build size optimizations, streamlining

2024-01-04 20:00:24 +02:00 · 2024-01-04 20:00:24 +02:00 · 74d933b8a2
commit 74d933b8a2
parent 7d0d6134d1
7 changed files with 66 additions and 27 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -10,11 +10,28 @@ if(NOT CMAKE_SYSTEM_NAME MATCHES Windows)
    message(FATAL_ERROR "Use a cross compilation suitable toolchain with CMAKE_SYSTEM_NAME set to Windows")
 endif()

-if(NOT MSVC)
-    add_compile_options("-Wall" "-Wextra")
+# Build as Release by default
+if(NOT CMAKE_BUILD_TYPE)
+    set(CMAKE_BUILD_TYPE Release)
+endif()
+
+include(CheckIPOSupported)
+check_ipo_supported(RESULT lto_supported OUTPUT error)
+
+# Enable LTO if supported
+if(lto_supported)
+    set(CMAKE_INTERPROCEDURAL_OPTIMIZATION TRUE)
 else()
-    # Level 4 warnings
-    add_compile_options("/W4" "/WX")
+    message(WARNING "LTO is not supported: ${error}")
+endif()
+
+if(NOT MSVC)
+    add_compile_options("-Wall" "-Wextra" "-Os")
+    set(CMAKE_EXE_LINKED_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -s")
+else()
+    add_compile_options("/W4" "/WX" "/O1" "/GL")
+    set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} /INCREMENTAL:NO /OPT:REF /OPT:ICF /PDBSTRIPPED")
+    set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} /INCREMENTAL:NO /OPT:REF /OPT:ICF /PDBSTRIPPED")
 endif()

 # *) Reflective loader (DLL)
@ -28,3 +45,9 @@ add_executable(generator generator/generator.cpp generator/generator.hpp)

 # *) Injector (EXE)
 add_executable(injector injector/injector.cpp)
+
+if(NOT MSVC)
+    foreach(target loader payload generator injector)
+        add_custom_command(TARGET ${target} POST_BUILD COMMAND ${CMAKE_STRIP} $<TARGET_FILE:${target}>) # Strip binaries
+    endforeach()
+endif()
--- a/README.md
+++ b/README.md
@ -1,14 +1,25 @@
 # Shellcode reflective DLL injection in C++

-Placeholder.
+```shell
+.
+├── build.sh            # Build script (cmake & make)
+├── generator           # Shellcode generator (ties together bootstrap, loader, payload, and user data)
+├── injector            # PoC injector
+├── payload             # PoC payload (DllMain & PrintMessage(lpUserData))
+├── reflective_loader   # sRDI implementation
+└── toolchains          # Cross-compilation toolchains (linux & darwin)
+```

 ### Features

- <n> kB loader
- <m> kB injector
+Placeholder.

 Check out [Alcatraz](https://github.com/weak1337/Alcatraz/) for additional obfuscation for the shellcode/injector.

+### Usage
+
+Compile the libraries and executables with the included `build.sh` shellscript (if cross-compiling).
+
 ### Credits

 - Stephen Fewer ([@stephenfewer](https://github.com/stephenfewer)) for reflective DLL injection
--- a/build.sh
+++ b/build.sh
@ -9,13 +9,17 @@ case $(uname -a) in
        TOOLCHAIN="linux-mingw-w64-x86_64.cmake"
        ;;
    Darwin*)
-        echo "[+] Using MacOS toolchain"
-        TOOLCHAIN="macos-mingw-w64-x86_64.cmake"
+        echo "[+] Using Darwin toolchain"
+        TOOLCHAIN="darwin-mingw-w64-x86_64.cmake"
        ;;
 esac

-echo "Running CMake"
-cmake -DCMAKE_TOOLCHAIN_FILE=toolchains/$TOOLCHAIN -B build
+echo "[+] Running CMake with specified toolchain, outputting to build/"
+if ! cmake -DCMAKE_TOOLCHAIN_FILE=toolchains/$TOOLCHAIN -B build
+then
+    echo "[!] CMake failed, aborting build"
+    exit 1
+fi

