separate shared modules

generator/generator.cpp

@@ -4,9 +4,9 @@
 #include <fstream>
 #include <vector>
 #include <cstdint>
-#include <iterator>
 
 #include "generator.hpp"
+#include "../shared/crypto.hpp"
 
 int main(int argc, char **argv)
 {
@@ -263,6 +263,11 @@ int main(int argc, char **argv)
         return 1;
     }
 
+    auto srcUuid = GenerateUuid();
+    std::cout << "[+] AES key derivation UUID: " << srcUuid << std::endl;
+
+    std::cout << "[+]  " << std::endl;
+
     return 0;
 }
 
@@ -309,29 +314,6 @@ BOOL WriteFileContents(std::string filePath, LPBYTE fileContents, DWORD fileSize
     return TRUE;
 }
 
-DWORD CalculateHash(const std::string &source)
-{
-    auto dwHash = HASH_KEY;
-
-    for (char ch : source)
-    {
-        if (ch == '\0')
-        {
-            continue;
-        }
-
-        if (ch >= 'a' && ch <= 'z')
-        {
-            ch -= 0x20;
-        }
-
-        // Casting might be unnecessary
-        dwHash = ((dwHash << 5) + dwHash) + static_cast<DWORD>(ch);
-    }
-
-    return dwHash;
-}
-
 void PrintHelp(char **argv)
 {
     std::cout << "Usage: " << argv[0] << " [ARGUMENTS] [OPTIONS]" << std::endl;

generator/generator.hpp

@@ -1,14 +1,12 @@
 #pragma once
 
 #include <windows.h>
-#include <winternl.h>
 #include <string>
 
-#define HASH_KEY 5381
 #define BOOTSTRAP_LEN 79
 
 // Utils
-void PrintHelp(char **argv);
 BOOL GetFileContents(std::string filePath, LPBYTE *fileContents, DWORD *fileSize);
 BOOL WriteFileContents(std::string filePath, LPBYTE fileContents, DWORD fileSize);
-DWORD CalculateHash(const std::string &source);
+
+void PrintHelp(char **argv);

reflective_loader/loader.cpp

@@ -6,6 +6,7 @@
 #include <random>
 
 #include "loader.hpp"
+#include "../shared/crypto.hpp"
 
 void Load(PBYTE pImage, DWORD dwFunctionHash, PVOID pvUserData, DWORD dwUserDataLen, DWORD dwFlags)
 {
@@ -450,31 +451,3 @@ PIMAGE_NT_HEADERS64 GetNtHeaders(PBYTE pbImage)
 
     return pNtHeaders;
 }
-
-DWORD CalculateHash(const UNICODE_STRING &baseDllName)
-{
-    auto pwszBaseDllName = baseDllName.Buffer;
-    auto dwHash = HASH_KEY;
-
-    char ch;
-
-    for (auto i = 0; i < baseDllName.MaximumLength; i++)
-    {
-        ch = pwszBaseDllName[i];
-
-        if (ch == '\0')
-        {
-            continue;
-        }
-
-        if (ch >= 'a' && ch <= 'z')
-        {
-            ch -= 0x20;
-        }
-
-        // Casting might be unnecessary
-        dwHash = ((dwHash << 5) + dwHash) + static_cast<DWORD>(ch);
-    }
-
-    return dwHash;
-}

reflective_loader/loader.hpp

@@ -6,7 +6,6 @@
 
 constexpr auto MAX_IMPORT_DELAY_MS = 6 * 1000;
 constexpr auto OBFUSCATE_IMPORTS = 1;
-constexpr auto HASH_KEY = 5381;
 
 constexpr DWORD KERNEL32_DLL_HASH = 0x6DDB9555;
 constexpr DWORD LOAD_LIBRARY_W_HASH = 0xB7072FF1;
@@ -67,7 +66,6 @@ using PIMAGE_RELOC = _IMAGE_RELOC *;
 PBYTE GetModuleAddressFromHash(DWORD dwHash);
 HMODULE GetExportAddrFromHash(PBYTE pbModule, DWORD dwHash, std::mt19937 &eng);
 PIMAGE_NT_HEADERS64 GetNtHeaders(PBYTE pbImage);
-DWORD CalculateHash(const UNICODE_STRING &baseDllName);
 
 // Loader functions
 void CopyHeadersAndSections(ULONG_PTR pNewImageBase, PBYTE pbImage, PIMAGE_NT_HEADERS64 pNtHeaders);

shared/crypto.cpp

@@ -0,0 +1,90 @@
+#include <winternl.h>
+#include <random>
+#include <sstream>
+
+#include "crypto.hpp"
+
+std::string GenerateUuid()
+{
+    // Source: https://stackoverflow.com/a/60198074/15310712
+
+    std::stringstream ss;
+    std::random_device rd;
+    std::mt19937 gen(rd());
+    std::uniform_int_distribution<> dis(0, 15);
+    std::uniform_int_distribution<> dis2(8, 11);
+
+    ss << std::hex;
+
+    auto generateHex = [&](int count)
+    {
+        for (int i = 0; i < count; ++i)
+        {
+            ss << dis(gen);
+        }
+    };
+
+    generateHex(8);
+    ss << "-";
+    generateHex(4);
+    ss << "-4";
+    generateHex(3);
+    ss << "-";
+    ss << dis2(gen);
+    generateHex(3);
+    ss << "-";
+    generateHex(12);
+
+    return ss.str();
+}
+
+DWORD CalculateHash(const std::string &source)
+{
+    auto dwHash = HASH_KEY;
+
+    for (char ch : source)
+    {
+        if (ch == '\0')
+        {
+            continue;
+        }
+
+        if (ch >= 'a' && ch <= 'z')
+        {
+            ch -= 0x20;
+        }
+
+        // Casting might be unnecessary
+        dwHash = ((dwHash << 5) + dwHash) + static_cast<DWORD>(ch);
+    }
+
+    return dwHash;
+}
+
+DWORD CalculateHash(const UNICODE_STRING &baseDllName)
+{
+    auto pwszBaseDllName = baseDllName.Buffer;
+    auto dwHash = HASH_KEY;
+
+    char ch;
+
+    for (auto i = 0; i < baseDllName.MaximumLength; i++)
+    {
+        ch = pwszBaseDllName[i];
+
+        if (ch == '\0')
+        {
+            continue;
+        }
+
+        if (ch >= 'a' && ch <= 'z')
+        {
+            ch -= 0x20;
+        }
+
+        // Casting might be unnecessary
+        dwHash = ((dwHash << 5) + dwHash) + static_cast<DWORD>(ch);
+    }
+
+    return dwHash;
+}

shared/crypto.hpp

@@ -0,0 +1,10 @@
+#pragma once
+
+#include <windows.h>
+#include <string>
+
+constexpr auto HASH_KEY = 5381;
+
+std::string GenerateUuid();
+DWORD CalculateHash(const std::string &source);
+DWORD CalculateHash(const UNICODE_STRING &baseDllName);