zWzcrO;CWEbzn7H7q}mHnBfp-OJ4VkK?LV}$OMifU#ED*(QqAo$Q)KOD$Ngl$`6rR} zEJ^pL7@4ndOB7j$d^ttz* zjAkuu5r`?1T~cjx_{3F34qoCEc~G4sz7pjblPM*=7#50V4Tzv%`@bu1m`Y`(bStY% zF$Ri})P#eIBE?GVON>_EkW~QU@TFuzlC* z!(K&Thkeh-9OpsmNbHOf_68ZQ6-oEn(0q`s5Kr{-D7$ir`^rUnkrj*<1HZAfCGNCE zo~;iQOZq(qw0N_A%;|H#uBF*a+;1uFdfBsO-gz<;Bweu)Pk?GlS&P4{iDmrSow3C8 z=7U(dA(+O7(OP6V;pjIu`qc)91VcZex%hT8f~0eE$>rbo`Jarlm@6e&=;;N zTe*(1`SK11*k|bRWLA#6g{-iFD*)-YZ-AvdpcgI@*Zd<>T<{{IB=(>~T=Qk7xaMG{ zvDNdXxR@j+mTpK4Il_hP?_9jN-!tls%s;I{OHFd+pf}v|2A4KIwiQTwL9A>AFXN!s z@rI1wN%9t=F&)M5u1kswgcnIJ^yE^m`8Q&s4mmAA2gyNAvg3~(Gz|Bb7+t)^M*C-2 z(4qQ?HBCq)u`d(-@sA>LE9F_UTV8ylp`<0g3qgD3%gor~C~#C}YwxJC#Lto;m# z#ABKujMYc*`A=Rm8vb&HwXzgNf0!(=;+p-LS|qIkn6L#7$ao5Xy%a%+walzXQO>;0 zq-d7XG;NY=DrX4T&_K~E7fF<7v?nrxN-3WJEM?dmOZ2pe#D+qE%}KGp0ahW~OIA_E zx(q^62%ULdSi{T{1cV;}gX}1e$>HIiCYAVl}*4MQr&9q6qSM>Vg?n&7ppt39gAC@;)N+ zq-reR5cZaSRXKcf88{*5`!Oj3R zKL<-5$dueIl}D(3=bg3`(|1~H*wos7HHFOIr{4y1VLiqJKUJJco8d2O_S>6E^kFqq zmio)E%!Ho1NoqZefhg@3^~i1l8#O?0^A@cyGdr%OT_UqMr=LvE-dF`Or|-x%(ld@LlpxwOW|XG zjf+Nn(jz`tfoJ6gQVF>JK#Lr=*T?_xlprK0D|jk;>SLb?LWf#GYCt--e*~ZlWRJi3 z7FYmt6?R0?NfBkc;+sfnlbr*GuK;TV&nwJnWG?$FwZewnJMZW=DWWdv43wdNqYaQ9 z3!(Ez=0!`Y-kCRy+rd|*rAwZsP=DygSOu$ti1vHx!*QQ|2ly4K=OGu0NFqq(rFUJT z(Vur!d}0`@D_}Z}kEA-gcS8k=d`wh;3RE@Ybdu5Aee82zUX+`6NXvmqVUNVxeN{We z#T!9E*l?WU0y1(zCAk=CPDOctqe*RQH=?A z%er#3bNmo**?|QLwbA*7cwgEANtcd6&`%K`fKZN25#N6UC7_gdTJT<;;w4Xecp+*B$R%vAIi&eLb>&4c2rp3d zS0{kw6!#G<)hq7pMDne>e>o?B{Qh4BF>5UuQWtnq;SE4@lf zyHXa8ctH_Jc3!OPiM&e1m!H>iSPL)rVh}^>WWr=@_ya!d2O?fr(YONl+sd!V7X`-c z7BpG>@(4y53}uUVBQT&(a(Tz<8UKfN63}^H3Xm@DFUwm^qeGxrm3z;?9 zqZ-nC>gTPZnHk{5jMpU&+FXdzf<%G5KpCJD1`@zeN`jXOzNF6v;Ti##QUVYv&P;|V zh;Ue#{52+H0H5WI?Z=zaPSJX>Jl%Qj?94&JCm`BSZO%Wl4$!K)b@D`P#3Pu`9?*- zmY5`$c-|A2V2~E_b`&gsm8uZ_0V=2HI=$0k$&{r^nGHh63{eX!d1(1w$@3;u*=SMq zgi8#cczr!tZE1P)*u0g#NHm!5XRll1k<}oWDm><{Yk{<&PGt33Fe&u2_k37G&5O4E zmCy5Z5=SJSi=V&~x=a(~7Fm<+oN3eHs=4h}sMM3{r*WH_)%K@D=Kh>H2C^i7Xv;ByS;lWzQS) zwnK=p}-G zj@qCI-RM-*eYQ{{FY31n#R@Px765`jEMZ%((=*lw*v5c+Yl$0+ZBYWmiX3jr>5%O^ zG4(Kf_IHXjdEimL6#RitzaBOOay#&`7K{(jf5jz`#}MD`5Z}+z8x#rj$$&oW&$`d> z>%$h~3$5Hr z7aiq=z|vpm{6d0cUkuspSU5#I4kxA~5YERpL0F^kvN|5U5WP}TqY&!Ho2`^xQW2q_ z^_SHtp2qp^fcqdv%iWIVn6ebhcSDYnNY))bl2dN!s3sldWc-K*LRf~N(~<=vhg^_y ziD!~yBMs}`@ibs#S!z1@HSJ>4rjw45i&^85s!!+5XSFpbl~`#ad$Ag?hu&;y%sWmi z3#Br9aXCUX9*b#^8xth9DBp}3mlM__caz2= z*4&2DTR#}Ej8Y>(xT}4zOWBx}n#Eh?T2R!r94#uo94mahNI1xetCl^A@&IMcRFp4O z)a52&5PTCfK`ZRmpS~+Rz(H5saS{-7r(;$(hpJ{G8qOzx$^Ls%`kl0b<$vp_998Oy zE=22Ip;J@7bn44z%c!N;HrNAeZ>2V2vDV!KIDhFyU0USFUF^f(nLa-__4s$A|M*j1 zei!<*?jeii07hK`v|-CgHkdpc--Yp;luL}M`Z!zsI(*8kIM?*FE2P04{rn@cR^mAV z{nZ!2Dhh;-82M8dHoSt5Ki`?YG$fsb+tHy;4gbyjp3C=r&*kTT&*hK%+VTs!%9lV{ zai@G9KTfK4q(eZTT)?!N47hqJigq7?TDh%tH+ZO{hq7ffSXo>+9%F;L)*OK@utuQ! zo*`CL`H-e(?r9+wY>F3rj%hTPeZssE-dc!RMOX89Fn`K#&SEN^8?>7_Os`DhK~b*c3OdB9Ri zTBN6)tyNQO4;(D`GNy(AK5}WV;K__5Al1^49^0EGv1SYv=%pMcjFL_hrh3>J&NKDT zK$$mLABBwrz0%UZzCOwF*``=qIxX{A^ZP5`$H(esYrO73o0GQ(H3kHx zw|DJt(Tg_+8p6~M{yn_Bs3wIg*4Zl1fSwgI-4PdVT>{D>EZX1Xp&-? z&E31r6({Z|$Wk-kMBg)4oCM?zu=_DN`3Soaya5&quv-;byDJPk{Ze24GfsjP913!H z!$s8*8v&CHFQCQXc}m&CyCgO>tZuZ;9^%(muK?HPMfDQf7jVU%9p={bzhT7>9&+hW zon7WiixKrShW{n8e@O-7ri+VjLNSW=q)Wlm&yJG0pLUT*eB(p6@g9E6X$vLymN^c| zu1tr8ffk1I@$X5FS^h9rsJ~IyhUuD6wPW5-j7^vfN|85$Lt*Y4F&9d^WK=u@6cZu> zTvh<#46mSYnqG9APYl`iM5Dz11~n0@qKY1H*|1RLs+L_g>8iJb=XCUU5CMd#L%N~W z6czeR(H$QAfGGdrqPr=k}E}mp~AmEW|0%pJqd&YFJW(20=G_9n116@C6KE@`j zR25tDssnjh8xA9MN+ zpM%L1?h+LqVT}iO!nP^1#T*emvy%Jtj-HM&fsGE+YC`?OqDc@p*$`?p%$<05HzxFaD%d)}>Ir$-=xxE?7vV&mUM@i}`MR{r%7{ zIXqf6sc}^xQ{~|%{4ek4)2~fQTv2&=BGQ*TC0Z*M5*Jh+e!*dW;~^x5Rvs=LK&Hh; zN&F2>8B?(j1cO1+1I)+XCkvd+&2Y4$N)EN+;+KJtID8#N;~ z>nPJU62{{2m98j&1hjRoYI?FS19n(I!!Q(}%u=q8v6!UaZan5Ezu!Ygd~6?l2`+)b zDxm0#IbUr;7pwKWU4EKupN5SlF$XMqFd2E`VOUAtf!~4W%iyK3p4x&g*r%0?0oXE~ z9yhQp!xkDWyPsdri+UY<7S#1LgxkZI(cQ}l$D59J1Z@;=$8Mlz@wWZqZLtI5t%nYX zckDMZ*^|_!0Zb9~%zdCNS;4(%Qoc(F>+6_+k|jJ|+(r{kRExabsJb$0;q|jdYSDB3 z*t|1{=G*;z)rCSLRcdeuBDXbf2!DtS6_i20-DaQ)0T>w|56J0loP@13XjdxFUl}K= z(u%&hT>lAk$vbc+z>%|5pfP9d(d~zZ5dp3tZ2Xi{XNZdZ~I%d25LNh7ffB74u zE2l#e=}VRqq=Hqg(ESMQ z4*&=q01cmq`gKRTcKyHno(3scEyww{M+6y-Ja%;5 z`kY>+9@eYW=k_Y~dA&+~ey>tz_bT-Ty-IyyuTo#stJJPurM|dVsejO`)R*)sbxyBR z5ARiKI70M7e!F{>8rGa%lzmyRQjhFa>dSkTI``YB_G4Prp~;+}n;6_Od3~zD=%Je(`JUv1! z-KIyVrNi_HwRDvpp_We4Bh=D8dW2d!MvqWSm*^2{=?pzWE#06;sHFq+2(`xg9--El z-Xqi+yL*IMV|0&DYb@>&YK^%)Lanj2N2oQ1_6W7c${wNCnAjuK8vA;LT4P*~P-`sf z5o(QDJwmOqsYj?a2K5NF#+n|X)|k>G)EYZ_gj!=nk5FqY=n-nk{2rl}Z0`|j$?zVb zmaOg(YRTlTp-I`RbV!TDk4ZTGh}P<-9p*wsPwSA8q}R zpFZ9ud(1g-jRT7kGS=^vqyc0;RwH40u|38OAnFJG^}>{xVK*`#XC$q+!QA0p4PnNb zWL6))dndVD8C(=w#;%z>oxE-;QWlvh<3B+%SZ5T^vG6V{*%%~4AxLxq62*rh1(&I0 zfq=VHkSsmxxm?$uB5~+r@mGgJ&|3CFco|6p|np$#*qR(ZVl0`L9EjsAZh%SV2$_!2G4r~`r;!2!eWQGYPqWd2nE>ROWeDx z`dllniVUKm1*ZyNM^VsinpZmPuSO$0px||d%nr(2UBe$p8v018F2KgrYO_@CfA%5_ zW@r;}aUGI!Vg~fzb7I2YOylCx*Rt_nV(x+OlC-C_{+8{>XCF&9dI7f z!U0WRT!BiU9JzX31~u{Obo?{*13AAS=xm7aU>jNR$xONzZZv9RdZodQ`G1kwy}^JU zF}Xum(tY{)!7_C{U$hEe)x*A3b~Dz87Mkm6W4V9F=wR&k6)+?@)rFL$-O5@1H})&~ zu00>fu!WSuy-9qoN#n0ZUE=m6i0W zZ(@y|AVd>Hl_4%ZfCR9*n_>oxVMzJ;58Q9|ha}JCS@PyP)UO9W8;vGM!*FS$fb}5( z4!@5iLG|!|_)nT2Y;CdlwH7dwzq7iu_C;uIKDJ2iBSz*Ykz{-C#o$5hy`}|gEO!LC zSp1C3CX6uw{mQMEEuYq(eXgz#lczXN^FvD!b{**K{tWguk5#ghTEgxrt0paroo z2uI6jTJ4b}+IMOnQyxGn3hr%dAPC@)0!f#oSV~9p5XA5!7U+3DPr|&M_TTotds^^l z{fOW-ogCi$$C6-9DL=%L&^q{GFM9v)vDV?QnT-pQ zO!CHGOeT3`8wMmsd_t=%a>06YrN9L*A1onsS)bLfy+USjOmQnveRJ`^S~ZwzU?