def load(self): if self.ql.archtype == QL_X86: self.STRUCTERS_LAST_ADDR = FS_SEGMENT_ADDR self.DEFAULT_IMAGE_BASE = 0x400000 self.HEAP_BASE_ADDR = 0x5000000 self.HEAP_SIZE = 0x5000000 self.DLL_BASE_ADDR = 0x10000000 elif self.ql.archtype == QL_X8664: self.STRUCTERS_LAST_ADDR = GS_SEGMENT_ADDR self.DEFAULT_IMAGE_BASE = 0x400000 self.HEAP_BASE_ADDR = 0x500000000 self.HEAP_SIZE = 0x5000000 self.DLL_BASE_ADDR = 0x7ffff0000000 self.PE_IMAGE_BASE = 0 self.PE_IMAGE_SIZE = 0 self.DLL_SIZE = 0 self.DLL_LAST_ADDR = self.DLL_BASE_ADDR self.PE_RUN = True self.last_error = 0 """ initiate UC needs to be in loader, or else it will kill execve Note: This is Windows, but for the sake of same with others OS """ self.ql.uc = self.ql.arch.init_uc if self.ql.archtype == QL_X8664: self.QL_WINDOWS_STACK_ADDRESS = 0x7ffffffde000 self.QL_WINDOWS_STACK_SIZE = 0x40000 self.ql.code_address = 0x140000000 self.ql.code_size = 10 * 1024 * 1024 elif self.ql.archtype == QL_X86: self.QL_WINDOWS_STACK_ADDRESS = 0xfffdd000 self.QL_WINDOWS_STACK_SIZE = 0x21000 self.ql.code_address = 0x40000 self.ql.code_size = 10 * 1024 * 1024 if self.ql.stack_address == 0: self.ql.stack_address = self.QL_WINDOWS_STACK_ADDRESS if self.ql.stack_size == 0: self.ql.stack_size = self.QL_WINDOWS_STACK_SIZE setup(self) if self.ql.shellcoder: self.ql.PE = Shellcode( self.ql, [b"ntdll.dll", b"kernel32.dll", b"user32.dll"]) else: self.ql.PE = PE(self.ql, self.ql.path) self.ql.PE.load() # hook win api self.ql.hook_code(self.hook_winapi)
def loader_shellcode(ql): ql.uc = Uc(UC_ARCH_X86, UC_MODE_64) # init ql pe if ql.stack_address == 0: ql.stack_address = QL_X8664_WINDOWS_STACK_ADDRESS if ql.stack_size == 0: ql.stack_size = QL_X8664_WINDOWS_STACK_SIZE ql.code_address = 0x140000000 ql.code_size = 10 * 1024 * 1024 setup(ql) # load shellcode ql.PE = Shellcode(ql, [b"ntdll.dll", b"kernel32.dll", b"user32.dll"]) ql.PE.load() # hook win api ql.hook_code(hook_winapi) ql_setup_output(ql)
def loader_shellcode(ql): uc = Uc(UC_ARCH_X86, UC_MODE_32) ql.uc = uc # MAPPED Vars for loadPE32 ql.stack_address = QL_X86_WINDOWS_STACK_ADDRESS ql.stack_size = QL_X86_WINDOWS_STACK_SIZE ql.code_address = 0x40000 ql.code_size = 10 * 1024 * 1024 setup_windows32(ql) # load shellcode ql.PE = Shellcode(ql, [b"ntdll.dll", b"kernel32.dll", b"user32.dll"]) ql.PE.load() # hook win api ql.hook_code(hook_winapi)