def load(self):
if self.ql.archtype == QL_X86:
self.STRUCTERS_LAST_ADDR = FS_SEGMENT_ADDR
self.DEFAULT_IMAGE_BASE = 0x400000
self.HEAP_BASE_ADDR = 0x5000000
self.HEAP_SIZE = 0x5000000
self.DLL_BASE_ADDR = 0x10000000
elif self.ql.archtype == QL_X8664:
self.STRUCTERS_LAST_ADDR = GS_SEGMENT_ADDR
self.DEFAULT_IMAGE_BASE = 0x400000
self.HEAP_BASE_ADDR = 0x500000000
self.HEAP_SIZE = 0x5000000
self.DLL_BASE_ADDR = 0x7ffff0000000
self.PE_IMAGE_BASE = 0
self.PE_IMAGE_SIZE = 0
self.DLL_SIZE = 0
self.DLL_LAST_ADDR = self.DLL_BASE_ADDR
self.PE_RUN = True
self.last_error = 0
"""
initiate UC needs to be in loader, or else it will kill execve
Note: This is Windows, but for the sake of same with others OS
"""
self.ql.uc = self.ql.arch.init_uc
if self.ql.archtype == QL_X8664:
self.QL_WINDOWS_STACK_ADDRESS = 0x7ffffffde000
self.QL_WINDOWS_STACK_SIZE = 0x40000
self.ql.code_address = 0x140000000
self.ql.code_size = 10 * 1024 * 1024
elif self.ql.archtype == QL_X86:
self.QL_WINDOWS_STACK_ADDRESS = 0xfffdd000
self.QL_WINDOWS_STACK_SIZE = 0x21000
self.ql.code_address = 0x40000
self.ql.code_size = 10 * 1024 * 1024
if self.ql.stack_address == 0:
self.ql.stack_address = self.QL_WINDOWS_STACK_ADDRESS
if self.ql.stack_size == 0:
self.ql.stack_size = self.QL_WINDOWS_STACK_SIZE
setup(self)
if self.ql.shellcoder:
self.ql.PE = Shellcode(
self.ql, [b"ntdll.dll", b"kernel32.dll", b"user32.dll"])
else:
self.ql.PE = PE(self.ql, self.ql.path)
self.ql.PE.load()
# hook win api
self.ql.hook_code(self.hook_winapi)
def loader_shellcode(ql):
ql.uc = Uc(UC_ARCH_X86, UC_MODE_64)
# init ql pe
if ql.stack_address == 0:
ql.stack_address = QL_X8664_WINDOWS_STACK_ADDRESS
if ql.stack_size == 0:
ql.stack_size = QL_X8664_WINDOWS_STACK_SIZE
ql.code_address = 0x140000000
ql.code_size = 10 * 1024 * 1024
setup(ql)
# load shellcode
ql.PE = Shellcode(ql, [b"ntdll.dll", b"kernel32.dll", b"user32.dll"])
ql.PE.load()
# hook win api
ql.hook_code(hook_winapi)
ql_setup_output(ql)
def loader_shellcode(ql):
uc = Uc(UC_ARCH_X86, UC_MODE_32)
ql.uc = uc
# MAPPED Vars for loadPE32
ql.stack_address = QL_X86_WINDOWS_STACK_ADDRESS
ql.stack_size = QL_X86_WINDOWS_STACK_SIZE
ql.code_address = 0x40000
ql.code_size = 10 * 1024 * 1024
setup_windows32(ql)
# load shellcode
ql.PE = Shellcode(ql, [b"ntdll.dll", b"kernel32.dll", b"user32.dll"])
ql.PE.load()
# hook win api
ql.hook_code(hook_winapi)