├── run ├── main.cpp ├── run.vcxproj.user ├── run.vcxproj.filters └── run.vcxproj ├── obj-shellcode ├── src │ ├── lib.cpp │ └── main.cpp ├── bin │ ├── run_Debug_Win32.exe │ ├── payload_Debug_Win32.lib │ ├── shellcode-payload.bin │ ├── obj-shellcode_Win32_Debug.exe │ └── payload.hpp ├── include │ ├── rang_impl.hpp │ ├── misc.hpp │ ├── lib.h │ ├── rang.hpp │ └── span.hpp ├── obj-shellcode.vcxproj.user ├── obj-shellcode.vcxproj.filters ├── obj-shellcode.sln └── obj-shellcode.vcxproj ├── payload ├── call-extern-demo.cpp ├── framework.h ├── pch.cpp ├── payload.vcxproj.user ├── pch.h ├── shellcode.h ├── payload.vcxproj.filters ├── payload.cpp ├── xorstr.hpp ├── payload.vcxproj └── lazy_importer.hpp └── README.md /run/main.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wudun7/obj2shellcode/HEAD/run/main.cpp -------------------------------------------------------------------------------- /obj-shellcode/src/lib.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wudun7/obj2shellcode/HEAD/obj-shellcode/src/lib.cpp -------------------------------------------------------------------------------- /obj-shellcode/src/main.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wudun7/obj2shellcode/HEAD/obj-shellcode/src/main.cpp -------------------------------------------------------------------------------- /payload/call-extern-demo.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wudun7/obj2shellcode/HEAD/payload/call-extern-demo.cpp -------------------------------------------------------------------------------- /payload/framework.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #define WIN32_LEAN_AND_MEAN // 从 Windows 头文件中排除极少使用的内容 4 | -------------------------------------------------------------------------------- /payload/pch.cpp: -------------------------------------------------------------------------------- 1 | // pch.cpp: 与预编译标头对应的源文件 2 | 3 | #include "pch.h" 4 | 5 | // 当使用预编译的头时,需要使用此源文件,编译才能成功。 6 | -------------------------------------------------------------------------------- /obj-shellcode/bin/run_Debug_Win32.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wudun7/obj2shellcode/HEAD/obj-shellcode/bin/run_Debug_Win32.exe -------------------------------------------------------------------------------- /obj-shellcode/bin/payload_Debug_Win32.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wudun7/obj2shellcode/HEAD/obj-shellcode/bin/payload_Debug_Win32.lib -------------------------------------------------------------------------------- /obj-shellcode/bin/shellcode-payload.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wudun7/obj2shellcode/HEAD/obj-shellcode/bin/shellcode-payload.bin -------------------------------------------------------------------------------- /obj-shellcode/bin/obj-shellcode_Win32_Debug.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wudun7/obj2shellcode/HEAD/obj-shellcode/bin/obj-shellcode_Win32_Debug.exe -------------------------------------------------------------------------------- /run/run.vcxproj.user: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | -------------------------------------------------------------------------------- /payload/payload.vcxproj.user: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | -------------------------------------------------------------------------------- /payload/pch.h: -------------------------------------------------------------------------------- 1 | // pch.h: 这是预编译标头文件。 2 | // 下方列出的文件仅编译一次,提高了将来生成的生成性能。 3 | // 这还将影响 IntelliSense 性能,包括代码完成和许多代码浏览功能。 4 | // 但是,如果此处列出的文件中的任何一个在生成之间有更新,它们全部都将被重新编译。 5 | // 请勿在此处添加要频繁更新的文件,这将使得性能优势无效。 6 | 7 | #ifndef PCH_H 8 | #define PCH_H 9 | 10 | // 添加要在此处预编译的标头 11 | #include "framework.h" 12 | 13 | #endif //PCH_H 14 | -------------------------------------------------------------------------------- /obj-shellcode/include/rang_impl.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "rang.hpp" 3 | template 4 | void __DbgPrint(const char *identifier, rang::fg color, const char *format, Args... args) { 5 | 6 | char buffer[2500] = {'\0'}; 7 | sprintf_s(buffer + strlen(buffer), 2500 - strlen(buffer), format, args...); 8 | sprintf_s(buffer + strlen(buffer), 2500 - strlen(buffer), "\n"); 9 | std::cout << "[ " << rang::style::bold << color << identifier << rang::style::reset << rang::fg::reset << " ]" 10 | << buffer; 11 | } 12 | 13 | #define erro(...) __DbgPrint("erro", rang::fg::red, __VA_ARGS__) 14 | #define info(...) __DbgPrint("info", rang::fg::blue, __VA_ARGS__) 15 | #define important(...) __DbgPrint("important", rang::fg::magenta, __VA_ARGS__) 16 | #define success(...) __DbgPrint("success", rang::fg::green, __VA_ARGS__) 17 | 18 | #define ERO(...) erro(__VA_ARGS__) 19 | #define INF(...) info( __VA_ARGS__) 20 | #define IMP(...) important(__VA_ARGS__) 21 | #define SUC(...) success(__VA_ARGS__) -------------------------------------------------------------------------------- /run/run.vcxproj.filters: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | 源文件 20 | 21 | 22 | -------------------------------------------------------------------------------- /payload/shellcode.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "lazy_importer.hpp" 3 | #ifndef _M_IX86 4 | #include "xorstr.hpp" 5 | #else 6 | #define xorstr_(str) (str) 7 | #endif // 8 | 9 | #include 10 | #include 11 | #define SC_EXPORT extern "C" _declspec(dllexport) 12 | #define SC_EXPORT_DATA(type, data) \ 13 | extern "C" _declspec(dllexport) type data; \ 14 | type data; 15 | 16 | template 17 | constexpr size_t ArrNum(T (&A)[N]) { 18 | return N; 19 | } 20 | 21 | template 22 | void __DbgPrint(const char *format, Args... args) { 23 | CHAR buf[512]; 24 | LI_FN(memset)(buf, 0, sizeof(buf)); 25 | LI_FN(sprintf) 26 | (buf, format, args...); 27 | LI_FN(OutputDebugStringA)(buf); 28 | } 29 | 30 | #ifdef _DEBUG 31 | #define DbgPrint(format, ...) __DbgPrint("[ payload ]" format "\t --line: %05d \n", __VA_ARGS__, __LINE__) 32 | #else 33 | #define DbgPrint(format, ...) 34 | #endif // _DEBUG 35 | 36 | -------------------------------------------------------------------------------- /obj-shellcode/obj-shellcode.vcxproj.user: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | true 5 | 6 | 7 | $(ProjectDir)bin 8 | WindowsLocalDebugger 9 | 10 | 11 | $(ProjectDir)bin 12 | WindowsLocalDebugger 13 | 14 | 15 | $(ProjectDir)bin 16 | WindowsLocalDebugger 17 | 18 | 19 | $(ProjectDir)bin 20 | WindowsLocalDebugger 21 | 22 | -------------------------------------------------------------------------------- /obj-shellcode/include/misc.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | #include 4 | #include 5 | #include 6 | inline std::string &replace_all(std::string &str, const std::string &old_value, const std::string &new_value) { 7 | while (true) { 8 | std::string::size_type pos(0); 9 | if ((pos = str.find(old_value)) != std::string::npos) 10 | str.replace(pos, old_value.length(), new_value); 11 | else 12 | break; 13 | } 14 | return str; 15 | } 16 | inline void buffer_to_file_bin(unsigned char *buffer, size_t buffer_size, const std::string &filename) { 17 | std::ofstream file(filename, std::ios_base::out | std::ios_base::binary | std::ios_base::app); 18 | file.write((const char *)buffer, buffer_size); 19 | file.close(); 20 | } 21 | inline void open_binary_file(const std::string &file, std::vector &data) { 22 | std::ifstream fstr(file, std::ios::binary); 23 | fstr.unsetf(std::ios::skipws); 24 | fstr.seekg(0, std::ios::end); 25 | 26 | const auto file_size = fstr.tellg(); 27 | 28 | fstr.seekg(NULL, std::ios::beg); 29 | data.reserve(static_cast(file_size)); 30 | data.insert(data.begin(), std::istream_iterator(fstr), std::istream_iterator()); 31 | } 32 | 33 | -------------------------------------------------------------------------------- /payload/payload.vcxproj.filters: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | 源文件 20 | 21 | 22 | 源文件 23 | 24 | 25 | 26 | 27 | 头文件 28 | 29 | 30 | 头文件 31 | 32 | 33 | 头文件 34 | 35 | 36 | -------------------------------------------------------------------------------- /obj-shellcode/obj-shellcode.vcxproj.filters: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | 源文件 20 | 21 | 22 | 源文件 23 | 24 | 25 | 26 | 27 | 头文件 28 | 29 | 30 | 头文件 31 | 32 | 33 | 头文件 34 | 35 | 36 | 头文件 37 | 38 | 39 | 头文件 40 | 41 | 42 | -------------------------------------------------------------------------------- /obj-shellcode/obj-shellcode.sln: -------------------------------------------------------------------------------- 1 | 2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio Version 16 4 | VisualStudioVersion = 16.0.34301.259 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "obj-shellcode", "obj-shellcode.vcxproj", "{B8A15FCD-D5EA-4DE7-8B55-CBD4CBC81F8E}" 7 | EndProject 8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "payload", "..\payload\payload.vcxproj", "{06A9CD95-127D-46DC-9A5E-E7966716D356}" 9 | EndProject 10 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "run", "..\run\run.vcxproj", "{C951E5DF-E51E-4A53-A896-35BA0B18BE67}" 11 | EndProject 12 | Global 13 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 14 | Debug|x64 = Debug|x64 15 | Debug|x86 = Debug|x86 16 | Release|x64 = Release|x64 17 | Release|x86 = Release|x86 18 | EndGlobalSection 19 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 20 | {B8A15FCD-D5EA-4DE7-8B55-CBD4CBC81F8E}.Debug|x64.ActiveCfg = Debug|x64 21 | {B8A15FCD-D5EA-4DE7-8B55-CBD4CBC81F8E}.Debug|x64.Build.0 = Debug|x64 22 | {B8A15FCD-D5EA-4DE7-8B55-CBD4CBC81F8E}.Debug|x86.ActiveCfg = Debug|Win32 23 | {B8A15FCD-D5EA-4DE7-8B55-CBD4CBC81F8E}.Debug|x86.Build.0 = Debug|Win32 24 | {B8A15FCD-D5EA-4DE7-8B55-CBD4CBC81F8E}.Release|x64.ActiveCfg = Release|x64 25 | {B8A15FCD-D5EA-4DE7-8B55-CBD4CBC81F8E}.Release|x64.Build.0 = Release|x64 26 | {B8A15FCD-D5EA-4DE7-8B55-CBD4CBC81F8E}.Release|x86.ActiveCfg = Release|Win32 27 | {B8A15FCD-D5EA-4DE7-8B55-CBD4CBC81F8E}.Release|x86.Build.0 = Release|Win32 28 | {06A9CD95-127D-46DC-9A5E-E7966716D356}.Debug|x64.ActiveCfg = Debug|x64 29 | {06A9CD95-127D-46DC-9A5E-E7966716D356}.Debug|x64.Build.0 = Debug|x64 30 | {06A9CD95-127D-46DC-9A5E-E7966716D356}.Debug|x86.ActiveCfg = Debug|Win32 31 | {06A9CD95-127D-46DC-9A5E-E7966716D356}.Debug|x86.Build.0 = Debug|Win32 32 | {06A9CD95-127D-46DC-9A5E-E7966716D356}.Release|x64.ActiveCfg = Release|x64 33 | {06A9CD95-127D-46DC-9A5E-E7966716D356}.Release|x64.Build.0 = Release|x64 34 | {06A9CD95-127D-46DC-9A5E-E7966716D356}.Release|x86.ActiveCfg = Release|Win32 35 | {06A9CD95-127D-46DC-9A5E-E7966716D356}.Release|x86.Build.0 = Release|Win32 36 | {C951E5DF-E51E-4A53-A896-35BA0B18BE67}.Debug|x64.ActiveCfg = Debug|x64 37 | {C951E5DF-E51E-4A53-A896-35BA0B18BE67}.Debug|x64.Build.0 = Debug|x64 38 | {C951E5DF-E51E-4A53-A896-35BA0B18BE67}.Debug|x86.ActiveCfg = Debug|Win32 39 | {C951E5DF-E51E-4A53-A896-35BA0B18BE67}.Debug|x86.Build.0 = Debug|Win32 40 | {C951E5DF-E51E-4A53-A896-35BA0B18BE67}.Release|x64.ActiveCfg = Release|x64 41 | {C951E5DF-E51E-4A53-A896-35BA0B18BE67}.Release|x64.Build.0 = Release|x64 42 | {C951E5DF-E51E-4A53-A896-35BA0B18BE67}.Release|x86.ActiveCfg = Release|Win32 43 | {C951E5DF-E51E-4A53-A896-35BA0B18BE67}.Release|x86.Build.0 = Release|Win32 44 | EndGlobalSection 45 | GlobalSection(SolutionProperties) = preSolution 46 | HideSolutionNode = FALSE 47 | EndGlobalSection 48 | GlobalSection(ExtensibilityGlobals) = postSolution 49 | SolutionGuid = {B8C3CE69-F042-448D-826C-06E5801737AE} 50 | EndGlobalSection 51 | EndGlobal 52 | -------------------------------------------------------------------------------- /obj-shellcode/include/lib.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "span.hpp" 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | 12 | namespace weaponslib2{ 13 | 14 | 15 | template 16 | constexpr bool same_str(const char* str, const char(&str_c)[N]) { 17 | return (strncmp(str, str_c, N - 1) == 0); 18 | } 19 | template 20 | constexpr bool same_str(const char(&str_c)[N], const char* str) { 21 | return (strncmp(str, str_c, N - 1) == 0); 22 | } 23 | 24 | inline 25 | std::vector split_str(const std::string& s, char delim = ' ') { 26 | std::vector tokens; 27 | auto string_find_first_not = [s, delim](size_t pos = 0) -> size_t { 28 | for (size_t i = pos; i < s.size(); i++) { 29 | if (s[i] != delim) 30 | return i; 31 | } 32 | return std::string::npos; 33 | }; 34 | size_t lastPos = string_find_first_not(0); 35 | size_t pos = s.find(delim, lastPos); 36 | while (lastPos != std::string::npos) { 37 | tokens.emplace_back(s.substr(lastPos, pos - lastPos)); 38 | lastPos = string_find_first_not(pos); 39 | pos = s.find(delim, lastPos); 40 | } 41 | return tokens; 42 | } 43 | 44 | 45 | class obj { 46 | 47 | public: 48 | obj(uint8_t* buffer, size_t size) :m_buffer(buffer), m_size(size) {}; 49 | ~obj() {}; 50 | 51 | uint8_t* getBuffer() { return m_buffer; }; 52 | 53 | std::tuplegetInfo() 54 | { 55 | return { m_buffer,m_size }; 56 | } 57 | 58 | std::vector& exports(); 59 | tcb::span& symbols(); 60 | tcb::span& sections(); 61 | tcb::span& relocations(PIMAGE_SECTION_HEADER section_header); 62 | 63 | void walkSymbols(std::function _call); 64 | const char* getSymbolNameByImageSymble(IMAGE_SYMBOL& symbol); 65 | IMAGE_SYMBOL* getImageSymbleBySymbolName(std::string symName); 66 | 67 | private: 68 | size_t m_size; 69 | uint8_t* m_buffer; 70 | std::vector m_exports; 71 | tcb::span m_symbols; 72 | tcb::span m_sections; 73 | tcb::span empty_relocations; 74 | std::unordered_map> m_relocations; 75 | const char* m_stringT = 0; 76 | }; 77 | 78 | 79 | class lib { 80 | public: 81 | 82 | //lib(std::string&& path); 83 | lib(std::string path); 84 | ~lib(); 85 | 86 | bool isLib(); 87 | std::vector& objs(); 88 | 89 | void printobjs() 90 | { 91 | for (auto obj : m_objs) 92 | { 93 | auto info = obj.getInfo(); 94 | std::cout << "obj address: " << std::hex << static_cast(std::get(info)) << " obj size: "<< std::get(info) << std::endl; 95 | } 96 | } 97 | 98 | protected: 99 | void readLib(const std::string& file); 100 | 101 | uint8_t* getFirstObjSection(); 102 | bool bImportlibraryFormat(uint8_t* pSect); 103 | private: 104 | std::vector m_buffer; 105 | std::vector m_objs; 106 | }; 107 | } 108 | -------------------------------------------------------------------------------- /payload/payload.cpp: -------------------------------------------------------------------------------- 1 | // payload.cpp : 定义静态库的函数。 