feat: Improve evasion techniques
Some checks are pending
CI / Rebuild stubs (push) Waiting to run
CI / ${{ format('{0}', matrix.os) }}-0 (ubuntu-22.04) (push) Blocked by required conditions
CI / ${{ format('{0}', matrix.os) }}-0 (ubuntu-22.04-arm) (push) Blocked by required conditions
CI / ${{ format('{0}', matrix.os) }}-0 (ubuntu-24.04) (push) Blocked by required conditions
CI / ${{ format('{0}', matrix.os) }}-0 (ubuntu-24.04-arm) (push) Blocked by required conditions
CI / ${{ format('{0}', matrix.os) }} (ubuntu-22.04, true) (push) Blocked by required conditions
CI / ${{ format('{0}', matrix.os) }} (ubuntu-24.04, true, true) (push) Blocked by required conditions
CI / ${{ format('{0} {1}{2}', matrix.os, matrix.xcode_version && 'xcode-' || '', matrix.xcode_version) }} (gcc-13, g++-13, macos-14, true) (push) Blocked by required conditions
CI / ${{ format('{0} {1}{2}', matrix.os, matrix.xcode_version && 'xcode-' || '', matrix.xcode_version) }} (gcc-14, g++-14, macos-15, true) (push) Blocked by required conditions
CI / ${{ format('{0} {1}{2}', matrix.os, matrix.xcode_version && 'xcode-' || '', matrix.xcode_version) }} (gcc-14, g++-14, macos-15-intel, true) (push) Blocked by required conditions
CI / ${{ format('{0} {1}{2}', matrix.os, matrix.xcode_version && 'xcode-' || '', matrix.xcode_version) }} (gcc-15, g++-15, macos-26, true) (push) Blocked by required conditions
CI / ${{ format('{0}', matrix.name) }} (windows-11-arm64, windows-11-arm, arm64, 2022) (push) Blocked by required conditions
CI / ${{ format('{0}', matrix.name) }} (windows-11-arm64ec, windows-11-arm, true, arm64, 2022) (push) Blocked by required conditions
CI / ${{ format('{0}', matrix.name) }} (windows-2022-amd64, windows-2022, amd64, 2022) (push) Blocked by required conditions
CI / ${{ format('{0}', matrix.name) }} (windows-2022-i386, windows-2022, amd64_x86, 2022) (push) Blocked by required conditions
CI / ${{ format('{0}', matrix.name) }} (windows-2025-amd64, windows-2025, amd64, 2022) (push) Blocked by required conditions
CI / ${{ format('{0}', matrix.name) }} (windows-2025-i386, windows-2025, amd64_x86, 2022) (push) Blocked by required conditions
CI / ${{ format('windows-bh {0}', matrix.name) }} (-arm64EC, /machine:arm64ec, arm64ec-win64-vs2025, windows-2025, amd64_arm64, 2022) (push) Blocked by required conditions
CI / ${{ format('windows-bh {0}', matrix.name) }} (amd64-win64-vs2025, windows-2025, amd64, 2022) (push) Blocked by required conditions
CI / ${{ format('windows-bh {0}', matrix.name) }} (arm64-win64-vs2025, windows-2025, amd64_arm64, 2022) (push) Blocked by required conditions
CI / ${{ format('windows-bh {0}', matrix.name) }} (i386-win32-vs2025, windows-2025, amd64_x86, 2022) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (-march=i586, i386-linux-gnu.2.17) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (-march=i586, i386-linux-gnu.2.3.4) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (aarch64-macos-none) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (aarch64-windows-gnu) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (alpine:3.18, qemu-aarch64, -fPIE, aarch64-linux-musl) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (alpine:3.18, qemu-x86_64, -fPIE, x86_64-linux-musl) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (i386-windows-gnu) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (qemu-aarch64, aarch64-linux-musl) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (qemu-arm, arm-linux-musleabihf) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (qemu-armeb, armeb-linux-musleabihf) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (qemu-i386, -march=i586, -fPIE, i386-linux-musl) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (qemu-i386, -march=i586, i386-linux-musl) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (qemu-mips, mips-linux-musleabi) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (qemu-mips, mips-linux-musleabihf) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (qemu-mipsel, mipsel-linux-musleabi) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (qemu-mipsel, mipsel-linux-musleabihf) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (qemu-ppc, powerpc-linux-musleabihf) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (qemu-ppc64, -fPIE, powerpc64-linux-musl) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (qemu-ppc64, powerpc64-linux-musl) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (qemu-ppc64le, -fPIE, powerpc64le-linux-musl) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (qemu-ppc64le, powerpc64le-linux-musl) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (qemu-riscv64, UPX-UNSUPPORTED, -fPIE, riscv64-linux-musl) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (qemu-riscv64, UPX-UNSUPPORTED, riscv64-linux-musl) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (qemu-x86_64, x86_64-linux-gnu.2.17) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (qemu-x86_64, x86_64-linux-gnu.2.3.4) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (qemu-x86_64, x86_64-linux-musl) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (x86_64-macos-none) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (x86_64-windows-gnu) (push) Blocked by required conditions
Some checks are pending
CI / Rebuild stubs (push) Waiting to run
CI / ${{ format('{0}', matrix.os) }}-0 (ubuntu-22.04) (push) Blocked by required conditions
CI / ${{ format('{0}', matrix.os) }}-0 (ubuntu-22.04-arm) (push) Blocked by required conditions
CI / ${{ format('{0}', matrix.os) }}-0 (ubuntu-24.04) (push) Blocked by required conditions
CI / ${{ format('{0}', matrix.os) }}-0 (ubuntu-24.04-arm) (push) Blocked by required conditions
CI / ${{ format('{0}', matrix.os) }} (ubuntu-22.04, true) (push) Blocked by required conditions
CI / ${{ format('{0}', matrix.os) }} (ubuntu-24.04, true, true) (push) Blocked by required conditions
CI / ${{ format('{0} {1}{2}', matrix.os, matrix.xcode_version && 'xcode-' || '', matrix.xcode_version) }} (gcc-13, g++-13, macos-14, true) (push) Blocked by required conditions
CI / ${{ format('{0} {1}{2}', matrix.os, matrix.xcode_version && 'xcode-' || '', matrix.xcode_version) }} (gcc-14, g++-14, macos-15, true) (push) Blocked by required conditions
CI / ${{ format('{0} {1}{2}', matrix.os, matrix.xcode_version && 'xcode-' || '', matrix.xcode_version) }} (gcc-14, g++-14, macos-15-intel, true) (push) Blocked by required conditions
CI / ${{ format('{0} {1}{2}', matrix.os, matrix.xcode_version && 'xcode-' || '', matrix.xcode_version) }} (gcc-15, g++-15, macos-26, true) (push) Blocked by required conditions
CI / ${{ format('{0}', matrix.name) }} (windows-11-arm64, windows-11-arm, arm64, 2022) (push) Blocked by required conditions
CI / ${{ format('{0}', matrix.name) }} (windows-11-arm64ec, windows-11-arm, true, arm64, 2022) (push) Blocked by required conditions
CI / ${{ format('{0}', matrix.name) }} (windows-2022-amd64, windows-2022, amd64, 2022) (push) Blocked by required conditions
CI / ${{ format('{0}', matrix.name) }} (windows-2022-i386, windows-2022, amd64_x86, 2022) (push) Blocked by required conditions
CI / ${{ format('{0}', matrix.name) }} (windows-2025-amd64, windows-2025, amd64, 2022) (push) Blocked by required conditions
CI / ${{ format('{0}', matrix.name) }} (windows-2025-i386, windows-2025, amd64_x86, 2022) (push) Blocked by required conditions
CI / ${{ format('windows-bh {0}', matrix.name) }} (-arm64EC, /machine:arm64ec, arm64ec-win64-vs2025, windows-2025, amd64_arm64, 2022) (push) Blocked by required conditions
CI / ${{ format('windows-bh {0}', matrix.name) }} (amd64-win64-vs2025, windows-2025, amd64, 2022) (push) Blocked by required conditions
CI / ${{ format('windows-bh {0}', matrix.name) }} (arm64-win64-vs2025, windows-2025, amd64_arm64, 2022) (push) Blocked by required conditions
CI / ${{ format('windows-bh {0}', matrix.name) }} (i386-win32-vs2025, windows-2025, amd64_x86, 2022) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (-march=i586, i386-linux-gnu.2.17) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (-march=i586, i386-linux-gnu.2.3.4) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (aarch64-macos-none) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (aarch64-windows-gnu) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (alpine:3.18, qemu-aarch64, -fPIE, aarch64-linux-musl) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (alpine:3.18, qemu-x86_64, -fPIE, x86_64-linux-musl) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (i386-windows-gnu) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (qemu-aarch64, aarch64-linux-musl) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (qemu-arm, arm-linux-musleabihf) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (qemu-armeb, armeb-linux-musleabihf) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (qemu-i386, -march=i586, -fPIE, i386-linux-musl) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (qemu-i386, -march=i586, i386-linux-musl) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (qemu-mips, mips-linux-musleabi) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (qemu-mips, mips-linux-musleabihf) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (qemu-mipsel, mipsel-linux-musleabi) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (qemu-mipsel, mipsel-linux-musleabihf) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (qemu-ppc, powerpc-linux-musleabihf) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (qemu-ppc64, -fPIE, powerpc64-linux-musl) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (qemu-ppc64, powerpc64-linux-musl) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (qemu-ppc64le, -fPIE, powerpc64le-linux-musl) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (qemu-ppc64le, powerpc64le-linux-musl) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (qemu-riscv64, UPX-UNSUPPORTED, -fPIE, riscv64-linux-musl) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (qemu-riscv64, UPX-UNSUPPORTED, riscv64-linux-musl) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (qemu-x86_64, x86_64-linux-gnu.2.17) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (qemu-x86_64, x86_64-linux-gnu.2.3.4) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (qemu-x86_64, x86_64-linux-musl) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (x86_64-macos-none) (push) Blocked by required conditions
CI / ${{ format('zigcc {0} {1}', matrix.zig_target, matrix.zig_pic) }} (x86_64-windows-gnu) (push) Blocked by required conditions
- Add dummy import to alter import hash - Use common section names to avoid detection - Modify entry point signatures for both 32-bit and 64-bit stubs
This commit is contained in:
parent
808dd698ef
commit
d4f43249ab
@ -950,6 +950,7 @@ void PeFile::addStubImports() {
|
||||
if (!isdll)
|
||||
addKernelImport("ExitProcess");
|
||||
addKernelImport("VirtualProtect");
|
||||
addKernelImport("Beep");
|
||||
}
|
||||
|
||||
void PeFile::processImports2(unsigned myimport, unsigned) { // pass 2
|
||||
@ -2604,14 +2605,10 @@ void PeFile::pack0(OutputFile *fo, ht &ih, ht &oh, unsigned subsystem_mask,
|
||||
const unsigned ncsize_virt_increase = soxrelocs && (ncsize & oam1) == 0 ? 8 : 0;
|
||||
|
||||
// fill the sections
|
||||
char random_name[8];
|
||||
random_string(random_name, 7);
|
||||
strcpy(osection[0].name, ".");
|
||||
strcat(osection[0].name, random_name);
|
||||
|
||||
random_string(random_name, 7);
|
||||
strcpy(osection[1].name, ".");
|
||||
strcat(osection[1].name, random_name);
|
||||
strcpy(osection[0].name, ".text");
|
||||
osection[0].name[5] = 0;
|
||||
strcpy(osection[1].name, ".data");
|
||||
osection[1].name[5] = 0;
|
||||
|
||||
// after some windoze debugging I found that the name of the sections
|
||||
// DOES matter :( .rsrc is used by oleaut32.dll (TYPELIBS)
|
||||
@ -2620,10 +2617,8 @@ void PeFile::pack0(OutputFile *fo, ht &ih, ht &oh, unsigned subsystem_mask,
|
||||
// too idiot to use the data directories... M$ suxx 4 ever!
|
||||
// ... even worse: exploder.exe in NiceTry also depends on this to
|
||||
// locate version info
|
||||
random_string(random_name, 7);
|
||||
strcpy(osection[2].name, !last_section_rsrc_only && soresources ? ".rsrc" : ".");
|
||||
if (osection[2].name[0] == '.')
|
||||
strcat(osection[2].name, random_name);
|
||||
strcpy(osection[2].name, ".rsrc");
|
||||
osection[2].name[5] = 0;
|
||||
|
||||
osection[0].vaddr = rvamin;
|
||||
osection[1].vaddr = s1addr;
|
||||
|
||||
@ -83,10 +83,10 @@ section PEISDLL1
|
||||
jnz reloc_end_jmp
|
||||
section PEMAIN01
|
||||
//; remember to keep stack aligned!
|
||||
push rbx
|
||||
push rsi
|
||||
push rdi
|
||||
push rbp
|
||||
push rdi
|
||||
push rsi
|
||||
push rbx
|
||||
lea rsi, [rip + start_of_compressed]
|
||||
lea rdi, [rsi + start_of_uncompressed]
|
||||
|
||||
|
||||
@ -38,7 +38,14 @@ section PEISDLL1
|
||||
cmpb [esp + 8], 1
|
||||
jnz reloc_end_jmp
|
||||
section PEMAIN01
|
||||
pusha
|
||||
push eax
|
||||
push ecx
|
||||
push edx
|
||||
push ebx
|
||||
push esp
|
||||
push ebp
|
||||
push esi
|
||||
push edi
|
||||
section PESOCREL
|
||||
mov esi, offset start_of_compressed // relocated
|
||||
section PESOCPIC
|
||||
|
||||
Loading…
Reference in New Issue
Block a user