}Ia zL>l`C)~=_~@v@syzIqJn1ZUv%9vnvHhKnno8TP}sxT=O{K#cm{0t>r%YqNnp95Nub?5*4@gAXL;5Mmk!9Ag2bl7L|0 z8153^S$<&IvG?HM&Vr7Nzh3dDRXuwj!*ld8ywpC1*RPM^_3vYN&OU}WppW4V>|=O? z`WRkXAHy5m$MA;qF+8!4;idO6yrF#z@3cOKcX}Vg%jjcxnSBiJj6Q~UW*@`L>SK6k z^)bA&`xxFieGG3{AHzGhkKvuy$MDYYV|dwp4DW(IhIe5f!@H=D;ko)4-oEE)2r@@zaC78;U?1eb zlrqzTE4eq34RlBA#{<^WQkrQ2pPURwT38mVf>?2p^l}@H=YaQ<$Fz^vd=|&r3K`5jSf9cXNp$E!yxrTxmWE&4+A00_J0a`IuxrCYz7xc*xp|LGx?2`KT}-)fC4nbMR23 z2iYG96w?S2Tjs_80DFQmu$RW+zs!~q0GTlYAhV|lfXtqoiU&N+o+0#EE`0=ClNlpK z@rLC2=G#QZ2x}xIvpHjm89ae8LLW&dF*ebBo6cCNnH1zfQmO+Igc+M*23PQ4suO~7 zkQt*2(HTWJ*^E)G;P0leWkenY0LiU@w)C{)$+ra|nzliWqn#scNq(-Y+MXjWdiO$Nh65jB?X7WbjH|FHI7nKL^RSGzG8Ab611on0=08=yZVN55AYd0rR|p?paEhuk zRjj&<7D!E^4JIgKlItlQ#G7*}poy!tgMQlh9KC287Q4koFJs+Jt=lf~tHThEOO6yd zf7XbgGHr)$&9*|BZx*wDMA7TFHuA=Rl$V~!=?2& zHQ8v}n2j5Bc2u0*kIF&9ag-JD17v;1v9>=T)~Ykk;}goSrIq)N`f7;%kD0}+Z^e-_ z#Yp-vY%Du+1#u1z(lOeGcS5JFdgXp|{k;SJfKvgVm{khtR7+W#>nxX-c9j1|EYttT z^`r7{6|07Kat}Ell$Uh+H+8@(I92d|AXe29*O=UT+SkEr##2eVdhR0bEzVWvUYWw?=5}1x;hjt}o_tgO{@>IGn&LxVgg2b_(p2!ZMGqXqbaMLF z!tLZ#(1S68hJ!l6+k-Y~{L6x!Nw7P`?X}-OM68Jm<=0ccJwaYIqrZL6^`#>{y43fU z?-!yC16tPC*LN4(O1?vVZOOsSXl{+GyKU&v)x{aIHY?w1)Uya=pu^v(qd!mkZtzYR zOxc+H4rUsY1bQ|B?JkcGBkViW@7uv6mz*B(wC@F;SaS^b223mFLz)^LhzkpsBoHF8 z&)Vh#2@svy8JyG;pTlT~?@<4fv~M9ckZueOY=~rqG1l7>PPuv|e>FBro_%7?YzQAk zSHtM$wGJS{9nw1bmzImm7@hdx>;kVBPaH)&V>fY5{hwYCJOB?Lf=yA2(Auf7~ zPHCU(5&;+kZddWNn)@d8TKg4Efa9V4eokA`<<`BGAJ9F71Q-Y1V&{B$Qm45MAgJAS zK;~&JcFrbDZshy7JLJd6?}iTenYTYz^m{S^?&ENK_LgHK$wutJ$vW?DObvjdu@QkI zlg-R?w*3se(8(QjV$BT{V5(-zFs#6VQeI7y3D0)%`t75dsj4`z<8<7K0hj7$P@&^7 zyyMJ{Pf=qyZchp5Y%|)L&g*}>Q~!Yz-G5Ut3DP4wf)`l(+3RpfykRsc zk78EN3zn)CTSc7_`p8#36#m*W9JVPZIjV(T0PjymP1>TE+=IHQXlE$q=vtP)RR?{W zF&cjd{z~P|jVj@MI5hcJ*oDraORcydaL@T@bUs5PG(2%pr%Ro17&;D6z4%MePd%I= zE;$EpR>NZs^mXI&@b8A-N#q&b>9Y`kESMJ&%oFD?wa|>d13gX(FEkj(kZ?M*8Bh&z z6NdS503QKZig^ ze!73ht1s`Imu&{eQgQGaBuoR-TFC1j&VvD6eRmHy8AU@BK94g9AYpP9orU2dOFJTR=%7U0 zzU#N|@Y^@Vvz`YHw4dORb~>3|scbNv^go3ei2UaSLGm0?5Tou(bA)MnsO5t zIKdq~!c7s@&#FKOaT>R6TIQ)eCpFqM`uGUKDMd21p-11sKZ2olilg5%uhE( z1s8H{(=iFbIf&HzfdCQ7^7jPEh>)*c0YpHu09&q7OUmp6Wm=So4XH9UVBd+Y2}&x_ zIcews%Op)DbcfB1!~i-%gbvIMpu@YUUIk^Y^3i-emDJfzL5$1*slO$I(`d!58&pbo z9UJfB^KY5mlP$UbhRXxTyQEggwau-&jVAe`c;dkh@Kz_g7$}g!MDt|}{(dlUZ{bsE zfIr6NvwsS+42JW)>IbBQf-qru&|che34yYdN-o>r^NdjEIl*OZ52C94WOH1yiU zh$zUm5D~@dd;qEBJHo~ei&lh}QfB@;_fU98k}_&Uz) zrE+)yRtByLJc6r7f|uf8JkiH+q`Kw*tlvOx*yj&B-_h-z^UkmGe$Ii&@W&a209*d)O* z8j(zwYDvILYXlg4yNqvZC<)1N3qOFg*Ku9Sq+xZ9NqHt1O+6zRH3^}3yl2cq$(Un3 zV>HCjWf1CK$DCz8EgiIVP;-bHbtSL3YOB8tyl=9)A)B0zzQ9>Oh?BWEj}t#92I7NQ z7VJqXZGfL-jvj=ajiH%fQt&J~oI64S|PRVtG9xgo&X+v+gIO)?2_2uf@FGr~-j2s?7e zwFL%%U64jL!@xr_!;ZK1HVF}|IKL`7yG8Oe;%IC3876Bipvt&MX}yH2hHH(DmB$R! za^64D^8+N6wU-n;Uh^VQ(Z|bv+ETpD>hE-4&5h|AZ9+|FMgP*If8hjoO=@RFbnZCq z{tCTYOX^^Ue1KT8;XVZ~4ueDFJ_~~ym0(mgi`73wKL#S=5;}^IkfGf3-Z2keT#7T< zA;AgfE4X&8al>B=lpUCv`!ZTrkq*}32s|8^;o2_^^rlp&Br+xDgw%{3P8&6_ zVviVWPaD-#jq~S81Hg3EhdY}eSIX|e6>@xG2B*W}ibRb5g*HgXEf)NWJ+|nc6sdKe zq<$>oypX9Q3<$E3~HTqivskqHaYu{2;@Gzu}IchttBYR3TF2wjSJFTaE}pgkFlan#??ezFsH17xU5*#cr|oXl8BHan-Wae&R>K`=muH{+Cj zaL+Qz$I=#9m58-DsdY4v)@+#Ilw@nbh^pR)-pA4&B5CZUI(4rQCVi+7^2Y8dbT)D- zgFFIDJ@-D7h^zqwBoti2&Hx@>ja>H*mg4&KqTgt zB~DyR68;!57=37&`ceQqas3bR-*Pnj_lwmt#VYN?j`cD(!8+Oc++*0Ec}n2<#HzD8 z;f?q@c*9Q>ynM0hj~{f@@3OChM-ugv)DQPO6m-HH`E~I8rwZOuv8s6w*@j-4jt*h5 z%;f}jv^oDaof~$6ZBIr0;NSr;9ZNF&%L1B9Ks(p>e*XPKB*V$qtnalU>U*v)Dc9xK zK;b0{2j_k#XfYT!r1j{_P5?_ zu0#l%4(AGbi?~+sOyu^1;IO7nH-js9FuDC8c&et7&ktQaOY1yvub9n0VXo4+S5nga zf*A4$!tkU$M@~($wl;@9mXTYMtT8Vh+FJ4t(oE+j&2(qdxI2@gaVMexZm4Z1I56tG zKu@@Ty@nPd_pd0v;r``?`xkfpxf`Dc{FXl?2$wNI*sw$pCV(#I{u;Hy?=XJT9uFr^5H{lX=K1C~;})H4 ziSAR{&-N0@`cbK zT(GBPQT?QRgm}%6o6QhtHGXBy&Rr;pD?{XE!*-H~jZ-f^*5*N}0c|o)3(osU(eeXY zX%>Fj_~rO?oE%PGJp2YhdD<~@@hQ?XUIlE^S*JLQKFNGX$#{D1#8aHT#vwSm2eR=v zeY-eEA=}hHc#bjIyuzF5gO=s$=|vmk#g){bYQ-}oJ>YW4+S7D_50*MB5ZhRsh7UZr zhK@LXcf)gZCk{j}9r~=zny6^wfpHnG`xy^^qC2q^`tvmWT+l=&(KJEU%5Yy%S+G&9 zMh4RO0~*yA>!qdEdTA-vOG|g-hxO7@te2Kr>!pTD$e{UgU=S|CA`2!wB|+ioxOPb0 zkS*N-hDHs8{kikgEr=P9N_P7u3UrCT9-4Ejaf^2~xsxP*znUf}-OKCBdFDIVCI?5} zgL-H~={O+gz!Z%Gsugx?u2S_*uq40+1w73mpK0%5W1N^qiIJ;Ndzw#`0)qmY!lp|M zw+0obgP<7cg~XdUPQGg(iNr+A!imZ!NSNBie{nW7IYJ^)^7Ap)pkzVxZ30r11VDnb zvEmd=qm!qT8Bw@cMT)uvug!wubm#>5pyJL!akN5&{)WLbU3hRr=_nA@&3_S z5Wh&T^AqO`c7Akg6z_QI$nZd=78zi+NcQb$65LOtusLWF13qsBVldqzC53}skc8cm zW$}YwF~)oGo#dA>)_0O$tncwC(RxKGAa7$a4f%pup2Z*F1t%SKpHBC5LBh1-?lz8{ zIZ?vNST=Fd^F-_;SdM<0XHNqXOB>{YMQ;^G0}W*Q=5{j&A8HJ zoUTQ35EcPD;B;$;*Ktuc!SAYP>CtK-dLw&;J-zkW?D)xC@Tnlqazg{`jiYtDwEN_OZi0wp&S#=|MZ)gMscikzavF$ec&(@egL9BRU>Djm}1!f#2+ss)M1^s}2Uw z1oH;_HQGqB=0y`@E00&BQ$ELbTQj>9Dyq}Z_1+~>rSqR{S?ENL5N;1YtP0}lwAGnC%nWQ1S~ZJmg5o7 zp51OfcAAgfc;MW*OS{lWQGDUDlKAzo zzoI_p5d0Jk1Ly0SN(dO47o!?&bSN0(Sv7S9f)$;5s!F*PR^Ol!lD4*skSf{x>3%{I zdsN-GiIOQWl!4{}Z2^^=zksSi@HmZ;(P-om^kz!Y`~_5M5T^+~L~!C^P!D+VNX58V zFCdOG%jHtM6SDaRXrVMpG1Y9tdUXv!b_CBjDbV^7)IX;L=`RA#X2B+|YynkS0{(0P zVdB>Wv{MIfn0OPHbn2Fb0qFu+x6loqLx$OO4yEmb^po5J$oEMa8U<n_xl1N)U(U z!gu1dBvJ$LLYO~zo%Ir&2zW;3SPo2#Ttj@+**P0IH=Es*6gw|mV{h=USabcE3cJAl%Hw^|i;XNV6Lyv@Q%o-C$rR*PPHm z79(^1;rnl-37uT@5#4Uh+PPRGO^2HL0%}Sx=cY5kG`O?ToVX0c2Z@==;}{+>ccK3f zc~Ca?b2>wgo&RHM8X&ED|WJx)Oc%mbSNp$Sczrl;r zBy^E?2)T=7Z3U4{(U(w*%hfBWTUWtLWCgJUJhT)o2S+Y8R1l}z0@{l0c;d0seC);} zInlz6qjBGXq@;QWG6lB-ZPOM}`9|j4A3{>yjV6<|KX4vnjSY)T$wV$|U0MKl^vVda z2z>&*ap_gE&r0mDpT&8%{XE&RIHCVcz0>SryxTs7Z{BSmp$N0vhBDP=fISF2hiDHG zl5KQp4mzNb`FkJ>!k?Ks+}$_QmpENJ)>i}l+6iEx@HdZl$J2(Msb zI6VTc8Y=#cwe( z=UfQ|sXa8B_so^}01p*dJy@)|oi|Fi3euF$OGBg8H9J{~Pw7rVs>EjC8pKVQ+Z`tv5 zR3CCf=_>I9*pHPx9=u~o{1Wy#?oh{t%>k15J3?o1l0QUKR|B#?DYWmny}p7Ac_B1R z-Nv~zMJq5lt7{_8H8b)!