2 | // 3 | #include "shellcode.h" 4 | #include "xorstr.hpp" 5 | #include "lazy_importer.hpp" 6 | #include 7 | // TODO: 这是一个库函数示例 8 | 9 | #ifndef _WIN64 10 | 11 | __declspec(naked) uint8_t* getEip() 12 | { 13 | __asm 14 | { 15 | call NEXT 16 | NEXT : 17 | pop eax 18 | ret 19 | } 20 | } 21 | 22 | SC_EXPORT DWORD fix(LPVOID lpParameter) 23 | { 24 | uint8_t* eax = getEip(); 25 | 26 | do 27 | { 28 | if (eax[0] != 0xDE || 29 | eax[1] != 0xC0 || 30 | eax[2] != 0xAD || 31 | eax[3] != 0xDE 32 | ) 33 | { 34 | eax--; 35 | continue; 36 | } 37 | else 38 | break; 39 | 40 | } while (true); 41 | 42 | uint8_t* base = eax; 43 | eax = getEip(); 44 | 45 | do { 46 | if (eax[0] != 0xDE || 47 | eax[1] != 0xC0 || 48 | eax[2] != 0xAD || 49 | eax[3] != 0xDE 50 | ) 51 | { 52 | eax++; 53 | continue; 54 | } 55 | else 56 | break; 57 | 58 | } while (true); 59 | 60 | uint8_t* dir_rel = eax; 61 | uint32_t count = *(uint32_t*)(dir_rel + 0x4); 62 | 63 | dir_rel += 0x8; 64 | 65 | if (count > 0) 66 | { 67 | for (uint32_t i = 0; i < count; i++) 68 | { 69 | uint32_t* place = (uint32_t*)((*(uint32_t*)dir_rel) + base + 0x4); 70 | *place = (uint32_t)(*place + base + 0x4); 71 | dir_rel += 0x4; 72 | } 73 | } 74 | 75 | return 0; 76 | } 77 | 78 | 79 | #endif // 80 | 81 | extern void ShellcodeFunctionCallExternExample(void); 82 | const char* globalStr = "helloworld"; 83 | const char* globalStr1 = "你好中国:》"; 84 | int globalVar = 0x414141; 85 | 86 | SC_EXPORT_DATA(volatile unsigned int, CaptureWidth) 87 | SC_EXPORT_DATA(volatile unsigned int, CaptureHeight) 88 | #ifdef _WIN64 89 | SC_EXPORT_DATA(volatile unsigned int, Eight000) 90 | #else 91 | SC_EXPORT_DATA(volatile unsigned int, Seven00) 92 | #endif // _WIN64 93 | 94 | 95 | 96 | void printStatic() 97 | { 98 | static int sta = 0; 99 | LI_FN(printf)("static value: %d\n", sta++); 100 | } 101 | 102 | 103 | /* shallcode 入口示例 */ 104 | SC_EXPORT DWORD ShellcodeFunctionEntryPointExample(LPVOID lpParameter) 105 | { 106 | 107 | // 调试输出 108 | DbgPrint("Thread lpParameter %d", lpParameter); 109 | 110 | // 使用 sprintf 、 字符串 、 以及编译器常量 111 | /* 112 | 32位 CHAR buf[512] = { 0 }会调用c库函数_memset, 64位使用rep指令 113 | 所以32位不应这样初始化,需显示调用LI_FN(memset)或者使用宏SecureZeroMemory 114 | */ 115 | CHAR buf[512]; 116 | SecureZeroMemory(buf, sizeof(buf)); 117 | LI_FN(sprintf)(buf, "Hello The thread parameter is 0x%p and The function name is %s", lpParameter, __FUNCTION__); 118 | 119 | //使用系统 API 120 | LI_FN(MessageBoxA)(HWND(0), buf,"Display from shellcode", MB_OK | MB_TOPMOST); 121 | 122 | LI_FN(printf)("globalVar: %d\n",globalVar); 123 | LI_FN(printf)("globalStr: %s\n",globalStr); 124 | LI_FN(printf)("globalStr: %s\n", globalStr1); 125 | 126 | // 跨.cpp调用函数 可以通过 extern,也可以通过在共同头文件中给出声明 127 | ShellcodeFunctionCallExternExample(); 128 | 129 | int count = 0; 130 | 131 | do { 132 | printStatic(); 133 | count++; 134 | } while (count < 3); 135 | 136 | auto a = [](const char* str) 137 | { 138 | LI_FN(printf)("lambda str: %s\n", str); 139 | }; 140 | 141 | a("lambda test"); 142 | 143 | return 0; 144 | } 145 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # obj2shellcode 2 | 3 | 基于[shellcode-factory](https://github.com/lainswork/shellcode-factory) 4 | 5 | ## 新增特性 6 | 7 | 支持编译32位shellcode 8 | 9 | 支持使用全局字符串(64位依旧不支持,重定位类型为IMAGE_REL_AMD64_ADDR64(1)) 10 | 11 | ## 注意事项(项目已经设置好) 12 | 13 | - 编译payload时设置LAZY_IMPORTER_HARDENED_MODULE_CHECKS预定义宏,设置lazy_importer模块检查 14 | 15 | - 32位shellcode需要自修补重定位,所以shellcode内存需要有可写权限 16 | 17 | - 需要开启优化 18 | 19 | - 32位 CHAR buf[512] = { 0 }会调用c库函数_memset, 64位使用rep指令 20 | 所以32位不应这样初始化,需显示调用LI_FN(memset)或者使用宏SecureZeroMemory 21 | 22 | ## 文件说明 23 | 24 | obj-shellcode: 解析并提取shellcode 25 | 26 | payload:shellcode 编写模板 27 | 28 | run:shellcode测试加载器 29 | 30 | ---------------------------------------分割线------------------------------------------- 31 | 32 | # [shellcode-factory](https://github.com/lainswork/shellcode-factory) 33 | 34 | ## 一个简单`shellcode`生成框架,使用后可以变得开心。(开发中...) 35 | 36 | [![LICENSE](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE) 37 | [![](https://img.shields.io/badge/OS-any-brightgreen)]() 38 | [![](https://img.shields.io/badge/compiler-any-brightgreen)]() 39 | 40 |
41 | 42 | # shellcode特点 43 | 44 | > 位置无关,在执行或注入前无需进行任何额外的处理。 45 | 46 | > 简洁小巧,可以轻松的在不同的功能中实现通用的功能。 47 | 48 | # 更新 49 | 50 | > - 加入了DWM屏幕截图 demo 51 | > - 更新了一些bug 现在框架能作为生产工具安全使用 52 | 53 | # 使用方法 54 | 55 | ```shell 56 | // 确保你已经安装了VS2019或以上 Make sure u have installed Visual Studio 2019 or later version 57 | // 打开PowerShell并进入一个为项目准备的文件夹,依次输入以下命令, Enter the following commands in PowerShell 58 | 59 | > git clone https://github.com/lainswork/shellcode-factory.git 60 | 61 | > cd shellcode-factory 62 | 63 | > devenv shellcode-factory.sln /build "Debug|x64" /Project shellcode-generator 64 | 65 | > cd ./x64/Debug 66 | 67 | > .\shellcode-generator 68 | 69 | // 现在你得到了 ./x64/Debug/payload.hpp Now, u get ./x64/Debug/payload.hpp 70 | ``` 71 | 72 | > MessageBox演示 73 | 74 | ![image](https://user-images.githubusercontent.com/36320938/159157628-21b95fcc-cb2c-409f-ad04-dbb889efc735.png) 75 | 76 | > dwm截屏演示 77 | 78 | https://user-images.githubusercontent.com/46841563/159622629-b337380b-7ca2-4f3a-b043-d278be75a08f.mp4 79 | 80 | # 起因与经过 81 | 82 | 21年中旬朋友在windows的dwm进程中发现一段异常执行的 "恶意代码", 83 | 在使用ida进行简单分析后得出结论:“该代码在dwm中 hook 相关渲染函数,恶意截取用户桌面画面”。 84 | 这段代码的来源指向了一款曾在2017年爆火网络的多人射击游戏,我们猜测其目的为:“截取用户游戏画面以判断用户是否在作弊”。 85 | 该shellcode引起了我的兴趣,它大概有如下特点: 86 | | data types | ranges | 87 | | ------- | ------- | 88 | | .api | 0x0000 - 0x1D00 | 89 | | .text | 0x1D00 - 0x2100 | 90 | | .data | 0x2100 - 0x5000 | 91 | 92 | 在这个shellcode中,存在一些只会被链接进exe的清单文件,我猜测:“该shellcode的开发者先使用编译器编译并链接了一个不带crt的exe 93 | 之后对该exe进行加壳,最后使用exe to shellcode类的工具生成该代码。” 94 | 95 | # 反思 96 | 97 | 类似的 shellcode 的生成过程似乎不是很可靠 (将无意义的清单文件留存在shellcode中与我们编写shellcode的目的相背离),好奇心驱使下,我搜寻了 windows 下 的 shellcode 编写方法,结果不如人意。 98 | 有的人使用dll to shellcode框架或工具 99 | 有的人直接在c++代码中写下两个“标记函数”,之后将两个“标记函数”地址之间的bytes复制出来。 100 | 下面是一些常见的框架: 101 | 102 | [Cobalt Strike 生成 shellcode](https://bbs.pediy.com/thread-271048.htm) 103 | 104 | [MSVC 配合 Get-PEHeader生成shellcode](https://zeronohacker.com/1544.html) 105 | 106 | [Win PE系列之导出表解析与ShellCode的编写及应用](https://bbs.pediy.com/thread-269753.htm) 107 | 108 | [基于C++的shellcode框架](https://bbs.pediy.com/thread-268639.htm) 109 | 110 | 我的目标是建立一个可以满足如下条件的shellcode生成框架: 111 | <<<<<<< HEAD 112 | 113 | * 不要让我用二进制编辑器来手动提取bytes 114 | * 它应该有扩展的可能性 115 | * 生成的shellcode应该与位置无关,在使用时只需要进行: 映射-执行 116 | * 要能使用全局变量(静态变量),因为我们可能使用静态字符串 117 | * 尽可能的支持新的c++标准 118 | 119 | 我们可以选择从编译链接入手,但是徒手撸编译器太难了,撸个小链接器却很容易 120 | ======= 121 | 122 | ```sh 123 | 1.不要让我用二进制编辑器来手动提取bytes 124 | 2.它应该有扩展的可能性 125 | 3.生成的shellcode应该与位置无关,在使用时只需要进行: 映射-执行 126 | 4.要能使用全局变量(静态变量),因为我们可能使用静态字符串 127 | 5.尽可能的支持新的c++标准 128 | ``` 129 | 130 | # 原理 131 | 132 | ### coff 133 | 134 | coff全称 通用对象文件格式(Common Object File Format),我们常用的PE(exe,dll,sys,lib,obj)文件都属于coff,但我们这里要说的,是lib。 135 | 当我们在VS中将编译目标设置为lib时,.lib文件其实是个.obj文件的文件包,其中包含了你编译的所有.obj文件(也就是我们c++源代码.cpp所编译后的文件)。 136 | 137 | ### obj 138 | 139 | .obj是 coff的一种,obj文件中包含我们编写的源代码编译后的字节码,其中包含了极其详细的符号信息:每个函数的名称、函数的字节码、静态数据的字节码、重定位信息、等等。 140 | 141 | ### shellcode 链接方法 142 | 143 | 其实我们要做的事情很简单,将所有bytes从obj中提取出来,对相对寻址进行重定位就可以生成我们要的shellcode 144 | 145 | # payload 代码 146 | 147 | > 使用 SC_EXPORT 标志公开函数 148 | 149 | ```C++ 150 | SC_EXPORT 151 | DWORD ShellCodeEntryPoint(LPVOID lpParameter) { 152 | CHAR buf[256] = {0}; 153 | LI_FN(sprintf)(buf, xorstr_( "函数%s 线程参数0x%p"), __FUNCDNAME__, lpParameter); 154 | LI_FN(MessageBoxA)(HWND(0), buf, xorstr_("来自shellcode的展示"), MB_OK); 155 | return 0; 156 | } 157 | 158 | SC_EXPORT 159 | DWORD ShellCodeEntryPoint2(LPVOID lpParameter) { 160 | CHAR buf[256] = {0}; 161 | LI_FN(sprintf)(buf, xorstr_("函数%s 线程参数0x%p"), __FUNCDNAME__, lpParameter); 162 | LI_FN(MessageBoxA)(HWND(0), buf, xorstr_("来自shellcode的展示"), MB_OK); 163 | return 0; 164 | } 165 | 166 | SC_EXPORT 167 | DWORD ShellCodeEntryPoint3(LPVOID lpParameter) { 168 | CHAR buf[256] = {0}; 169 | LI_FN(sprintf)(buf,xorstr_( "函数%s 线程参数0x%p"), __FUNCDNAME__, lpParameter); 170 | LI_FN(MessageBoxA)(HWND(0), buf, xorstr_("来自shellcode的展示"), MB_OK); 171 | return 0; 172 | } 173 | ``` 174 | 175 | > 使用 SC_EXPORT_DATA 公开全局变量 不要在 .h 中使用SC_EXPORT_DATA 176 | 177 | ```C++ 178 | SC_EXPORT_DATA(int, Xxxx) 179 | ``` 180 | 181 | > 使用内嵌函数 内嵌函数的具体规则请自己查询, 182 | 183 | ```C++ 184 | //使用内嵌函数 这个东西只在本cpp起作用,不要写在.h里面 写在每个cpp的最开头部分 185 | extern "C" { 186 | #pragma function(memset) 187 | void *__cdecl memset(void *dest, int value, size_t num) { 188 | __stosb(static_cast(dest), static_cast(value), num); 189 | return dest; 190 | } 191 | #pragma function(memcpy) 192 | void *__cdecl memcpy(void *dest, const void *src, size_t num) { 193 | __movsb(static_cast(dest), static_cast(src), num); 194 | return dest; 195 | } 196 | } 197 | ``` 198 | 199 | ##### 你可以在 payload 中做什么: 200 | 201 | - 使用新标准的c++代码,包括但不限于初始化列表、Lamda表达式、模板函数 202 | 203 | - 使用多个.cpp文件,这代表你可以将不同的代码写在不同的cpp中 204 | 205 | - 使用字符串、全局变量、导出全局变量相对shellcode的偏移 206 | 207 | - 使用面向对象与C++ STL模板 208 | 209 | - 使用开源库[xorstr](https://github.com/JustasMasiulis/xorstr) ,加密常量字符串 210 | 211 | ##### 你无法在 payload 中使用什么: 212 | 213 | - 不要使用全局初始化,因为shellcode不能进行 CRT init 214 | 215 | - 无法直接调用 系统API(这将在本框架优化后解决),暂时的调用api方法是 使用lazy_importer 216 | 217 | - 无法使用 __declspec(thread) Tls线程局部储存关键字(但可以使用windows apiTlsAlloc TlsSetValue TlsGetValue)来解决 218 | 219 | - 异常 try catch (没啥用,请忽略) 220 | 221 | - SDL检查(没啥用,请忽略) 222 | 223 | - 基本运行时检查(没啥用,请忽略) 224 | 225 | # 依赖 226 | 227 | - [lazy_importer](https://github.com/JustasMasiulis/lazy_importer) 228 | 229 | # 优势 230 | 231 | - 开启C++优化 /O1 232 | 233 | - 开发方便 234 | 235 | # 缺陷: 236 | 237 | ### 该框架只支持 X64 238 | 239 | 原因是目前没有好办法解决x86下的.data数据重定位问题,在x86下.data数据重定位类型为IMAGE_REL_I386_DIR32,意为"RVA 绝对虚拟地址" 240 | 但是假如你不在代码中使用静态字符串或者全局变量,你仍然可以使用x86编译 shellcode-payload.lib,并用 x86 shellcode-generator.exe生成相应的代码 241 | 242 | 对x86的支持,后面可能会通过硬编码插入来解决 243 | 244 | # Todo: 245 | 246 | 修改api导入策略,摆脱lazy_importer,实现可以在payload中直接使用api函数和crt函数的方法。 247 | 248 | 实现链接时混淆和虚拟化,这样我们可以将shellcode-generator(链接生成器)作为服务器功能,将payload.lib储存于服务器,每次执行shellcode获取都会生成完全不同的代码。(这个比较困难) 249 | 250 | ```mermaid 251 | graph TB 252 | di{C/C++ project
shellcode-payload.lib} --> sq[shellcode-generator.exe] 253 | 254 | sq[shellcode-generator.exe]--> e0((Vm/Obfuscator))-.->f0(shellcode 1) 255 | sq[shellcode-generator.exe]--> e1((Vm/Obfuscator))-.-> f1(shellcode 2) 256 | sq[shellcode-generator.exe]--> e2((Vm/Obfuscator))-.->f2(shellcode 3) 257 | sq[shellcode-generator.exe]--> e3((Vm/Obfuscator))-.-> f3(shellcode 4) 258 | sq[shellcode-generator.exe]--> e4((Vm/Obfuscator))-.->f4(shellcode 5) 259 | sq[shellcode-generator.exe]--> e5((Vm/Obfuscator))-.-> f..(shellcode ...) 260 | ``` 261 | -------------------------------------------------------------------------------- /run/run.vcxproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | Debug 14 | x64 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | 22 | 16.0 23 | Win32Proj 24 | {c951e5df-e51e-4a53-a896-35ba0b18be67} 25 | run 26 | 10.0 27 | 28 | 29 | 30 | Application 31 | true 32 | v142 33 | Unicode 34 | 35 | 36 | Application 37 | false 38 | v142 39 | true 40 | Unicode 41 | 42 | 43 | Application 44 | true 45 | v142 46 | Unicode 47 | 48 | 49 | Application 50 | false 51 | v142 52 | true 53 | Unicode 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | true 75 | $(solutiondir)bin\ 76 | bin\intermediate 77 | $(projectname)_$(configuration)_$(platform) 78 | 79 | 80 | false 81 | $(solutiondir)bin\ 82 | bin\intermediate 83 | $(projectname)_$(configuration)_$(platform) 84 | 85 | 86 | true 87 | $(solutiondir)bin\ 88 | bin\intermediate 89 | $(projectname)_$(configuration)_$(platform) 90 | 91 | 92 | false 93 | $(solutiondir)bin\ 94 | bin\intermediate 95 | $(projectname)_$(configuration)_$(platform) 96 | 97 | 98 | 99 | Level3 100 | true 101 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) 102 | true 103 | $(solutiondir)bin\;%(AdditionalIncludeDirectories) 104 | 105 | 106 | Console 107 | true 108 | 109 | 110 | 111 | 112 | Level3 113 | true 114 | true 115 | true 116 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 117 | true 118 | $(solutiondir)bin\;%(AdditionalIncludeDirectories) 119 | 120 | 121 | Console 122 | true 123 | true 124 | true 125 | 126 | 127 | 128 | 129 | Level3 130 | true 131 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions) 132 | true 133 | $(solutiondir)bin\;%(AdditionalIncludeDirectories) 134 | 135 | 136 | Console 137 | true 138 | 139 | 140 | 141 | 142 | Level3 143 | true 144 | true 145 | true 146 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 147 | true 148 | $(solutiondir)bin\;%(AdditionalIncludeDirectories) 149 | 150 | 151 | Console 152 | true 153 | true 154 | true 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | -------------------------------------------------------------------------------- /obj-shellcode/obj-shellcode.vcxproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | Debug 14 | x64 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | 22 | 16.0 23 | Win32Proj 24 | {b8a15fcd-d5ea-4de7-8b55-cbd4cbc81f8e} 25 | objshellcode 26 | 10.0 27 | 28 | 29 | 30 | Application 31 | true 32 | v142 33 | Unicode 34 | 35 | 36 | Application 37 | false 38 | v142 39 | true 40 | Unicode 41 | 42 | 43 | Application 44 | true 45 | v142 46 | Unicode 47 | 48 | 49 | Application 50 | false 51 | v142 52 | true 53 | Unicode 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | true 