diff --git a/Debug/FunDLL.exp b/Debug/FunDLL.exp
new file mode 100644
index 0000000..365888f
Binary files /dev/null and b/Debug/FunDLL.exp differ
diff --git a/Debug/FunDLL.iobj b/Debug/FunDLL.iobj
new file mode 100644
index 0000000..2be397b
Binary files /dev/null and b/Debug/FunDLL.iobj differ
diff --git a/Debug/FunDLL.ipdb b/Debug/FunDLL.ipdb
new file mode 100644
index 0000000..e9521e9
Binary files /dev/null and b/Debug/FunDLL.ipdb differ
diff --git a/Debug/FunDLL.pdb b/Debug/FunDLL.pdb
new file mode 100644
index 0000000..5cc9330
Binary files /dev/null and b/Debug/FunDLL.pdb differ
diff --git a/Debug/Injector.pdb b/Debug/Injector.pdb
new file mode 100644
index 0000000..3afe78f
Binary files /dev/null and b/Debug/Injector.pdb differ
diff --git a/Debug/Loader.pdb b/Debug/Loader.pdb
new file mode 100644
index 0000000..7442067
Binary files /dev/null and b/Debug/Loader.pdb differ
diff --git a/Dll/Debug/Dll.Build.CppClean.log b/Dll/Debug/Dll.Build.CppClean.log
new file mode 100644
index 0000000..d6d1236
--- /dev/null
+++ b/Dll/Debug/Dll.Build.CppClean.log
@@ -0,0 +1,13 @@
+c:\users\hellisabove\source\repos\rat\dll\debug\vc141.pdb
+c:\users\hellisabove\source\repos\rat\dll\debug\fundll.obj
+c:\users\hellisabove\source\repos\rat\debug\dll.lib
+c:\users\hellisabove\source\repos\rat\debug\dll.exp
+c:\users\hellisabove\source\repos\rat\debug\dll.dll
+c:\users\hellisabove\source\repos\rat\debug\dll.pdb
+c:\users\hellisabove\source\repos\rat\dll\debug\dll.tlog\cl.command.1.tlog
+c:\users\hellisabove\source\repos\rat\dll\debug\dll.tlog\cl.read.1.tlog
+c:\users\hellisabove\source\repos\rat\dll\debug\dll.tlog\cl.write.1.tlog
+c:\users\hellisabove\source\repos\rat\dll\debug\dll.tlog\dll.write.1u.tlog
+c:\users\hellisabove\source\repos\rat\dll\debug\dll.tlog\link.command.1.tlog
+c:\users\hellisabove\source\repos\rat\dll\debug\dll.tlog\link.read.1.tlog
+c:\users\hellisabove\source\repos\rat\dll\debug\dll.tlog\link.write.1.tlog
diff --git a/Dll/Debug/Dll.log b/Dll/Debug/Dll.log
new file mode 100644
index 0000000..a7d3ee7
--- /dev/null
+++ b/Dll/Debug/Dll.log
@@ -0,0 +1,7 @@
+C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Microsoft\VC\v150\Platforms\Win32\PlatformToolsets\v141_xp\Toolset.targets(39,5): warning MSB8051: Support for targeting Windows XP is deprecated and will not be present in future releases of Visual Studio. Please see https://go.microsoft.com/fwlink/?linkid=2023588 for more information.
+C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Microsoft\VC\v150\Microsoft.CppBuild.targets(391,5): warning MSB8028: The intermediate directory (Debug\) contains files shared from another project (Dll.vcxproj). This can lead to incorrect clean and rebuild behavior.
+ Creating library C:\Users\hellisabove\source\repos\RAT\Debug\FunDLL.lib and object C:\Users\hellisabove\source\repos\RAT\Debug\FunDLL.exp
+ Generating code
+ All 3 functions were compiled because no usable IPDB/IOBJ from previous compilation was found.
