separate shared modules
This commit is contained in:
parent
ee520720e4
commit
471271128f
@ -4,9 +4,9 @@
|
||||
#include <fstream>
|
||||
#include <vector>
|
||||
#include <cstdint>
|
||||
#include <iterator>
|
||||
|
||||
#include "generator.hpp"
|
||||
#include "../shared/crypto.hpp"
|
||||
|
||||
int main(int argc, char **argv)
|
||||
{
|
||||
@ -263,6 +263,11 @@ int main(int argc, char **argv)
|
||||
return 1;
|
||||
}
|
||||
|
||||
auto srcUuid = GenerateUuid();
|
||||
std::cout << "[+] AES key derivation UUID: " << srcUuid << std::endl;
|
||||
|
||||
std::cout << "[+] " << std::endl;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -309,29 +314,6 @@ BOOL WriteFileContents(std::string filePath, LPBYTE fileContents, DWORD fileSize
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
DWORD CalculateHash(const std::string &source)
|
||||
{
|
||||
auto dwHash = HASH_KEY;
|
||||
|
||||
for (char ch : source)
|
||||
{
|
||||
if (ch == '\0')
|
||||
{
|
||||
continue;
|
||||
}
|
||||
|
||||
if (ch >= 'a' && ch <= 'z')
|
||||
{
|
||||
ch -= 0x20;
|
||||
}
|
||||
|
||||
// Casting might be unnecessary
|
||||
dwHash = ((dwHash << 5) + dwHash) + static_cast<DWORD>(ch);
|
||||
}
|
||||
|
||||
return dwHash;
|
||||
}
|
||||
|
||||
void PrintHelp(char **argv)
|
||||
{
|
||||
std::cout << "Usage: " << argv[0] << " [ARGUMENTS] [OPTIONS]" << std::endl;
|
||||
|
@ -1,14 +1,12 @@
|
||||
#pragma once
|
||||
|
||||
#include <windows.h>
|
||||
#include <winternl.h>
|
||||
#include <string>
|
||||
|
||||
#define HASH_KEY 5381
|
||||
#define BOOTSTRAP_LEN 79
|
||||
|
||||
// Utils
|
||||
void PrintHelp(char **argv);
|
||||
BOOL GetFileContents(std::string filePath, LPBYTE *fileContents, DWORD *fileSize);
|
||||
BOOL WriteFileContents(std::string filePath, LPBYTE fileContents, DWORD fileSize);
|
||||
DWORD CalculateHash(const std::string &source);
|
||||
|
||||
void PrintHelp(char **argv);
|
@ -6,6 +6,7 @@
|
||||
#include <random>
|
||||
|
||||
#include "loader.hpp"
|
||||
#include "../shared/crypto.hpp"
|
||||
|
||||
void Load(PBYTE pImage, DWORD dwFunctionHash, PVOID pvUserData, DWORD dwUserDataLen, DWORD dwFlags)
|
||||
{
|
||||
@ -450,31 +451,3 @@ PIMAGE_NT_HEADERS64 GetNtHeaders(PBYTE pbImage)
|
||||
|
||||
return pNtHeaders;
|
||||
}
|
||||
|
||||
DWORD CalculateHash(const UNICODE_STRING &baseDllName)
|
||||
{
|
||||
auto pwszBaseDllName = baseDllName.Buffer;
|
||||
auto dwHash = HASH_KEY;
|
||||
|
||||
char ch;
|
||||
|
||||
for (auto i = 0; i < baseDllName.MaximumLength; i++)
|
||||
{
|
||||
ch = pwszBaseDllName[i];
|
||||
|
||||
if (ch == '\0')
|
||||
{
|
||||
continue;
|
||||
}
|
||||
|
||||
if (ch >= 'a' && ch <= 'z')
|
||||
{
|
||||
ch -= 0x20;
|
||||
}
|
||||
|
||||
// Casting might be unnecessary
|
||||
dwHash = ((dwHash << 5) + dwHash) + static_cast<DWORD>(ch);
|
||||
}
|
||||
|
||||
return dwHash;
|
||||
}
|
||||
|
@ -6,7 +6,6 @@
|
||||
|
||||
constexpr auto MAX_IMPORT_DELAY_MS = 6 * 1000;
|
||||
constexpr auto OBFUSCATE_IMPORTS = 1;
|
||||
constexpr auto HASH_KEY = 5381;