75 | $(solutiondir)bin\ 76 | $(solutiondir)bin\intermediate\ 77 | $(ProjectName)_$(Platform)_$(Configuration) 78 | 79 | 80 | false 81 | $(solutiondir)bin\ 82 | $(solutiondir)bin\intermediate\ 83 | $(ProjectName)_$(Platform)_$(Configuration) 84 | 85 | 86 | true 87 | $(solutiondir)bin\ 88 | $(solutiondir)bin\intermediate\ 89 | $(ProjectName)_$(Platform)_$(Configuration) 90 | 91 | 92 | false 93 | $(solutiondir)bin\ 94 | $(solutiondir)bin\intermediate\ 95 | $(ProjectName)_$(Platform)_$(Configuration) 96 | 97 | 98 | 99 | Level3 100 | true 101 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) 102 | true 103 | stdcpp14 104 | MultiThreadedDebug 105 | $(solutiondir)include 106 | 107 | 108 | Console 109 | true 110 | 111 | 112 | 113 | 114 | Level3 115 | true 116 | true 117 | true 118 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 119 | true 120 | stdcpp20 121 | MultiThreaded 122 | $(solutiondir)include 123 | 124 | 125 | Console 126 | true 127 | true 128 | true 129 | 130 | 131 | 132 | 133 | Level3 134 | true 135 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions) 136 | true 137 | stdcpp14 138 | MultiThreadedDebugDLL 139 | $(solutiondir)include 140 | 141 | 142 | Console 143 | true 144 | 145 | 146 | 147 | 148 | Level3 149 | true 150 | true 151 | true 152 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 153 | true 154 | stdcpp20 155 | MultiThreaded 156 | $(solutiondir)include 157 | 158 | 159 | Console 160 | true 161 | true 162 | true 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | -------------------------------------------------------------------------------- /payload/xorstr.hpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2017 - 2020 Justas Masiulis 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #ifndef JM_XORSTR_HPP 18 | #define JM_XORSTR_HPP 19 | #define JM_XORSTR_DISABLE_AVX_INTRINSICS 20 | #include 21 | #include 22 | #include 23 | #include 24 | #include 25 | 26 | #define xorstr(str) ::jm::xor_string([]() { return str; }, std::integral_constant{}, std::make_index_sequence<::jm::detail::_buffer_size()>{}) 27 | #define xorstr_(str) xorstr(str).crypt_get() 28 | 29 | #ifdef _MSC_VER 30 | #define XORSTR_FORCEINLINE __forceinline 31 | #else 32 | #define XORSTR_FORCEINLINE __attribute__((always_inline)) inline 33 | #endif 34 | 35 | #if defined(__clang__) || defined(__GNUC__) 36 | #define JM_XORSTR_LOAD_FROM_REG(x) ::jm::detail::load_from_reg(x) 37 | #else 38 | #define JM_XORSTR_LOAD_FROM_REG(x) (x) 39 | #endif 40 | 41 | namespace jm { 42 | 43 | namespace detail { 44 | 45 | template 46 | XORSTR_FORCEINLINE constexpr std::size_t _buffer_size() 47 | { 48 | return ((Size / 16) + (Size % 16 != 0)) * 2; 49 | } 50 | 51 | template 52 | XORSTR_FORCEINLINE constexpr std::uint32_t key4() noexcept 53 | { 54 | std::uint32_t value = Seed; 55 | for(char c : __TIME__) 56 | value = static_cast((value ^ c) * 16777619ull); 57 | return value; 58 | } 59 | 60 | template 61 | XORSTR_FORCEINLINE constexpr std::uint64_t key8() 62 | { 63 | constexpr auto first_part = key4<2166136261 + S>(); 64 | constexpr auto second_part = key4(); 65 | return (static_cast(first_part) << 32) | second_part; 66 | } 67 | 68 | // loads up to 8 characters of string into uint64 and xors it with the key 69 | template 70 | XORSTR_FORCEINLINE constexpr std::uint64_t 71 | load_xored_str8(std::uint64_t key, std::size_t idx, const CharT* str) noexcept 72 | { 73 | using cast_type = typename std::make_unsigned::type; 74 | constexpr auto value_size = sizeof(CharT); 75 | constexpr auto idx_offset = 8 / value_size; 76 | 77 | std::uint64_t value = key; 78 | for(std::size_t i = 0; i < idx_offset && i + idx * idx_offset < N; ++i) 79 | value ^= 80 | (std::uint64_t{ static_cast(str[i + idx * idx_offset]) } 81 | << ((i % idx_offset) * 8 * value_size)); 82 | 83 | return value; 84 | } 85 | 86 | // forces compiler to use registers instead of stuffing constants in rdata 87 | XORSTR_FORCEINLINE std::uint64_t load_from_reg(std::uint64_t value) noexcept 88 | { 89 | #if defined(__clang__) || defined(__GNUC__) 90 | asm("" : "=r"(value) : "0"(value) :); 91 | #endif 92 | return value; 93 | } 94 | 95 | template 96 | struct uint64_v { 97 | constexpr static std::uint64_t value = V; 98 | }; 99 | 100 | } // namespace detail 101 | 102 | template 103 | class xor_string; 104 | 105 | template 106 | class xor_string, std::index_sequence> { 107 | #ifndef JM_XORSTR_DISABLE_AVX_INTRINSICS 108 | constexpr static inline std::uint64_t alignment = ((Size > 16) ? 32 : 16); 109 | #else 110 | constexpr static inline std::uint64_t alignment = 16; 111 | #endif 112 | 113 | alignas(alignment) std::uint64_t _storage[sizeof...(Keys)]; 114 | 115 | public: 116 | using value_type = CharT; 117 | using size_type = std::size_t; 118 | using pointer = CharT*; 119 | using const_pointer = const CharT*; 120 | 121 | template 122 | XORSTR_FORCEINLINE xor_string(L l, std::integral_constant, std::index_sequence) noexcept 123 | : _storage{ JM_XORSTR_LOAD_FROM_REG(detail::uint64_v(Keys, Indices, l())>::value)... } 124 | {} 125 | 126 | XORSTR_FORCEINLINE constexpr size_type size() const noexcept 127 | { 128 | return Size - 1; 129 | } 130 | 131 | XORSTR_FORCEINLINE void crypt() noexcept 132 | { 133 | #if defined(__clang__) 134 | alignas(alignment) 135 | std::uint64_t arr[]{ JM_XORSTR_LOAD_FROM_REG(Keys)... }; 136 | std::uint64_t* keys = 137 | (std::uint64_t*)JM_XORSTR_LOAD_FROM_REG((std::uint64_t)arr); 138 | #else 139 | alignas(alignment) std::uint64_t keys[]{ JM_XORSTR_LOAD_FROM_REG(Keys)... }; 140 | #endif 141 | 142 | #ifndef JM_XORSTR_DISABLE_AVX_INTRINSICS 143 | ((Indices >= sizeof(_storage) / 32 ? static_cast(0) : _mm256_store_si256( 144 | reinterpret_cast<__m256i*>(_storage) + Indices, 145 | _mm256_xor_si256( 146 | _mm256_load_si256(reinterpret_cast(_storage) + Indices), 147 | _mm256_load_si256(reinterpret_cast(keys) + Indices)))), ...); 148 | 149 | if constexpr(sizeof(_storage) % 32 != 0) 150 | _mm_store_si128( 151 | reinterpret_cast<__m128i*>(_storage + sizeof...(Keys) - 2), 152 | _mm_xor_si128(_mm_load_si128(reinterpret_cast(_storage + sizeof...(Keys) - 2)), 153 | _mm_load_si128(reinterpret_cast(keys + sizeof...(Keys) - 2)))); 154 | #else 155 | ((Indices >= sizeof(_storage) / 16 ? static_cast(0) : _mm_store_si128( 156 | reinterpret_cast<__m128i*>(_storage) + Indices, 157 | _mm_xor_si128(_mm_load_si128(reinterpret_cast(_storage) + Indices), 158 | _mm_load_si128(reinterpret_cast(keys) + Indices)))), ...); 159 | #endif 160 | } 161 | 162 | XORSTR_FORCEINLINE const_pointer get() const noexcept 163 | { 164 | return reinterpret_cast(_storage); 165 | } 166 | 167 | XORSTR_FORCEINLINE pointer get() noexcept 168 | { 169 | return reinterpret_cast(_storage); 170 | } 171 | 172 | XORSTR_FORCEINLINE pointer crypt_get() noexcept 173 | { 174 | // crypt() function inlined by hand, because MSVC linker chokes when you have a lot of strings 175 | // on 32 bit builds, so don't blame me for shit code :pepekms: 176 | #if defined(__clang__) 177 | alignas(alignment) 178 | std::uint64_t arr[]{ JM_XORSTR_LOAD_FROM_REG(Keys)... }; 179 | std::uint64_t* keys = 180 | (std::uint64_t*)JM_XORSTR_LOAD_FROM_REG((std::uint64_t)arr); 181 | #else 182 | alignas(alignment) std::uint64_t keys[]{ JM_XORSTR_LOAD_FROM_REG(Keys)... }; 183 | #endif 184 | 185 | #ifndef JM_XORSTR_DISABLE_AVX_INTRINSICS 186 | ((Indices >= sizeof(_storage) / 32 ? static_cast(0) : _mm256_store_si256( 187 | reinterpret_cast<__m256i*>(_storage) + Indices, 188 | _mm256_xor_si256( 189 | _mm256_load_si256(reinterpret_cast(_storage) + Indices), 190 | _mm256_load_si256(reinterpret_cast(keys) + Indices)))), ...); 191 | 192 | if constexpr(sizeof(_storage) % 32 != 0) 193 | _mm_store_si128( 194 | reinterpret_cast<__m128i*>(_storage + sizeof...(Keys) - 2), 195 | _mm_xor_si128(_mm_load_si128(reinterpret_cast(_storage + sizeof...(Keys) - 2)), 196 | _mm_load_si128(reinterpret_cast(keys + sizeof...(Keys) - 2)))); 197 | #else 198 | ((Indices >= sizeof(_storage) / 16 ? static_cast(0) : _mm_store_si128( 199 | reinterpret_cast<__m128i*>(_storage) + Indices, 200 | _mm_xor_si128(_mm_load_si128(reinterpret_cast(_storage) + Indices), 201 | _mm_load_si128(reinterpret_cast(keys) + Indices)))), ...); 202 | #endif 203 | return (pointer)(_storage); 204 | } 205 | }; 206 | 207 | template 208 | xor_string(L l, std::integral_constant, std::index_sequence) -> xor_string< 209 | std::remove_const_t>, 210 | Size, 211 | std::integer_sequence()...>, 212 | std::index_sequence>; 213 | 214 | } // namespace jm 215 | 216 | #endif // include guard 217 | -------------------------------------------------------------------------------- /payload/payload.vcxproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | Debug 14 | x64 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | 22 | 16.0 23 | Win32Proj 24 | {06a9cd95-127d-46dc-9a5e-e7966716d356} 25 | payload 26 | 10.0 27 | 28 | 29 | 30 | StaticLibrary 31 | true 32 | v142 33 | Unicode 34 | 35 | 36 | StaticLibrary 37 | false 38 | v142 39 | true 40 | Unicode 41 | 42 | 43 | StaticLibrary 44 | true 45 | v142 46 | Unicode 47 | 48 | 49 | StaticLibrary 50 | false 51 | v142 52 | true 53 | Unicode 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | true 75 | $(SolutionDir)bin\ 76 | \bin\intermediate 77 | $(projectname)_$(configuration)_$(platform) 78 | 79 | 80 | false 81 | $(SolutionDir)bin\ 82 | \bin\intermediate 83 | $(projectname)_$(configuration)_$(platform) 84 | 85 | 86 | true 87 | $(SolutionDir)bin\ 88 | \bin\intermediate 89 | $(projectname)_$(configuration)_$(platform) 90 | 91 | 92 | false 93 | $(SolutionDir)bin\ 94 | \bin\intermediate 95 | $(projectname)_$(configuration)_$(platform) 96 | 97 | 98 | 99 | Level3 100 | false 101 | LAZY_IMPORTER_HARDENED_MODULE_CHECKS;WIN32;_DEBUG;_LIB;%(PreprocessorDefinitions) 102 | true 103 | NotUsing 104 | pch.h 105 | MultiThreadedDebug 106 | stdcpp17 107 | false 108 | Default 109 | false 110 | false 111 | MinSpace 112 | 113 | 114 | 115 | 116 | true 117 | 118 | 119 | 120 | 121 | Level3 122 | true 123 | true 124 | false 125 | LAZY_IMPORTER_HARDENED_MODULE_CHECKS;WIN32;NDEBUG;_LIB;%(PreprocessorDefinitions) 126 | true 127 | NotUsing 128 | pch.h 129 | MultiThreaded 130 | MinSpace 131 | stdcpp17 132 | false 133 | false 134 | 135 | 136 | 137 | 138 | true 139 | true 140 | true 141 | 142 | 143 | 144 | 145 | Level3 146 | false 147 | _DEBUG;_LIB;%(PreprocessorDefinitions) 148 | true 149 | NotUsing 150 | pch.h 151 | MultiThreadedDebug 152 | stdcpp17 153 | false 154 | Default 155 | false 156 | false 157 | Disabled 158 | 159 | 160 | 161 | 162 | true 163 | 164 | 165 | 166 | 167 | Level3 168 | true 169 | true 170 | false 171 | NDEBUG;_LIB;%(PreprocessorDefinitions) 172 | true 173 | NotUsing 174 | pch.h 175 | MultiThreaded 176 | MinSpace 177 | stdcpp17 178 | false 179 | false 180 | 181 | 182 | 183 | 184 | true 185 | true 186 | true 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | -------------------------------------------------------------------------------- /obj-shellcode/include/rang.hpp: -------------------------------------------------------------------------------- 1 | #ifndef RANG_DOT_HPP 2 | #define RANG_DOT_HPP 3 | 4 | #if defined(__unix__) || defined(__unix) || defined(__linux__) 5 | #define OS_LINUX 6 | #elif defined(WIN32) || defined(_WIN32) || defined(_WIN64) 7 | #define OS_WIN 8 | #elif defined(__APPLE__) || defined(__MACH__) 9 | #define OS_MAC 10 | #else 11 | #error Unknown Platform 12 | #endif 13 | 14 | #if defined(OS_LINUX) || defined(OS_MAC) 15 | #include 16 | 17 | #elif defined(OS_WIN) 18 | 19 | #if defined(_WIN32_WINNT) && (_WIN32_WINNT < 0x0600) 20 | #error \ 21 | "Please include rang.hpp before any windows system headers or set _WIN32_WINNT at least to _WIN32_WINNT_VISTA" 22 | #elif !defined(_WIN32_WINNT) 23 | #define _WIN32_WINNT _WIN32_WINNT_VISTA 24 | #endif 25 | 26 | #include 27 | #include 28 | #include 29 | 30 | // Only defined in windows 10 onwards, redefining in lower windows since it 31 | // doesn't gets used in lower versions 32 | // https://docs.microsoft.com/en-us/windows/console/getconsolemode 33 | #ifndef ENABLE_VIRTUAL_TERMINAL_PROCESSING 34 | #define ENABLE_VIRTUAL_TERMINAL_PROCESSING 0x0004 35 | #endif 36 | 37 | #endif 38 | 39 | #include 40 | #include 41 | #include 42 | #include 43 | #include 44 | 45 | namespace rang { 46 | 47 | /* For better compability with most of terminals do not use any style settings 48 | * except of reset, bold and reversed. 49 | * Note that on Windows terminals bold style is same as fgB color. 