-echo "Running Make with $USED threads"
+echo "[+] Running Make with $USED threads"
 make -j$USED -C build
--- a/reflective_loader/loader.cpp
+++ b/reflective_loader/loader.cpp
@ -20,7 +20,6 @@ void Load(PBYTE pImage, DWORD dwFunctionHash, PVOID pvUserData, DWORD dwUserData
        return;
    }

-    // auto rng = std::default_random_engine{};
    std::random_device rd;
    std::mt19937 eng(rd());

--- a/reflective_loader/loader.hpp
+++ b/reflective_loader/loader.hpp
@ -2,20 +2,18 @@

 #include <windows.h>
 #include <winternl.h>
-#include <random>

-#define MAX_IMPORT_DELAY_MS 6 * 1000
-#define OBFUSCATE_IMPORTS 1
-#define HASH_KEY 5381
+constexpr auto MAX_IMPORT_DELAY_MS = 6 * 1000;
+constexpr auto OBFUSCATE_IMPORTS = 1;
+constexpr auto HASH_KEY = 5381;

-#define KERNEL32_DLL_HASH 0x6DDB9555
-// #define NTDLL_DLL_HASH 0x1EDAB0ED
-#define LOAD_LIBRARY_W_HASH 0xB7072FF1
-#define GET_PROC_ADDRESS_HASH 0xDECFC1BF
-#define VIRTUAL_ALLOC_HASH 0x097BC257
-#define FLUSH_INSTRUCTION_CACHE_HASH 0xEFB7BF9D
-#define VIRTUAL_PROTECT_HASH 0xE857500D
-#define SLEEP_HASH 0x0E07CD7E
+constexpr DWORD KERNEL32_DLL_HASH = 0x6DDB9555;
+constexpr DWORD LOAD_LIBRARY_W_HASH = 0xB7072FF1;
+constexpr DWORD GET_PROC_ADDRESS_HASH = 0xDECFC1BF;
+constexpr DWORD VIRTUAL_ALLOC_HASH = 0x097BC257;
+constexpr DWORD FLUSH_INSTRUCTION_CACHE_HASH = 0xEFB7BF9D;
+constexpr DWORD VIRTUAL_PROTECT_HASH = 0xE857500D;
+constexpr DWORD SLEEP_HASH = 0x0E07CD7E;

 // Function pointer typedefs from MSDN
 using LOAD_LIBRARY_W = HMODULE(WINAPI *)(LPCWSTR);
--- a/toolchains/darwin-mingw-w64-x86_64.cmake
+++ b/toolchains/darwin-mingw-w64-x86_64.cmake
@ -21,5 +21,6 @@ set(CMAKE_FIND_ROOT_PATH_MODE_PROGRAM NEVER)
 set(CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY)
 set(CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY)

+# General compiler flags
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -static -Os")
 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -static -Os")
--- a/toolchains/linux-mingw-w64-x86_64.cmake
+++ b/toolchains/linux-mingw-w64-x86_64.cmake
@ -9,6 +9,9 @@ set(TOOLCHAIN_PREFIX x86_64-w64-mingw32)
 # Cross-compilers to use for C and C++
 set(CMAKE_C_COMPILER ${TOOLCHAIN_PREFIX}-gcc)
 set(CMAKE_CXX_COMPILER ${TOOLCHAIN_PREFIX}-g++)
+set(CMAKE_RC_COMPILER ${TOOLCHAIN_PREFIX}-windres)
+set(CMAKE_AR ${TOOLCHAIN_PREFIX}-ar)
+set(CMAKE_RANLIB ${TOOLCHAIN_PREFIX}-ranlib)

 # Target environment on the build host system (with Homebrew)
 set(CMAKE_FIND_ROOT_PATH /usr/${TOOLCHAIN_PREFIX})
@ -18,5 +21,5 @@ set(CMAKE_FIND_ROOT_PATH_MODE_PROGRAM NEVER)
 set(CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY)
 set(CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY)

-set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -static -Os")
-set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -static -Os")
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -static -Os -flto")
+set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -static -Os -flto")