+ Finished generating code
+ Dll.vcxproj -> C:\Users\hellisabove\source\repos\RAT\Debug\FunDLL.dll
diff --git a/Dll/Debug/Dll.tlog/CL.command.1.tlog b/Dll/Debug/Dll.tlog/CL.command.1.tlog
new file mode 100644
index 0000000..4fe39f0
Binary files /dev/null and b/Dll/Debug/Dll.tlog/CL.command.1.tlog differ
diff --git a/Dll/Debug/Dll.tlog/CL.read.1.tlog b/Dll/Debug/Dll.tlog/CL.read.1.tlog
new file mode 100644
index 0000000..8d47c28
Binary files /dev/null and b/Dll/Debug/Dll.tlog/CL.read.1.tlog differ
diff --git a/Dll/Debug/Dll.tlog/CL.write.1.tlog b/Dll/Debug/Dll.tlog/CL.write.1.tlog
new file mode 100644
index 0000000..27f4603
Binary files /dev/null and b/Dll/Debug/Dll.tlog/CL.write.1.tlog differ
diff --git a/Dll/Debug/Dll.tlog/Dll.lastbuildstate b/Dll/Debug/Dll.tlog/Dll.lastbuildstate
new file mode 100644
index 0000000..23245b8
--- /dev/null
+++ b/Dll/Debug/Dll.tlog/Dll.lastbuildstate
@@ -0,0 +1,2 @@
+#TargetFrameworkVersion=:PlatformToolSet=v141_xp:EnableManagedIncrementalBuild=false:VCToolArchitecture=Native32Bit:WindowsTargetPlatformVersion=7.0
+Debug|Win32|C:\Users\hellisabove\source\repos\RAT\|
diff --git a/Dll/Debug/Dll.tlog/Dll.write.1u.tlog b/Dll/Debug/Dll.tlog/Dll.write.1u.tlog
new file mode 100644
index 0000000..7e00ff0
Binary files /dev/null and b/Dll/Debug/Dll.tlog/Dll.write.1u.tlog differ
diff --git a/Dll/Debug/Dll.tlog/link.command.1.tlog b/Dll/Debug/Dll.tlog/link.command.1.tlog
new file mode 100644
index 0000000..75aba57
Binary files /dev/null and b/Dll/Debug/Dll.tlog/link.command.1.tlog differ
diff --git a/Dll/Debug/Dll.tlog/link.read.1.tlog b/Dll/Debug/Dll.tlog/link.read.1.tlog
new file mode 100644
index 0000000..d81d459
Binary files /dev/null and b/Dll/Debug/Dll.tlog/link.read.1.tlog differ
diff --git a/Dll/Debug/Dll.tlog/link.write.1.tlog b/Dll/Debug/Dll.tlog/link.write.1.tlog
new file mode 100644
index 0000000..e3312ec
Binary files /dev/null and b/Dll/Debug/Dll.tlog/link.write.1.tlog differ
diff --git a/Injector/x64/Debug/Injector.vcxproj.FileListAbsolute.txt b/Dll/Debug/Dll.vcxproj.FileListAbsolute.txt
similarity index 100%
rename from Injector/x64/Debug/Injector.vcxproj.FileListAbsolute.txt
rename to Dll/Debug/Dll.vcxproj.FileListAbsolute.txt
diff --git a/Dll/Debug/FunDLL.Build.CppClean.log b/Dll/Debug/FunDLL.Build.CppClean.log
new file mode 100644
index 0000000..a1a62d7
--- /dev/null
+++ b/Dll/Debug/FunDLL.Build.CppClean.log
@@ -0,0 +1,15 @@
+c:\users\hellisabove\source\repos\rat\dll\debug\vc141.pdb
+c:\users\hellisabove\source\repos\rat\dll\debug\fundll.obj
+c:\users\hellisabove\source\repos\rat\debug\fundll.lib
+c:\users\hellisabove\source\repos\rat\debug\fundll.exp
+c:\users\hellisabove\source\repos\rat\debug\fundll.ipdb
+c:\users\hellisabove\source\repos\rat\debug\fundll.iobj
+c:\users\hellisabove\source\repos\rat\debug\fundll.dll
+c:\users\hellisabove\source\repos\rat\debug\fundll.pdb
+c:\users\hellisabove\source\repos\rat\dll\debug\fundll.tlog\cl.command.1.tlog
+c:\users\hellisabove\source\repos\rat\dll\debug\fundll.tlog\cl.read.1.tlog
+c:\users\hellisabove\source\repos\rat\dll\debug\fundll.tlog\cl.write.1.tlog
+c:\users\hellisabove\source\repos\rat\dll\debug\fundll.tlog\fundll.write.1u.tlog
+c:\users\hellisabove\source\repos\rat\dll\debug\fundll.tlog\link.command.1.tlog
+c:\users\hellisabove\source\repos\rat\dll\debug\fundll.tlog\link.read.1.tlog
+c:\users\hellisabove\source\repos\rat\dll\debug\fundll.tlog\link.write.1.tlog
diff --git a/Dll/Debug/FunDLL.tlog/CL.command.1.tlog b/Dll/Debug/FunDLL.tlog/CL.command.1.tlog
new file mode 100644
index 0000000..b1f5512
Binary files /dev/null and b/Dll/Debug/FunDLL.tlog/CL.command.1.tlog differ
diff --git a/Dll/Debug/FunDLL.tlog/CL.read.1.tlog b/Dll/Debug/FunDLL.tlog/CL.read.1.tlog
new file mode 100644
index 0000000..8d47c28
Binary files /dev/null and b/Dll/Debug/FunDLL.tlog/CL.read.1.tlog differ
diff --git a/Dll/Debug/FunDLL.tlog/CL.write.1.tlog b/Dll/Debug/FunDLL.tlog/CL.write.1.tlog
new file mode 100644
index 0000000..27f4603
Binary files /dev/null and b/Dll/Debug/FunDLL.tlog/CL.write.1.tlog differ