50 | */ 51 | enum class style { 52 | reset = 0, 53 | bold = 1, 54 | dim = 2, 55 | italic = 3, 56 | underline = 4, 57 | blink = 5, 58 | rblink = 6, 59 | reversed = 7, 60 | conceal = 8, 61 | crossed = 9 62 | }; 63 | 64 | enum class fg { 65 | black = 30, 66 | red = 31, 67 | green = 32, 68 | yellow = 33, 69 | blue = 34, 70 | magenta = 35, 71 | cyan = 36, 72 | gray = 37, 73 | reset = 39 74 | }; 75 | 76 | enum class bg { 77 | black = 40, 78 | red = 41, 79 | green = 42, 80 | yellow = 43, 81 | blue = 44, 82 | magenta = 45, 83 | cyan = 46, 84 | gray = 47, 85 | reset = 49 86 | }; 87 | 88 | enum class fgB { 89 | black = 90, 90 | red = 91, 91 | green = 92, 92 | yellow = 93, 93 | blue = 94, 94 | magenta = 95, 95 | cyan = 96, 96 | gray = 97 97 | }; 98 | 99 | enum class bgB { 100 | black = 100, 101 | red = 101, 102 | green = 102, 103 | yellow = 103, 104 | blue = 104, 105 | magenta = 105, 106 | cyan = 106, 107 | gray = 107 108 | }; 109 | 110 | enum class control { // Behaviour of rang function calls 111 | Off = 0, // toggle off rang style/color calls 112 | Auto = 1, // (Default) autodect terminal and colorize if needed 113 | Force = 2 // force ansi color output to non terminal streams 114 | }; 115 | // Use rang::setControlMode to set rang control mode 116 | 117 | enum class winTerm { // Windows Terminal Mode 118 | Auto = 0, // (Default) automatically detects wheter Ansi or Native API 119 | Ansi = 1, // Force use Ansi API 120 | Native = 2 // Force use Native API 121 | }; 122 | // Use rang::setWinTermMode to explicitly set terminal API for Windows 123 | // Calling rang::setWinTermMode have no effect on other OS 124 | 125 | namespace rang_implementation { 126 | 127 | inline std::atomic &controlMode() noexcept 128 | { 129 | static std::atomic value(control::Auto); 130 | return value; 131 | } 132 | 133 | inline std::atomic &winTermMode() noexcept 134 | { 135 | static std::atomic termMode(winTerm::Auto); 136 | return termMode; 137 | } 138 | 139 | inline bool supportsColor() noexcept 140 | { 141 | #if defined(OS_LINUX) || defined(OS_MAC) 142 | 143 | static const bool result = [] { 144 | const char *Terms[] 145 | = { "ansi", "color", "console", "cygwin", "gnome", 146 | "konsole", "kterm", "linux", "msys", "putty", 147 | "rxvt", "screen", "vt100", "xterm" }; 148 | 149 | const char *env_p = std::getenv("TERM"); 150 | if (env_p == nullptr) { 151 | return false; 152 | } 153 | return std::any_of(std::begin(Terms), std::end(Terms), 154 | [&](const char *term) { 155 | return std::strstr(env_p, term) != nullptr; 156 | }); 157 | }(); 158 | 159 | #elif defined(OS_WIN) 160 | // All windows versions support colors through native console methods 161 | static constexpr bool result = true; 162 | #endif 163 | return result; 164 | } 165 | 166 | #ifdef OS_WIN 167 | 168 | 169 | inline bool isMsysPty(int fd) noexcept 170 | { 171 | // Dynamic load for binary compability with old Windows 172 | const auto ptrGetFileInformationByHandleEx 173 | = reinterpret_cast( 174 | GetProcAddress(GetModuleHandle(TEXT("kernel32.dll")), 175 | "GetFileInformationByHandleEx")); 176 | if (!ptrGetFileInformationByHandleEx) { 177 | return false; 178 | } 179 | 180 | HANDLE h = reinterpret_cast(_get_osfhandle(fd)); 181 | if (h == INVALID_HANDLE_VALUE) { 182 | return false; 183 | } 184 | 185 | // Check that it's a pipe: 186 | if (GetFileType(h) != FILE_TYPE_PIPE) { 187 | return false; 188 | } 189 | 190 | // POD type is binary compatible with FILE_NAME_INFO from WinBase.h 191 | // It have the same alignment and used to avoid UB in caller code 192 | struct MY_FILE_NAME_INFO { 193 | DWORD FileNameLength; 194 | WCHAR FileName[MAX_PATH]; 195 | }; 196 | 197 | auto pNameInfo = std::unique_ptr( 198 | new (std::nothrow) MY_FILE_NAME_INFO()); 199 | if (!pNameInfo) { 200 | return false; 201 | } 202 | 203 | // Check pipe name is template of 204 | // {"cygwin-","msys-"}XXXXXXXXXXXXXXX-ptyX-XX 205 | if (!ptrGetFileInformationByHandleEx(h, FileNameInfo, pNameInfo.get(), 206 | sizeof(MY_FILE_NAME_INFO))) { 207 | return false; 208 | } 209 | std::wstring name(pNameInfo->FileName, pNameInfo->FileNameLength / sizeof(WCHAR)); 210 | if ((name.find(L"msys-") == std::wstring::npos 211 | && name.find(L"cygwin-") == std::wstring::npos) 212 | || name.find(L"-pty") == std::wstring::npos) { 213 | return false; 214 | } 215 | 216 | return true; 217 | } 218 | 219 | #endif 220 | 221 | inline bool isTerminal(const std::streambuf *osbuf) noexcept 222 | { 223 | using std::cerr; 224 | using std::clog; 225 | using std::cout; 226 | #if defined(OS_LINUX) || defined(OS_MAC) 227 | if (osbuf == cout.rdbuf()) { 228 | static const bool cout_term = isatty(fileno(stdout)) != 0; 229 | return cout_term; 230 | } else if (osbuf == cerr.rdbuf() || osbuf == clog.rdbuf()) { 231 | static const bool cerr_term = isatty(fileno(stderr)) != 0; 232 | return cerr_term; 233 | } 234 | #elif defined(OS_WIN) 235 | if (osbuf == cout.rdbuf()) { 236 | static const bool cout_term 237 | = (_isatty(_fileno(stdout)) || isMsysPty(_fileno(stdout))); 238 | return cout_term; 239 | } else if (osbuf == cerr.rdbuf() || osbuf == clog.rdbuf()) { 240 | static const bool cerr_term 241 | = (_isatty(_fileno(stderr)) || isMsysPty(_fileno(stderr))); 242 | return cerr_term; 243 | } 244 | #endif 245 | return false; 246 | } 247 | 248 | template 249 | using enableStd = typename std::enable_if< 250 | std::is_same::value || std::is_same::value 251 | || std::is_same::value || std::is_same::value 252 | || std::is_same::value, 253 | std::ostream &>::type; 254 | 255 | 256 | #ifdef OS_WIN 257 | 258 | struct SGR { // Select Graphic Rendition parameters for Windows console 259 | BYTE fgColor; // foreground color (0-15) lower 3 rgb bits + intense bit 260 | BYTE bgColor; // background color (0-15) lower 3 rgb bits + intense bit 261 | BYTE bold; // emulated as FOREGROUND_INTENSITY bit 262 | BYTE underline; // emulated as BACKGROUND_INTENSITY bit 263 | BOOLEAN inverse; // swap foreground/bold & background/underline 264 | BOOLEAN conceal; // set foreground/bold to background/underline 265 | }; 266 | 267 | enum class AttrColor : BYTE { // Color attributes for console screen buffer 268 | black = 0, 269 | red = 4, 270 | green = 2, 271 | yellow = 6, 272 | blue = 1, 273 | magenta = 5, 274 | cyan = 3, 275 | gray = 7 276 | }; 277 | 278 | inline HANDLE getConsoleHandle(const std::streambuf *osbuf) noexcept 279 | { 280 | if (osbuf == std::cout.rdbuf()) { 281 | static const HANDLE hStdout = GetStdHandle(STD_OUTPUT_HANDLE); 282 | return hStdout; 283 | } else if (osbuf == std::cerr.rdbuf() || osbuf == std::clog.rdbuf()) { 284 | static const HANDLE hStderr = GetStdHandle(STD_ERROR_HANDLE); 285 | return hStderr; 286 | } 287 | return INVALID_HANDLE_VALUE; 288 | } 289 | 290 | inline bool setWinTermAnsiColors(const std::streambuf *osbuf) noexcept 291 | { 292 | HANDLE h = getConsoleHandle(osbuf); 293 | if (h == INVALID_HANDLE_VALUE) { 294 | return false; 295 | } 296 | DWORD dwMode = 0; 297 | if (!GetConsoleMode(h, &dwMode)) { 298 | return false; 299 | } 300 | dwMode |= ENABLE_VIRTUAL_TERMINAL_PROCESSING; 301 | if (!SetConsoleMode(h, dwMode)) { 302 | return false; 303 | } 304 | return true; 305 | } 306 | 307 | inline bool supportsAnsi(const std::streambuf *osbuf) noexcept 308 | { 309 | using std::cerr; 310 | using std::clog; 311 | using std::cout; 312 | if (osbuf == cout.rdbuf()) { 313 | static const bool cout_ansi 314 | = (isMsysPty(_fileno(stdout)) || setWinTermAnsiColors(osbuf)); 315 | return cout_ansi; 316 | } else if (osbuf == cerr.rdbuf() || osbuf == clog.rdbuf()) { 317 | static const bool cerr_ansi 318 | = (isMsysPty(_fileno(stderr)) || setWinTermAnsiColors(osbuf)); 319 | return cerr_ansi; 320 | } 321 | return false; 322 | } 323 | 324 | inline const SGR &defaultState() noexcept 325 | { 326 | static const SGR defaultSgr = []() -> SGR { 327 | CONSOLE_SCREEN_BUFFER_INFO info; 328 | WORD attrib = FOREGROUND_RED | FOREGROUND_GREEN | FOREGROUND_BLUE; 329 | if (GetConsoleScreenBufferInfo(GetStdHandle(STD_OUTPUT_HANDLE), 330 | &info) 331 | || GetConsoleScreenBufferInfo(GetStdHandle(STD_ERROR_HANDLE), 332 | &info)) { 333 | attrib = info.wAttributes; 334 | } 335 | SGR sgr = { 0, 0, 0, 0, FALSE, FALSE }; 336 | sgr.fgColor = attrib & 0x0F; 337 | sgr.bgColor = (attrib & 0xF0) >> 4; 338 | return sgr; 339 | }(); 340 | return defaultSgr; 341 | } 342 | 343 | inline BYTE ansi2attr(BYTE rgb) noexcept 344 | { 345 | static const AttrColor rev[8] 346 | = { AttrColor::black, AttrColor::red, AttrColor::green, 347 | AttrColor::yellow, AttrColor::blue, AttrColor::magenta, 348 | AttrColor::cyan, AttrColor::gray }; 349 | return static_cast(rev[rgb]); 350 | } 351 | 352 | inline void setWinSGR(rang::bg col, SGR &state) noexcept 353 | { 354 | if (col != rang::bg::reset) { 355 | state.bgColor = ansi2attr(static_cast(col) - 40); 356 | } else { 357 | state.bgColor = defaultState().bgColor; 358 | } 359 | } 360 | 361 | inline void setWinSGR(rang::fg col, SGR &state) noexcept 362 | { 363 | if (col != rang::fg::reset) { 364 | state.fgColor = ansi2attr(static_cast(col) - 30); 365 | } else { 366 | state.fgColor = defaultState().fgColor; 367 | } 368 | } 369 | 370 | inline void setWinSGR(rang::bgB col, SGR &state) noexcept 371 | { 372 | state.bgColor = (BACKGROUND_INTENSITY >> 4) 373 | | ansi2attr(static_cast(col) - 100); 374 | } 375 | 376 | inline void setWinSGR(rang::fgB col, SGR &state) noexcept 377 | { 378 | state.fgColor 379 | = FOREGROUND_INTENSITY | ansi2attr(static_cast(col) - 90); 380 | } 381 | 382 | inline void setWinSGR(rang::style style, SGR &state) noexcept 383 | { 384 | switch (style) { 385 | case rang::style::reset: state = defaultState(); break; 386 | case rang::style::bold: state.bold = FOREGROUND_INTENSITY; break; 387 | case rang::style::underline: 388 | case rang::style::blink: 389 | state.underline = BACKGROUND_INTENSITY; 390 | break; 391 | case rang::style::reversed: state.inverse = TRUE; break; 392 | case rang::style::conceal: state.conceal = TRUE; break; 393 | default: break; 394 | } 395 | } 396 | 397 | inline SGR ¤t_state() noexcept 398 | { 399 | static SGR state = defaultState(); 400 | return state; 401 | } 402 | 403 | inline WORD SGR2Attr(const SGR &state) noexcept 404 | { 405 | WORD attrib = 0; 406 | if (state.conceal) { 407 | if (state.inverse) { 408 | attrib = (state.fgColor << 4) | state.fgColor; 409 | if (state.bold) 410 | attrib |= FOREGROUND_INTENSITY | BACKGROUND_INTENSITY; 411 | } else { 412 | attrib = (state.bgColor << 4) | state.bgColor; 413 | if (state.underline) 414 | attrib |= FOREGROUND_INTENSITY | BACKGROUND_INTENSITY; 415 | } 416 | } else if (state.inverse) { 417 | attrib = (state.fgColor << 4) | state.bgColor; 418 | if (state.bold) attrib |= BACKGROUND_INTENSITY; 419 | if (state.underline) attrib |= FOREGROUND_INTENSITY; 420 | } else { 421 | attrib = state.fgColor | (state.bgColor << 4) | state.bold 422 | | state.underline; 423 | } 424 | return attrib; 425 | } 426 | 427 | template 428 | inline void setWinColorAnsi(std::ostream &os, T const value) 429 | { 430 | os << "\033[" << static_cast(value) << "m"; 431 | } 432 | 433 | template 434 | inline void setWinColorNative(std::ostream &os, T const value) 435 | { 436 | const HANDLE h = getConsoleHandle(os.rdbuf()); 437 | if (h != INVALID_HANDLE_VALUE) { 438 | setWinSGR(value, current_state()); 439 | // Out all buffered text to console with previous settings: 440 | os.flush(); 441 | SetConsoleTextAttribute(h, SGR2Attr(current_state())); 442 | } 443 | } 444 | 445 | template 446 | inline enableStd setColor(std::ostream &os, T const value) 447 | { 448 | if (winTermMode() == winTerm::Auto) { 449 | if (supportsAnsi(os.rdbuf())) { 450 | setWinColorAnsi(os, value); 451 | } else { 452 | setWinColorNative(os, value); 453 | } 454 | } else if (winTermMode() == winTerm::Ansi) { 455 | setWinColorAnsi(os, value); 456 | } else { 457 | setWinColorNative(os, value); 458 | } 459 | return os; 460 | } 461 | #else 462 | template 463 | inline enableStd setColor(std::ostream &os, T const value) 464 | { 465 | return os << "\033[" << static_cast(value) << "m"; 466 | } 467 | #endif 468 | } // namespace rang_implementation 469 | 470 | template 471 | inline rang_implementation::enableStd operator<<(std::ostream &os, 472 | const T value) 473 | { 474 | const control option = rang_implementation::controlMode(); 475 | switch (option) { 476 | case control::Auto: 477 | return rang_implementation::supportsColor() 478 | && rang_implementation::isTerminal(os.rdbuf()) 479 | ? rang_implementation::setColor(os, value) 480 | : os; 481 | case control::Force: return rang_implementation::setColor(os, value); 482 | default: return os; 483 | } 484 | } 485 | 486 | inline void setWinTermMode(const rang::winTerm value) noexcept 487 | { 488 | rang_implementation::winTermMode() = value; 489 | } 490 | 491 | inline void setControlMode(const control value) noexcept 492 | { 493 | rang_implementation::controlMode() = value; 494 | } 495 | 496 | } // namespace rang 497 | 498 | #undef OS_LINUX 499 | #undef OS_WIN 500 | #undef OS_MAC 501 | 502 | #endif /* ifndef RANG_DOT_HPP */ 503 | -------------------------------------------------------------------------------- /obj-shellcode/bin/payload.