*IZZv$<|*o^^V4cR6k;%uF3N-pPo#*&U9BP8a`-;+Zj=J z1}+T>IwY+SK33C7+4+>d%E6R1t_rFZANdMM?u@H?N36OJd{(fYAc$3Vya)7E#BGfW zJD5u!4OL)a2ZLRJM1FP$&49&720j#ay5IArSVgA0>Z7)eJ0qg?h{(Rt*4! zi8ZJ4sDC0IqQ>x#7xBSgw)4>74^Q4cZS#Ny+BlK=8mSAE2+eYh#>tzQoNNMWt^sV} zGr&yJ`cZogWDB3=Uk(>F7(UnWPakhCCtDcBr)EnQh+}-Ijm&c6AMGc-3B&j8n4*%9 zhVDt6fw$7G9MiK81lYTN?RKYMyC>bR&C2p?b8#IxItAAEKlihp0h-OWah|3NJGoH2 zj=!MYv2Ki8=UppM-=r07B!b9A_F06H#w{+QYOl4sYuG@1`SP0KPSSQEywoX0_dmo-wcs{^wd6Io9fy;3 z_ju4RN3A8v=Lq$Ol1B4uA8SH3g|$${a^q+H%PnNUje3~zod zpF8}*vVgVF6IZz7f<4fM+gWhebKD0dw;=2q7o6hFUrQN6X{I7V^-0{ohwj58_^@L| z&`^`W#dLh~XzIlA`RJ30b2Lsa0Jdgsl`)b-@jCDVW^P92E;k0hW+U^rD31&rrHW^N z@GRa4MrI8K;(GuWR#SKq%+^5}BXu@rna*k;% z9-z)C73SGTMeAR%CF2MqaH*3?rEu!-PlErwf*t&X9l3vK!(57f?%L}h`o&er^ZO;D zRaC)c!~VQhxIW0tu}sd3${Nqc59NPXVZ&TZn$!?+Qq62K%11UjRw1$!0eA_9VPX$X z#hmCU97h`>19?KF>;_yGDtYDVv=jrB>CGo9AeB-MsUq$$3vuv5)D6!1o+SYW1tsD1 z_@o>i4NLMSNyF6mR%i%G3UkrZkuLc{<6am0GLvR_M;YoICoHCWQ1=39x~RVhUR3lS z-sQ*on8IwP`}>m=$OP{zpw|tP#8p|6=k4HiXf<2tnq;F;BY~18_2II++sPcil5mAE zC%#m@j?=M6Z4+*k6dH;~xSHJ3g8i{qK`KpTNtH*aQ_M<@w`1nmD3#(v&~BXsj1)Rg zz{bxL7-|&ZJb|I=FS*BkQ98R}M!^lZ=ayz_@Q1>TqPuaMS8zK@LIo=ns*+W|bqG`E z!2BEeE5-hQQ_~^;rlz>p8#M*C*4_dG4tdfHs!z?2QCVJ5v&R394R^jms*AAC(P$$RM;d+fcIcq8Q#R5ZfriRtb>YMVlOo za`=0;5LyY_VO=L@njB~G+jLhtjq+K1hD_Fc@2G=dyu43YaT>R0f5C}v_l;^Un3^5D z4lYWwJ;lLt39E2GD+)bIdJ$+T@W)!^NXM-nI7y<|M9XfXh0`Q}mc3xAi?&_>E4*fh zRza(h1|G%=lvvXb9Hh>5IzpKR_oRo?$-G{UL6{Z<5&*B=17XM4Di!UXAm5tVxz3pM z|AyH?(WasYP37_r&z<<~#xIWFe*7T+Fh_aITyF$8>`~+^pHOE2l^gZ@bEu&?a7Lx2 zigxO?K&BLibnn3Z$deNM5hcE&LqUxH3*#r@PPR;IF;rY$7r*S6=o-ao)HT{(L@}&* zMnUoP@acIw;-__q`W1&Ts9>5?ta=FV-pIkw05Ho&Zv>Xx7eGzkOP~mwmKkUhCumBY z?TN)9a}k_dm@4LEpwqkup&ZaJ{;y)gSWno%a>@7KfjQ)YUuKJumq}_D%tp|EnOnr`^gO4XdRzCKYP;r(@%msHPM0>_u8`kXXh- z$m$)jy-w|hLLi(K!mUg<4C5G)XJ8$~5|V2Yc?Q0v-7w7XXG!`*8=I5mIj%j%T^g51 z zXmoWjld^D8kf#9^iX{nLm$w~7t91_T25Q1tH&Eedu-LRh9Gp-GI+K_GH@ng;Y%mm8O-o}Fv)TRWGW&08 zd48Y$Z;6j&<}VDe8ChgX$(Px*9E`iU0sZO#_M&3RC7iY19PJ zjnoCIN8;8xztMoM;A2nzn!19Vx6^n%(d5H^*(DDkqZr{<+i4rgvjh3|$>c>zMbgDl z*vrGxB1AFV^5Ju$2guG{LDJU4;4mZjAs z!4Pf{T9_oxYYg^>Kl(s?ttX!2+17u3wmo2$&TOst;yG%NqnKsXpiXF3aE?C1A$i`K z^&qOZ9B>a)^{|5{h1In^g-l%bB>F-6z$cz$4=Zv(A9UB-G2zl^+=9gLx@MUpgiY3X zQ+lhXr9l?R8gE2xjyIs0ji{j!wHX-mY}&-^QPBiMC0RfqB`wzxrRR2+A(^FGBS%bPzfLyXXsgv1o%68&iWMU4K#AO8fEKfeNX1)B|0=VYUGFGo6Bjt-8; z+CAiDaay&FEhEOGcPQ|&wk##DDfWSrMHX{eIVL@?PUEid82gfAB8f_CWK?Hk!2TZ+ zm5-Zi-#FyT6qPd|D&G_%>(Ef*l1K4ho;H_@N%(3P0-U$8I30{7R2QfDu$NX1Q4*}( zkbZ^@QUl>eUKW!*5$>^1la}U03Twek*&V~+9(tGDoBa%~H&4@AE&Q?r>^Z)W+Y*PD zI{e5pvWvx6WS_v@p2_2RJ9%fr-#LWq^TrIL8j|eo^vV|HEv8ep%x=e0>{r|?dlWIG ztno_m3jGBf!RDfKGS?m{RSaaDOAX0X4K{ncuUr1X)mhdho;*S@AR0@#$j;s zO@ie#Z+e+y;!#}agHh?5>LKYfAz#e8SdQ`VGe?a)Fu&7zHC-yP37=La%&vt>e1N7% zR^t1r11=2Yj`GzWkTufNQNE)|U~*EASq)+|n3dtxNaxic(cmQCZ5uw>T#OHfs9ps0 zE$?}@E&ef#k8B%FdqGiHnOoYhBO&dAu1@`J=JvWh@Z`rn#xaFepN4SnAV;t5s*|C| zHo_(do=K$SMd6Fint-O!0QkTaf}~Dd9y3wRYf@tlZ48DL;Kis*nj1ub*Y&^)n6qub zr~|uigBq?+K(VScg103NGjJWWqPe6R0}X-(H|RMFQoqZURN0jSG(65+fQwic7-O zy{66jT6xkSs<(FOfxTef09)H3PoC~BPx2v895N{JZoXl3N)^Zl2o+02a2(&|0^xSj z(9qZF#j3SDpsqte06ntw_qK0Qe}>5GDI@a1(T)k0h_Jebxu=E%1@IjKd_9N6hzvA3 zaJr;ZYMC7#NYR>LZ;|>Yge;k5;JlXNLK8cn^cbd>gwl)XuN^2YPj=qpqWXBZPIBp| zX6L1wm>psC6v+3&g3i9%x({2Dup4PmI~Arz9opPNh>7C#q@*}LE6~~H-i3(}JPjF6 zdy`lrBrb*w+MvWq8SXA^J9QPF(2aQRCsri!@{03NeTQK3oDKH**EdA9%o%jx2)bzw#$Z8hz<8{oOwB{1aEm8 z6l@-)HED5G>TL+gJ6J8d^7B5;i%PE!AnL&uUI5o4gi2T?!H&NGtpgt8w)Q<}X^@JR z4dkWb`t1y-D9j9wphbpktjh;8$hGK6Ac>XXEOEU@-Itq4Hx;1)d{-SL%R!9dn7-HJ z1eaH<4#MOa^wE4R^?p3axSJmkeNn||URp87h5)}UbTDrR=_de;>9%7ib^+Ruc|T8# zgvt4EXL^)&2}(1wLHI;aFOGP({Mfh@nni0>5L1K41!#4yp~StlBR%F`0x1Me*(=4`RAK!G!}zu_QGWmia^>%IMFHz^ERq!zu#F+RAnsnLo!nYg!{zkg@e= zlp6RWH%?r@{i(3oa}O(M!Gt5q$))=<`@aS{3yJ8Y+5tG zA($)+L$8yRu!OLl;x9mbwyVS4!!{`)b5ArY=SZL2XQ}#v9SHG4)~VZ8cWC1m&J63LN|p zX~BJ^LBb@shfd7W9nb=->lp7 zcr)v^%6dzpOLhA*!muqjSJ5)CV|MT#K=}Ar2yYWNE-T0a=H>E6I*pK6+fKNEJ29$n z0}C0MS5P<_XOyB&hWirn6b5@FAoCpRmm7c>L|`d>fWdgNMrH~xZW30SvG&2OH(vM^ zbU+XmBbcR>e+fzGxDo7{G&fK@#3nf>+uJuYusr=nn5;WP|sKkrIB9Lxf9$ z)g~njdl_&n0&9s61~}6-n-;)DPRS164XGI0CFCcshBrmz0fj9NHPM zw_sf+a8ZlDto}Nd0W)23I@VAX`xxgz$u0)dV8^kmyZ0-P(os5j0MmSX8(5?3Vn^qB zBZ_D6W7i78fzWA6ES5gyP|Pq6gi;RFE3xMEwvSITAn<{qOMdl}^njLu6LeuWFUfl+ z0J3ET+}lgUqSm_uY}m!=fL!8fJuvIcDN^MJ!u}Hd2?1)N)L`eqp?v{{+)&ui`!=K> zNYV()Fa@;GkVF5@pw$L*zbogI_*Izv!CiR}9+(vKFw!JI!!~qWz6ARSUo&hQK|Pjm zBl9XIo>)%h>+RXxh2-U^Q$@pg1|6qAj$vUAP&Ar#LL-X=D-$#YQ z8%D(*9ZcPu;zxL0f?%L?$YAgY!ET}>SarvsCl>s__Rc-7sw(~e>mVR<5xk(HIc-Z!QxK8NG!q0AQ<4nLGJ^wW z11AsXoX!Q*vNXFXSS}4XebkR}BEnXi-ts<FpWmAC{3ouXgdt?O8t@J$gS@n_*VZ0%|7P zcmXHWJ|{dc7+8(jb0)z$J+eO-#b({%o?-*?86gJ5x_1gVJNDLZZe(}#4;cGHIPHCBj8*9GP6i2dd>)P^19LB_x z_kp;t(Q)NCjM$Lb|3h)ziXPor0`+XU-gIE`(_GJEib}|I8@f>Ecc;JFy@?`sq(QYWN7EJG8S>h;l`-XakrdH zrdn2_X4OLPmL;a68+8_hJ^aOrj`I*knP(N$9g*(Ecjh@DcEft&Yk7mFpgo7PH^Zr# zgi9pqzJx|5b-M^zsmQt*GIod$R~FPI7v^AxoV%#o{!BKpENh-P{FMgV)VH`1ZJ)k8 zpXcEDEs046wtkzKRM?u>Bg#fJzxL~q@Z)6eOP0Mi7+b&LGts>ApS1L>qI?XoY;zppD$dI3 z7rb!#@a>6D=kzXEd450sS^;b{ic6-ijDMAx%3!|n6zErXZv1rl>H;U{x@?