diff --git a/Dll/Debug/FunDLL.tlog/FunDLL.lastbuildstate b/Dll/Debug/FunDLL.tlog/FunDLL.lastbuildstate
new file mode 100644
index 0000000..23245b8
--- /dev/null
+++ b/Dll/Debug/FunDLL.tlog/FunDLL.lastbuildstate
@@ -0,0 +1,2 @@
+#TargetFrameworkVersion=:PlatformToolSet=v141_xp:EnableManagedIncrementalBuild=false:VCToolArchitecture=Native32Bit:WindowsTargetPlatformVersion=7.0
+Debug|Win32|C:\Users\hellisabove\source\repos\RAT\|
diff --git a/Dll/Debug/FunDLL.tlog/FunDLL.write.1u.tlog b/Dll/Debug/FunDLL.tlog/FunDLL.write.1u.tlog
new file mode 100644
index 0000000..cecb9a2
Binary files /dev/null and b/Dll/Debug/FunDLL.tlog/FunDLL.write.1u.tlog differ
diff --git a/Dll/Debug/FunDLL.tlog/link.command.1.tlog b/Dll/Debug/FunDLL.tlog/link.command.1.tlog
new file mode 100644
index 0000000..ea9fd82
Binary files /dev/null and b/Dll/Debug/FunDLL.tlog/link.command.1.tlog differ
diff --git a/Dll/Debug/FunDLL.tlog/link.read.1.tlog b/Dll/Debug/FunDLL.tlog/link.read.1.tlog
new file mode 100644
index 0000000..d66d11c
Binary files /dev/null and b/Dll/Debug/FunDLL.tlog/link.read.1.tlog differ
diff --git a/Dll/Debug/FunDLL.tlog/link.write.1.tlog b/Dll/Debug/FunDLL.tlog/link.write.1.tlog
new file mode 100644
index 0000000..1b566d3
Binary files /dev/null and b/Dll/Debug/FunDLL.tlog/link.write.1.tlog differ
diff --git a/Dll/Debug/vc141.pdb b/Dll/Debug/vc141.pdb
new file mode 100644
index 0000000..c1fb6af
Binary files /dev/null and b/Dll/Debug/vc141.pdb differ
diff --git a/FunDLL/FunDLL.vcxproj b/Dll/Dll.vcxproj
similarity index 88%
rename from FunDLL/FunDLL.vcxproj
rename to Dll/Dll.vcxproj
index e8535df..8574aaf 100644
--- a/FunDLL/FunDLL.vcxproj
+++ b/Dll/Dll.vcxproj
@@ -21,17 +21,18 @@
16.0
Win32Proj
- {c7e129b4-8a7e-4e5c-a259-573609675fed}
- RAT
+ {0299d361-d3f7-419a-ab93-fb36642c97fa}
+ Dll
7.0
FunDLL
- Application
+ DynamicLibrary
true
- v143
+ v141_xp
Unicode
+ true
Application
@@ -41,18 +42,17 @@
Unicode
- DynamicLibrary
+ Application
true
- v141_xp
- MultiByte
- true
+ v143
+ Unicode
- DynamicLibrary
+ Application
false
- v141_xp
+ v143
true
- MultiByte
+ Unicode
@@ -72,18 +72,25 @@
-
+
false
Level3
- true
- WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)
- true
+ false
+ WIN32;NDEBUG;_WINDOWS;_USRDLL;RAT_EXPORTS;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)
+ false
+ MaxSpeed
+ true
+ Default
+ MultiThreaded
+ true
+ ProgramDatabase
+ true
- Console
+ Windows
true
@@ -106,21 +113,13 @@
Level3
- false
- WIN32;NDEBUG;_WINDOWS;_USRDLL;RAT_EXPORTS;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)
- false
- MaxSpeed
- true
- false
- Default
- MultiThreaded
- true
- ProgramDatabase
+ true
+ _DEBUG;_CONSOLE;%(PreprocessorDefinitions)
+ true
- Windows
+ Console
true
- 5.01
@@ -128,16 +127,15 @@
Level3
true
true
- false
- WIN32;NDEBUG;_WINDOWS;_USRDLL;RAT_EXPORTS;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)
- false
+ true
+ NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
+ true
- Windows
+ Console
true
true
true
- 5.02
diff --git a/FunDLL/FunDLL.vcxproj.filters b/Dll/Dll.vcxproj.filters
similarity index 100%
rename from FunDLL/FunDLL.vcxproj.filters
rename to Dll/Dll.vcxproj.filters
diff --git a/FunDLL/FunDLL.vcxproj.user b/Dll/Dll.vcxproj.user
similarity index 100%
rename from FunDLL/FunDLL.vcxproj.user
rename to Dll/Dll.vcxproj.user
diff --git a/FunDLL/fundll.cpp b/Dll/fundll.cpp
similarity index 79%
rename from FunDLL/fundll.cpp
rename to Dll/fundll.cpp
index 640de68..5882e98 100644
--- a/FunDLL/fundll.cpp
+++ b/Dll/fundll.cpp
@@ -9,12 +9,11 @@ BOOL APIENTRY DllMain(HMODULE Base, DWORD Callback, LPVOID Param) {
break;
default:
-
+
break;
}
- return 1;
}
extern "C" __declspec(dllexport) int FunEntry() {
- return MessageBoxA(0, "Hello World From C2", 0, 0);
+ return MessageBoxA(0, "Hello from C2", 0, 0);
}
\ No newline at end of file
diff --git a/Injector/Debug/Injector.Build.CppClean.log b/Injector/Debug/Injector.Build.CppClean.log
new file mode 100644
index 0000000..64be309
--- /dev/null
+++ b/Injector/Debug/Injector.Build.CppClean.log
@@ -0,0 +1,13 @@
+c:\users\hellisabove\source\repos\rat\injector\debug\vc143.pdb