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | namespace shellcode 4 | { 5 | namespace rva 6 | { 7 | const size_t CaptureWidth = 0x4; 8 | const size_t ShellcodeFunctionEntryPointExample = 0x14; 9 | const size_t CaptureHeight = 0x8; 10 | const size_t Seven00 = 0xc; 11 | const size_t fix = 0xe35; 12 | 13 | } 14 | 15 | unsigned char payload [] = 16 | { 17 | 18 | 0xde,0xc0,0xad,0xde,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x55,0x8b,0xec,0x81,0xec,0x0c,0x02,0x00,0x00,0xa1,0xdf,0x00,0x00,0x00,0x56,0x83,0xc0,0x03,0x50,0xff,0x75,0x08,0x68,0xe3,0x00,0x00,0x00,0xe8,0xe4,0x00,0x00,0x00,0x8d,0x85,0xf4,0xfd,0xff,0xff,0x68,0x00,0x02,0x00,0x00,0x50,0xe8,0x13,0x05,0x00,0x00,0x83,0xc4,0x14,0x8d,0x45,0x08,0x8d,0x4d,0xff,0x68,0x6e, 19 | 0x05,0x00,0x00,0x50,0x68,0x91,0x05,0x00,0x00,0x8d,0x85,0xf4,0xfd,0xff,0xff,0x50,0xe8,0x6f,0x05,0x00,0x00,0x83,0x65,0xf4,0x00,0x8d,0x45,0xf8,0x50,0x68,0xc9,0x06,0x00,0x00,0x8d,0x85,0xf4,0xfd,0xff,0xff,0xc7,0x45,0xf8,0x00,0x00,0x04,0x00,0x50,0x8d,0x45,0xf4,0x50,0x8d,0x4d,0xff,0xe8,0x58,0x06,0x00,0x00,0x68,0xea,0x07,0x00,0x00,0x68,0xee,0x07,0x00,0x00,0x8d,0x4d,0xff,0xe8,0x63,0x07,0x00,0x00,0x68,0xe2, 20 | 0x07,0x00,0x00,0xbe,0xf7,0x08,0x00,0x00,0x8d,0x4d,0xff,0x56,0xe8,0x59,0x08,0x00,0x00,0x68,0xe6,0x07,0x00,0x00,0x56,0x8d,0x4d,0xff,0xe8,0x1d,0x09,0x00,0x00,0xe8,0xea,0x09,0x00,0x00,0x6a,0x03,0x5e,0xe8,0x48,0x0b,0x00,0x00,0x83,0xee,0x01,0x75,0xf6,0x68,0x22,0x0d,0x00,0x00,0x8d,0x4d,0xff,0xe8,0x54,0x0c,0x00,0x00,0x33,0xc0,0x5e,0xc9,0xc3,0x69,0x00,0x00,0x00,0x5b,0x20,0x70,0x61,0x79,0x6c,0x6f,0x61,0x64, 21 | 0x20,0x5d,0x54,0x68,0x72,0x65,0x61,0x64,0x20,0x6c,0x70,0x50,0x61,0x72,0x61,0x6d,0x65,0x74,0x65,0x72,0x20,0x25,0x64,0x09,0x20,0x2d,0x2d,0x6c,0x69,0x6e,0x65,0x3a,0x20,0x25,0x30,0x35,0x64,0x20,0x0a,0x00,0x55,0x8b,0xec,0x81,0xec,0x0c,0x02,0x00,0x00,0x83,0x65,0xf4,0x00,0x8d,0x45,0xf8,0x50,0x8d,0x45,0xf4,0xc7,0x45,0xf8,0x00,0x02,0x00,0x00,0x50,0x8d,0x85,0xf4,0xfd,0xff,0xff,0x50,0x8d,0x4d,0xff,0xe8,0x2c, 22 | 0x00,0x00,0x00,0x8d,0x45,0x10,0x50,0x8d,0x45,0x0c,0x50,0x8d,0x45,0x08,0x50,0x8d,0x85,0xf4,0xfd,0xff,0xff,0x50,0x8d,0x4d,0xff,0xe8,0x2f,0x02,0x00,0x00,0x8d,0x85,0xf4,0xfd,0xff,0xff,0x50,0x8d,0x4d,0xff,0xe8,0x27,0x03,0x00,0x00,0xc9,0xc3,0x55,0x8b,0xec,0x56,0x57,0xe8,0x2f,0x00,0x00,0x00,0xff,0x75,0x10,0x8b,0xf8,0xe8,0xf2,0x01,0x00,0x00,0xff,0x75,0x0c,0x8b,0x30,0xe8,0xf0,0x01,0x00,0x00,0x59,0x59,0x56, 23 | 0x8b,0x08,0x51,0xff,0x75,0x08,0xe8,0xea,0x01,0x00,0x00,0x59,0x50,0xff,0xd7,0x83,0xc4,0x0c,0x5f,0x5e,0x5d,0xc2,0x0c,0x00,0x55,0x8b,0xec,0x83,0xec,0x10,0x8d,0x4d,0xfc,0xe8,0x9a,0x00,0x00,0x00,0x53,0x56,0x57,0x8b,0x45,0xfc,0x83,0x78,0x18,0x00,0x74,0x6c,0x66,0x83,0x78,0x24,0x00,0x74,0x65,0xff,0x70,0x18,0x8d,0x4d,0xf0,0xe8,0xa3,0x00,0x00,0x00,0x8d,0x4d,0xf0,0xe8,0xd4,0x00,0x00,0x00,0x84,0xc0,0x74,0x4e, 24 | 0x8d,0x4d,0xf0,0xe8,0xd1,0x00,0x00,0x00,0x8b,0xf0,0x85,0xf6,0x74,0x40,0x68,0x0c,0x6c,0x71,0x17,0x68,0x8b,0x78,0xf9,0x90,0xe8,0xc3,0x00,0x00,0x00,0x68,0x0c,0x6c,0x71,0x17,0x68,0x8b,0x78,0xf9,0x90,0x8b,0xf8,0xe8,0xba,0x00,0x00,0x00,0x83,0xc4,0x10,0x8b,0xd8,0x57,0x4e,0x8d,0x4d,0xf0,0x56,0xe8,0xb2,0x00,0x00,0x00,0x50,0xe8,0xc6,0x00,0x00,0x00,0x59,0x59,0x3b,0xc3,0x74,0x1b,0x85,0xf6,0x75,0xe5,0x8d,0x4d, 25 | 0xfc,0xe8,0x06,0x01,0x00,0x00,0x84,0xc0,0x0f,0x85,0x7b,0xff,0xff,0xff,0x33,0xc0,0x5f,0x5e,0x5b,0xc9,0xc3,0x56,0x8d,0x4d,0xf0,0xe8,0x01,0x01,0x00,0x00,0xeb,0xf0,0x56,0x8b,0xf1,0xe8,0x06,0x00,0x00,0x00,0x89,0x06,0x8b,0xc6,0x5e,0xc3,0xe8,0x04,0x00,0x00,0x00,0x8b,0x40,0x0c,0xc3,0xe8,0x04,0x00,0x00,0x00,0x8b,0x40,0x0c,0xc3,0x64,0xa1,0x30,0x00,0x00,0x00,0xc3,0x55,0x8b,0xec,0x53,0x56,0x8b,0xd9,0x57,0x8b, 26 | 0x7d,0x08,0x57,0x89,0x3b,0xe8,0x19,0x00,0x00,0x00,0x59,0x8b,0x50,0x78,0x8b,0x70,0x7c,0x89,0x73,0x08,0x8d,0x04,0x3a,0x5f,0x89,0x43,0x04,0x8b,0xc3,0x5e,0x5b,0x5d,0xc2,0x04,0x00,0x55,0x8b,0xec,0x8b,0x4d,0x08,0x8b,0x41,0x3c,0x03,0xc1,0x5d,0xc3,0x8b,0x41,0x04,0x3b,0x01,0x0f,0x95,0xc0,0xc3,0x8b,0x41,0x04,0x8b,0x40,0x18,0xc3,0x55,0x8b,0xec,0x8b,0x45,0x0c,0x5d,0xc3,0x55,0x8b,0xec,0x8b,0x45,0x08,0x5d,0xc3, 27 | 0x55,0x8b,0xec,0x8b,0x41,0x04,0x8b,0x11,0x8b,0x48,0x20,0x8b,0x45,0x08,0x8d,0x04,0x81,0x8b,0x04,0x10,0x03,0xc2,0x5d,0xc2,0x04,0x00,0x55,0x8b,0xec,0x8b,0x55,0x0c,0x56,0x8b,0x75,0x08,0x8a,0x06,0x46,0x88,0x45,0x0c,0x84,0xc0,0x74,0x17,0xff,0x75,0x0c,0x52,0xe8,0x13,0x00,0x00,0x00,0x59,0x59,0x8a,0x0e,0x8b,0xd0,0x46,0x88,0x4d,0x0c,0x84,0xc9,0x75,0xe9,0x8b,0xc2,0x5e,0x5d,0xc3,0x55,0x8b,0xec,0x8a,0x4d,0x0c, 28 | 0x0f,0xbe,0xd1,0x80,0xe9,0x41,0x8b,0xc2,0x83,0xc8,0x20,0x80,0xf9,0x19,0x0f,0x47,0xc2,0x33,0x45,0x08,0x69,0xc0,0x93,0x01,0x00,0x01,0x5d,0xc3,0x56,0x8b,0xf1,0x8b,0x0e,0xe8,0x06,0x00,0x00,0x00,0x89,0x06,0xb0,0x01,0x5e,0xc3,0x8b,0x01,0xc3,0x55,0x8b,0xec,0x8b,0x51,0x04,0x8b,0x45,0x08,0x56,0x8b,0x31,0x8b,0x4a,0x24,0x8d,0x04,0x41,0x0f,0xb7,0x0c,0x30,0x8b,0x42,0x1c,0x8d,0x04,0x88,0x8b,0x04,0x30,0x03,0xc6, 29 | 0x5e,0x5d,0xc2,0x04,0x00,0x55,0x8b,0xec,0x8b,0x45,0x08,0x5d,0xc3,0x55,0x8b,0xec,0x8b,0x45,0x08,0x5d,0xc3,0x55,0x8b,0xec,0x8b,0x45,0x08,0x5d,0xc3,0x55,0x8b,0xec,0x53,0x56,0x57,0xe8,0x3c,0x00,0x00,0x00,0xff,0x75,0x14,0x8b,0xd8,0xe8,0xda,0x00,0x00,0x00,0xff,0x75,0x10,0x8b,0x38,0xe8,0xd8,0x00,0x00,0x00,0xff,0x75,0x0c,0x8b,0x30,0xe8,0xd6,0x00,0x00,0x00,0x83,0xc4,0x0c,0x8b,0x00,0x57,0x56,0x50,0xff,0x75, 30 | 0x08,0xe8,0xbf,0xff,0xff,0xff,0x59,0x50,0xff,0xd3,0x83,0xc4,0x10,0x5f,0x5e,0x5b,0x5d,0xc2,0x10,0x00,0x55,0x8b,0xec,0x83,0xec,0x10,0x8d,0x4d,0xfc,0xe8,0x6e,0xfe,0xff,0xff,0x53,0x56,0x57,0x8b,0x45,0xfc,0x83,0x78,0x18,0x00,0x74,0x6c,0x66,0x83,0x78,0x24,0x00,0x74,0x65,0xff,0x70,0x18,0x8d,0x4d,0xf0,0xe8,0x77,0xfe,0xff,0xff,0x8d,0x4d,0xf0,0xe8,0xa8,0xfe,0xff,0xff,0x84,0xc0,0x74,0x4e,0x8d,0x4d,0xf0,0xe8, 31 | 0xa5,0xfe,0xff,0xff,0x8b,0xf0,0x85,0xf6,0x74,0x40,0x68,0x02,0x7c,0x74,0x9c,0x68,0x8c,0x84,0xb8,0xa0,0xe8,0x97,0xfe,0xff,0xff,0x68,0x02,0x7c,0x74,0x9c,0x68,0x8c,0x84,0xb8,0xa0,0x8b,0xf8,0xe8,0x8e,0xfe,0xff,0xff,0x83,0xc4,0x10,0x8b,0xd8,0x57,0x4e,0x8d,0x4d,0xf0,0x56,0xe8,0x86,0xfe,0xff,0xff,0x50,0xe8,0x9a,0xfe,0xff,0xff,0x59,0x59,0x3b,0xc3,0x74,0x1b,0x85,0xf6,0x75,0xe5,0x8d,0x4d,0xfc,0xe8,0xda,0xfe, 32 | 0xff,0xff,0x84,0xc0,0x0f,0x85,0x7b,0xff,0xff,0xff,0x33,0xc0,0x5f,0x5e,0x5b,0xc9,0xc3,0x56,0x8d,0x4d,0xf0,0xe8,0xd5,0xfe,0xff,0xff,0xeb,0xf0,0x55,0x8b,0xec,0x8b,0x45,0x08,0x5d,0xc3,0x55,0x8b,0xec,0x8b,0x45,0x08,0x5d,0xc3,0x55,0x8b,0xec,0x8b,0x45,0x08,0x5d,0xc3,0x55,0x8b,0xec,0x56,0xe8,0x13,0x00,0x00,0x00,0xff,0x75,0x08,0x8b,0xf0,0xe8,0xde,0xfe,0xff,0xff,0x59,0x50,0xff,0xd6,0x5e,0x5d,0xc2,0x04,0x00, 33 | 0x55,0x8b,0xec,0x83,0xec,0x10,0x8d,0x4d,0xfc,0xe8,0x92,0xfd,0xff,0xff,0x53,0x56,0x57,0x8b,0x45,0xfc,0x83,0x78,0x18,0x00,0x74,0x6c,0x66,0x83,0x78,0x24,0x00,0x74,0x65,0xff,0x70,0x18,0x8d,0x4d,0xf0,0xe8,0x9b,0xfd,0xff,0xff,0x8d,0x4d,0xf0,0xe8,0xcc,0xfd,0xff,0xff,0x84,0xc0,0x74,0x4e,0x8d,0x4d,0xf0,0xe8,0xc9,0xfd,0xff,0xff,0x8b,0xf0,0x85,0xf6,0x74,0x40,0x68,0xcd,0x10,0x79,0xab,0x68,0x5d,0x4a,0xce,0x93, 34 | 0xe8,0xbb,0xfd,0xff,0xff,0x68,0xcd,0x10,0x79,0xab,0x68,0x5d,0x4a,0xce,0x93,0x8b,0xf8,0xe8,0xb2,0xfd,0xff,0xff,0x83,0xc4,0x10,0x8b,0xd8,0x57,0x4e,0x8d,0x4d,0xf0,0x56,0xe8,0xaa,0xfd,0xff,0xff,0x50,0xe8,0xbe,0xfd,0xff,0xff,0x59,0x59,0x3b,0xc3,0x74,0x1b,0x85,0xf6,0x75,0xe5,0x8d,0x4d,0xfc,0xe8,0xfe,0xfd,0xff,0xff,0x84,0xc0,0x0f,0x85,0x7b,0xff,0xff,0xff,0x33,0xc0,0x5f,0x5e,0x5b,0xc9,0xc3,0x56,0x8d,0x4d, 35 | 0xf0,0xe8,0xf9,0xfd,0xff,0xff,0xeb,0xf0,0x55,0x8b,0xec,0x8b,0x55,0x0c,0x8b,0x45,0x08,0x8b,0xc8,0x85,0xd2,0x74,0x09,0xc6,0x01,0x00,0x41,0x83,0xea,0x01,0x75,0xf7,0x5d,0xc3,0x53,0x68,0x65,0x6c,0x6c,0x63,0x6f,0x64,0x65,0x46,0x75,0x6e,0x63,0x74,0x69,0x6f,0x6e,0x45,0x6e,0x74,0x72,0x79,0x50,0x6f,0x69,0x6e,0x74,0x45,0x78,0x61,0x6d,0x70,0x6c,0x65,0x00,0x48,0x65,0x6c,0x6c,0x6f,0x20,0x54,0x68,0x65,0x20,0x74, 36 | 0x68,0x72,0x65,0x61,0x64,0x20,0x70,0x61,0x72,0x61,0x6d,0x65,0x74,0x65,0x72,0x20,0x69,0x73,0x20,0x30,0x78,0x25,0x70,0x20,0x61,0x6e,0x64,0x20,0x54,0x68,0x65,0x20,0x66,0x75,0x6e,0x63,0x74,0x69,0x6f,0x6e,0x20,0x6e,0x61,0x6d,0x65,0x20,0x69,0x73,0x20,0x25,0x73,0x00,0x55,0x8b,0xec,0x56,0x57,0xe8,0x37,0x00,0x00,0x00,0xff,0x75,0x10,0x8b,0xf8,0xe8,0x9c,0xfe,0xff,0xff,0xff,0x75,0x14,0x8b,0x30,0xe8,0xcb,0x00, 37 | 0x00,0x00,0x59,0x59,0x50,0x56,0xff,0x75,0x0c,0xe8,0xc7,0x00,0x00,0x00,0x59,0x50,0xff,0x75,0x08,0xe8,0x7d,0xfd,0xff,0xff,0x59,0x50,0xff,0xd7,0x83,0xc4,0x10,0x5f,0x5e,0x5d,0xc2,0x10,0x00,0x55,0x8b,0xec,0x83,0xec,0x10,0x8d,0x4d,0xfc,0xe8,0x2d,0xfc,0xff,0xff,0x53,0x56,0x57,0x8b,0x45,0xfc,0x83,0x78,0x18,0x00,0x74,0x6c,0x66,0x83,0x78,0x24,0x00,0x74,0x65,0xff,0x70,0x18,0x8d,0x4d,0xf0,0xe8,0x36,0xfc,0xff, 38 | 0xff,0x8d,0x4d,0xf0,0xe8,0x67,0xfc,0xff,0xff,0x84,0xc0,0x74,0x4e,0x8d,0x4d,0xf0,0xe8,0x64,0xfc,0xff,0xff,0x8b,0xf0,0x85,0xf6,0x74,0x40,0x68,0x43,0x27,0x40,0x20,0x68,0x03,0x88,0x46,0x00,0xe8,0x56,0xfc,0xff,0xff,0x68,0x43,0x27,0x40,0x20,0x68,0x03,0x88,0x46,0x00,0x8b,0xf8,0xe8,0x4d,0xfc,0xff,0xff,0x83,0xc4,0x10,0x8b,0xd8,0x57,0x4e,0x8d,0x4d,0xf0,0x56,0xe8,0x45,0xfc,0xff,0xff,0x50,0xe8,0x59,0xfc,0xff, 39 | 0xff,0x59,0x59,0x3b,0xc3,0x74,0x1b,0x85,0xf6,0x75,0xe5,0x8d,0x4d,0xfc,0xe8,0x99,0xfc,0xff,0xff,0x84,0xc0,0x0f,0x85,0x7b,0xff,0xff,0xff,0x33,0xc0,0x5f,0x5e,0x5b,0xc9,0xc3,0x56,0x8d,0x4d,0xf0,0xe8,0x94,0xfc,0xff,0xff,0xeb,0xf0,0x55,0x8b,0xec,0x8b,0x45,0x08,0x5d,0xc3,0x55,0x8b,0xec,0x8b,0x45,0x08,0x5d,0xc3,0x44,0x69,0x73,0x70,0x6c,0x61,0x79,0x20,0x66,0x72,0x6f,0x6d,0x20,0x73,0x68,0x65,0x6c,0x6c,0x63, 40 | 0x6f,0x64,0x65,0x00,0x55,0x8b,0xec,0x53,0x56,0x57,0xe8,0x37,0x00,0x00,0x00,0xff,0x75,0x14,0x8b,0xd8,0xe8,0xd5,0x00,0x00,0x00,0xff,0x75,0x08,0x8b,0x30,0xe8,0xd3,0x00,0x00,0x00,0x59,0x59,0x56,0xff,0x75,0x10,0x8b,0x38,0xe8,0xce,0x00,0x00,0x00,0x59,0x50,0xff,0x75,0x0c,0xe8,0x6b,0xfc,0xff,0xff,0x59,0x50,0x57,0xff,0xd3,0x5f,0x5e,0x5b,0x5d,0xc2,0x10,0x00,0x55,0x8b,0xec,0x83,0xec,0x10,0x8d,0x4d,0xfc,0xe8, 41 | 0x1c,0xfb,0xff,0xff,0x53,0x56,0x57,0x8b,0x45,0xfc,0x83,0x78,0x18,0x00,0x74,0x6c,0x66,0x83,0x78,0x24,0x00,0x74,0x65,0xff,0x70,0x18,0x8d,0x4d,0xf0,0xe8,0x25,0xfb,0xff,0xff,0x8d,0x4d,0xf0,0xe8,0x56,0xfb,0xff,0xff,0x84,0xc0,0x74,0x4e,0x8d,0x4d,0xf0,0xe8,0x53,0xfb,0xff,0xff,0x8b,0xf0,0x85,0xf6,0x74,0x40,0x68,0x0a,0x0e,0x32,0x7a,0x68,0xed,0xf7,0x56,0x90,0xe8,0x45,0xfb,0xff,0xff,0x68,0x0a,0x0e,0x32,0x7a, 42 | 0x68,0xed,0xf7,0x56,0x90,0x8b,0xf8,0xe8,0x3c,0xfb,0xff,0xff,0x83,0xc4,0x10,0x8b,0xd8,0x57,0x4e,0x8d,0x4d,0xf0,0x56,0xe8,0x34,0xfb,0xff,0xff,0x50,0xe8,0x48,0xfb,0xff,0xff,0x59,0x59,0x3b,0xc3,0x74,0x1b,0x85,0xf6,0x75,0xe5,0x8d,0x4d,0xfc,0xe8,0x88,0xfb,0xff,0xff,0x84,0xc0,0x0f,0x85,0x7b,0xff,0xff,0xff,0x33,0xc0,0x5f,0x5e,0x5b,0xc9,0xc3,0x56,0x8d,0x4d,0xf0,0xe8,0x83,0xfb,0xff,0xff,0xeb,0xf0,0x55,0x8b, 43 | 0xec,0x8b,0x45,0x08,0x5d,0xc3,0x55,0x8b,0xec,0x8b,0x45,0x08,0x5d,0xc3,0x55,0x8b,0xec,0x8b,0x45,0x08,0x5d,0xc3,0xdf,0x08,0x00,0x00,0xea,0x08,0x00,0x00,0x41,0x41,0x41,0x00,0x67,0x6c,0x6f,0x62,0x61,0x6c,0x56,0x61,0x72,0x3a,0x20,0x25,0x64,0x0a,0x00,0x55,0x8b,0xec,0x56,0xe8,0x21,0x00,0x00,0x00,0xff,0x75,0x0c,0x8b,0xf0,0xe8,0xbf,0x00,0x00,0x00,0x59,0x8b,0x08,0x51,0xff,0x75,0x08,0xe8,0xbb,0x00,0x00,0x00, 44 | 0x59,0x50,0xff,0xd6,0x59,0x59,0x5e,0x5d,0xc2,0x08,0x00,0x55,0x8b,0xec,0x83,0xec,0x10,0x8d,0x4d,0xfc,0xe8,0x17,0xfa,0xff,0xff,0x53,0x56,0x57,0x8b,0x45,0xfc,0x83,0x78,0x18,0x00,0x74,0x6c,0x66,0x83,0x78,0x24,0x00,0x74,0x65,0xff,0x70,0x18,0x8d,0x4d,0xf0,0xe8,0x20,0xfa,0xff,0xff,0x8d,0x4d,0xf0,0xe8,0x51,0xfa,0xff,0xff,0x84,0xc0,0x74,0x4e,0x8d,0x4d,0xf0,0xe8,0x4e,0xfa,0xff,0xff,0x8b,0xf0,0x85,0xf6,0x74, 45 | 0x40,0x68,0xf5,0x39,0x37,0xe9,0x68,0xfa,0xb3,0x38,0x0f,0xe8,0x40,0xfa,0xff,0xff,0x68,0xf5,0x39,0x37,0xe9,0x68,0xfa,0xb3,0x38,0x0f,0x8b,0xf8,0xe8,0x37,0xfa,0xff,0xff,0x83,0xc4,0x10,0x8b,0xd8,0x57,0x4e,0x8d,0x4d,0xf0,0x56,0xe8,0x2f,0xfa,0xff,0xff,0x50,0xe8,0x43,0xfa,0xff,0xff,0x59,0x59,0x3b,0xc3,0x74,0x1b,0x85,0xf6,0x75,0xe5,0x8d,0x4d,0xfc,0xe8,0x83,0xfa,0xff,0xff,0x84,0xc0,0x0f,0x85,0x7b,0xff,0xff, 46 | 0xff,0x33,0xc0,0x5f,0x5e,0x5b,0xc9,0xc3,0x56,0x8d,0x4d,0xf0,0xe8,0x7e,0xfa,0xff,0xff,0xeb,0xf0,0x55,0x8b,0xec,0x8b,0x45,0x08,0x5d,0xc3,0x55,0x8b,0xec,0x8b,0x45,0x08,0x5d,0xc3,0x68,0x65,0x6c,0x6c,0x6f,0x77,0x6f,0x72,0x6c,0x64,0x00,0xc4,0xe3,0xba,0xc3,0xd6,0xd0,0xb9,0xfa,0xa3,0xba,0xa1,0xb7,0x00,0x67,0x6c,0x6f,0x62,0x61,0x6c,0x53,0x74,0x72,0x3a,0x20,0x25,0x73,0x0a,0x00,0x55,0x8b,0xec,0x56,0xe8,0x21, 47 | 0x00,0x00,0x00,0xff,0x75,0x0c,0x8b,0xf0,0xe8,0x6f,0xfb,0xff,0xff,0x59,0x8b,0x08,0x51,0xff,0x75,0x08,0xe8,0xb2,0xff,0xff,0xff,0x59,0x50,0xff,0xd6,0x59,0x59,0x5e,0x5d,0xc2,0x08,0x00,0x55,0x8b,0xec,0x83,0xec,0x10,0x8d,0x4d,0xfc,0xe8,0x0e,0xf9,0xff,0xff,0x53,0x56,0x57,0x8b,0x45,0xfc,0x83,0x78,0x18,0x00,0x74,0x6c,0x66,0x83,0x78,0x24,0x00,0x74,0x65,0xff,0x70,0x18,0x8d,0x4d,0xf0,0xe8,0x17,0xf9,0xff,0xff, 48 | 0x8d,0x4d,0xf0,0xe8,0x48,0xf9,0xff,0xff,0x84,0xc0,0x74,0x4e,0x8d,0x4d,0xf0,0xe8,0x45,0xf9,0xff,0xff,0x8b,0xf0,0x85,0xf6,0x74,0x40,0x68,0xfb,0x12,0x35,0xf8,0x68,0xa4,0x74,0x3c,0x58,0xe8,0x37,0xf9,0xff,0xff,0x68,0xfb,0x12,0x35,0xf8,0x68,0xa4,0x74,0x3c,0x58,0x8b,0xf8,0xe8,0x2e,0xf9,0xff,0xff,0x83,0xc4,0x10,0x8b,0xd8,0x57,0x4e,0x8d,0x4d,0xf0,0x56,0xe8,0x26,0xf9,0xff,0xff,0x50,0xe8,0x3a,0xf9,0xff,0xff, 49 | 0x59,0x59,0x3b,0xc3,0x74,0x1b,0x85,0xf6,0x75,0xe5,0x8d,0x4d,0xfc,0xe8,0x7a,0xf9,0xff,0xff,0x84,0xc0,0x0f,0x85,0x7b,0xff,0xff,0xff,0x33,0xc0,0x5f,0x5e,0x5b,0xc9,0xc3,0x56,0x8d,0x4d,0xf0,0xe8,0x75,0xf9,0xff,0xff,0xeb,0xf0,0x55,0x8b,0xec,0x56,0xe8,0x21,0x00,0x00,0x00,0xff,0x75,0x0c,0x8b,0xf0,0xe8,0x9d,0xfa,0xff,0xff,0x59,0x8b,0x08,0x51,0xff,0x75,0x08,0xe8,0xe0,0xfe,0xff,0xff,0x59,0x50,0xff,0xd6,0x59, 50 | 0x59,0x5e,0x5d,0xc2,0x08,0x00,0x55,0x8b,0xec,0x83,0xec,0x10,0x8d,0x4d,0xfc,0xe8,0x3c,0xf8,0xff,0xff,0x53,0x56,0x57,0x8b,0x45,0xfc,0x83,0x78,0x18,0x00,0x74,0x6c,0x66,0x83,0x78,0x24,0x00,0x74,0x65,0xff,0x70,0x18,0x8d,0x4d,0xf0,0xe8,0x45,0xf8,0xff,0xff,0x8d,0x4d,0xf0,0xe8,0x76,0xf8,0xff,0xff,0x84,0xc0,0x74,0x4e,0x8d,0x4d,0xf0,0xe8,0x73,0xf8,0xff,0xff,0x8b,0xf0,0x85,0xf6,0x74,0x40,0x68,0xad,0x96,0x3c, 51 | 0x77,0x68,0x52,0x3b,0xf7,0x69,0xe8,0x65,0xf8,0xff,0xff,0x68,0xad,0x96,0x3c,0x77,0x68,0x52,0x3b,0xf7,0x69,0x8b,0xf8,0xe8,0x5c,0xf8,0xff,0xff,0x83,0xc4,0x10,0x8b,0xd8,0x57,0x4e,0x8d,0x4d,0xf0,0x56,0xe8,0x54,0xf8,0xff,0xff,0x50,0xe8,0x68,0xf8,0xff,0xff,0x59,0x59,0x3b,0xc3,0x74,0x1b,0x85,0xf6,0x75,0xe5,0x8d,0x4d,0xfc,0xe8,0xa8,0xf8,0xff,0xff,0x84,0xc0,0x0f,0x85,0x7b,0xff,0xff,0xff,0x33,0xc0,0x5f,0x5e, 52 | 0x5b,0xc9,0xc3,0x56,0x8d,0x4d,0xf0,0xe8,0xa3,0xf8,0xff,0xff,0xeb,0xf0,0x55,0x8b,0xec,0x83,0xec,0x0c,0x83,0x65,0xf4,0x00,0x8d,0x45,0xf8,0x50,0x68,0xd7,0x0a,0x00,0x00,0x68,0xef,0x0a,0x00,0x00,0x8d,0x45,0xf4,0xc7,0x45,0xf8,0x00,0x00,0x04,0x00,0x50,0x8d,0x4d,0xff,0xe8,0x41,0x00,0x00,0x00,0xc9,0xc3,0x44,0x69,0x73,0x70,0x6c,0x61,0x79,0x20,0x66,0x72,0x6f,0x6d,0x20,0x73,0x68,0x65,0x6c,0x6c,0x63,0x6f,0x64, 53 | 0x65,0x21,0x00,0x53,0x68,0x65,0x6c,0x6c,0x63,0x6f,0x64,0x65,0x20,0x46,0x75,0x6e,0x63,0x74,0x69,0x6f,0x6e,0x20,0x43,0x61,0x6c,0x6c,0x20,0x45,0x78,0x74,0x65,0x72,0x6e,0x20,0x45,0x78,0x61,0x6d,0x70,0x6c,0x65,0x00,0x55,0x8b,0xec,0x53,0x56,0x57,0xe8,0x37,0x00,0x00,0x00,0xff,0x75,0x14,0x8b,0xd8,0xe8,0x9f,0xfc,0xff,0xff,0xff,0x75,0x08,0x8b,0x30,0xe8,0x9d,0xfc,0xff,0xff,0x59,0x59,0x56,0xff,0x75,0x10,0x8b, 54 | 0x38,0xe8,0xbe,0x00,0x00,0x00,0x59,0x50,0xff,0x75,0x0c,0xe8,0xbc,0x00,0x00,0x00,0x59,0x50,0x57,0xff,0xd3,0x5f,0x5e,0x5b,0x5d,0xc2,0x10,0x00,0x55,0x8b,0xec,0x83,0xec,0x10,0x8d,0x4d,0xfc,0xe8,0xe6,0xf6,0xff,0xff,0x53,0x56,0x57,0x8b,0x45,0xfc,0x83,0x78,0x18,0x00,0x74,0x6c,0x66,0x83,0x78,0x24,0x00,0x74,0x65,0xff,0x70,0x18,0x8d,0x4d,0xf0,0xe8,0xef,0xf6,0xff,0xff,0x8d,0x4d,0xf0,0xe8,0x20,0xf7,0xff,0xff, 55 | 0x84,0xc0,0x74,0x4e,0x8d,0x4d,0xf0,0xe8,0x1d,0xf7,0xff,0xff,0x8b,0xf0,0x85,0xf6,0x74,0x40,0x68,0x3d,0xc7,0xfa,0xe4,0x68,0x3c,0x11,0xf0,0x5b,0xe8,0x0f,0xf7,0xff,0xff,0x68,0x3d,0xc7,0xfa,0xe4,0x68,0x3c,0x11,0xf0,0x5b,0x8b,0xf8,0xe8,0x06,0xf7,0xff,0xff,0x83,0xc4,0x10,0x8b,0xd8,0x57,0x4e,0x8d,0x4d,0xf0,0x56,0xe8,0xfe,0xf6,0xff,0xff,0x50,0xe8,0x12,0xf7,0xff,0xff,0x59,0x59,0x3b,0xc3,0x74,0x1b,0x85,0xf6, 56 | 