build size optimizations, streamlining

CMakeLists.txt

@@ -10,11 +10,28 @@ if(NOT CMAKE_SYSTEM_NAME MATCHES Windows)
     message(FATAL_ERROR "Use a cross compilation suitable toolchain with CMAKE_SYSTEM_NAME set to Windows")
 endif()
 
-if(NOT MSVC)
+# Build as Release by default
-    add_compile_options("-Wall" "-Wextra")
+if(NOT CMAKE_BUILD_TYPE)
+    set(CMAKE_BUILD_TYPE Release)
+endif()
+
+include(CheckIPOSupported)
+check_ipo_supported(RESULT lto_supported OUTPUT error)
+
+# Enable LTO if supported
+if(lto_supported)
+    set(CMAKE_INTERPROCEDURAL_OPTIMIZATION TRUE)
 else()
-    # Level 4 warnings
+    message(WARNING "LTO is not supported: ${error}")
-    add_compile_options("/W4" "/WX")
+endif()
+
+if(NOT MSVC)
+    add_compile_options("-Wall" "-Wextra" "-Os")
+    set(CMAKE_EXE_LINKED_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -s")
+else()
+    add_compile_options("/W4" "/WX" "/O1" "/GL")
+    set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} /INCREMENTAL:NO /OPT:REF /OPT:ICF /PDBSTRIPPED")
+    set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} /INCREMENTAL:NO /OPT:REF /OPT:ICF /PDBSTRIPPED")
 endif()
 
 # *) Reflective loader (DLL)
@@ -28,3 +45,9 @@ add_executable(generator generator/generator.cpp generator/generator.hpp)
 
 # *) Injector (EXE)
 add_executable(injector injector/injector.cpp)
+
+if(NOT MSVC)
+    foreach(target loader payload generator injector)
+        add_custom_command(TARGET ${target} POST_BUILD COMMAND ${CMAKE_STRIP} $<TARGET_FILE:${target}>) # Strip binaries
+    endforeach()
+endif()

README.md

@@ -1,14 +1,25 @@
 # Shellcode reflective DLL injection in C++
 
-Placeholder.
+```shell
+.
+├── build.sh            # Build script (cmake & make)
+├── generator           # Shellcode generator (ties together bootstrap, loader, payload, and user data)
+├── injector            # PoC injector
+├── payload             # PoC payload (DllMain & PrintMessage(lpUserData))
+├── reflective_loader   # sRDI implementation
+└── toolchains          # Cross-compilation toolchains (linux & darwin)
+```
 
 ### Features
 
-- <n> kB loader
+Placeholder.
-- <m> kB injector
 
 Check out [Alcatraz](https://github.com/weak1337/Alcatraz/) for additional obfuscation for the shellcode/injector.
 
+### Usage
+
+Compile the libraries and executables with the included `build.sh` shellscript (if cross-compiling).
+
 ### Credits
 
 - Stephen Fewer ([@stephenfewer](https://github.com/stephenfewer)) for reflective DLL injection

build.sh

@@ -9,13 +9,17 @@ case $(uname -a) in
         TOOLCHAIN="linux-mingw-w64-x86_64.cmake"
         ;;
     Darwin*)
-        echo "[+] Using MacOS toolchain"
+        echo "[+] Using Darwin toolchain"
-        TOOLCHAIN="macos-mingw-w64-x86_64.cmake"
+        TOOLCHAIN="darwin-mingw-w64-x86_64.cmake"
         ;;
 esac
 
-echo "Running CMake"
+echo "[+] Running CMake with specified toolchain, outputting to build/"
-cmake -DCMAKE_TOOLCHAIN_FILE=toolchains/$TOOLCHAIN -B build
+if ! cmake -DCMAKE_TOOLCHAIN_FILE=toolchains/$TOOLCHAIN -B build
+then
+    echo "[!] CMake failed, aborting build"
+    exit 1
+fi
 
-echo "Running Make with $USED threads"
+echo "[+] Running Make with $USED threads"
 make -j$USED -C build

reflective_loader/loader.cpp

@@ -20,7 +20,6 @@ void Load(PBYTE pImage, DWORD dwFunctionHash, PVOID pvUserData, DWORD dwUserData
         return;
     }
 
-    // auto rng = std::default_random_engine{};
     std::random_device rd;
     std::mt19937 eng(rd());
 

reflective_loader/loader.hpp

@@ -2,20 +2,18 @@
 
 #include <windows.h>
 #include <winternl.h>
-#include <random>
 
-#define MAX_IMPORT_DELAY_MS 6 * 1000
+constexpr auto MAX_IMPORT_DELAY_MS = 6 * 1000;
-#define OBFUSCATE_IMPORTS 1
+constexpr auto OBFUSCATE_IMPORTS = 1;
-#define HASH_KEY 5381
+constexpr auto HASH_KEY = 5381;
 
-#define KERNEL32_DLL_HASH 0x6DDB9555
+constexpr DWORD KERNEL32_DLL_HASH = 0x6DDB9555;
-// #define NTDLL_DLL_HASH 0x1EDAB0ED
+constexpr DWORD LOAD_LIBRARY_W_HASH = 0xB7072FF1;
-#define LOAD_LIBRARY_W_HASH 0xB7072FF1
+constexpr DWORD GET_PROC_ADDRESS_HASH = 0xDECFC1BF;
-#define GET_PROC_ADDRESS_HASH 0xDECFC1BF
+constexpr DWORD VIRTUAL_ALLOC_HASH = 0x097BC257;
-#define VIRTUAL_ALLOC_HASH 0x097BC257
+constexpr DWORD FLUSH_INSTRUCTION_CACHE_HASH = 0xEFB7BF9D;
-#define FLUSH_INSTRUCTION_CACHE_HASH 0xEFB7BF9D
+constexpr DWORD VIRTUAL_PROTECT_HASH = 0xE857500D;
-#define VIRTUAL_PROTECT_HASH 0xE857500D
+constexpr DWORD SLEEP_HASH = 0x0E07CD7E;
-#define SLEEP_HASH 0x0E07CD7E
 
 // Function pointer typedefs from MSDN
 using LOAD_LIBRARY_W = HMODULE(WINAPI *)(LPCWSTR);

toolchains/darwin-mingw-w64-x86_64.cmake

@@ -21,5 +21,6 @@ set(CMAKE_FIND_ROOT_PATH_MODE_PROGRAM NEVER)
 set(CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY)
 set(CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY)
 
+# General compiler flags
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -static -Os")
 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -static -Os")

toolchains/linux-mingw-w64-x86_64.cmake

@@ -9,6 +9,9 @@ set(TOOLCHAIN_PREFIX x86_64-w64-mingw32)
 # Cross-compilers to use for C and C++
 set(CMAKE_C_COMPILER ${TOOLCHAIN_PREFIX}-gcc)
 set(CMAKE_CXX_COMPILER ${TOOLCHAIN_PREFIX}-g++)
+set(CMAKE_RC_COMPILER ${TOOLCHAIN_PREFIX}-windres)
+set(CMAKE_AR ${TOOLCHAIN_PREFIX}-ar)
+set(CMAKE_RANLIB ${TOOLCHAIN_PREFIX}-ranlib)
 
 # Target environment on the build host system (with Homebrew)
 set(CMAKE_FIND_ROOT_PATH /usr/${TOOLCHAIN_PREFIX})
@@ -18,5 +21,5 @@ set(CMAKE_FIND_ROOT_PATH_MODE_PROGRAM NEVER)
 set(CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY)
 set(CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY)
 
-set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -static -Os")
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -static -Os -flto")
-set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -static -Os")
+set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -static -Os -flto")