|
||||
|
||||
constexpr DWORD KERNEL32_DLL_HASH = 0x6DDB9555;
|
||||
constexpr DWORD LOAD_LIBRARY_W_HASH = 0xB7072FF1;
|
||||
@ -67,7 +66,6 @@ using PIMAGE_RELOC = _IMAGE_RELOC *;
|
||||
PBYTE GetModuleAddressFromHash(DWORD dwHash);
|
||||
HMODULE GetExportAddrFromHash(PBYTE pbModule, DWORD dwHash, std::mt19937 &eng);
|
||||
PIMAGE_NT_HEADERS64 GetNtHeaders(PBYTE pbImage);
|
||||
DWORD CalculateHash(const UNICODE_STRING &baseDllName);
|
||||
|
||||
// Loader functions
|
||||
void CopyHeadersAndSections(ULONG_PTR pNewImageBase, PBYTE pbImage, PIMAGE_NT_HEADERS64 pNtHeaders);
|
||||
|
90
shared/crypto.cpp
Normal file
90
shared/crypto.cpp
Normal file
@ -0,0 +1,90 @@
|
||||
#include <winternl.h>
|
||||
#include <random>
|
||||
#include <sstream>
|
||||
|
||||
#include "crypto.hpp"
|
||||
|
||||
std::string GenerateUuid()
|
||||
{
|
||||
// Source: https://stackoverflow.com/a/60198074/15310712
|
||||
|
||||
std::stringstream ss;
|
||||
std::random_device rd;
|
||||
std::mt19937 gen(rd());
|
||||
std::uniform_int_distribution<> dis(0, 15);
|
||||
std::uniform_int_distribution<> dis2(8, 11);
|
||||
|
||||
ss << std::hex;
|
||||
|
||||
auto generateHex = [&](int count)
|
||||
{
|
||||
for (int i = 0; i < count; ++i)
|
||||
{
|
||||
ss << dis(gen);
|
||||
}
|
||||
};
|
||||
|
||||
generateHex(8);
|
||||
ss << "-";
|
||||
generateHex(4);
|
||||
ss << "-4";
|
||||
generateHex(3);
|
||||
ss << "-";
|
||||
ss << dis2(gen);
|
||||
generateHex(3);
|
||||
ss << "-";
|
||||
generateHex(12);
|
||||
|
||||
return ss.str();
|
||||
}
|
||||
|
||||
DWORD CalculateHash(const std::string &source)
|
||||
{
|
||||
auto dwHash = HASH_KEY;
|
||||
|
||||
for (char ch : source)
|
||||
{
|
||||
if (ch == '\0')
|
||||
{
|
||||
continue;
|
||||
}
|
||||
|
||||
if (ch >= 'a' && ch <= 'z')
|
||||
{
|
||||
ch -= 0x20;
|
||||
}
|
||||
|
||||
// Casting might be unnecessary
|
||||
dwHash = ((dwHash << 5) + dwHash) + static_cast<DWORD>(ch);
|
||||
}
|
||||
|
||||
return dwHash;
|
||||
}
|
||||
|
||||
DWORD CalculateHash(const UNICODE_STRING &baseDllName)
|
||||
{
|
||||
auto pwszBaseDllName = baseDllName.Buffer;
|
||||
auto dwHash = HASH_KEY;
|
||||
|
||||
char ch;
|
||||
|
||||
for (auto i = 0; i < baseDllName.MaximumLength; i++)
|
||||
{
|
||||
ch = pwszBaseDllName[i];
|
||||
|
||||
if (ch == '\0')
|
||||
{
|
||||
continue;
|
||||
}
|
||||
|
||||
if (ch >= 'a' && ch <= 'z')
|
||||
{
|
||||
ch -= 0x20;
|
||||
}
|
||||
|
||||
// Casting might be unnecessary
|
||||
dwHash = ((dwHash << 5) + dwHash) + static_cast<DWORD>(ch);
|
||||
}
|
||||
|
||||
return dwHash;
|
||||
}
|
10
shared/crypto.hpp
Normal file
10
shared/crypto.hpp
Normal file
@ -0,0 +1,10 @@
|
||||
#pragma once
|
||||
|
||||
#include <windows.h>
|
||||
#include <string>
|
||||
|
||||
constexpr auto HASH_KEY = 5381;
|
||||
|
||||
std::string GenerateUuid();
|
||||
DWORD CalculateHash(const std::string &source);
|
||||
DWORD CalculateHash(const UNICODE_STRING &baseDllName);
|
Loading…
x
Reference in New Issue
Block a user