+c:\users\hellisabove\source\repos\rat\injector\debug\vc143.idb
+c:\users\hellisabove\source\repos\rat\injector\debug\injector.obj
+c:\users\hellisabove\source\repos\rat\injector\debug\injector.ilk
+c:\users\hellisabove\source\repos\rat\debug\injector.exe
+c:\users\hellisabove\source\repos\rat\debug\injector.pdb
+c:\users\hellisabove\source\repos\rat\injector\debug\injector.tlog\cl.command.1.tlog
+c:\users\hellisabove\source\repos\rat\injector\debug\injector.tlog\cl.items.tlog
+c:\users\hellisabove\source\repos\rat\injector\debug\injector.tlog\cl.read.1.tlog
+c:\users\hellisabove\source\repos\rat\injector\debug\injector.tlog\cl.write.1.tlog
+c:\users\hellisabove\source\repos\rat\injector\debug\injector.tlog\link.command.1.tlog
+c:\users\hellisabove\source\repos\rat\injector\debug\injector.tlog\link.read.1.tlog
+c:\users\hellisabove\source\repos\rat\injector\debug\injector.tlog\link.write.1.tlog
diff --git a/Injector/Debug/Injector.exe.recipe b/Injector/Debug/Injector.exe.recipe
new file mode 100644
index 0000000..f052071
--- /dev/null
+++ b/Injector/Debug/Injector.exe.recipe
@@ -0,0 +1,11 @@
+
+
+
+
+ C:\Users\hellisabove\source\repos\RAT\Debug\Injector.exe
+
+
+
+
+
+
\ No newline at end of file
diff --git a/Injector/Debug/Injector.ilk b/Injector/Debug/Injector.ilk
new file mode 100644
index 0000000..b2ac90c
Binary files /dev/null and b/Injector/Debug/Injector.ilk differ
diff --git a/Injector/Debug/Injector.log b/Injector/Debug/Injector.log
new file mode 100644
index 0000000..198e2b0
--- /dev/null
+++ b/Injector/Debug/Injector.log
@@ -0,0 +1,2 @@
+ LINK : C:\Users\hellisabove\source\repos\RAT\Debug\Injector.exe not found or not built by the last incremental link; performing full link
+ Injector.vcxproj -> C:\Users\hellisabove\source\repos\RAT\Debug\Injector.exe
diff --git a/Injector/Debug/Injector.tlog/CL.command.1.tlog b/Injector/Debug/Injector.tlog/CL.command.1.tlog
new file mode 100644
index 0000000..ec99c38
Binary files /dev/null and b/Injector/Debug/Injector.tlog/CL.command.1.tlog differ
diff --git a/Injector/Debug/Injector.tlog/CL.read.1.tlog b/Injector/Debug/Injector.tlog/CL.read.1.tlog
new file mode 100644
index 0000000..0c81f4c
Binary files /dev/null and b/Injector/Debug/Injector.tlog/CL.read.1.tlog differ
diff --git a/Injector/Debug/Injector.tlog/CL.write.1.tlog b/Injector/Debug/Injector.tlog/CL.write.1.tlog
new file mode 100644
index 0000000..7873a02
Binary files /dev/null and b/Injector/Debug/Injector.tlog/CL.write.1.tlog differ
diff --git a/Injector/Debug/Injector.tlog/Cl.items.tlog b/Injector/Debug/Injector.tlog/Cl.items.tlog
new file mode 100644
index 0000000..31c4d28
--- /dev/null
+++ b/Injector/Debug/Injector.tlog/Cl.items.tlog
@@ -0,0 +1 @@
+C:\Users\hellisabove\source\repos\RAT\Injector\injector.cpp;C:\Users\hellisabove\source\repos\RAT\Injector\Debug\injector.obj
diff --git a/Injector/Debug/Injector.tlog/Injector.lastbuildstate b/Injector/Debug/Injector.tlog/Injector.lastbuildstate
new file mode 100644
index 0000000..4253841
--- /dev/null
+++ b/Injector/Debug/Injector.tlog/Injector.lastbuildstate
@@ -0,0 +1,2 @@
+PlatformToolSet=v143:VCToolArchitecture=Native32Bit:VCToolsVersion=14.36.32532:TargetPlatformVersion=10.0.22621.0:
+Debug|Win32|C:\Users\hellisabove\source\repos\RAT\|
diff --git a/Injector/Debug/Injector.tlog/link.command.1.tlog b/Injector/Debug/Injector.tlog/link.command.1.tlog
new file mode 100644
index 0000000..09060de
Binary files /dev/null and b/Injector/Debug/Injector.tlog/link.command.1.tlog differ
diff --git a/Injector/Debug/Injector.tlog/link.read.1.tlog b/Injector/Debug/Injector.tlog/link.read.1.tlog
new file mode 100644
index 0000000..4a6fd2d
Binary files /dev/null and b/Injector/Debug/Injector.tlog/link.read.1.tlog differ
diff --git a/Injector/Debug/Injector.tlog/link.write.1.tlog b/Injector/Debug/Injector.tlog/link.write.1.tlog
new file mode 100644
index 0000000..60df88e
Binary files /dev/null and b/Injector/Debug/Injector.tlog/link.write.1.tlog differ