<1zR}11 zYCC6{XnaN^sgl0OCJiP#ON{!7#lE8vMi}PaZ-?1tE8c6VCCj7tP>XTb?q>pjL-OCr zjC7~Dmd=t1CsRnZ;=MrRwR?iy8T94jRDcvVwDfA9<0kK)C^hmP8=j++pC+nhA5AQH z>s9^$eOr)o47*x_ggTtaoSOz)jepA=1aiKkATe)Of$>tCoQ#n^)$)K$9*^xC(0FVg zA6+qKBw`<$Wgl9>GQFQFcs6t0-_rgxT#}8NC#jF$5%d(SEbP~oe31TBP?ygGu>7R9 z@sG08j#GTJAuP~`#TeDU$8h&(sQo-nL1;&}5HlB4CoQh*~D6#Q7 z$niF&oQKYlL@wc;b*u^J$Ks^^c+G<{7_a^nESoTw@mvL?IiE*DVKXdhVP_rz+EUNO z1Djcy@C@!lJ-Icp?0XL0h^OV$*)lDSiEKG&%&21`tom3P^_Za}W5uk3m5&b2X5UHv zh6B~gF&Ja@@Bm|`^pm<>yN4}H^`cMQg{`Cas}F0W~W63%deAU zu-BD_FlV#e0L@ALbvMGc^p2=V&a$$7RwmZmi#;7WXIZA-pQISyI^I0 zYvOIZ4wyH%KoZ>$ZKjsZIue%AGWO{H0gZ#AT)7fAe<_1%V$CMC#Y(Mx%niNI$AOhC zaT3KDPXLGe6x5BEBmY?P8!b-B!n*~_cEl8n|Iqi@2{$8|H<;shSX@_`an=4Ru7UqD zuC~;L6xN6{DP;f4^cK1fCxD_>o^8&`64&L`ZF@Ot5l*S0oTaVqfbNn{Y%Kl8>DH&_ z)$PfTd!_EJrQc4`-N8JzF5+G_tTBfXbLltbIfZ#kzsm`7lxFF-x;x;^iF-fpJ^Z$h z-YHSIH+1s-yWW+VZFbT!CK8UeR8T`ujMguqd@W>NuS27F;6h zav2n`F{8p^MmL@nbp(H=3_G@)w~W`?Ql;m&rOM~`+EV3nDQ&59jNglm-%E^Nc_`JE z+GzZ4H-29*eqS%oNZ#9dtzF#mBS#rm6q?03w5i>X$vZFB+v<{xt}h4Z*)iJ2dmPj2^1XGlSfUn| zwhSZeDq_u$Z4t~^LX6(IRKAs=E*Bs0J zl!XskxXQwSg|}Jpv|9MHg|U|ZNfwT=FqA}Jr=%d;dTqRSlD3Uoff`o#kbeO z*_M30g`so~p5X3xKrN9$s@}qo-v2I2oZ-Y2P=ymW`%agc-bLA3Uz?GiMhnC9aaY&j z^TaKiImJZQ`xEGGQ{y%h{_Vewea!rv81d$h%zA6I@I-&3@FHYiW))pOJ)kcL46b&I zXw?Cw*d%M04bI3=>yRyNmn~4L*_=+LJ013beefB0DbkeaRC-26c}1mCui$2KrP6a} zvLedO5uK*aGG^#X?dv3)YUnk0mKl02on%FZUTbHWp?AEKtk}>~A6t1d@=|Q*B_WHn zkw2f5!E7&SH`6_M(V|6;GK!(9KC{Z<3zQF@nq$Q0?IgR{h;Ko-tk~3B(n)6O-H2>6 z^V0MMX1dv}NZZHpTcvIyU8`<0rH%sMk-rYvXp!BBOzvrxUY5vYoRh-}mTZj3 z#L|=cA~U0hClI&Z^fJHS@YZZf*0kwfOCbY&Jkl#GoDTosg@#VHO_hqw=l7Kl&KM=K zQe@fOhb@_rPm%w#%ho4S^_khz+oLoo!^Z0)paje~BZeg>TsqfYuh zRwV}#RCh;r60%pDKRP~pj5IWQY933QBheDs*$WWLD>h*w8Gsf!{Sum ztQytV=2A(m-J9c^VjE+;T}z{j=x49<4Ib(*Wk{^*ZHu!dw8k}eYwFq<<&7-uQWTLP z{@HY(_Ou7asDY&2hqU9Zw3qZ(>XrdYZ6$46-w4(B+oTMm4g%ekm)Y%O(5I5GLGfx3 z^?4F?)|Wc#`9gw9a3rdj;$DW%59l4S@-Jb+-Qn?=<=I4e9{$bpWJgh+!QE6(+a_CF zYq#c((wOC4!r(Y4CPKyReZr;zajeRqSDXob zFX@Usej2Z$9C3zhmh>3bM`AOg)8VG^3EwF!I^ph=A>CB(;^DOADavTe#;)GzQnTEO zE;p!Gr0TWzbQO~|Os&dR>g*h)97bBijl8praA7(rqY~7~j#Jgi#iyu~vj(Y?ZT*ch z_HOFgnB+Cnc#!-I8WyRB@yU&t1#zl*l2ZNinBiIF33sOqk5ehdgH%eErc!MERL|z5 zrtXdL-Z(424HB2M)AuKN+7ByN^=|nY1mXGi)s@MtRpNwE-$XXHaUS zO2yWqUg&1X)Lpc*$ca;QI^5CJDFY#T>cluu3y;(21C+;1FH$w!O)#j@h?n}y`oBYF zW0@758DaIoXq9~r-|~X0zL4^hPwX^YW=o7#iF~^=F$>I$^L8$0v}#(X)JM>R5?;o< z0E0Wao#YDHf1~`wGS%Ow)YH(}hdas?F0-Y_s&x9)F!~gB(%Q8ts*zq;WVT(b%D$g( zok1=mJY!rZx3pzvolyF=?$N3{e%&);TVtA|y@O&SRji{MeL6-pJ;3+R=m0MmaZ(@1 z)vx4?(_wnH48{US41G3E^(NllnZ^jiE(K#xpqom1SgGGby^lyavHwnPY0H1EW9u2C zdJ=a};_jK*y;XXbF%Er7o?nPjOCC{b=%Ykq#oyUY8PHSzLeH?5Yv`9r(JCo3zBRVl zxVvNwniQ=j700Sr#`>ri;#A`X?lpg5+GeE{?zW}Ga!>1}QXD-Q6M8TvB&n1=$<4Oj z)D5!U$a*8|y(g*NK0DeZLUs4Wn)Xh6XKYgH9B9s$)R|F_@rHXUvQm*zkK!Nh4iD2F zZ|Ht&%niu*Q@n)@HCS$Uad-c$@_(Kf9~&7m>R$m`y& z%Da`d#`DbgzB2O~?zZ)bReg%%RiCUl)hDwfv>7&5t=h(S^q@Q|Y-cz2viG0sgvy>W zGENQ5S{^abcGYj*^W=bxjTf+ECV|~-s#_T-eIYAB#rmSXHW?>;k=`z)5gDO4ZTu}1 zxewZ?f4Pi0>#0f zE2LlXCJ!5+XF~eFQUBfeBbfcO5>9p+^pm}r!%2>k@+WAw8GUvyEsJs7fXj6ukfqbT1Nm2BIrWbXAVTQPLI z8oEYVjS_eM39awud_#D=`dL)f%322+ihNZAg`&PC9!P_- zpj>DMR0{c_Wza3q8t4J&3Frmr4d{JHN*1BIa7T$^iO`kxTQ?qw#;JH#wcS-BQ{o=1 z4STT`NmhMSUp0N|q)8WNraN3N1(uX8niQ<4DE7#2uBY1T(^+Di=#i(FclJ6#Gvv&7 zJFKuF$yB#9V2OSeNr#{#T!$40`t@*~8D8COsa)uD z214ovA0EC#FeWQpKP-HCSaJ?eN4&bv=kZx#DqKN-mBqW9WwUjk-{}cuAS{fpqa?LP zw#+r5w4z+=kMh&ZSoXcR%qx%ml_kyCYnZH=J(=u}pfH*G5!*tqDomy!YetsA8Z&fF zLiQkG=Y;7wkTs$ATi5^W!LI8dq59~R85zue#_zUP1fy_*CIwBf~m72 z&kyRpg+;or!sDy9yUQs>kYe~$k6*_=)uEEZq{UUz(GaR;kzTOSAJD6doz;4dp91K@ zsXjK&ZrjUn8Oqb0Wj?!aVXocf@~exw$mrv=yPS*k3#L2$fdc8b9&($fmjx>;bzdl# z)ADDYmp^^9Ii9MsRkdDS?xjA5s*)0(C+XEX)mu_+ce+cQ?i$a0y(HjsN(5@yuQhx+ z72s~yh(RN_#P8M1ofXdV60@$U`&8uqfTJX^(5n+`g{Q=!`vX4D!V(u*Wws`{@au51 zb7#&vuXt)<{-~@BW5malOG@nJzCel7Q&v)e4RGf$Vsm;*7~`uw?vk1cug~cYRB*Sf z@aa0c1FD)@@szW+R{8?Qa}`h(=BTJ@RE0SXs#^ZIjxh?V1*)P_50tCLs=^rhmPtI+ z-wIV>4SH);&~2!wD&_P$oRvg6Mo|`LfCjEsXLj%+Eu`W<Ndna# z2Wi>8&a`TO8eJ`o@M$!t)05^Jl{PBPY^oFdt8}|J-224vKKce`9jKvgII-?|_CpOR_TC4EQpdwc;+%tIR1uWRY)tXRz}q*oR!pRWfDO^Vr}5%Ry> zh+}TXg46{gH2Ix}kAqg$QXO!CDyJVVR)zGDdOh?5Zsj9HMS|-NlP$Nq-8#B*nffTy zdVKQ@?=t!doX?KkXsKtUXI6-&=mk6;&8K_y00pVh$7?~qWVM3cRc0@r-=257tJ1^l zpsG3)PQw1H@;MlwtF+WH4z0@W*BB+>f^G&=kE=!}`$p^gJId!{PUl7%#JtIbk?D?F zGv~{!XpLthLqP^LC4U+uA7N9xQkSzASnOBomy2xbICJqs!{XJ}#e>o6xSk%kEz&*y znr`n6$xS#=6WMG2{1^K^UU+@~sG=#q+x%tBki^!Vr@ZsdijnqR(}p|N#Gmoj^}9#K z*57>gbI;8f>)qdD`pYjh75uLG*8GQlnVIwGhUAg~4SVNqzkT)WVBPGQuZ&5#?CRnB z-0Kt8l=n!wxUzTlz=ikDJFs}s6?c1gS6muse(KaaE_~$UJ8xcj&+pG#Rr<%X8&9jN z`{3X$Gk?1On$He8uAeh^_+P)C{Kb|rr4K#5baB-a*QSl!FgoL_hrZ~u;l6osuKHEg znR`$3e%JJm*$p2|op$+q(+7-s`KRb(J5JFyz5d4u!B>Ya8TakoYkxXA`Pt1seY1XH z+xJJ$`6%~r+h>2?y|pE+Y4MR-@AX-Y)l)K3rbSNp%j_4=dL;Uq(@q+Yd+Li5*nZcx zo&Lt!n|m%;GNaEu>*ELXd3N{7y$-Li-FI|a)Z(U?m{)i2jPLr$>IDr?&A!sPD*5sc zSMCk&|KQg7uEv?3ClB^0i}wKwENF%K6uZxhI^j>c|+;5sdcA5^@rO(ethKc4J+;#n_318jt-MokXl$Tw#c5TJ*Ri|I^#ciJt+|*p8f}buQGUm`ZI;|^S0|I@y&n&X`p z{j$4y$^M&5&wOcyBlGr{Mc38syy}t-EBuEWrq#|)h@A0J(u>o^j=6sFEyJfwT5*NC zWJ1NZIiF@5Ns?W-S3t2Z2f*X#Ou zk2d^ceZm(9w+?vda9niN*H1lr+Pk*(2jAMarrnqj+h_nw*dr?0$ZB36$XJ4Fr zgEysLM)kgv&X{m_#5LNb(Q~5*#vK`OAo2Y5x1M?M*_op!uI+KojZ2!wt!!F7c--#U z+9!vT(~6Jo9ky`DLodEQzG_?Ffx};`S6{qxf6<0_dKS9&?3zFFZ&%iQwSU{Ldp@ao zr}XoUt*3s`@5_(B8u;A(tq<2bzV}~$+K(@+IrvMrUp6oQYxBaDl`oB3(zO4lYu~Qh z`scFS7vJ@4!#TIcZ)jWnSW?5r=!DB3`P=Z!^;KiOTUTANY3ut}1UGk?H|EJr*~cE6 zAHg^QUCnUt5#z?aJU7XJ(jc~g)foKb(eZn@_rmXne+j)3+=s!