0x75,0xe5,0x8d,0x4d,0xfc,0xe8,0x52,0xf7,0xff,0xff,0x84,0xc0,0x0f,0x85,0x7b,0xff,0xff,0xff,0x33,0xc0,0x5f,0x5e,0x5b,0xc9,0xc3,0x56,0x8d,0x4d,0xf0,0xe8,0x4d,0xf7,0xff,0xff,0xeb,0xf0,0x55,0x8b,0xec,0x8b,0x45,0x08,0x5d,0xc3,0x55,0x8b,0xec,0x8b,0x45,0x08,0x5d,0xc3,0x55,0x8b,0xec,0x51,0x51,0xa1,0x0c,0x00,0x00,0x00,0x8d,0x4d,0xff,0x89,0x45,0xf8,0x40,0xa3,0x0c,0x00,0x00,0x00,0x8d,0x45,0xf8,0x50,0x68,0x36, 57 | 0x0c,0x00,0x00,0xe8,0x14,0x00,0x00,0x00,0xc9,0xc3,0x73,0x74,0x61,0x74,0x69,0x63,0x20,0x76,0x61,0x6c,0x75,0x65,0x3a,0x20,0x25,0x64,0x0a,0x00,0x55,0x8b,0xec,0x56,0xe8,0x21,0x00,0x00,0x00,0xff,0x75,0x0c,0x8b,0xf0,0xe8,0x1e,0xf7,0xff,0xff,0x59,0x8b,0x08,0x51,0xff,0x75,0x08,0xe8,0xb3,0x00,0x00,0x00,0x59,0x50,0xff,0xd6,0x59,0x59,0x5e,0x5d,0xc2,0x08,0x00,0x55,0x8b,0xec,0x83,0xec,0x10,0x8d,0x4d,0xfc,0xe8, 58 | 0xcc,0xf5,0xff,0xff,0x53,0x56,0x57,0x8b,0x45,0xfc,0x83,0x78,0x18,0x00,0x74,0x6c,0x66,0x83,0x78,0x24,0x00,0x74,0x65,0xff,0x70,0x18,0x8d,0x4d,0xf0,0xe8,0xd5,0xf5,0xff,0xff,0x8d,0x4d,0xf0,0xe8,0x06,0xf6,0xff,0xff,0x84,0xc0,0x74,0x4e,0x8d,0x4d,0xf0,0xe8,0x03,0xf6,0xff,0xff,0x8b,0xf0,0x85,0xf6,0x74,0x40,0x68,0xb9,0x1e,0x31,0x71,0x68,0x16,0x41,0x50,0xcb,0xe8,0xf5,0xf5,0xff,0xff,0x68,0xb9,0x1e,0x31,0x71, 59 | 0x68,0x16,0x41,0x50,0xcb,0x8b,0xf8,0xe8,0xec,0xf5,0xff,0xff,0x83,0xc4,0x10,0x8b,0xd8,0x57,0x4e,0x8d,0x4d,0xf0,0x56,0xe8,0xe4,0xf5,0xff,0xff,0x50,0xe8,0xf8,0xf5,0xff,0xff,0x59,0x59,0x3b,0xc3,0x74,0x1b,0x85,0xf6,0x75,0xe5,0x8d,0x4d,0xfc,0xe8,0x38,0xf6,0xff,0xff,0x84,0xc0,0x0f,0x85,0x7b,0xff,0xff,0xff,0x33,0xc0,0x5f,0x5e,0x5b,0xc9,0xc3,0x56,0x8d,0x4d,0xf0,0xe8,0x33,0xf6,0xff,0xff,0xeb,0xf0,0x55,0x8b, 60 | 0xec,0x8b,0x45,0x08,0x5d,0xc3,0x6c,0x61,0x6d,0x62,0x64,0x61,0x20,0x74,0x65,0x73,0x74,0x00,0x55,0x8b,0xec,0x51,0x8d,0x45,0x08,0x50,0x68,0x47,0x0d,0x00,0x00,0x8d,0x4d,0xff,0xe8,0x14,0x00,0x00,0x00,0xc9,0xc2,0x04,0x00,0x6c,0x61,0x6d,0x62,0x64,0x61,0x20,0x73,0x74,0x72,0x3a,0x20,0x25,0x73,0x0a,0x00,0x55,0x8b,0xec,0x56,0xe8,0x21,0x00,0x00,0x00,0xff,0x75,0x0c,0x8b,0xf0,0xe8,0x1e,0xf7,0xff,0xff,0x59,0x8b, 61 | 0x08,0x51,0xff,0x75,0x08,0xe8,0xb3,0x00,0x00,0x00,0x59,0x50,0xff,0xd6,0x59,0x59,0x5e,0x5d,0xc2,0x08,0x00,0x55,0x8b,0xec,0x83,0xec,0x10,0x8d,0x4d,0xfc,0xe8,0xbd,0xf4,0xff,0xff,0x53,0x56,0x57,0x8b,0x45,0xfc,0x83,0x78,0x18,0x00,0x74,0x6c,0x66,0x83,0x78,0x24,0x00,0x74,0x65,0xff,0x70,0x18,0x8d,0x4d,0xf0,0xe8,0xc6,0xf4,0xff,0xff,0x8d,0x4d,0xf0,0xe8,0xf7,0xf4,0xff,0xff,0x84,0xc0,0x74,0x4e,0x8d,0x4d,0xf0, 62 | 0xe8,0xf4,0xf4,0xff,0xff,0x8b,0xf0,0x85,0xf6,0x74,0x40,0x68,0x09,0xce,0x71,0x80,0x68,0x46,0x31,0xac,0xe2,0xe8,0xe6,0xf4,0xff,0xff,0x68,0x09,0xce,0x71,0x80,0x68,0x46,0x31,0xac,0xe2,0x8b,0xf8,0xe8,0xdd,0xf4,0xff,0xff,0x83,0xc4,0x10,0x8b,0xd8,0x57,0x4e,0x8d,0x4d,0xf0,0x56,0xe8,0xd5,0xf4,0xff,0xff,0x50,0xe8,0xe9,0xf4,0xff,0xff,0x59,0x59,0x3b,0xc3,0x74,0x1b,0x85,0xf6,0x75,0xe5,0x8d,0x4d,0xfc,0xe8,0x29, 63 | 0xf5,0xff,0xff,0x84,0xc0,0x0f,0x85,0x7b,0xff,0xff,0xff,0x33,0xc0,0x5f,0x5e,0x5b,0xc9,0xc3,0x56,0x8d,0x4d,0xf0,0xe8,0x24,0xf5,0xff,0xff,0xeb,0xf0,0x55,0x8b,0xec,0x8b,0x45,0x08,0x5d,0xc3,0x56,0x57,0xe8,0x5b,0x00,0x00,0x00,0x8b,0xf0,0x80,0x3e,0xde,0x75,0x12,0x80,0x7e,0x01,0xc0,0x75,0x0c,0x80,0x7e,0x02,0xad,0x75,0x06,0x80,0x7e,0x03,0xde,0x74,0x03,0x4e,0xeb,0xe6,0xe8,0x3a,0x00,0x00,0x00,0x80,0x38,0xde, 64 | 0x75,0x12,0x80,0x78,0x01,0xc0,0x75,0x0c,0x80,0x78,0x02,0xad,0x75,0x06,0x80,0x78,0x03,0xde,0x74,0x03,0x40,0xeb,0xe6,0x8b,0x50,0x04,0x8d,0x78,0x08,0x85,0xd2,0x74,0x11,0x8b,0x0f,0x8d,0x46,0x04,0x8d,0x7f,0x04,0x01,0x44,0x31,0x04,0x83,0xea,0x01,0x75,0xef,0x5f,0x33,0xc0,0x5e,0xc3,0xe8,0x00,0x00,0x00,0x00,0x58,0xc3,0xde,0xc0,0xad,0xde,0x13,0x00,0x00,0x00,0x1a,0x00,0x00,0x00,0x27,0x00,0x00,0x00,0x4b,0x00, 65 | 0x00,0x00,0x51,0x00,0x00,0x00,0x6a,0x00,0x00,0x00,0x89,0x00,0x00,0x00,0x8e,0x00,0x00,0x00,0xe2,0x07,0x00,0x00,0xe6,0x07,0x00,0x00,0x9b,0x00,0x00,0x00,0xa0,0x00,0x00,0x00,0xae,0x00,0x00,0x00,0xb9,0x0a,0x00,0x00,0xbe,0x0a,0x00,0x00,0x16,0x0c,0x00,0x00,0x22,0x0c,0x00,0x00,0x2b,0x0c,0x00,0x00,0xce,0x00,0x00,0x00,0x37,0x0d,0x00,0x00, }; 66 | 67 | }; 68 | 69 | -------------------------------------------------------------------------------- /obj-shellcode/include/span.hpp: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | This is an implementation of C++20's std::span 4 | http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/n4820.pdf 5 | */ 6 | 7 | // Copyright Tristan Brindle 2018. 8 | // Distributed under the Boost Software License, Version 1.0. 9 | // (See accompanying file ../../LICENSE_1_0.txt or copy at 10 | // https://www.boost.org/LICENSE_1_0.txt) 11 | 12 | #ifndef TCB_SPAN_HPP_INCLUDED 13 | #define TCB_SPAN_HPP_INCLUDED 14 | 15 | #include 16 | #include 17 | #include 18 | #include 19 | 20 | #ifndef TCB_SPAN_NO_EXCEPTIONS 21 | // Attempt to discover whether we're being compiled with exception support 22 | #if !(defined(__cpp_exceptions) || defined(__EXCEPTIONS) || defined(_CPPUNWIND)) 23 | #define TCB_SPAN_NO_EXCEPTIONS 24 | #endif 25 | #endif 26 | 27 | #ifndef TCB_SPAN_NO_EXCEPTIONS 28 | #include 29 | #include 30 | #endif 31 | 32 | // Various feature test macros 33 | 34 | #ifndef TCB_SPAN_NAMESPACE_NAME 35 | #define TCB_SPAN_NAMESPACE_NAME tcb 36 | #endif 37 | 38 | #if __cplusplus >= 201703L || (defined(_MSVC_LANG) && _MSVC_LANG >= 201703L) 39 | #define TCB_SPAN_HAVE_CPP17 40 | #endif 41 | 42 | #if __cplusplus >= 201402L || (defined(_MSVC_LANG) && _MSVC_LANG >= 201402L) 43 | #define TCB_SPAN_HAVE_CPP14 44 | #endif 45 | 46 | namespace TCB_SPAN_NAMESPACE_NAME { 47 | 48 | // Establish default contract checking behavior 49 | #if !defined(TCB_SPAN_THROW_ON_CONTRACT_VIOLATION) && \ 50 | !defined(TCB_SPAN_TERMINATE_ON_CONTRACT_VIOLATION) && \ 51 | !defined(TCB_SPAN_NO_CONTRACT_CHECKING) 52 | #if defined(NDEBUG) || !defined(TCB_SPAN_HAVE_CPP14) 53 | #define TCB_SPAN_NO_CONTRACT_CHECKING 54 | #else 55 | #define TCB_SPAN_TERMINATE_ON_CONTRACT_VIOLATION 56 | #endif 57 | #endif 58 | 59 | #if defined(TCB_SPAN_THROW_ON_CONTRACT_VIOLATION) 60 | struct contract_violation_error : std::logic_error { 61 | explicit contract_violation_error(const char* msg) : std::logic_error(msg) 62 | {} 63 | }; 64 | 65 | inline void contract_violation(const char* msg) 66 | { 67 | throw contract_violation_error(msg); 68 | } 69 | 70 | #elif defined(TCB_SPAN_TERMINATE_ON_CONTRACT_VIOLATION) 71 | [[noreturn]] inline void contract_violation(const char* /*unused*/) 72 | { 73 | std::terminate(); 74 | } 75 | #endif 76 | 77 | #if !defined(TCB_SPAN_NO_CONTRACT_CHECKING) 78 | #define TCB_SPAN_STRINGIFY(cond) #cond 79 | #define TCB_SPAN_EXPECT(cond) \ 80 | cond ? (void) 0 : contract_violation("Expected " TCB_SPAN_STRINGIFY(cond)) 81 | #else 82 | #define TCB_SPAN_EXPECT(cond) 83 | #endif 84 | 85 | #if defined(TCB_SPAN_HAVE_CPP17) || defined(__cpp_inline_variables) 86 | #define TCB_SPAN_INLINE_VAR inline 87 | #else 88 | #define TCB_SPAN_INLINE_VAR 89 | #endif 90 | 91 | #if defined(TCB_SPAN_HAVE_CPP14) || \ 92 | (defined(__cpp_constexpr) && __cpp_constexpr >= 201304) 93 | #define TCB_SPAN_HAVE_CPP14_CONSTEXPR 94 | #endif 95 | 96 | #if defined(TCB_SPAN_HAVE_CPP14_CONSTEXPR) 97 | #define TCB_SPAN_CONSTEXPR14 constexpr 98 | #else 99 | #define TCB_SPAN_CONSTEXPR14 100 | #endif 101 | 102 | #if defined(TCB_SPAN_HAVE_CPP14_CONSTEXPR) && \ 103 | (!defined(_MSC_VER) || _MSC_VER > 1900) 104 | #define TCB_SPAN_CONSTEXPR_ASSIGN constexpr 105 | #else 106 | #define TCB_SPAN_CONSTEXPR_ASSIGN 107 | #endif 108 | 109 | #if defined(TCB_SPAN_NO_CONTRACT_CHECKING) 110 | #define TCB_SPAN_CONSTEXPR11 constexpr 111 | #else 112 | #define TCB_SPAN_CONSTEXPR11 TCB_SPAN_CONSTEXPR14 113 | #endif 114 | 115 | #if defined(TCB_SPAN_HAVE_CPP17) || defined(__cpp_deduction_guides) 116 | #define TCB_SPAN_HAVE_DEDUCTION_GUIDES 117 | #endif 118 | 119 | #if defined(TCB_SPAN_HAVE_CPP17) || defined(__cpp_lib_byte) 120 | #define TCB_SPAN_HAVE_STD_BYTE 121 | #endif 122 | 123 | #if defined(TCB_SPAN_HAVE_CPP17) || defined(__cpp_lib_array_constexpr) 124 | #define TCB_SPAN_HAVE_CONSTEXPR_STD_ARRAY_ETC 125 | #endif 126 | 127 | #if defined(TCB_SPAN_HAVE_CONSTEXPR_STD_ARRAY_ETC) 128 | #define TCB_SPAN_ARRAY_CONSTEXPR constexpr 129 | #else 130 | #define TCB_SPAN_ARRAY_CONSTEXPR 131 | #endif 132 | 133 | #ifdef TCB_SPAN_HAVE_STD_BYTE 134 | using byte = std::byte; 135 | #else 136 | using byte = unsigned char; 137 | #endif 138 | 139 | #if defined(TCB_SPAN_HAVE_CPP17) 140 | #define TCB_SPAN_NODISCARD [[nodiscard]] 141 | #else 142 | #define TCB_SPAN_NODISCARD 143 | #endif 144 | 145 | TCB_SPAN_INLINE_VAR constexpr std::size_t dynamic_extent = SIZE_MAX; 146 | 147 | template 148 | class span; 149 | 150 | namespace detail { 151 | 152 | template 153 | struct span_storage { 154 | constexpr span_storage() noexcept = default; 155 | 156 | constexpr span_storage(E* p_ptr, std::size_t /*unused*/) noexcept 157 | : ptr(p_ptr) 158 | {} 159 | 160 | E* ptr = nullptr; 161 | static constexpr std::size_t size = S; 162 | }; 163 | 164 | template 165 | struct span_storage { 166 | constexpr span_storage() noexcept = default; 167 | 168 | constexpr span_storage(E* p_ptr, std::size_t p_size) noexcept 169 | : ptr(p_ptr), size(p_size) 170 | {} 171 | 172 | E* ptr = nullptr; 173 | std::size_t size = 0; 174 | }; 175 | 176 | // Reimplementation of C++17 std::size() and std::data() 177 | #if defined(TCB_SPAN_HAVE_CPP17) || \ 178 | defined(__cpp_lib_nonmember_container_access) 179 | using std::data; 180 | using std::size; 181 | #else 182 | template 183 | constexpr auto size(const C& c) -> decltype(c.size()) 184 | { 185 | return c.size(); 186 | } 187 | 188 | template 189 | constexpr std::size_t size(const T (&)[N]) noexcept 190 | { 191 | return N; 192 | } 193 | 194 | template 195 | constexpr auto data(C& c) -> decltype(c.data()) 196 | { 197 | return c.data(); 198 | } 199 | 200 | template 201 | constexpr auto data(const C& c) -> decltype(c.data()) 202 | { 203 | return c.data(); 204 | } 205 | 206 | template 207 | constexpr T* data(T (&array)[N]) noexcept 208 | { 209 | return array; 210 | } 211 | 212 | template 213 | constexpr const E* data(std::initializer_list il) noexcept 214 | { 215 | return il.begin(); 216 | } 217 | #endif // TCB_SPAN_HAVE_CPP17 218 | 219 | #if defined(TCB_SPAN_HAVE_CPP17) || defined(__cpp_lib_void_t) 220 | using std::void_t; 221 | #else 222 | template 223 | using void_t = void; 224 | #endif 225 | 226 | template 227 | using uncvref_t = 228 | typename std::remove_cv::type>::type; 229 | 230 | template 231 | struct is_span : std::false_type {}; 232 | 233 | template 234 | struct is_span> : std::true_type {}; 235 | 236 | template 237 | struct is_std_array : std::false_type {}; 238 | 239 | template 240 | struct is_std_array> : std::true_type {}; 241 | 242 | template 243 | struct has_size_and_data : std::false_type {}; 244 | 245 | template 246 | struct has_size_and_data())), 247 | decltype(detail::data(std::declval()))>> 248 | : std::true_type {}; 249 | 250 | template > 251 | struct is_container { 252 | static constexpr bool value = 253 | !is_span::value && !is_std_array::value && 254 | !std::is_array::value && has_size_and_data::value; 255 | }; 256 | 257 | template 258 | using remove_pointer_t = typename std::remove_pointer::type; 259 | 260 | template 261 | struct is_container_element_type_compatible : std::false_type {}; 262 | 263 | template 264 | struct is_container_element_type_compatible< 265 | T, E, 266 | typename std::enable_if< 267 | !std::is_same< 268 | typename std::remove_cv()))>::type, 269 | void>::value && 270 | std::is_convertible< 271 | remove_pointer_t()))> (*)[], 272 | E (*)[]>::value 273 | >::type> 274 | : std::true_type {}; 275 | 276 | template 277 | struct is_complete : std::false_type {}; 278 | 279 | template 280 | struct is_complete : std::true_type {}; 281 | 282 | } // namespace detail 283 | 284 | template 285 | class span { 286 | static_assert(std::is_object::value, 287 | "A span's ElementType must be an object type (not a " 288 | "reference type or void)"); 289 | static_assert(detail::is_complete::value, 290 | "A span's ElementType must be a complete type (not a forward " 291 | "declaration)"); 292 | static_assert(!std::is_abstract::value, 293 | "A span's ElementType cannot be an abstract class type"); 294 | 295 | using storage_type = detail::span_storage; 296 | 297 | public: 298 | // constants and types 299 | using element_type = ElementType; 300 | using value_type = typename std::remove_cv::type; 301 | using size_type = std::size_t; 302 | using difference_type = std::ptrdiff_t; 303 | using pointer = element_type*; 304 | using const_pointer = const element_type*; 305 | using reference = element_type&; 306 | using const_reference = const element_type&; 307 | using iterator = pointer; 308 | using reverse_iterator = std::reverse_iterator; 309 | 310 | static constexpr size_type extent = Extent; 311 | 312 | // [span.cons], span constructors, copy, assignment, and destructor 313 | template < 314 | std::size_t E = Extent, 315 | typename std::enable_if<(E == dynamic_extent || E <= 0), int>::type = 0> 316 | constexpr span() noexcept 317 | {} 318 | 319 | TCB_SPAN_CONSTEXPR11 span(pointer ptr, size_type count) 320 | : storage_(ptr, count) 321 | { 322 | TCB_SPAN_EXPECT(extent == dynamic_extent || count == extent); 323 | } 324 | 325 | TCB_SPAN_CONSTEXPR11 span(pointer first_elem, pointer last_elem) 326 | : storage_(first_elem, last_elem - first_elem) 327 | { 328 | TCB_SPAN_EXPECT(extent == dynamic_extent || 329 | last_elem - first_elem == 330 | static_cast(extent)); 331 | } 332 | 333 | template ::value, 338 | int>::type = 0> 339 | constexpr span(element_type (&arr)[N]) noexcept : storage_(arr, N) 340 | {} 341 | 342 | template &, ElementType>::value, 347 | int>::type = 0> 348 | TCB_SPAN_ARRAY_CONSTEXPR span(std::array& arr) noexcept 349 | : storage_(arr.data(), N) 350 | {} 351 | 352 | template &, ElementType>::value, 357 | int>::type = 0> 358 | TCB_SPAN_ARRAY_CONSTEXPR span(const std::array& arr) noexcept 359 | : storage_(arr.data(), N) 360 | {} 361 | 362 | template < 363 | typename Container, std::size_t E = Extent, 364 | typename std::enable_if< 365 | E == dynamic_extent && detail::is_container::value && 366 | detail::is_container_element_type_compatible< 367 | Container&, ElementType>::value, 368 | int>::type = 0> 369 | constexpr span(Container& cont) 370 | : storage_(detail::data(cont), detail::size(cont)) 371 | {} 372 | 373 | template < 374 | typename Container, std::size_t E = Extent, 375 | typename std::enable_if< 376 | E == dynamic_extent && detail::is_container::value && 377 | detail::is_container_element_type_compatible< 378 | const Container&, ElementType>::value, 379 | int>::type = 0> 380 | constexpr span(const Container& cont) 381 | : storage_(detail::data(cont), detail::size(cont)) 382 | {} 383 | 384 | constexpr span(const span& other) noexcept = default; 385 | 386 | template ::value, 391 | int>::type = 0> 392 | constexpr span(const span& other) noexcept 393 | : storage_(other.data(), other.size()) 394 | {} 395 | 396 | ~span() noexcept = default; 397 | 398 | TCB_SPAN_CONSTEXPR_ASSIGN span& 399 | operator=(const span& other) noexcept = default; 400 | 401 | // [span.sub], span subviews 402 | template 403 | TCB_SPAN_CONSTEXPR11 span first() const 404 | { 405 | TCB_SPAN_EXPECT(Count <= size()); 406 | return {data(), Count}; 407 | } 408 | 409 | template 410 | TCB_SPAN_CONSTEXPR11 span last() const 411 | { 412 | TCB_SPAN_EXPECT(Count <= size()); 413 | return {data() + (size() - Count), Count}; 414 | } 415 | 416 | template 417 | using subspan_return_t = 418 | span; 422 | 423 | template 424 | TCB_SPAN_CONSTEXPR11 subspan_return_t subspan() const 425 | { 426 | TCB_SPAN_EXPECT(Offset <= size() && 427 | (Count == dynamic_extent || Offset + Count <= size())); 428 | return {data() + Offset, 429 | Count != dynamic_extent ? Count : size() - Offset}; 430 | } 431 | 432 | TCB_SPAN_CONSTEXPR11 span 433 | first(size_type count) const 434 | { 435 | TCB_SPAN_EXPECT(count <= size()); 436 | return {data(), count}; 437 | } 438 | 439 | TCB_SPAN_CONSTEXPR11 span 440 | last(size_type count) const 441 | { 442 | TCB_SPAN_EXPECT(count <= size()); 443 | return {data() + (size() - count), count}; 444 | } 445 | 446 | TCB_SPAN_CONSTEXPR11 span 447 | subspan(size_type offset, size_type count = dynamic_extent) const 448 | { 449 | TCB_SPAN_EXPECT(offset <= size() && 450 | (count == dynamic_extent || offset + count <= size())); 451 | return {data() + offset, 452 | count == dynamic_extent ? size() - offset : count}; 453 | } 454 | 455 | // [span.obs], span observers 456 | constexpr size_type size() const noexcept { return storage_.size; } 457 | 458 | constexpr size_type size_bytes() const noexcept 459 | { 460 | return size() * sizeof(element_type); 461 | } 462 | 463 | TCB_SPAN_NODISCARD constexpr bool empty() const noexcept 464 | { 465 | return size() == 0; 466 | } 467 | 468 | // [span.elem], span element access 469 | TCB_SPAN_CONSTEXPR11 reference operator[](size_type idx) const 470 | { 471 | TCB_SPAN_EXPECT(idx < size()); 472 | return *(data() + idx); 473 | } 474 | 475 | TCB_SPAN_CONSTEXPR11 reference front() const 476 | { 477 | TCB_SPAN_EXPECT(!empty()); 478 | return *data(); 479 | } 480 | 481 | TCB_SPAN_CONSTEXPR11 reference back() const 482 | { 483 | TCB_SPAN_EXPECT(!empty()); 484 | return *(data() + (size() - 1)); 485 | } 486 | 487 | constexpr pointer data() const noexcept { return storage_.ptr; } 488 | 489 | // [span.iterators], span iterator support 490 | constexpr iterator begin() const noexcept { return data(); } 491 | 492 | constexpr iterator end() const noexcept { return data() + size(); } 493 | 494 | TCB_SPAN_ARRAY_CONSTEXPR reverse_iterator rbegin() const noexcept 495 | { 496 | return reverse_iterator(end()); 497 | } 498 | 499 | TCB_SPAN_ARRAY_CONSTEXPR reverse_iterator rend() const noexcept 500 | { 501 | return reverse_iterator(begin()); 502 | } 503 | 504 | private: 505 | storage_type storage_{}; 506 | }; 507 | 508 | #ifdef TCB_SPAN_HAVE_DEDUCTION_GUIDES 509 | 510 | /* Deduction Guides */ 511 | template 512 | span(T (&)[N])->span; 513 | 514 | template 515 | span(std::array&)->span; 516 | 517 | template 518 | span(const std::array&)->span; 519 | 520 | template 521 | span(Container&)->span; 522 | 523 | template 524 | span(const Container&)->span; 525 | 526 | #endif // TCB_HAVE_DEDUCTION_GUIDES 527 | 528 | template 529 | constexpr span 530 | make_span(span s) noexcept 531 | { 532 | return s; 533 | } 534 | 535 | template 536 | constexpr span make_span(T (&arr)[N]) noexcept 537 | { 538 | return {arr}; 539 | } 540 | 541 | template 542 | TCB_SPAN_ARRAY_CONSTEXPR span make_span(std::array& arr) noexcept 543 | { 544 | return {arr}; 545 | } 546 | 547 | template 548 | TCB_SPAN_ARRAY_CONSTEXPR span 549 | make_span(const std::array& arr) noexcept 550 | { 551 | return {arr}; 552 | } 553 | 554 | template 555 | constexpr span make_span(Container& cont) 556 | { 557 | return {cont}; 558 | } 559 | 560 | template 561 | constexpr span 562 | make_span(const Container& cont) 563 | { 564 | return {cont}; 565 | } 566 | 567 | template 568 | span 570 | as_bytes(span s) noexcept 571 | { 572 | return {reinterpret_cast(s.data()), s.size_bytes()}; 573 | } 574 | 575 | template < 576 | class ElementType, size_t Extent, 577 | typename std::enable_if::value, int>::type = 0> 578 | span 580 | as_writable_bytes(span s) noexcept 581 | { 582 | return {reinterpret_cast(s.data()), s.size_bytes()}; 583 | } 584 | 585 | template 586 | constexpr auto get(span s) -> decltype(s[N]) 587 | { 588 | return s[N]; 589 | } 590 | 591 | } // namespace TCB_SPAN_NAMESPACE_NAME 592 | 593 | namespace std { 594 | 595 | template 596 | class tuple_size> 597 | : public integral_constant {}; 598 | 599 | template 600 | class tuple_size>; // not defined 602 | 603 | template 604 | class tuple_element> { 605 | public: 606 | static_assert(Extent != TCB_SPAN_NAMESPACE_NAME::dynamic_extent && 607 | I < Extent, 608 | ""); 609 | using type = ElementType; 610 | }; 611 | 612 | } // end namespace std 613 | 614 | #endif // TCB_SPAN_HPP_INCLUDED 615 | -------------------------------------------------------------------------------- /payload/lazy_importer.hpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2018-2022 Justas Masiulis 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | // === FAQ === documentation is available at https://github.com/JustasMasiulis/lazy_importer 18 | // * Code doesn't compile with errors about pointer conversion: 19 | // - Try using `nullptr` instead of `NULL` or call `get()` instead of using the overloaded operator() 20 | // * Lazy importer can't find the function I want: 21 | // - Double check that the module in which it's located in is actually loaded 22 | // - Try #define LAZY_IMPORTER_CASE_INSENSITIVE 23 | // This will start using case insensitive comparison globally 24 | // - Try #define LAZY_IMPORTER_RESOLVE_FORWARDED_EXPORTS 25 | // This will enable forwarded export resolution globally instead of needing explicit `forwarded()` calls 26 | 27 | #ifndef LAZY_IMPORTER_HPP 28 | #define LAZY_IMPORTER_HPP 29 | 30 | 31 | #define LI_FN(name) ::li::detail::lazy_function() 32 | 33 | #define LI_FN_DEF(name) ::li::detail::lazy_function() 34 | 35 | #define LI_MODULE(name) ::li::detail::lazy_module() 36 | 37 | #ifndef LAZY_IMPORTER_CPP_FORWARD 38 | #ifdef LAZY_IMPORTER_NO_CPP_FORWARD 39 | #define LAZY_IMPORTER_CPP_FORWARD(t, v) v 40 | #else 41 | #include 42 | #define LAZY_IMPORTER_CPP_FORWARD(t, v) std::forward( v ) 43 | #endif 44 | #endif 45 | 46 | #include 47 | 48 | #ifndef LAZY_IMPORTER_NO_FORCEINLINE 49 | #if defined(_MSC_VER) 50 | #define LAZY_IMPORTER_FORCEINLINE __forceinline 51 | #elif defined(__GNUC__) && __GNUC__ > 3 52 | #define LAZY_IMPORTER_FORCEINLINE inline __attribute__((__always_inline__)) 53 | #else 54 | #define LAZY_IMPORTER_FORCEINLINE inline 55 | #endif 56 | #else 57 | #define LAZY_IMPORTER_FORCEINLINE inline 58 | #endif 59 | 60 | 61 | #ifdef LAZY_IMPORTER_CASE_INSENSITIVE 62 | #define LAZY_IMPORTER_CASE_SENSITIVITY false 63 | #else 64 | #define LAZY_IMPORTER_CASE_SENSITIVITY true 65 | #endif 66 | 67 | #define LAZY_IMPORTER_STRINGIZE(x) #x 68 | #define LAZY_IMPORTER_STRINGIZE_EXPAND(x) LAZY_IMPORTER_STRINGIZE(x) 69 | 70 | #define LAZY_IMPORTER_KHASH(str) ::li::detail::khash(str, \ 71 | ::li::detail::khash_impl( __TIME__ __DATE__ LAZY_IMPORTER_STRINGIZE_EXPAND(__LINE__) LAZY_IMPORTER_STRINGIZE_EXPAND(__COUNTER__), 2166136261 )) 72 | 73 | namespace li { namespace detail { 74 | 75 | namespace win { 76 | 77 | struct LIST_ENTRY_T { 78 | const char* Flink; 79 | const char* Blink; 80 | }; 81 | 82 | struct UNICODE_STRING_T { 83 | unsigned short Length; 84 | unsigned short MaximumLength; 85 | wchar_t* Buffer; 86 | }; 87 | 88 | struct PEB_LDR_DATA_T { 89 | unsigned long Length; 90 | unsigned long Initialized; 91 | const char* SsHandle; 92 | LIST_ENTRY_T InLoadOrderModuleList; 93 | }; 94 | 95 | struct PEB_T { 96 | unsigned char Reserved1[2]; 97 | unsigned char BeingDebugged; 98 | unsigned char Reserved2[1]; 99 | const char* Reserved3[2]; 100 | PEB_LDR_DATA_T* Ldr; 101 | }; 102 | 103 | struct LDR_DATA_TABLE_ENTRY_T { 104 | LIST_ENTRY_T InLoadOrderLinks; 105 | LIST_ENTRY_T InMemoryOrderLinks; 106 | LIST_ENTRY_T InInitializationOrderLinks; 107 | const char* DllBase; 108 | const char* EntryPoint; 109 | union { 110 | unsigned long SizeOfImage; 111 | const char* _dummy; 112 | }; 113 | UNICODE_STRING_T FullDllName; 114 | UNICODE_STRING_T BaseDllName; 115 | 116 | LAZY_IMPORTER_FORCEINLINE const LDR_DATA_TABLE_ENTRY_T* 117 | load_order_next() const noexcept 118 | { 119 | return reinterpret_cast( 120 | InLoadOrderLinks.Flink); 121 | } 122 | }; 123 | 124 | struct IMAGE_DOS_HEADER { // DOS .EXE header 125 | unsigned short e_magic; // Magic number 126 | unsigned short e_cblp; // Bytes on last page of file 127 | unsigned short e_cp; // Pages in file 128 | unsigned short e_crlc; // Relocations 129 | unsigned short e_cparhdr; // Size of header in paragraphs 130 | unsigned short e_minalloc; // Minimum extra paragraphs needed 131 | unsigned short e_maxalloc; // Maximum extra paragraphs needed 132 | unsigned short e_ss; // Initial (relative) SS value 133 | unsigned short e_sp; // Initial SP value 134 | unsigned short e_csum; // Checksum 135 | unsigned short e_ip; // Initial IP value 136 | unsigned short e_cs; // Initial (relative) CS value 137 | unsigned short e_lfarlc; // File address of relocation table 138 | unsigned short e_ovno; // Overlay number 139 | unsigned short e_res[4]; // Reserved words 140 | unsigned short e_oemid; // OEM identifier (for e_oeminfo) 141 | unsigned short e_oeminfo; // OEM information; e_oemid specific 142 | unsigned short e_res2[10]; // Reserved words 143 | long e_lfanew; // File address of new exe header 144 | }; 145 | 146 | struct IMAGE_FILE_HEADER { 147 | unsigned short Machine; 148 | unsigned short NumberOfSections; 149 | unsigned long TimeDateStamp; 150 | unsigned long PointerToSymbolTable; 151 | unsigned long NumberOfSymbols; 152 | unsigned short SizeOfOptionalHeader; 153 | unsigned short Characteristics; 154 | }; 155 | 156 | struct IMAGE_EXPORT_DIRECTORY { 157 | unsigned long Characteristics; 158 | unsigned long TimeDateStamp; 159 | unsigned short MajorVersion; 160 | unsigned short MinorVersion; 161 | unsigned long Name; 162 | unsigned long Base; 163 | unsigned long NumberOfFunctions; 164 | unsigned long NumberOfNames; 165 | unsigned long AddressOfFunctions; // RVA from base of image 166 | unsigned long AddressOfNames; // RVA from base of image 167 | unsigned long AddressOfNameOrdinals; // RVA from base of image 168 | }; 169 | 170 | struct IMAGE_DATA_DIRECTORY { 171 | unsigned long VirtualAddress; 172 | unsigned long Size; 173 | }; 174 | 175 | struct IMAGE_OPTIONAL_HEADER64 { 176 | unsigned short Magic; 177 | unsigned char MajorLinkerVersion; 178 | unsigned char MinorLinkerVersion; 179 | unsigned long SizeOfCode; 180 | unsigned long SizeOfInitializedData; 181 | unsigned long SizeOfUninitializedData; 182 | unsigned long AddressOfEntryPoint; 183 | unsigned long BaseOfCode; 184 | unsigned long long ImageBase; 185 | unsigned long SectionAlignment; 186 | unsigned long FileAlignment; 187 | unsigned short MajorOperatingSystemVersion; 188 | unsigned short MinorOperatingSystemVersion; 189 | unsigned short MajorImageVersion; 190 | unsigned short MinorImageVersion; 191 | unsigned short MajorSubsystemVersion; 192 | unsigned short MinorSubsystemVersion; 193 | unsigned long Win32VersionValue; 194 | unsigned long SizeOfImage; 195 | unsigned long SizeOfHeaders; 196 | unsigned long CheckSum; 197 | unsigned short Subsystem; 198 | unsigned short DllCharacteristics; 199 | unsigned long long SizeOfStackReserve; 200 | unsigned long long SizeOfStackCommit; 201 | unsigned long long SizeOfHeapReserve; 202 | unsigned long long SizeOfHeapCommit; 203 | unsigned long LoaderFlags; 204 | unsigned long NumberOfRvaAndSizes; 205 | IMAGE_DATA_DIRECTORY DataDirectory[16]; 206 | }; 207 | 208 | struct IMAGE_OPTIONAL_HEADER32 { 209 | unsigned short Magic; 210 | unsigned char MajorLinkerVersion; 211 | unsigned char MinorLinkerVersion; 212 | unsigned long SizeOfCode; 213 | unsigned long SizeOfInitializedData; 214 | unsigned long SizeOfUninitializedData; 215 | unsigned long AddressOfEntryPoint; 216 | unsigned long BaseOfCode; 217 | unsigned long BaseOfData; 218 | unsigned long ImageBase; 219 | unsigned long SectionAlignment; 220 | unsigned long FileAlignment; 221 | unsigned short MajorOperatingSystemVersion; 222 | unsigned short MinorOperatingSystemVersion; 223 | unsigned short MajorImageVersion; 224 | unsigned short MinorImageVersion; 225 | unsigned short MajorSubsystemVersion; 226 | unsigned short MinorSubsystemVersion; 227 | unsigned long Win32VersionValue; 228 | unsigned long SizeOfImage; 229 | unsigned long SizeOfHeaders; 230 | unsigned long CheckSum; 231 | unsigned short Subsystem; 232 | unsigned short