diff --git a/Injector/Debug/Injector.vcxproj.FileListAbsolute.txt b/Injector/Debug/Injector.vcxproj.FileListAbsolute.txt
new file mode 100644
index 0000000..e69de29
diff --git a/Injector/Debug/vc143.idb b/Injector/Debug/vc143.idb
new file mode 100644
index 0000000..a02dcd8
Binary files /dev/null and b/Injector/Debug/vc143.idb differ
diff --git a/Injector/Debug/vc143.pdb b/Injector/Debug/vc143.pdb
new file mode 100644
index 0000000..bc03652
Binary files /dev/null and b/Injector/Debug/vc143.pdb differ
diff --git a/Injector/Injector.vcxproj b/Injector/Injector.vcxproj
index be9bf59..fce0f03 100644
--- a/Injector/Injector.vcxproj
+++ b/Injector/Injector.vcxproj
@@ -35,9 +35,9 @@
Application
false
- v143
+ v141
true
- Unicode
+ MultiByte
Application
@@ -127,7 +127,7 @@
-
+
diff --git a/Injector/Injector.vcxproj.filters b/Injector/Injector.vcxproj.filters
index 3e7e62e..9ce493a 100644
--- a/Injector/Injector.vcxproj.filters
+++ b/Injector/Injector.vcxproj.filters
@@ -15,7 +15,7 @@
-
+
Source Files
diff --git a/Injector/Source.cpp b/Injector/injector.cpp
similarity index 100%
rename from Injector/Source.cpp
rename to Injector/injector.cpp
diff --git a/Injector/x64/Debug/Injector.Build.CppClean.log b/Injector/x64/Debug/Injector.Build.CppClean.log
deleted file mode 100644
index 0ecb3c6..0000000
--- a/Injector/x64/Debug/Injector.Build.CppClean.log
+++ /dev/null
@@ -1,12 +0,0 @@
-c:\users\hellisabove\source\repos\rat\injector\x64\debug\vc141.pdb
-c:\users\hellisabove\source\repos\rat\injector\x64\debug\vc141.idb
-c:\users\hellisabove\source\repos\rat\injector\x64\debug\source.obj
-c:\users\hellisabove\source\repos\rat\x64\debug\injector.ilk
-c:\users\hellisabove\source\repos\rat\x64\debug\injector.exe
-c:\users\hellisabove\source\repos\rat\x64\debug\injector.pdb
-c:\users\hellisabove\source\repos\rat\injector\x64\debug\injector.tlog\cl.command.1.tlog
-c:\users\hellisabove\source\repos\rat\injector\x64\debug\injector.tlog\cl.read.1.tlog
-c:\users\hellisabove\source\repos\rat\injector\x64\debug\injector.tlog\cl.write.1.tlog
-c:\users\hellisabove\source\repos\rat\injector\x64\debug\injector.tlog\link.command.1.tlog
-c:\users\hellisabove\source\repos\rat\injector\x64\debug\injector.tlog\link.read.1.tlog
-c:\users\hellisabove\source\repos\rat\injector\x64\debug\injector.tlog\link.write.1.tlog
diff --git a/Injector/x64/Debug/Injector.log b/Injector/x64/Debug/Injector.log
deleted file mode 100644
index f142a7f..0000000
--- a/Injector/x64/Debug/Injector.log
+++ /dev/null
@@ -1,2 +0,0 @@
- Source.cpp
- Injector.vcxproj -> C:\Users\hellisabove\source\repos\RAT\x64\Debug\Injector.exe
diff --git a/Loader/Debug/Loader.Build.CppClean.log b/Loader/Debug/Loader.Build.CppClean.log
new file mode 100644
index 0000000..159bfc9
--- /dev/null
+++ b/Loader/Debug/Loader.Build.CppClean.log
@@ -0,0 +1,11 @@
+c:\users\hellisabove\source\repos\rat\loader\debug\vc141.pdb
+c:\users\hellisabove\source\repos\rat\loader\debug\tools.obj
+c:\users\hellisabove\source\repos\rat\loader\debug\loader.obj
+c:\users\hellisabove\source\repos\rat\debug\loader.exe
+c:\users\hellisabove\source\repos\rat\debug\loader.pdb
+c:\users\hellisabove\source\repos\rat\loader\debug\loader.tlog\cl.command.1.tlog
+c:\users\hellisabove\source\repos\rat\loader\debug\loader.tlog\cl.read.1.tlog
+c:\users\hellisabove\source\repos\rat\loader\debug\loader.tlog\cl.write.1.tlog
+c:\users\hellisabove\source\repos\rat\loader\debug\loader.tlog\link.command.1.tlog
+c:\users\hellisabove\source\repos\rat\loader\debug\loader.tlog\link.read.1.tlog
+c:\users\hellisabove\source\repos\rat\loader\debug\loader.tlog\link.write.1.tlog
diff --git a/Loader/Debug/Loader.log b/Loader/Debug/Loader.log
new file mode 100644
index 0000000..edac3ef
--- /dev/null
+++ b/Loader/Debug/Loader.log
@@ -0,0 +1,2 @@
+C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Microsoft\VC\v150\Platforms\Win32\PlatformToolsets\v141_xp\Toolset.targets(39,5): warning MSB8051: Support for targeting Windows XP is deprecated and will not be present in future releases of Visual Studio. Please see https://go.microsoft.com/fwlink/?linkid=2023588 for more information.
