Skip to content

Commit

Permalink
Change C to avoid Windows Defender
Browse files Browse the repository at this point in the history
  • Loading branch information
@helviojunior
helviojunior committed Feb 13, 2023
1 parent a5a2128 commit 196c3e4
Show file tree
Hide file tree
Showing 2 changed files with 65 additions and 35 deletions.
49 changes: 49 additions & 0 deletions shellcodetester/libs/asmfile.py
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,54 @@
from pathlib import Path
from random import shuffle

from shellcodetester.config import Configuration
from shellcodetester.util.logger import Logger

_x86Instruction = [
{'asm': 'inc %eax', 'byte': b'\x40'},
{'asm': 'inc %ecx', 'byte': b'\x41'},
{'asm': 'inc %edx', 'byte': b'\x42'},
{'asm': 'inc %ebx', 'byte': b'\x43'},
{'asm': 'inc %esp', 'byte': b'\x44'},
{'asm': 'inc %ebp', 'byte': b'\x45'},
{'asm': 'inc %esi', 'byte': b'\x46'},
{'asm': 'inc %edi', 'byte': b'\x47'},
{'asm': 'dec %eax', 'byte': b'\x48'},
{'asm': 'dec %ecx', 'byte': b'\x49'},
{'asm': 'dec %edx', 'byte': b'\x4a'},
{'asm': 'dec %ebx', 'byte': b'\x4b'},
{'asm': 'dec %esp', 'byte': b'\x4c'},
{'asm': 'dec %ebp', 'byte': b'\x4d'},
{'asm': 'dec %esi', 'byte': b'\x4e'},
{'asm': 'dec %edi', 'byte': b'\x4f'},
]

_x86_64Instruction = [
{'asm': 'inc %rax', 'byte': b'\x48\xff\xc0'},
{'asm': 'inc %rcx', 'byte': b'\x48\xff\xc1'},
{'asm': 'inc %rdx', 'byte': b'\x48\xff\xc2'},
{'asm': 'inc %rbx', 'byte': b'\x48\xff\xc3'},
{'asm': 'inc %rsp', 'byte': b'\x48\xff\xc4'},
{'asm': 'inc %rbp', 'byte': b'\x48\xff\xc5'},
{'asm': 'inc %rsi', 'byte': b'\x48\xff\xc6'},
{'asm': 'inc %rdi', 'byte': b'\x48\xff\xc7'},
{'asm': 'dec %rax', 'byte': b'\x48\xff\xc8'},
{'asm': 'dec %rcx', 'byte': b'\x48\xff\xc9'},
{'asm': 'dec %rdx', 'byte': b'\x48\xff\xca'},
{'asm': 'dec %rbx', 'byte': b'\x48\xff\xcb'},
{'asm': 'dec %rsp', 'byte': b'\x48\xff\xcc'},
{'asm': 'dec %rbp', 'byte': b'\x48\xff\xcd'},
{'asm': 'dec %rsi', 'byte': b'\x48\xff\xce'},
{'asm': 'dec %rdi', 'byte': b'\x48\xff\xcf'},
]


class AsmFile(object):
file_path = ''
file_pattern = ''
arch = 'unsupported'
assembled_data = None
sign_data = []

def __init__(self, filename: str):
self.file_path = Path(filename)
Expand Down Expand Up @@ -41,4 +81,13 @@ def __init__(self, filename: str):
if self.arch == 'unsupported':
raise Exception('Unknown or unsupported ASM platform')

lst = _x86Instruction
if self.arch == 'x86_64':
lst = _x86_64Instruction
lst_idx = list(range(len(lst)))
shuffle(lst_idx)
lst_idx = lst_idx[0:7]

self.sign_data = [lst[i] for i in lst_idx]

Logger.debug("ASM architecture: {G}%s" % self.arch)
51 changes: 16 additions & 35 deletions shellcodetester/libs/compiler.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,9 @@ def compile(self) -> bool:
Logger.pl('{!} {R}Error assembling {G}%s{R}: Assembled data is empty{W}' % self.file_path.name)
return False

start_sign = self.sign_data
end_sign = reversed(start_sign)

