separate shared modules

2024-01-05 18:32:18 +02:00 · 2024-01-05 18:32:18 +02:00 · 471271128f
commit 471271128f
parent ee520720e4
6 changed files with 109 additions and 58 deletions
--- a/generator/generator.cpp
+++ b/generator/generator.cpp
@ -4,9 +4,9 @@
 #include <fstream>
 #include <vector>
 #include <cstdint>
-#include <iterator>

 #include "generator.hpp"
+#include "../shared/crypto.hpp"

 int main(int argc, char **argv)
 {
@ -263,6 +263,11 @@ int main(int argc, char **argv)
        return 1;
    }

+    auto srcUuid = GenerateUuid();
+    std::cout << "[+] AES key derivation UUID: " << srcUuid << std::endl;
+
+    std::cout << "[+]  " << std::endl;
+
    return 0;
 }

@ -309,29 +314,6 @@ BOOL WriteFileContents(std::string filePath, LPBYTE fileContents, DWORD fileSize
    return TRUE;
 }

-DWORD CalculateHash(const std::string &source)
-{
-    auto dwHash = HASH_KEY;
-
-    for (char ch : source)
-    {
-        if (ch == '\0')
-        {
-            continue;
-        }
-
-        if (ch >= 'a' && ch <= 'z')
-        {
-            ch -= 0x20;
-        }
-
-        // Casting might be unnecessary
-        dwHash = ((dwHash << 5) + dwHash) + static_cast<DWORD>(ch);
-    }
-
-    return dwHash;
-}
-
 void PrintHelp(char **argv)
 {
    std::cout << "Usage: " << argv[0] << " [ARGUMENTS] [OPTIONS]" << std::endl;
--- a/generator/generator.hpp
+++ b/generator/generator.hpp
@ -1,14 +1,12 @@
 #pragma once

 #include <windows.h>
-#include <winternl.h>
 #include <string>

-#define HASH_KEY 5381
 #define BOOTSTRAP_LEN 79

 // Utils
-void PrintHelp(char **argv);
 BOOL GetFileContents(std::string filePath, LPBYTE *fileContents, DWORD *fileSize);
 BOOL WriteFileContents(std::string filePath, LPBYTE fileContents, DWORD fileSize);
-DWORD CalculateHash(const std::string &source);
+
+void PrintHelp(char **argv);
--- a/reflective_loader/loader.cpp
+++ b/reflective_loader/loader.cpp
@ -6,6 +6,7 @@
 #include <random>

 #include "loader.hpp"
+#include "../shared/crypto.hpp"

 void Load(PBYTE pImage, DWORD dwFunctionHash, PVOID pvUserData, DWORD dwUserDataLen, DWORD dwFlags)
 {
@ -450,31 +451,3 @@ PIMAGE_NT_HEADERS64 GetNtHeaders(PBYTE pbImage)

    return pNtHeaders;
 }
-
-DWORD CalculateHash(const UNICODE_STRING &baseDllName)
-{
-    auto pwszBaseDllName = baseDllName.Buffer;
-    auto dwHash = HASH_KEY;
-
-    char ch;
-
-    for (auto i = 0; i < baseDllName.MaximumLength; i++)
-    {
-        ch = pwszBaseDllName[i];
-
-        if (ch == '\0')
-        {
-            continue;
-        }
-
-        if (ch >= 'a' && ch <= 'z')
-        {
-            ch -= 0x20;
-        }
-
-        // Casting might be unnecessary
-        dwHash = ((dwHash << 5) + dwHash) + static_cast<DWORD>(ch);
-    }
-
-    return dwHash;
-}
--- a/reflective_loader/loader.hpp
+++ b/reflective_loader/loader.hpp
@ -6,7 +6,6 @@

 constexpr auto MAX_IMPORT_DELAY_MS = 6 * 1000;
 constexpr auto OBFUSCATE_IMPORTS = 1;
-constexpr auto HASH_KEY = 5381;

 constexpr DWORD KERNEL32_DLL_HASH = 0x6DDB9555;
 constexpr DWORD LOAD_LIBRARY_W_HASH = 0xB7072FF1;
@ -67,7 +66,6 @@ using PIMAGE_RELOC = _IMAGE_RELOC *;
 PBYTE GetModuleAddressFromHash(DWORD dwHash);
 HMODULE GetExportAddrFromHash(PBYTE pbModule, DWORD dwHash, std::mt19937 &eng);
 PIMAGE_NT_HEADERS64 GetNtHeaders(PBYTE pbImage);
-DWORD CalculateHash(const UNICODE_STRING &baseDllName);

 // Loader functions
 void CopyHeadersAndSections(ULONG_PTR pNewImageBase, PBYTE pbImage, PIMAGE_NT_HEADERS64 pNtHeaders);
--- a/shared/crypto.cpp
+++ b/shared/crypto.cpp
@ -0,0 +1,90 @@
+#include <winternl.h>
+#include <random>
+#include <sstream>
+
+#include "crypto.hpp"
+
+std::string GenerateUuid()
+{
+    // Source: https://stackoverflow.com/a/60198074/15310712
+
+    std::stringstream ss;
+    std::random_device rd;
+    std::mt19937 gen(rd());
+    std::uniform_int_distribution<> dis(0, 15);
+    std::uniform_int_distribution<> dis2(8, 11);
+
+    ss << std::hex;
+
+    auto generateHex = [&](int count)
+    {
+        for (int i = 0; i < count; ++i)
+        {
+            ss << dis(gen);
+        }
+    };
+
+    generateHex(8);
+    ss << "-";
+    generateHex(4);
+    ss << "-4";
+    generateHex(3);
+    ss << "-";
+    ss << dis2(gen);
+    generateHex(3);
+    ss << "-";
+    generateHex(12);
+
+    return ss.str();
+}
+
+DWORD CalculateHash(const std::string &source)
+{
+    auto dwHash = HASH_KEY;
+
+    for (char ch : source)
+    {
+        if (ch == '\0')
+        {
+            continue;
+        }
+
+        if (ch >= 'a' && ch <= 'z')
+        {
+            ch -= 0x20;
+        }
+
+        // Casting might be unnecessary
+        dwHash = ((dwHash << 5) + dwHash) + static_cast<DWORD>(ch);
+    }
+
+    return dwHash;
+}
+
+DWORD CalculateHash(const UNICODE_STRING &baseDllName)
+{
+    auto pwszBaseDllName = baseDllName.Buffer;
+    auto dwHash = HASH_KEY;
+
+    char ch;
+
+    for (auto i = 0; i < baseDllName.MaximumLength; i++)
+    {
+        ch = pwszBaseDllName[i];
+
+        if (ch == '\0')
+        {
+            continue;
+        }
+
+        if (ch >= 'a' && ch <= 'z')
+        {
+            ch -= 0x20;
+        }
+
+        // Casting might be unnecessary
+        dwHash = ((dwHash << 5) + dwHash) + static_cast<DWORD>(ch);
+    }
+
+    return dwHash;
+}
--- a/shared/crypto.hpp
+++ b/shared/crypto.hpp
@ -0,0 +1,10 @@
+#pragma once
+
+#include <windows.h>
+#include <string>
+
+constexpr auto HASH_KEY = 5381;
+
+std::string GenerateUuid();
+DWORD CalculateHash(const std::string &source);
+DWORD CalculateHash(const UNICODE_STRING &baseDllName);