+ Loader.vcxproj -> C:\Users\hellisabove\source\repos\RAT\Debug\Loader.exe
diff --git a/Loader/Debug/Loader.tlog/CL.command.1.tlog b/Loader/Debug/Loader.tlog/CL.command.1.tlog
new file mode 100644
index 0000000..ad07b3b
Binary files /dev/null and b/Loader/Debug/Loader.tlog/CL.command.1.tlog differ
diff --git a/Loader/Debug/Loader.tlog/CL.read.1.tlog b/Loader/Debug/Loader.tlog/CL.read.1.tlog
new file mode 100644
index 0000000..51bc714
Binary files /dev/null and b/Loader/Debug/Loader.tlog/CL.read.1.tlog differ
diff --git a/Loader/Debug/Loader.tlog/CL.write.1.tlog b/Loader/Debug/Loader.tlog/CL.write.1.tlog
new file mode 100644
index 0000000..484979f
Binary files /dev/null and b/Loader/Debug/Loader.tlog/CL.write.1.tlog differ
diff --git a/Loader/Debug/Loader.tlog/Loader.lastbuildstate b/Loader/Debug/Loader.tlog/Loader.lastbuildstate
new file mode 100644
index 0000000..23245b8
--- /dev/null
+++ b/Loader/Debug/Loader.tlog/Loader.lastbuildstate
@@ -0,0 +1,2 @@
+#TargetFrameworkVersion=:PlatformToolSet=v141_xp:EnableManagedIncrementalBuild=false:VCToolArchitecture=Native32Bit:WindowsTargetPlatformVersion=7.0
+Debug|Win32|C:\Users\hellisabove\source\repos\RAT\|
diff --git a/Loader/Debug/Loader.tlog/link.command.1.tlog b/Loader/Debug/Loader.tlog/link.command.1.tlog
new file mode 100644
index 0000000..1aeeb1c
Binary files /dev/null and b/Loader/Debug/Loader.tlog/link.command.1.tlog differ
diff --git a/Loader/Debug/Loader.tlog/link.read.1.tlog b/Loader/Debug/Loader.tlog/link.read.1.tlog
new file mode 100644
index 0000000..62b1f8e
Binary files /dev/null and b/Loader/Debug/Loader.tlog/link.read.1.tlog differ
diff --git a/Loader/Debug/Loader.tlog/link.write.1.tlog b/Loader/Debug/Loader.tlog/link.write.1.tlog
new file mode 100644
index 0000000..e0d3597
Binary files /dev/null and b/Loader/Debug/Loader.tlog/link.write.1.tlog differ
diff --git a/Loader/Debug/Loader.vcxproj.FileListAbsolute.txt b/Loader/Debug/Loader.vcxproj.FileListAbsolute.txt
new file mode 100644
index 0000000..e69de29
diff --git a/Loader/Debug/vc141.pdb b/Loader/Debug/vc141.pdb
new file mode 100644
index 0000000..8f184aa
Binary files /dev/null and b/Loader/Debug/vc141.pdb differ
diff --git a/Loader/Loader.vcxproj b/Loader/Loader.vcxproj
new file mode 100644
index 0000000..0e0d345
--- /dev/null
+++ b/Loader/Loader.vcxproj
@@ -0,0 +1,165 @@
+
+
+
+
+ Debug
+ Win32
+
+
+ Release
+ Win32
+
+
+ Debug
+ x64
+
+
+ Release
+ x64
+
+
+
+ 16.0
+ Win32Proj
+ {81f05638-72b8-41da-b80a-4f292961d9a1}
+ Loader
+ 10.0
+
+
+
+ Application
+ true
+ v141_xp
+ Unicode
+
+
+ Application
+ false
+ v141_xp
+ true
+ Unicode
+
+
+ Application
+ true
+ v143
+ Unicode
+
+
+ Application
+ false
+ v141_xp
+ true
+ Unicode
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+ false
+
+
+ false
+
+
+
+ TurnOffAllWarnings
+ false
+ WIN32;NDEBUG;_WINDOWS;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)
+ false
+ ProgramDatabase
+ MaxSpeed
+ true
+ true
+ Default
+ MultiThreaded
+ false
+
+
+ Windows
+ true
+ kernel32.lib;user32.lib
+
+
+
+
+ TurnOffAllWarnings
+ false
+ true
+ true
+ WIN32;NDEBUG;_WINDOWS;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)
+ true
+ true
+ MultiThreaded
+ false
+
+
+ Windows
+ true
+ true
+ true
+
+
+ kernel32.lib;user32.lib
+
+
+
+
+ Level3
+ true
+ _DEBUG;_CONSOLE;%(PreprocessorDefinitions)
+ true
+
+
+ Console
+ true
