-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathassembly.go
89 lines (71 loc) · 1.58 KB
/
assembly.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
package ssce
import (
"embed"
"encoding/hex"
"fmt"
"strings"
)
// just for prevent [import _ "embed"] :)
var _ embed.FS
// The role of the mini decoder is to eliminate the
// instruction sequence features as much as possible.
var (
//go:embed asm/mini_decoder_x86.asm
defaultX86MiniDecoder string
//go:embed asm/mini_decoder_x64.asm
defaultX64MiniDecoder string
)
type miniDecoderCtx struct {
Seed interface{}
Key interface{}
NumLoopStub int32
NumLoopMaskA int32
NumLoopMaskB int32
OffsetT int32
OffsetA int32
OffsetS int32
// for replace registers
Reg map[string]string
// for prevent call short
Padding bool
PadData []byte
}
// The role of the shellcode loader is to execute the shellcode
// without destroying the CPU context, and to erase the loader
// before execution and the shellcode after execution.
var (
//go:embed asm/loader_x86.asm
defaultX86Loader string
//go:embed asm/loader_x64.asm
defaultX64Loader string
)
type loaderCtx struct {
JumpShort []byte
SaveContext []byte
RestoreContext []byte
StubKey interface{}
DecoderStub []byte
EraserStub []byte
CryptoKeyStub []byte
CryptoKeyLen int
ShellcodeLen int
EraserLen int
EraseShellcode bool
}
func toDB(b []byte) string {
if len(b) == 0 {
return ""
}
builder := strings.Builder{}
builder.WriteString(".byte ")
for i := 0; i < len(b); i++ {
builder.WriteString("0x")
s := hex.EncodeToString([]byte{b[i]})
builder.WriteString(strings.ToUpper(s))
builder.WriteString(", ")
}
return builder.String()
}
func toHex(v interface{}) string {
return fmt.Sprintf("0x%X", v)
}