>kje7)N!)B7DESV< zT=*IIy#QYgodZq9?`H6QXrH75ZG!qhtx!2(_MmeMygajO21ny|BYzWqIQS559lRI+ za!6htk#M8HOTmrcPv{PSIQfz*CI&D+Y`6Et2Yb%r{P(yDR}{^3;arCgTUvZ z)$o@=@8jnKzXxX`cR)*_LC9pQXB{*eejikb+y;G(?#a0C!S52>@^X7J$hM7Ih2J%h z)X5xV-NCDH%d^+JK(<7TXKl6c4SbHklhQG;r=uH{rEiyKMRsHDsX>- zzqH|gWLw~Q)M(U03NrZ{hLUbG^0$%aff0m}^8OV*h-?Tn2KP|tb!3~Njqn4YCHP$p z?S^iHjuO`t{E;68};p_361iuHG0Y4a7DflPC?L_t{ zZu#pE>%mu{=aHWS*&(srdi=cT_kh0+UTpnT=u-Uakk5mpj>5o#bIq0OqAAml=uMPJtU^?#e z;H8g9|5%FqS?CVMtg36$ep&Rj+Fw)P&_N2}BfH}ys;hm7Q)luA6 zA%6h=JJOUh1Ja%zWZQ9{4Zj4EaZ~a+7Ma+sq`L!J4Zo8x+n|B?@4(#`OvmprP~shi zpNv%(LSvEblyK0U$Ym^=4PFXLd%2+T@G}3a1^42XacUVnM-S9gNbJWha`0>9-+<$w zcZs_Ol)hOH-Gq+xPZ{5&kMBj+EOCP$;+F8EAhEv)k;88SC*VI5*@d8dZSFo~M{!?{ zzw|Zf|6d`Kad|u><8dEQL%s%-zPbqhUF2uO7onSi`wVb6^b#cTFTrmjbSmyB{N)oz zuY;-3n~=1P)b}5eOW$dN{s#R4w+=3cWPCXUZ9`At9s*wq$+#zZ_#GtqcnfzwXd5&E zcLO>p@YjOxgJM^gA$NlkugC-NXM%gc#~~R<#xY~hd+*7zKX#XxRF<}0qM`(kncj43EhcI+F#Q75I+h3BJO{nqeIf~XCl8ClD2vf zyb2x7xL6mle6vabWc$7QDPwfkjRH%{}jm7^I;yb(m^ zl{EaC-KT4!OC0hVk#U*f$`%H6|2VDM?)A#*ND{XE{p{+L2RuHBR)my5*I3=v(2TJxN7;EP3|M%rg?C!`sD(48 z(T^uiR2Sr*KP&&d-29UKnKNh5!HaTc<`h~E@h{8|xlH{$K5i4z75@%*Nny^Esku@% zkx!iw(lXt%&dZ-ul%HFipI4I4oLuGeDp=^kHYx~5I7Ft4%D2XDgFP05@v@iV4va9u`>Q-b7rou(H#R&Z zL&gS+WIy16*EKt5=RLlm{$a5m$%Z`;N`#DAMX9#WN6)S46>I@Zc|wH?#Wg-w_PksR zQ6jPO@*sOIx=}}FE%-GG?v_1mbf_MO#8Ks}tkQk4mm_rs7P9G55isgR(~8+*oli{~ zLqY86r=PCnXvX#{ZQ}M2v%Sm{lzph*YNt^d8E0yQiH*%);MILjogHhqGhI*DBxEeDE4wu=r|d*(Y~Xr)3pI~V^H5hl20EXkJ(Ic-f_nGs zKG~X#y)5VtpdyV(N*)FmkKdnGUZu0ABvs8OP|!stNU$ncsauvM?pP}!*`M`~GB=s7qF6_?XtY8xxJ7MTE zw)~8A+Vkjfn>Jl-Ur4ALGAilKCxd1qg^G;*P&B(GPBUu9>NnEY%&@e(Lo3v)#dqu& z5*%7vTboWyrXZbEhoPM#{YBTrx}}DtVWb|M7@uF0U3qQjl%na5Vd=!s9-Ag{_(R#M z4$@PxB4VMRd4iQxDc#KI-#%^9)EO7}jq=jf(=bU1Yqq?UlN*hLeMzT_4R*_TB|j31 zJyYH9J}vN@^=(x)PjWEhh0)q(HVPhDH8-tUX=v1~(WyGlAk&k9%-Q}e7OLx`n zzEH;tw2uvhcCp(_^~`sBYK=HXXikSNJ$;1cH=C*4{55S)UFSrHDfDb?aE9ZjO_T*e7a=~>_6?_ADS+Y_K z;Jt$VnH$50pXZfxy;TF*pAsD~be1>#e6F0+{lg$y_Hz?g!w-cQtcS+JH-kNfkO%ni zGq!T}wkVx76mr4YP(8dCd=k2m@-~9qMv`CTN#Jo7t()OxF`YVw^)h_;8QAbMvvPL! zb*Nv9iQm9yzzc34$D9sc&_98_ANW<-tfg{TSHKHqPhyP%FZg@tPI$q0p$7P7Fm%3E z@Qr-h3%TGeHRSOSae|?xd>y_YykOsZ*h7IA90Fy-3yy}0;j_UD zAvsGbxCrvX3%&|n3omDko?XW}OnC4kNY0K5cDa}Q!V7l454(aFJQ+FwFE|?d9$qjH zia%`PpWz3?hoAG5GobH_9&*9a_p^@zAAX)w&Utg5@NzzE)DzgD$idg30(d#!m9UAp;KR>EhM$*|bCW+p0dxdU;+)ux@PY%OJK#&f zEzpDT;pZgf{N&iD>A%PYk3p}&%Ld@d&;j@iaNrj9u;A;#xm&RZ`0#U(az3(V8)L~= zCN781f?owb3Ca0K!5>~^zY|_C{w3mo7fgbdzzb&Vq))+TgC6KU_$ARkz?oNb;F22z@W{fQkD|c@{Xs;^%;C-=hvGV?FoU5TEfIa=vP&3Q!Kc^VT^WeWptmqS@*KRl;vRd%qW8Z!>tdQ39T)CL2#! zXX{A!#U$-i3T zUpj7&3KCa2p=t^31JjZD$jeAl3dJ$fh%-w?lV&K7dFc8HDS7u2yOVJ46Vhf}pe{PX z%qEPFP#wCXNG}5#YasJ0)fIgyf56anlPgzP$y|gjGjf(`q;(Fx-bNcpE-E2YKa@vt znKcp~E}b227ysmHByJm{hfZioNov$fU7GPpy~%UG6J;7F_i||gO^u>e&f-*B8a16^ zxHNSxbt>set7x=usBRs&&St0HA1290tDHQBYW*BIP30K*V@K8~mE^*YR9Z*E`Z!Og zQ-*Z%Ho|C=B4i#ULE;L8)t2nDhT2ftLfWsh?ujkZ(H@N5#Bamu#V$fM+F_a850zMT zF}_k#KY6y3dPm!Ki);{u|K6*a`!^|UzNhh?f^|jf_N{AOcbqw~ literal 0 HcmV?d00001 diff --git a/phases/injector.py b/phases/injector.py index 40b0e7b..e6a1a51 100644 --- a/phases/injector.py +++ b/phases/injector.py @@ -125,14 +125,14 @@ class Injector(): # Special case: DLL exported function direct overwrite if self.superpe.is_dll() and self.settings.dllfunc != "" and carrier_invoke_style == CarrierInvokeStyle.ChangeEntryPoint: - logger.warning(" Inject DLL: Overwrite exported function {} with shellcode".format(self.settings.dllfunc)) + logger.info(" Inject DLL: Overwrite exported function {} with shellcode".format(self.settings.dllfunc)) rva = self.superpe.getExportEntryPoint(self.settings.dllfunc) # Size and sanity checks function_size = self.superpe.get_size_of_exported_function(self.settings.dllfunc) if carrier_shc_len >= function_size: - logger.warning("Shellcode larger than function: {} > {} exported function {}".format( - carrier_shc_len, function_size, self.settings.dllfunc + logger.warning(" Oups, Shellcode larger than function {}: {} > {}. Continue anyway.".format( + self.settings.dllfunc, carrier_shc_len, function_size )) # Inject diff --git a/supermega.py b/supermega.py index eec10e4..0535899 100644 --- a/supermega.py +++ b/supermega.py @@ -116,11 +116,12 @@ def start(settings: Settings) -> int: prepare_project(settings.project_name, settings) # Do the thing and catch the errors + ret = False if config.catch_exception: - start_real(settings) + ret = start_real(settings) else: try: - start_real(settings) + ret = start_real(settings) except Exception as e: logger.error(f'Error compiling: {e}') observer.write_logs(settings.main_dir) @@ -133,7 +134,7 @@ def start(settings: Settings) -> int: # Write logs (on success) observer.write_logs(settings.main_dir) - return 0 + return ret def sanity_checks(settings): @@ -221,8 +222,11 @@ def start_real(settings: Settings) -> bool: project.payload, project.injectable, settings) - - injector.inject_exe() + + try: + injector.inject_exe() + except Exception as e: + return False #observer.add_code_file("exe_final", extract_code_from_exe_file_ep(settings.inject_exe_out, 300)) # Check binary with avred diff --git a/tester.py b/tester.py index 1c641a6..62933ec 100644 --- a/tester.py +++ b/tester.py @@ -1,122 +1,132 @@ from typing import Dict, List +import sys +import os from helper import * from config import config from model.defs import * - from model.settings