+
+
+
+
+ TurnOffAllWarnings
+ false
+ true
+ false
+ WIN32;NDEBUG;_WINDOWS;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)
+ true
+ true
+ MultiThreaded
+ false
+
+
+ Windows
+ true
+ true
+ true
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/Loader/Loader.vcxproj.filters b/Loader/Loader.vcxproj.filters
new file mode 100644
index 0000000..dfe9fcf
--- /dev/null
+++ b/Loader/Loader.vcxproj.filters
@@ -0,0 +1,30 @@
+
+
+
+
+ {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
+ cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
+
+
+ {93995380-89BD-4b04-88EB-625FBE52EBFB}
+ h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
+
+
+ {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
+ rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
+
+
+
+
+ Source Files
+
+
+ Source Files
+
+
+
+
+ Header Files
+
+
+
\ No newline at end of file
diff --git a/Loader/Loader.vcxproj.user b/Loader/Loader.vcxproj.user
new file mode 100644
index 0000000..88a5509
--- /dev/null
+++ b/Loader/Loader.vcxproj.user
@@ -0,0 +1,4 @@
+
+
+
+
\ No newline at end of file
diff --git a/Loader/loader.cpp b/Loader/loader.cpp
new file mode 100644
index 0000000..35af249
--- /dev/null
+++ b/Loader/loader.cpp
@@ -0,0 +1,23 @@
+#include
+#include "tools.h"
+
+INT WINAPI WinMain(HMODULE current, HMODULE previous, LPSTR cmd, INT show) {
+ PBYTE module_base = PBYTE(Tools::GetImageBase());
+ if (module_base != ERROR) {
+ // extract payload from section move to %appdata% with random name
+ DWORD module_size = NULL;
+ PBYTE dll_memory = Tools::ExtractDllFile(module_base, &module_size);
+
+ // move payload onto %appdata% with some random generated name
+ DWORD bytes_written = NULL;
+ WCHAR appdata_path[MAX_PATH];
+
+ if (ExpandEnvironmentStringsW(TEXT("%APPDATA%"), appdata_path, MAX_PATH - 1) > 0) {
+ wsprintfW(appdata_path, TEXT("%s\\%lu.%cl%c"), appdata_path, GetTickCount(), 'd', 'l');
+ HANDLE new_file = CreateFileW(appdata_path, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
+ if (new_file != INVALID_HANDLE_VALUE) {
+ WriteFile(new_file, dll_memory, module_size, &bytes_written, NULL);
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/Loader/tools.cpp b/Loader/tools.cpp
new file mode 100644
index 0000000..ceadd41
--- /dev/null
+++ b/Loader/tools.cpp
@@ -0,0 +1,36 @@
+#include "tools.h"
+#include
+
+PVOID Tools::GetImageBase() {
+ PWORD virtual_address = PWORD(&GetImageBase);
+ PDWORD image_base = NULL;
+
+ __asm {
+ mov eax, virtual_address
+ and eax, 0xFFFF0000
+ IterateImage:
+ cmp WORD PTR[eax], 0x5A4D
+ je EndIteration
+ sub eax, 0x00010000
+ jmp IterateImage
+ EndIteration:
+ mov[image_base], eax
+ }
+
+ return image_base;
+}
+
+PBYTE Tools::ExtractDllFile(PBYTE module_base, PDWORD module_size) {
+ PIMAGE_DOS_HEADER image_dos_header = (PIMAGE_DOS_HEADER)(module_base);
+ if (image_dos_header->e_magic == IMAGE_DOS_SIGNATURE) {
+ PIMAGE_NT_HEADERS image_nt_headers = (PIMAGE_NT_HEADERS)(module_base + image_dos_header->e_lfanew);
+ if (image_nt_headers->Signature == IMAGE_NT_SIGNATURE) {
+ PIMAGE_SECTION_HEADER first_section = (PIMAGE_SECTION_HEADER)(IMAGE_FIRST_SECTION(image_nt_headers));
+ PIMAGE_SECTION_HEADER dll_section = (PIMAGE_SECTION_HEADER)(first_section + image_nt_headers->FileHeader.NumberOfSections - 1);
+ if (dll_section != ERROR) {
+ *module_size = dll_section->Misc.VirtualSize;
