public static ICCxxSource CreateSource(IParameterlessCFunction function)
{
var sourceFiles = SourceDirectoryToSourceFiles(ResourceDirectory);
FindAndReplace(sourceFiles, ThreadFunctionSignaturePlaceholder, function.Signature);
FindAndReplace(sourceFiles, ThreadFunctionPlaceholder, function.Name);
return(new CCxxSource(sourceFiles));
}
public static ICCxxSource CreateSource(IParameterlessCFunction function, string mutexName)
{
var sourceFiles = SourceDirectoryToSourceFiles(ResourceDirectory);
FindAndReplace(sourceFiles, ExecutePayloadSignaturePlaceholder, function.Signature);
FindAndReplace(sourceFiles, ExecutePayloadPlaceholder, function.Name);
FindAndReplace(sourceFiles, MutexNamePlaceholder, Utils.StringToCArrary(mutexName, wide: true));
return(new CCxxSource(sourceFiles));
}
// Merges only the elements that implement ICCxxSourceIParameterlessCFunction
public ProcessAttachDllMainCCxxSource(IParameterlessCFunction source, IEnumerable <string> exportedFunctions = null, bool mergeCCxxSources = true)
: base(SourceDirectoryToSourceFiles(
ResourceDirectory,
additionalSources: new[] { source }.Where(x => mergeCCxxSources && x is ICCxxSourceIParameterlessCFunction).Cast <ICCxxSource>()
),
exportedFunctions)
{
FindAndReplace(SourceFiles, PayloadFunctionPlaceholder, source.Name);
}
// Merges only the elements that implement ICCxxSourceIParameterlessCFunction
public DiaghubDllCCxxSource(IParameterlessCFunction source, bool mergeCCxxSources = true)
: base(new[] { new CCxxSource(
SourceDirectoryToSourceFiles(
ResourceDirectory,
excludeFiles: ExcludeFiles,
additionalSources: new[] { source }.Where(x => mergeCCxxSources && x is ICCxxSourceIParameterlessCFunction).Cast <ICCxxSource>()
)) },
Exports)
{
FindAndReplace(SourceFiles, PayloadFunctionPlaceholder, ((IParameterlessCFunction)source).Name);
}
// Merges only the elements that implement ICCxxSourceIParameterlessCFunction
public IfElseFunctionCallCCxxSource(
string conditionalExpression, // format string representing a conditional expression in C: "{0} && (!{1} || {2} == {3})"
IEnumerable <IParameterlessCFunction> conditionalExpressionFunctionSources, // The arguments for the format string conditionalExpression
IParameterlessCFunction trueCaseFunction = null, // call this function if the conditional is true
IParameterlessCFunction falseCaseFunction = null, // call this function if the conditional is false
bool mergeCCxxSources = true)
: base(MergeSourceFiles(
IfElseFunctionCallCCxxSource.CreateSource(conditionalExpression, conditionalExpressionFunctionSources, trueCaseFunction, falseCaseFunction),
conditionalExpressionFunctionSources.Append(trueCaseFunction).Append(falseCaseFunction).Where(x => mergeCCxxSources && x is ICCxxSourceIParameterlessCFunction).Cast <ICCxxSource>())
)
{
FindAndReplace(SourceFiles, FunctionNamePlaceholder, ((ICFunction)this).Name);
}
public static ICCxxSource CreateSource(
string conditionalExpression,
IEnumerable <IParameterlessCFunction> conditionalExpressionFunctionSources,
IParameterlessCFunction trueCaseFunction,
IParameterlessCFunction falseCaseFunction)
{
for (int i = 0; i < conditionalExpressionFunctionSources.Count(); i++)
{
if (!conditionalExpression.Contains("{" + i + "}"))
{
throw new ArgumentException("conditionalExpression missing an argument");
}
}
string sourcecode = "";
sourcecode += "#include <Windows.h>\r\n";
foreach (var function in conditionalExpressionFunctionSources)
{
sourcecode += function.Signature + "\r\n";
}
if (trueCaseFunction != null)
{
sourcecode += trueCaseFunction.Signature + "\r\n";
}
if (falseCaseFunction != null)
{
sourcecode += falseCaseFunction.Signature + "\r\n";
}
sourcecode += "void " + "IfElseFunctionCall" + "(void){\r\n";
sourcecode += "if(" + string.Format(conditionalExpression, conditionalExpressionFunctionSources.Select(x => x.Name + "()").ToArray()) + ") {\r\n";
if (trueCaseFunction != null)
{
sourcecode += "\t" + trueCaseFunction.Name + "();" + "\r\n";
}
sourcecode += "}\r\n";
sourcecode += "else {\r\n";
if (falseCaseFunction != null)
{
sourcecode += "\t" + falseCaseFunction.Name + "();" + "\r\n";
}
sourcecode += "}\r\n";
sourcecode += "}\r\n";
return(new CCxxSource(new List <CCxxSourceFile>()
{
new CCxxSourceFile(sourcecode, Utils.RandomString(10) + ".c")
}));
}
// Does not merge input source into this object.
public MutexSingletonShellcodeCCxxSource(IParameterlessCFunction functionSource, string mutexName = @"Global\MutexSingleton")
: base(MutexSingletonCCxxSource.CreateSource((IParameterlessCFunction)functionSource, mutexName))
{
FindAndReplace(SourceFiles, FunctionNamePlaceholder, ((ICFunction)this).Name);
}
// Does not merge input source into this object.
public CreateThreadShellcodeCCxxSource(IParameterlessCFunction functionSource)
: base(CreateThreadCCxxSource.CreateSource((IParameterlessCFunction)functionSource))
{
FindAndReplace(SourceFiles, FunctionNamePlaceholder, ((ICFunction)this).Name);
}
// Does not merge input source into this object
public FunctionCallExeWinMainCCxxSource(IParameterlessCFunction source)
: base(SourceDirectoryToSourceFiles(ResourceDirectory))
{
FindAndReplace(SourceFiles, PayloadFunctionPlaceholder, source.Name);
}