Logger.debug("Writing C source code to {G}%s" % self.c_file)
try:

Expand All @@ -49,6 +52,8 @@ def compile(self) -> bool:
f.write('#include<stdio.h>\n')
f.write('#include<string.h>\n')
f.write('\n')
f.write('void shell();\n')
f.write('\n')
f.write('void main() {\n')
f.write('\n')
f.write(f' int size = {len(self.assembled_data)};\n')
Expand All @@ -62,32 +67,20 @@ def compile(self) -> bool:
if Configuration.breakpoint:
f.write(' asm("INT3"); // INT3 -> Breakpoint\n')

pattern = bytearray(b'\x40\x41\x42\x43\x44\x45\x46\x47')
f.write(' asm("NOP");\n')

f.write(' asm("inc %eax");\n')
f.write(' asm("inc %ecx");\n')
f.write(' asm("inc %edx");\n')
f.write(' asm("inc %ebx");\n')
f.write(' asm("inc %esp");\n')
f.write(' asm("inc %ebp");\n')
f.write(' asm("inc %esi");\n')
f.write(' asm("inc %edi");\n')
pattern = bytearray()
for s in start_sign:
pattern += bytearray(s['byte'])
f.write(' asm("%s");\n' % s['asm'])

for n in range(len(self.assembled_data)):
f.write(' asm("NOP");\n')
pattern.append(0x90)

f.write(' asm("NOP");\n')
f.write(' asm("inc %edi");\n')
f.write(' asm("inc %esi");\n')
f.write(' asm("inc %ebp");\n')
f.write(' asm("inc %esp");\n')
f.write(' asm("inc %ebx");\n')
f.write(' asm("inc %edx");\n')
f.write(' asm("inc %ecx");\n')
f.write(' asm("inc %eax");\n')

pattern += bytearray(b'\x90\x47\x46\x45\x44\x43\x42\x41\x40')
for s in end_sign:
pattern += bytearray(s['byte'])
f.write(' asm("%s");\n' % s['asm'])

if Configuration.fill:
for n in range(4096 - len(self.assembled_data)):
Expand Down Expand Up @@ -164,32 +157,20 @@ def replace_onfile(self, filename: [str, Path], pattern: [bytearray, bytes], rep

idx = Tools.find_index(bin_data, pattern)
if idx == -1:
Logger.pl('{!} {R}Error putting the shellcode at {G}%s{R}:{O} %s{W}' % (file.name, 'Find pattern1 not found'))
Logger.pl('{!} {R}Error putting the shellcode at {G}%s{R}:{O} %s{W}' % (file.name, 'Find pattern not found'))
return False

if idx + len(replace_to) > len(bin_data):
Logger.pl(
'{!} {R}Error putting the shellcode at {G}%s{R}:{O} %s{W}' % (file.name, 'replace_to data is greater than binary file'))
return False

p2 = bytearray(b'\x90\x47\x46\x45\x44\x43\x42\x41\x40')
idx2 = Tools.find_index(bin_data, p2, idx + 5)
if idx2 == -1:
Logger.pl('{!} {R}Error putting the shellcode at {G}%s{R}:{O} %s{W}' % (file.name, 'Find pattern2 not found'))
return False

idx2 += len(p2)
if len(replace_to) > idx2 - idx:
Logger.pl(
'{!} {R}Error putting the shellcode at {G}%s{R}:{O} %s{W}' % (file.name, 'replace_to data is greater than expected'))
return False

fill_data = bytearray(replace_to)

for n in range((idx2 - idx) - len(replace_to)):
for n in range(len(pattern) - len(replace_to)):
fill_data.append(0x90)

new_data = bin_data[0:idx] + fill_data + bin_data[idx2:]
new_data = bin_data[0:idx] + fill_data + bin_data[idx + len(pattern):]

with open(file.resolve(), 'wb') as f:
f.write(new_data)
Expand Down

0 comments on commit 196c3e4

Please sign in to comment.