+ return RtlOffsetToPointer(module_base, dll_section->VirtualAddress);
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/Loader/tools.h b/Loader/tools.h
new file mode 100644
index 0000000..f9459ac
--- /dev/null
+++ b/Loader/tools.h
@@ -0,0 +1,9 @@
+#pragma once
+#include
+
+#define RtlOffsetToPointer(Module, Pointer) PBYTE(PBYTE(Module) + DWORD(Pointer))
+
+namespace Tools {
+ PVOID GetImageBase();
+ PBYTE ExtractDllFile(PBYTE module_base, PDWORD module_size);
+}
diff --git a/RAT.sln b/RAT.sln
index 6847389..a2f7dca 100644
--- a/RAT.sln
+++ b/RAT.sln
@@ -5,7 +5,9 @@ VisualStudioVersion = 17.6.33815.320
MinimumVisualStudioVersion = 10.0.40219.1
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Injector", "Injector\Injector.vcxproj", "{9C556697-73D5-47E2-908C-B285CB253CC6}"
EndProject
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "FunDLL", "FunDLL\FunDLL.vcxproj", "{C7E129B4-8A7E-4E5C-A259-573609675FED}"
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Loader", "Loader\Loader.vcxproj", "{81F05638-72B8-41DA-B80A-4F292961D9A1}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Dll", "Dll\Dll.vcxproj", "{0299D361-D3F7-419A-AB93-FB36642C97FA}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
@@ -23,14 +25,22 @@ Global
{9C556697-73D5-47E2-908C-B285CB253CC6}.Release|x64.Build.0 = Release|x64
{9C556697-73D5-47E2-908C-B285CB253CC6}.Release|x86.ActiveCfg = Release|Win32
{9C556697-73D5-47E2-908C-B285CB253CC6}.Release|x86.Build.0 = Release|Win32
- {C7E129B4-8A7E-4E5C-A259-573609675FED}.Debug|x64.ActiveCfg = Debug|x64
- {C7E129B4-8A7E-4E5C-A259-573609675FED}.Debug|x64.Build.0 = Debug|x64
- {C7E129B4-8A7E-4E5C-A259-573609675FED}.Debug|x86.ActiveCfg = Debug|Win32
- {C7E129B4-8A7E-4E5C-A259-573609675FED}.Debug|x86.Build.0 = Debug|Win32
- {C7E129B4-8A7E-4E5C-A259-573609675FED}.Release|x64.ActiveCfg = Release|x64
- {C7E129B4-8A7E-4E5C-A259-573609675FED}.Release|x64.Build.0 = Release|x64
- {C7E129B4-8A7E-4E5C-A259-573609675FED}.Release|x86.ActiveCfg = Release|Win32
- {C7E129B4-8A7E-4E5C-A259-573609675FED}.Release|x86.Build.0 = Release|Win32
+ {81F05638-72B8-41DA-B80A-4F292961D9A1}.Debug|x64.ActiveCfg = Debug|x64
+ {81F05638-72B8-41DA-B80A-4F292961D9A1}.Debug|x64.Build.0 = Debug|x64
+ {81F05638-72B8-41DA-B80A-4F292961D9A1}.Debug|x86.ActiveCfg = Debug|Win32
+ {81F05638-72B8-41DA-B80A-4F292961D9A1}.Debug|x86.Build.0 = Debug|Win32
+ {81F05638-72B8-41DA-B80A-4F292961D9A1}.Release|x64.ActiveCfg = Release|x64
+ {81F05638-72B8-41DA-B80A-4F292961D9A1}.Release|x64.Build.0 = Release|x64
+ {81F05638-72B8-41DA-B80A-4F292961D9A1}.Release|x86.ActiveCfg = Release|Win32
+ {81F05638-72B8-41DA-B80A-4F292961D9A1}.Release|x86.Build.0 = Release|Win32
+ {0299D361-D3F7-419A-AB93-FB36642C97FA}.Debug|x64.ActiveCfg = Debug|x64
+ {0299D361-D3F7-419A-AB93-FB36642C97FA}.Debug|x64.Build.0 = Debug|x64
+ {0299D361-D3F7-419A-AB93-FB36642C97FA}.Debug|x86.ActiveCfg = Debug|Win32
+ {0299D361-D3F7-419A-AB93-FB36642C97FA}.Debug|x86.Build.0 = Debug|Win32
+ {0299D361-D3F7-419A-AB93-FB36642C97FA}.Release|x64.ActiveCfg = Release|x64
+ {0299D361-D3F7-419A-AB93-FB36642C97FA}.Release|x64.Build.0 = Release|x64
+ {0299D361-D3F7-419A-AB93-FB36642C97FA}.Release|x86.ActiveCfg = Release|Win32
+ {0299D361-D3F7-419A-AB93-FB36642C97FA}.Release|x86.Build.0 = Release|Win32
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE