public static int Donut_Create(ref DSConfig config) { D.Print("Entering Donut_Create()"); int ret; DSFileInfo fi = new DSFileInfo { ver = new char[Constants.DONUT_VER_LEN] }; // Parse config and payload ret = Helper.ParseConfig(ref config, ref fi); if (ret != Constants.DONUT_ERROR_SUCCESS) { return(ret); } // Create the module ret = CreateModule(ref config, ref fi); if (ret != Constants.DONUT_ERROR_SUCCESS) { return(ret); } // Create the instance ret = CreateInstance(ref config); if (ret != Constants.DONUT_ERROR_SUCCESS) { return(ret); } return(Constants.DONUT_ERROR_SUCCESS); }
public static int Donut_Create(ref DSConfig config, string outfile) { D.Print("Entering Donut_Create()"); int ret; DSFileInfo fi = new DSFileInfo { ver = new char[Constants.DONUT_VER_LEN] }; // Parse config and payload ret = Helper.ParseConfig(ref config, ref fi); if (ret != Constants.DONUT_ERROR_SUCCESS) { return(ret); } // Create the module ret = CreateModule(ref config, ref fi); if (ret != Constants.DONUT_ERROR_SUCCESS) { return(ret); } // Create the instance ret = CreateInstance(ref config); if (ret != Constants.DONUT_ERROR_SUCCESS) { return(ret); } // Generates output ret = GenerateOutput(ref config, outfile); if (ret != Constants.DONUT_ERROR_SUCCESS) { return(ret); } // Compiles loader //ret = CompileLoader(); //if (ret != Constants.DONUT_ERROR_SUCCESS) //{ // return ret; //} return(Constants.DONUT_ERROR_SUCCESS); }
public static int ParseConfig(ref DSConfig config, ref DSFileInfo fi) { D.Print("Entering ParseConfig()"); string file = new string(config.file).Replace("\0", ""); // Checks if file exists if (File.Exists(file) == false) { return(Constants.DONUT_ERROR_INVALID_PARAMETER); } // Validate URL if (config.inst_type == Constants.DONUT_INSTANCE_URL) { // Make sure it's a validate URL (check this don't know exactly how it's checking) D.Print("Validating URL"); if (Uri.IsWellFormedUriString(String(config.url), UriKind.Absolute) == false) { return(Constants.DONUT_ERROR_INVALID_URL); } // If URL doesn't have trailing slash, add one //if (config.url(config.url.Length - 1) != "/") //{ // config.url += "/"; //} } // Validate Arch D.Print("Checking for Arch Mismatch"); if (config.arch != Constants.DONUT_ARCH_ANY && config.arch != Constants.DONUT_ARCH_X86 && config.arch != Constants.DONUT_ARCH_X84 && config.arch != Constants.DONUT_ARCH_X64) { return(Constants.DONUT_ERROR_INVALID_ARCH); } // Validate AMSI/WDLP Bypass Option D.Print("Validating Bypass Option"); if (config.bypass != Constants.DONUT_BYPASS_SKIP && config.bypass != Constants.DONUT_BYPASS_ABORT && config.bypass != Constants.DONUT_BYPASS_CONTINUE) { return(Constants.DONUT_ERROR_BYPASS_INVALID); } // Get File Info var ret = ParseInputFile(file, ref fi); if (ret != Constants.DONUT_ERROR_SUCCESS) { return(ret); } // Set Module Type config.mod_type = fi.type; if (config.mod_type == Constants.DONUT_MODULE_DLL || config.mod_type == Constants.DONUT_MODULE_EXE) { // Check for Arch mismatch if ((config.arch == Constants.DONUT_ARCH_X86 && fi.arch == Constants.DONUT_ARCH_X64) || (config.arch == Constants.DONUT_ARCH_X64 && fi.arch == Constants.DONUT_ARCH_X86)) { return(Constants.DONUT_ERROR_ARCH_MISMATCH); } // Check existence of DLL function specified if (config.mod_type == Constants.DONUT_MODULE_DLL && config.method != null) { try { var exported = new PeNet.PeFile(file).ExportedFunctions; bool found = false; foreach (var func in exported) { if (func.Name == String(config.method)) { found = true; } } if (found == false) { return(Constants.DONUT_ERROR_DLL_FUNCTION); } } catch { return(Constants.DONUT_ERROR_DLL_FUNCTION); } } // If unmanaged DLL with params, need function if (config.mod_type == Constants.DONUT_MODULE_DLL && config.param != null) { if (config.method == null) { return(Constants.DONUT_ERROR_DLL_PARAM); } } } // If .NET DLL make sure Method and Class provided if (config.mod_type == Constants.DONUT_MODULE_NET_DLL) { if (config.cls == null || config.method == null) { return(Constants.DONUT_ERROR_NET_PARAMS); } } return(Constants.DONUT_ERROR_SUCCESS); }
public static int ParseInputFile(string file, ref DSFileInfo fi) { D.Print("Entering ParseInputFile()"); PeNet.PeFile PE; var extension = Path.GetExtension(file); D.Print($"File extension is: {extension}"); // If supplied file is a directory if (extension == null) { return(Constants.DONUT_ERROR_FILE_INVALID); } // Parse extension if (extension == ".vbs") { fi.type = Constants.DONUT_MODULE_VBS; fi.arch = Constants.DONUT_ARCH_ANY; } else if (extension == ".js") { fi.type = Constants.DONUT_MODULE_JS; fi.arch = Constants.DONUT_ARCH_ANY; } else if (extension == ".xsl") { fi.type = Constants.DONUT_MODULE_XSL; fi.arch = Constants.DONUT_ARCH_ANY; } else if (extension == ".exe") { fi.type = Constants.DONUT_MODULE_EXE; fi.arch = Constants.DONUT_ARCH_ANY; } else if (extension == ".dll") { fi.type = Constants.DONUT_MODULE_DLL; fi.arch = Constants.DONUT_ARCH_ANY; } else { return(Constants.DONUT_ERROR_FILE_INVALID); } // Do PE parsing for .dll and .exe if (fi.type == Constants.DONUT_MODULE_DLL || fi.type == Constants.DONUT_MODULE_EXE) { D.Print("Parsing PE file"); try { PE = new PeNet.PeFile(file); if (PE.ImageDosHeader == null) { return(Constants.DONUT_ERROR_FILE_INVALID); } if (PE.ImageNtHeaders == null) { return(Constants.DONUT_ERROR_FILE_INVALID); } } catch { return(Constants.DONUT_ERROR_FILE_INVALID); } // Check and Reset Arch if (PE.Is32Bit == true) { fi.arch = Constants.DONUT_ARCH_X86; } else { fi.arch = Constants.DONUT_ARCH_X64; } // Check .NET and Reset Type if (PE.HasValidComDescriptor == true) { D.Print("COM Descriptor found, .NET selected"); if (PE.IsDLL == true) { fi.type = Constants.DONUT_MODULE_NET_DLL; } else { fi.type = Constants.DONUT_MODULE_NET_EXE; } Copy(fi.ver, PE.MetaDataHdr.Version); D.Print($"Runtime found in Metadata Header: {String(fi.ver)}"); } else if (PE.ImageRelocationDirectory.Length == 0) { //Think this should be ok? return(Constants.DONUT_ERROR_NORELOC); } } return(Constants.DONUT_ERROR_SUCCESS); }
public static int CreateModule(ref DSConfig config, ref DSFileInfo fi) { string[] param; Console.WriteLine("\nPayload options:"); D.Print("Entering CreateModule()"); // Init Module struct DSModule mod = new Helper().InitStruct("DSModule"); mod.type = fi.type; // DotNet Assembly if (mod.type == Constants.DONUT_MODULE_NET_DLL || mod.type == Constants.DONUT_MODULE_NET_EXE) { // If no AppDomain, generate one if (config.domain[0] == 0) { Helper.Copy(config.domain, Helper.RandomString(8)); } Console.WriteLine($"\tDomain:\t{Helper.String(config.domain)}"); Helper.Unicode(mod.domain, Helper.String(config.domain)); if (mod.type == Constants.DONUT_MODULE_NET_DLL) { Console.WriteLine($"\tClass:\t{Helper.String(config.cls)}"); Helper.Unicode(mod.cls, Helper.String(config.cls)); Console.WriteLine($"\tMethod:\t{Helper.String(config.method)}"); Helper.Unicode(mod.method, Helper.String(config.method)); } // If no runtime specified, use the version from assembly if (config.runtime[0] == 0) { config.runtime = fi.ver; } Console.WriteLine($"\tRuntime:{Helper.String(config.runtime)}"); Helper.Unicode(mod.runtime, Helper.String(config.runtime)); } // Unmanaged DLL? if (mod.type == Constants.DONUT_MODULE_DLL) { if (config.method[0] == 0) { // Set method DllMain if no method specified Helper.Copy(mod.method, "DllMain"); } else { Helper.Copy(mod.method, Helper.String(config.method)); } } if (config.param != null) { // Assign params param = Helper.String(config.param).Split(new char[] { ',', ';' }); for (int cnt = 0; cnt < param.Length; cnt++) { Helper.Unicode(mod.p[cnt].param, param[cnt]); mod.param_cnt++; } // If no params, assign cnt = 0 if (param[0] == "") { mod.param_cnt = 0; } } // Assign Module Length mod.len = Convert.ToUInt32(new FileInfo(Helper.String(config.file)).Length); // Update Module and Length in Config config.mod = mod; config.mod_len = Convert.ToUInt32(Marshal.SizeOf(typeof(DSModule))) + mod.len; D.Print($"Total Module Size: {config.mod_len}"); return(Constants.DONUT_ERROR_SUCCESS); }
public static int CreateModule(ref DSConfig config, ref DSFileInfo fi) { D.Print("Entering CreateModule()"); string[] param; // Inititialize Module struct DSModule mod = new DSModule { type = fi.type, runtime = new byte[512], cls = new byte[512], method = new byte[512], domain = new byte[512], sig = new char[256] }; // DotNet Assembly if (mod.type == Constants.DONUT_MODULE_NET_DLL || mod.type == Constants.DONUT_MODULE_NET_EXE) { // If no AppDomain, generate one if (config.domain[0] == 0) { Helper.Copy(config.domain, Helper.RandomString(8)); } Console.WriteLine($"\t[+] Domain:\t{Helper.String(config.domain)}"); Helper.Unicode(mod.domain, Helper.String(config.domain)); if (mod.type == Constants.DONUT_MODULE_NET_DLL) { Console.WriteLine($"\t[+] Class:\t{Helper.String(config.cls)}"); Helper.Unicode(mod.cls, Helper.String(config.cls)); Console.WriteLine($"\t[+] Method:\t{Helper.String(config.method)}"); Helper.Unicode(mod.method, Helper.String(config.method)); } // If no runtime specified, use the version from assembly if (config.runtime[0] == 0) { config.runtime = fi.ver; } Console.WriteLine($"\t[+] Runtime:\t{Helper.String(config.runtime)}"); Helper.Unicode(mod.runtime, Helper.String(config.runtime)); } // Unmanaged DLL? if (mod.type == Constants.DONUT_MODULE_DLL) { if (config.method[0] == 0) { // Set method DllMain Helper.Copy(mod.method, "DllMain"); } else { Helper.Copy(mod.method, Helper.String(config.method)); } } if (config.param != null) { // Initialize Param struct mod.p = new P[Constants.DONUT_MAX_PARAM + 1]; for (int i = 0; i < mod.p.Length; i++) { mod.p[i] = new P { param = new byte[Constants.DONUT_MAX_NAME * 2] }; } // Assign params param = Helper.String(config.param).Split(new char[] { ',', ';' }); for (int cnt = 0; cnt < param.Length; cnt++) { Helper.Unicode(mod.p[cnt].param, param[cnt]); mod.param_cnt++; } // If no params, assign cnt = 0 if (param[0] == "") { mod.param_cnt = 0; } } // Assign mod length mod.len = Convert.ToUInt32(new FileInfo(Helper.String(config.file)).Length); // Update mod and len config.mod = mod; config.mod_len = Convert.ToUInt32(Marshal.SizeOf(typeof(DSModule))) + mod.len; D.Print($"Total Module Size: {config.mod_len}"); return(Constants.DONUT_ERROR_SUCCESS); }