import Settings from log import setup_logging from supermega import start -from model.project import prepare_project from utils import check_deps def main(): - logger.info("Super Mega Tester: " + os.path.dirname(VerifyFilename)) + print("Super Mega Tester: " + os.path.dirname(VerifyFilename)) + + #setup_logging(level=logging.INFO) + setup_logging(level=logging.WARNING) + config.load() check_deps() if not os.path.exists(os.path.dirname(VerifyFilename)): print("{} directory does not exist".format(os.path.dirname(VerifyFilename))) return + + match sys.argv[1]: + case "all": + test_common() + test_dll_loader() + test_exe_code() + test_exe_data() + test_dll_code() + test_dll_data() - test_common() - test_dll_loader() - test_exe_code() - test_exe_data() - #test_dll_code() - #test_dll_data() + case "common": + test_common() + case "dll_loader": + test_dll_loader() + case "exe_code": + test_exe_code() + case "exe_data": + test_exe_data() + case "dll_code": + test_dll_code() + case "dll_data": + test_dll_data() + case _: + print("Unknown test: {}".format(sys.argv[1])) + print("Available tests: all, common, dll_loader, exe_code, exe_data, dll_code, dll_data") + return def test_common(): - print("Testing: COMMON") + print("Testing: COMMON A") settings = Settings("unittest") - settings.payload_path = PATH_SHELLCODES + "createfile.bin" + settings.payload_path = FilePath(PATH_SHELLCODES + "createfile.bin") settings.verify = True settings.try_start_final_infected_exe = False settings.payload_location = PayloadLocation.CODE + + settings.cleanup_files_on_exit = False - print("Test COMMON 1/x: plain") + print("Test COMMON 1/6: plain") settings.decoder_style = "plain" settings.carrier_name = "alloc_rw_rwx" # important (not rx) settings.carrier_invoke_style = CarrierInvokeStyle.ChangeEntryPoint - settings.inject_exe_in = PATH_EXES + "procexp64.exe" - settings.inject_exe_out = PATH_EXES + "procexp64.verify.exe" - try: - if start(settings) != 0: - print("Error") - except: - print("Error") + settings.inject_exe_in = FilePath(PATH_EXES + "procexp64.exe") + settings.inject_exe_out = FilePath(PATH_EXES + "procexp64.verify.exe") + if not start(settings): + return - print("Test COMMON 2/x: xor_1") + print("Test COMMON 2/6: xor_1") settings.decoder_style = "xor_1" - try: - if start(settings) != 0: - print("Error") - except: - print("Error") + if not start(settings): + return - print("Test COMMON 3/x: xor_2") + print("Test COMMON 3/6: xor_2") settings.decoder_style = "xor_2" - try: - if start(settings) != 0: - print("Error") - except: - print("Error") + if not start(settings): + return - print("Test COMMON 4/x: +guardrail env") + print("Testing: COMMON B") + + print("Test COMMON 4/6: +guardrail env") settings.plugin_guardrail = "env" - settings.plugin_guardrail_data = "C:\\\\Users\\\\hacker" - try: - if start(settings) != 0: - print("Error") - except: - print("Error") + settings.plugin_guardrail_data_key = "VCIDEInstallDir" + settings.plugin_guardrail_data_value = "Community" + if not start(settings): + return - print("Test COMMON 5/x: +sirallocalot ") + print("Test COMMON 5/6: +sirallocalot ") settings.plugin_antiemulation = "sirallocalot" - try: - if start(settings) != 0: - print("Error") - except: - print("Error") + if not start(settings): + return - print("Test COMMON 6/x: +virtualprotect undersized") + print("Test COMMON 6/6: +virtualprotect undersized") settings.plugin_virtualprotect = "undersized" - try: - if start(settings) != 0: - print("Error") - except: - print("Error") + if not start(settings): + return def test_dll_loader(): print("Testing: DLL Loader") settings = Settings("unittest") - settings.payload_path = PATH_SHELLCODES + "createfile.dll" + settings.payload_path = FilePath(PATH_SHELLCODES + "createfile.dll") settings.verify = True settings.try_start_final_infected_exe = False settings.payload_location = PayloadLocation.CODE # important - settings.inject_exe_in = PATH_EXES + "procexp64.exe" - settings.inject_exe_out = PATH_EXES + "procexp64.verify.exe" + settings.inject_exe_in = FilePath(PATH_EXES + "procexp64.exe") + settings.inject_exe_out = FilePath(PATH_EXES + "procexp64.verify.exe") settings.carrier_invoke_style = CarrierInvokeStyle.ChangeEntryPoint print("Test DLL Loader 1/2: procexp, backdoor main, dll loader alloc") settings.carrier_name = "dll_loader_alloc" - if start(settings) != 0: - print("Error") + if not start(settings): + return print("Test DLL Loader 2/2: procexp, backdoor main, dll loader change") settings.carrier_name = "dll_loader_change" - if start(settings) != 0: - print("Error") + if not start(settings): + return def test_exe_code(): print("Testing: EXEs: Inject payload into .text") settings = Settings("unittest") - settings.payload_path = PATH_SHELLCODES + "createfile.bin" + settings.payload_path = FilePath(PATH_SHELLCODES + "createfile.bin") settings.verify = True settings.try_start_final_infected_exe = False settings.payload_location = PayloadLocation.CODE @@ -125,43 +135,43 @@ def test_exe_code(): print("Test EXE 1/4: 7z, peb-walk, change-entrypoint") settings.carrier_name = "peb_walk" settings.carrier_invoke_style = CarrierInvokeStyle.ChangeEntryPoint - settings.inject_exe_in = PATH_EXES + "7z.exe" - settings.inject_exe_out = PATH_EXES + "7z.verify.exe" - if start(settings) != 