DllCharacteristics; 233 | unsigned long SizeOfStackReserve; 234 | unsigned long SizeOfStackCommit; 235 | unsigned long SizeOfHeapReserve; 236 | unsigned long SizeOfHeapCommit; 237 | unsigned long LoaderFlags; 238 | unsigned long NumberOfRvaAndSizes; 239 | IMAGE_DATA_DIRECTORY DataDirectory[16]; 240 | }; 241 | 242 | struct IMAGE_NT_HEADERS { 243 | unsigned long Signature; 244 | IMAGE_FILE_HEADER FileHeader; 245 | #ifdef _WIN64 246 | IMAGE_OPTIONAL_HEADER64 OptionalHeader; 247 | #else 248 | IMAGE_OPTIONAL_HEADER32 OptionalHeader; 249 | #endif 250 | }; 251 | 252 | } // namespace win 253 | 254 | struct forwarded_hashes { 255 | unsigned module_hash; 256 | unsigned function_hash; 257 | }; 258 | 259 | // 64 bit integer where 32 bits are used for the hash offset 260 | // and remaining 32 bits are used for the hash computed using it 261 | using offset_hash_pair = unsigned long long; 262 | 263 | LAZY_IMPORTER_FORCEINLINE constexpr unsigned get_hash(offset_hash_pair pair) noexcept { return ( pair & 0xFFFFFFFF ); } 264 | 265 | LAZY_IMPORTER_FORCEINLINE constexpr unsigned get_offset(offset_hash_pair pair) noexcept { return ( pair >> 32 ); } 266 | 267 | template 268 | LAZY_IMPORTER_FORCEINLINE constexpr unsigned hash_single(unsigned value, char c) noexcept 269 | { 270 | return static_cast( 271 | (value ^ ((CaseSensitive && c >= 'A' && c <= 'Z') ? (c | (1 << 5)) : c)) * 272 | static_cast(16777619)); 273 | } 274 | 275 | LAZY_IMPORTER_FORCEINLINE constexpr unsigned 276 | khash_impl(const char* str, unsigned value) noexcept 277 | { 278 | return (*str ? khash_impl(str + 1, hash_single(value, *str)) : value); 279 | } 280 | 281 | LAZY_IMPORTER_FORCEINLINE constexpr offset_hash_pair khash( 282 | const char* str, unsigned offset) noexcept 283 | { 284 | return ((offset_hash_pair{ offset } << 32) | khash_impl(str, offset)); 285 | } 286 | 287 | template 288 | LAZY_IMPORTER_FORCEINLINE unsigned hash(const CharT* str, unsigned offset) noexcept 289 | { 290 | unsigned value = offset; 291 | 292 | for(;;) { 293 | char c = *str++; 294 | if(!c) 295 | return value; 296 | value = hash_single(value, c); 297 | } 298 | } 299 | 300 | LAZY_IMPORTER_FORCEINLINE unsigned hash( 301 | const win::UNICODE_STRING_T& str, unsigned offset) noexcept 302 | { 303 | auto first = str.Buffer; 304 | const auto last = first + (str.Length / sizeof(wchar_t)); 305 | auto value = offset; 306 | for(; first != last; ++first) 307 | value = hash_single(value, static_cast(*first)); 308 | 309 | return value; 310 | } 311 | 312 | LAZY_IMPORTER_FORCEINLINE forwarded_hashes hash_forwarded( 313 | const char* str, unsigned offset) noexcept 314 | { 315 | forwarded_hashes res{ offset, offset }; 316 | 317 | for(; *str != '.'; ++str) 318 | res.module_hash = hash_single(res.module_hash, *str); 319 | 320 | ++str; 321 | 322 | for(; *str; ++str) 323 | res.function_hash = hash_single(res.function_hash, *str); 324 | 325 | return res; 326 | } 327 | 328 | // some helper functions 329 | LAZY_IMPORTER_FORCEINLINE const win::PEB_T* peb() noexcept 330 | { 331 | #if defined(_M_X64) || defined(__amd64__) 332 | return reinterpret_cast(__readgsqword(0x60)); 333 | #elif defined(_M_IX86) || defined(__i386__) 334 | return reinterpret_cast(__readfsdword(0x30)); 335 | #elif defined(_M_ARM) || defined(__arm__) 336 | return *reinterpret_cast(_MoveFromCoprocessor(15, 0, 13, 0, 2) + 0x30); 337 | #elif defined(_M_ARM64) || defined(__aarch64__) 338 | return *reinterpret_cast(__getReg(18) + 0x60); 339 | #elif defined(_M_IA64) || defined(__ia64__) 340 | return *reinterpret_cast(static_cast(_rdteb()) + 0x60); 341 | #else 342 | #error Unsupported platform. Open an issue and I'll probably add support. 343 | #endif 344 | } 345 | 346 | LAZY_IMPORTER_FORCEINLINE const win::PEB_LDR_DATA_T* ldr() 347 | { 348 | return reinterpret_cast(peb()->Ldr); 349 | } 350 | 351 | LAZY_IMPORTER_FORCEINLINE const win::IMAGE_NT_HEADERS* nt_headers( 352 | const char* base) noexcept 353 | { 354 | return reinterpret_cast( 355 | base + reinterpret_cast(base)->e_lfanew); 356 | } 357 | 358 | LAZY_IMPORTER_FORCEINLINE const win::IMAGE_EXPORT_DIRECTORY* image_export_dir( 359 | const char* base) noexcept 360 | { 361 | return reinterpret_cast( 362 | base + nt_headers(base)->OptionalHeader.DataDirectory->VirtualAddress); 363 | } 364 | 365 | LAZY_IMPORTER_FORCEINLINE const win::LDR_DATA_TABLE_ENTRY_T* ldr_data_entry() noexcept 366 | { 367 | return reinterpret_cast( 368 | ldr()->InLoadOrderModuleList.Flink); 369 | } 370 | 371 | struct exports_directory { 372 | const char* _base; 373 | const win::IMAGE_EXPORT_DIRECTORY* _ied; 374 | unsigned long _ied_size; 375 | 376 | public: 377 | using size_type = unsigned long; 378 | 379 | LAZY_IMPORTER_FORCEINLINE 380 | exports_directory(const char* base) noexcept : _base(base) 381 | { 382 | const auto ied_data_dir = nt_headers(base)->OptionalHeader.DataDirectory[0]; 383 | _ied = reinterpret_cast( 384 | base + ied_data_dir.VirtualAddress); 385 | _ied_size = ied_data_dir.Size; 386 | } 387 | 388 | LAZY_IMPORTER_FORCEINLINE explicit operator bool() const noexcept 389 | { 390 | return reinterpret_cast(_ied) != _base; 391 | } 392 | 393 | LAZY_IMPORTER_FORCEINLINE size_type size() const noexcept 394 | { 395 | return _ied->NumberOfNames; 396 | } 397 | 398 | LAZY_IMPORTER_FORCEINLINE const char* base() const noexcept { return _base; } 399 | LAZY_IMPORTER_FORCEINLINE const win::IMAGE_EXPORT_DIRECTORY* ied() const noexcept 400 | { 401 | return _ied; 402 | } 403 | 404 | LAZY_IMPORTER_FORCEINLINE const char* name(size_type index) const noexcept 405 | { 406 | return reinterpret_cast( 407 | _base + reinterpret_cast( 408 | _base + _ied->AddressOfNames)[index]); 409 | } 410 | 411 | LAZY_IMPORTER_FORCEINLINE const char* address(size_type index) const noexcept 412 | { 413 | const auto* const rva_table = 414 | reinterpret_cast(_base + _ied->AddressOfFunctions); 415 | 416 | const auto* const ord_table = reinterpret_cast( 417 | _base + _ied->AddressOfNameOrdinals); 418 | 419 | return _base + rva_table[ord_table[index]]; 420 | } 421 | 422 | LAZY_IMPORTER_FORCEINLINE bool is_forwarded( 423 | const char* export_address) const noexcept 424 | { 425 | const auto ui_ied = reinterpret_cast(_ied); 426 | return (export_address > ui_ied && export_address < ui_ied + _ied_size); 427 | } 428 | }; 429 | 430 | struct safe_module_enumerator { 431 | using value_type = const detail::win::LDR_DATA_TABLE_ENTRY_T; 432 | value_type* value; 433 | value_type* head; 434 | 435 | LAZY_IMPORTER_FORCEINLINE safe_module_enumerator() noexcept 436 | : safe_module_enumerator(ldr_data_entry()) 437 | {} 438 | 439 | LAZY_IMPORTER_FORCEINLINE 440 | safe_module_enumerator(const detail::win::LDR_DATA_TABLE_ENTRY_T* ldr) noexcept 441 | : value(ldr->load_order_next()), head(value) 442 | {} 443 | 444 | LAZY_IMPORTER_FORCEINLINE void reset() noexcept 445 | { 446 | value = head->load_order_next(); 447 | } 448 | 449 | LAZY_IMPORTER_FORCEINLINE bool next() noexcept 450 | { 451 | value = value->load_order_next(); 452 | 453 | return value != head && value->DllBase; 454 | } 455 | }; 456 | 457 | struct unsafe_module_enumerator { 458 | using value_type = const detail::win::LDR_DATA_TABLE_ENTRY_T*; 459 | value_type value; 460 | 461 | LAZY_IMPORTER_FORCEINLINE unsafe_module_enumerator() noexcept 462 | : value(ldr_data_entry()) 463 | {} 464 | 465 | LAZY_IMPORTER_FORCEINLINE void reset() noexcept { value = ldr_data_entry(); } 466 | 467 | LAZY_IMPORTER_FORCEINLINE bool next() noexcept 468 | { 469 | value = value->load_order_next(); 470 | return true; 471 | } 472 | }; 473 | 474 | // provides the cached functions which use Derive classes methods 475 | template 476 | class lazy_base { 477 | protected: 478 | // This function is needed because every templated function 479 | // with different args has its own static buffer 480 | LAZY_IMPORTER_FORCEINLINE static void*& _cache() noexcept 481 | { 482 | static void* value = nullptr; 483 | return value; 484 | } 485 | 486 | public: 487 | template 488 | LAZY_IMPORTER_FORCEINLINE static T safe() noexcept 489 | { 490 | return Derived::template get(); 491 | } 492 | 493 | template 494 | LAZY_IMPORTER_FORCEINLINE static T cached() noexcept 495 | { 496 | auto& cached = _cache(); 497 | if(!cached) 498 | cached = Derived::template get(); 499 | 500 | return (T)(cached); 501 | } 502 | 503 | template 504 | LAZY_IMPORTER_FORCEINLINE static T safe_cached() noexcept 505 | { 506 | return cached(); 507 | } 508 | }; 509 | 510 | template 511 | struct lazy_module : lazy_base> { 512 | template 513 | LAZY_IMPORTER_FORCEINLINE static T get() noexcept 514 | { 515 | Enum e; 516 | do { 517 | if(hash(e.value->BaseDllName, get_offset(OHP)) == get_hash(OHP)) 518 | return (T)(e.value->DllBase); 519 | } while(e.next()); 520 | return {}; 521 | } 522 | 523 | template 524 | LAZY_IMPORTER_FORCEINLINE static T in(Ldr ldr) noexcept 525 | { 526 | safe_module_enumerator e((const detail::win::LDR_DATA_TABLE_ENTRY_T*)(ldr)); 527 | do { 528 | if(hash(e.value->BaseDllName, get_offset(OHP)) == get_hash(OHP)) 529 | return (T)(e.value->DllBase); 530 | } while(e.next()); 531 | return {}; 532 | } 533 | 534 | template 535 | LAZY_IMPORTER_FORCEINLINE static T in_cached(Ldr ldr) noexcept 536 | { 537 | auto& cached = lazy_base>::_cache(); 538 | if(!cached) 539 | cached = in(ldr); 540 | 541 | return (T)(cached); 542 | } 543 | }; 544 | 545 | template 546 | struct lazy_function : lazy_base, T> { 547 | using base_type = lazy_base, T>; 548 | 549 | template 550 | LAZY_IMPORTER_FORCEINLINE decltype(auto) operator()(Args&&... args) const 551 | { 552 | #ifndef LAZY_IMPORTER_CACHE_OPERATOR_PARENS 553 | return get()(LAZY_IMPORTER_CPP_FORWARD(Args, args)...); 554 | #else 555 | return this->cached()(LAZY_IMPORTER_CPP_FORWARD(Args, args)...); 556 | #endif 557 | } 558 | 559 | template 560 | LAZY_IMPORTER_FORCEINLINE static F get() noexcept 561 | { 562 | // for backwards compatability. 563 | // Before 2.0 it was only possible to resolve forwarded exports when 564 | // this macro was enabled 565 | #ifdef LAZY_IMPORTER_RESOLVE_FORWARDED_EXPORTS 566 | return forwarded(); 567 | #else 568 | 569 | Enum e; 570 | 571 | do { 572 | #ifdef LAZY_IMPORTER_HARDENED_MODULE_CHECKS 573 | if(!e.value->DllBase || !e.value->FullDllName.Length) 574 | continue; 575 | #endif 576 | 577 | const exports_directory exports(e.value->DllBase); 578 | 579 | if(exports) { 580 | auto export_index = exports.size(); 581 | while(export_index--) 582 | if(hash(exports.name(export_index), get_offset(OHP)) == get_hash(OHP)) 583 | return (F)(exports.address(export_index)); 584 | } 585 | } while(e.next()); 586 | return {}; 587 | #endif 588 | } 589 | 590 | template 591 | LAZY_IMPORTER_FORCEINLINE static F forwarded() noexcept 592 | { 593 | detail::win::UNICODE_STRING_T name; 594 | forwarded_hashes hashes{ 0, get_hash(OHP) }; 595 | 596 | Enum e; 597 | do { 598 | name = e.value->BaseDllName; 599 | name.Length -= 8; // get rid of .dll extension 600 | 601 | if(!hashes.module_hash || hash(name, get_offset(OHP)) == hashes.module_hash) { 602 | const exports_directory exports(e.value->DllBase); 603 | 604 | if(exports) { 605 | auto export_index = exports.size(); 606 | while(export_index--) 607 | if(hash(exports.name(export_index), get_offset(OHP)) == hashes.function_hash) { 608 | const auto addr = exports.address(export_index); 609 | 610 | if(exports.is_forwarded(addr)) { 611 | hashes = hash_forwarded( 612 | reinterpret_cast(addr), 613 | get_offset(OHP)); 614 | 615 | e.reset(); 616 | break; 617 | } 618 | return (F)(addr); 619 | } 620 | } 621 | } 622 | } while(e.next()); 623 | return {}; 624 | } 625 | 626 | template 627 | LAZY_IMPORTER_FORCEINLINE static F forwarded_safe() noexcept 628 | { 629 | return forwarded(); 630 | } 631 | 632 | template 633 | LAZY_IMPORTER_FORCEINLINE static F forwarded_cached() noexcept 634 | { 635 | auto& value = base_type::_cache(); 636 | if(!value) 637 | value = forwarded(); 638 | return (F)(value); 639 | } 640 | 641 | template 642 | LAZY_IMPORTER_FORCEINLINE static F forwarded_safe_cached() noexcept 643 | { 644 | return forwarded_cached(); 645 | } 646 | 647 | template 648 | LAZY_IMPORTER_FORCEINLINE static F in(Module m) noexcept 649 | { 650 | if(IsSafe && !m) 651 | return {}; 652 | 653 | const exports_directory exports((const char*)(m)); 654 | if(IsSafe && !exports) 655 | return {}; 656 | 657 | for(unsigned long i{};; ++i) { 658 | if(IsSafe && i == exports.size()) 659 | break; 660 | 661 | if(hash(exports.name(i), get_offset(OHP)) == get_hash(OHP)) 662 | return (F)(exports.address(i)); 663 | } 664 | return {}; 665 | } 666 | 667 | template 668 | LAZY_IMPORTER_FORCEINLINE static F in_safe(Module m) noexcept 669 | { 670 | return in(m); 671 | } 672 | 673 | template 674 | LAZY_IMPORTER_FORCEINLINE static F in_cached(Module m) noexcept 675 | { 676 | auto& value = base_type::_cache(); 677 | if(!value) 678 | value = in(m); 679 | return (F)(value); 680 | } 681 | 682 | template 683 | LAZY_IMPORTER_FORCEINLINE static F in_safe_cached(Module m) noexcept 684 | { 685 | return in_cached(m); 686 | } 687 | 688 | template 689 | LAZY_IMPORTER_FORCEINLINE static F nt() noexcept 690 | { 691 | return in(ldr_data_entry()->load_order_next()->DllBase); 692 | } 693 | 694 | template 695 | LAZY_IMPORTER_FORCEINLINE static F nt_safe() noexcept 696 | { 697 | return in_safe(ldr_data_entry()->load_order_next()->DllBase); 698 | } 699 | 700 | template 701 | LAZY_IMPORTER_FORCEINLINE static F nt_cached() noexcept 702 | { 703 | return in_cached(ldr_data_entry()->load_order_next()->DllBase); 704 | } 705 | 706 | template 707 | LAZY_IMPORTER_FORCEINLINE static F nt_safe_cached() noexcept 708 | { 709 | return in_safe_cached(ldr_data_entry()->load_order_next()->DllBase); 710 | } 711 | }; 712 | 713 | }} // namespace li::detail 714 | 715 | #endif // include guard 716 | --------------------------------------------------------------------------------