0: - print("Error") + settings.inject_exe_in = FilePath(PATH_EXES + "7z.exe") + settings.inject_exe_out = FilePath(PATH_EXES + "7z.verify.exe") + if not start(settings): + return # 7z, peb-walk, hijack print("Test EXE 2/4: 7z, peb-walk, hijack main") settings.carrier_name = "peb_walk" settings.carrier_invoke_style = CarrierInvokeStyle.BackdoorCallInstr - settings.inject_exe_in = PATH_EXES + "7z.exe" - settings.inject_exe_out = PATH_EXES + "7z.verify.exe" - if start(settings) != 0: - print("Error") + settings.inject_exe_in = FilePath(PATH_EXES + "7z.exe") + settings.inject_exe_out = FilePath(PATH_EXES + "7z.verify.exe") + if not start(settings): + return # procexp, iat-reuse, change-entrypoint print("Test EXE 3/4: procexp, iat-reuse, change-entrypoint") settings.carrier_name = "alloc_rw_rwx" settings.carrier_invoke_style = CarrierInvokeStyle.ChangeEntryPoint - settings.inject_exe_in = PATH_EXES + "procexp64.exe" - settings.inject_exe_out = PATH_EXES + "procexp64.verify.exe" - if start(settings) != 0: - print("Error") + settings.inject_exe_in = FilePath(PATH_EXES + "procexp64.exe") + settings.inject_exe_out = FilePath(PATH_EXES + "procexp64.verify.exe") + if not start(settings): + return # procexp, iat-reuse, backdoor print("Test EXE 4/4: procexp, iat-reuse, backdoor") settings.carrier_name = "alloc_rw_rwx" settings.carrier_invoke_style = CarrierInvokeStyle.BackdoorCallInstr - settings.inject_exe_in = PATH_EXES + "procexp64.exe" - settings.inject_exe_out = PATH_EXES + "procexp64.verify.exe" - if start(settings) != 0: - print("Error") + settings.inject_exe_in = FilePath(PATH_EXES + "procexp64.exe") + settings.inject_exe_out = FilePath(PATH_EXES + "procexp64.verify.exe") + if not start(settings): + return def test_exe_data(): print("Testing: EXEs: Inject into .data") settings = Settings("unittest") - settings.payload_path = PATH_SHELLCODES + "createfile.bin" + settings.payload_path = FilePath(PATH_SHELLCODES + "createfile.bin") settings.verify = True settings.try_start_final_infected_exe = False settings.payload_location = PayloadLocation.DATA @@ -170,149 +180,124 @@ def test_exe_data(): print("Test EXE 1/4: 7z, peb-walk, change-entrypoint") settings.carrier_name = "peb_walk" settings.carrier_invoke_style = CarrierInvokeStyle.ChangeEntryPoint - settings.inject_exe_in = PATH_EXES + "7z.exe" - settings.inject_exe_out = PATH_EXES + "7z.verify.exe" - if start(settings) != 0: - print("Error") + settings.inject_exe_in = FilePath(PATH_EXES + "7z.exe") + settings.inject_exe_out = FilePath(PATH_EXES + "7z.verify.exe") + if not start(settings): + return # 7z, peb-walk, hijack print("Test EXE 2/4: 7z, peb-walk, hijack main") settings.carrier_name = "peb_walk" settings.carrier_invoke_style = CarrierInvokeStyle.BackdoorCallInstr - settings.inject_exe_in = PATH_EXES + "7z.exe" - settings.inject_exe_out = PATH_EXES + "7z.verify.exe" - if start(settings) != 0: - print("Error") + settings.inject_exe_in = FilePath(PATH_EXES + "7z.exe") + settings.inject_exe_out = FilePath(PATH_EXES + "7z.verify.exe") + if not start(settings): + return # procexp, iat-reuse, change-entrypoint print("Test EXE 3/4: procexp, iat-reuse, change-entrypoint") settings.carrier_name = "alloc_rw_rwx" settings.carrier_invoke_style = CarrierInvokeStyle.ChangeEntryPoint - settings.inject_exe_in = PATH_EXES + "procexp64.exe" - settings.inject_exe_out = PATH_EXES + "procexp64.verify.exe" - if start(settings) != 0: - print("Error") - + settings.inject_exe_in = FilePath(PATH_EXES + "procexp64.exe") + settings.inject_exe_out = FilePath(PATH_EXES + "procexp64.verify.exe") + if not start(settings): + return + # procexp, iat-reuse, backdoor print("Test EXE 4/4: procexp, iat-reuse, backdoor") settings.carrier_name = "alloc_rw_rwx" settings.carrier_invoke_style = CarrierInvokeStyle.BackdoorCallInstr - settings.inject_exe_in = PATH_EXES + "procexp64.exe" - settings.inject_exe_out = PATH_EXES + "procexp64.verify.exe" - if start(settings) != 0: - print("Error") + settings.inject_exe_in = FilePath(PATH_EXES + "procexp64.exe") + settings.inject_exe_out = FilePath(PATH_EXES + "procexp64.verify.exe") + if not start(settings): + return def test_dll_code(): print("Testing: DLLs code") settings = Settings("unittest") - settings.payload_path = PATH_SHELLCODES + "createfile.bin" + settings.payload_path = FilePath(PATH_SHELLCODES + "createfile.bin") settings.verify = True settings.try_start_final_infected_exe = False settings.payload_location = PayloadLocation.CODE - print("Test DLL 1/6: libbz2-1.dll, peb-walk, change-entrypoint dllMain (func=None)") + print("Test DLL 1/4: libbz2.dll, peb-walk, change-entrypoint dllMain (func=None)") settings.carrier_name = "peb_walk" settings.carrier_invoke_style = CarrierInvokeStyle.ChangeEntryPoint - settings.inject_exe_in = PATH_EXES + "libbz2-1.dll" - settings.inject_exe_out = PATH_EXES + "libbz2-1.verify.dll" - if start(settings) != 0: - print("Error") + settings.inject_exe_in = FilePath(PATH_DLLS + "libbz2.dll") + settings.inject_exe_out = FilePath(PATH_DLLS + "libbz2.verify.dll") + if not start(settings): + return - print("Test DLL 2/6: libbz2-1.dll, peb-walk, hijack dllMain (func=None)") + print("Test DLL 2/4: libbz2.dll, peb-walk, hijack dllMain (func=None)") settings.carrier_name = "peb_walk" settings.carrier_invoke_style = CarrierInvokeStyle.BackdoorCallInstr - settings.inject_exe_in = PATH_EXES + "libbz2-1.dll" - settings.inject_exe_out = PATH_EXES + "libbz2-1.verify.dll" - if start(settings) != 0: - print("Error") + settings.inject_exe_in = FilePath(PATH_DLLS + "libbz2.dll") + settings.inject_exe_out = FilePath(PATH_DLLS + "libbz2.verify.dll") + if not start(settings): + return - print("Test DLL 3/6: libbz2-1.dll, peb-walk, change-entrypoint, func=BZ2_bzDecompress") + print("Test DLL 3/4: libbz2.dll, peb-walk, change-entrypoint, func=BZ2_bzDecompress") settings.dllfunc = "BZ2_bzDecompress" settings.carrier_name = "peb_walk" settings.carrier_invoke_style = CarrierInvokeStyle.ChangeEntryPoint - settings.inject_exe_in = PATH_EXES + "libbz2-1.dll" - settings.inject_exe_out = PATH_EXES + "libbz2-1.verify.dll" - if start(settings) != 0: - print("Error") + settings.inject_exe_in = FilePath(PATH_DLLS + "libbz2.dll") + settings.inject_exe_out = FilePath(PATH_DLLS + "libbz2.verify.dll") + if not start(settings): + return - print("Test DLL 4/6: libbz2-1.dll, peb-walk, hijack main, func=BZ2_bzdopen") + print("Test DLL 4/4: libbz2.dll, peb-walk, hijack main, func=BZ2_bzdopen") settings.dllfunc = "BZ2_bzdopen" settings.carrier_name = "peb_walk" settings.carrier_invoke_style = CarrierInvokeStyle.BackdoorCallInstr - settings.inject_exe_in = PATH_EXES + "libbz2-1.dll" - settings.inject_exe_out = PATH_EXES + "libbz2-1.verify.dll" - if start(settings) != 0: - print("Error") + settings.inject_exe_in = FilePath(PATH_DLLS + "libbz2.dll") + settings.inject_exe_out = FilePath(PATH_DLLS + "libbz2.verify.dll") + if not start(settings): + return def test_dll_data(): print("Testing: DLLs data") settings = Settings("unittest") - settings.payload_path = PATH_SHELLCODES + "createfile.bin" + settings.payload_path = FilePath(PATH_SHELLCODES + "createfile.bin") settings.verify = True settings.try_start_final_infected_exe = False settings.payload_location = PayloadLocation.DATA - print("Test DLL 1/6: libbz2-1.dll, peb-walk, change-entrypoint dllMain (func=None)") + print("Test DLL 1/4: libbz2.dll, peb-walk, change-entrypoint dllMain (func=None)") settings.carrier_name = "peb_walk" settings.carrier_invoke_style = CarrierInvokeStyle.ChangeEntryPoint - settings.inject_exe_in = PATH_EXES + "libbz2-1.dll" - settings.inject_exe_out = PATH_EXES + "libbz2-1.verify.dll" - if start(settings) != 0: - print("Error") + settings.inject_exe_in = FilePath(PATH_DLLS + "libbz2.dll") + settings.inject_exe_out = FilePath(PATH_DLLS + "libbz2.verify.dll") + if not start(settings): + return - print("Test DLL 2/6: libbz2-1.dll, peb-walk, hijack dllMain (func=None)") + print("Test DLL 2/4: libbz2.dll, peb-walk, hijack dllMain (func=None)") settings.carrier_name = "peb_walk" settings.carrier_invoke_style = CarrierInvokeStyle.BackdoorCallInstr - settings.inject_exe_in = PATH_EXES + "libbz2-1.dll" - settings.inject_exe_out = PATH_EXES + "libbz2-1.verify.dll" - if start(settings) != 0: - print("Error") + settings.inject_exe_in = FilePath(PATH_DLLS + "libbz2.dll") + settings.inject_exe_out = FilePath(PATH_DLLS + "libbz2.verify.dll") + if not start(settings): + return - print("Test DLL 3/6: libbz2-1.dll, peb-walk, change-entrypoint, func=BZ2_bzDecompress") + print("Test DLL 3/4: libbz2.dll, peb-walk, change-entrypoint, func=BZ2_bzDecompress") settings.dllfunc = "BZ2_bzDecompress" settings.carrier_name = "peb_walk" settings.carrier_invoke_style = CarrierInvokeStyle.ChangeEntryPoint - settings.inject_exe_in = PATH_EXES + "libbz2-1.dll" - settings.inject_exe_out = PATH_EXES + "libbz2-1.verify.dll" - if start(settings) != 0: - print("Error") + settings.inject_exe_in = FilePath(PATH_DLLS + "libbz2.dll") + settings.inject_exe_out = FilePath(PATH_DLLS + "libbz2.verify.dll") + if not start(settings): + return - print("Test DLL 4/6: libbz2-1.dll, peb-walk, hijack main, func=BZ2_bzdopen") + print("Test DLL 4/4: libbz2.dll, peb-walk, hijack main, func=BZ2_bzdopen") settings.dllfunc = "BZ2_bzdopen" settings.carrier_name = "peb_walk" settings.carrier_invoke_style = CarrierInvokeStyle.BackdoorCallInstr - settings.inject_exe_in = PATH_EXES + "libbz2-1.dll" - settings.inject_exe_out = PATH_EXES + "libbz2-1.verify.dll" - if start(settings) != 0: - print("Error") + settings.inject_exe_in = FilePath(PATH_DLLS + "libbz2.dll") + settings.inject_exe_out = FilePath(PATH_DLLS + "libbz2.verify.dll") + if not start(settings): + return + - -def dll_iat_reuse(): - # procexp, iat-reuse, change-entrypoint - print("Test: libbz2-1.dll, iat-reuse, change-entrypoint") - settings.carrier_name = "iat_reuse" - settings.carrier_invoke_style = CarrierInvokeStyle.ChangeEntryPoint - settings.inject_exe_in = PATH_EXES + "libbz2-1.dll" - settings.inject_exe_out = PATH_EXES + "libbz2-1.verify.dll" - if start(settings) != 0: - print("Error") - return 1 - - # procexp, iat-reuse, backdoor - print("Test: libbz2-1.dll, iat-reuse, backdoor") - settings.carrier_name = "iat_reuse" - settings.carrier_invoke_style = CarrierInvokeStyle.BackdoorCallInstr - settings.inject_exe_in = PATH_EXES + "libbz2-1.dll" - settings.inject_exe_out = PATH_EXES + "libbz2-1.verify.dll" - if start(settings) != 0: - print("Error") - return 1 - # DLL - - if __name__ == "__main__": - #setup_logging(level=logging.INFO) - setup_logging(level=logging.WARNING) main()