mirror of https://github.com/qwqdanchun/donut.git
Merge branch 'dev' into reloc
This commit is contained in:
commit
7282b9b9b9
|
@ -0,0 +1,16 @@
|
|||
FROM ubuntu:22.04
|
||||
|
||||
RUN apt-get update
|
||||
RUN apt-get install --no-install-recommends --no-install-suggests -y \
|
||||
mingw-w64 zip build-essential perl python xml2 pkg-config automake \
|
||||
libtool autotools-dev make g++ git ruby wget libssl-dev
|
||||
|
||||
WORKDIR /opt
|
||||
RUN git clone https://github.com/TheWover/donut.git
|
||||
WORKDIR /opt/donut
|
||||
RUN make -f Makefile
|
||||
|
||||
WORKDIR /workdir
|
||||
RUN chmod ugo+wrx /workdir
|
||||
RUN ls /opt/donut
|
||||
ENTRYPOINT ["/opt/donut/donut"]
|
2
Makefile
2
Makefile
|
@ -10,4 +10,4 @@ hash:
|
|||
encrypt:
|
||||
gcc -Wall -Wno-format -fpack-struct=8 -DTEST -I include encrypt.c loader/clib.c -oencrypt
|
||||
clean:
|
||||
rm -f loader.exe exe2h.exe exe2h loader32.exe loader64.exe donut.o hash.o encrypt.o format.o clib.o hash encrypt donut hash.exe encrypt.exe donut.exe lib/libdonut.a lib/libdonut.so inject_local32.exe inject_local64.exe
|
||||
rm -f loader.exe exe2h.exe exe2h loader32.exe loader64.exe donut.o hash.o encrypt.o format.o clib.o hash encrypt donut hash.exe encrypt.exe donut.exe lib/libdonut.a lib/libdonut.so inject32.exe inject64.exe inject_local32.exe inject_local64.exe
|
||||
|
|
|
@ -24,3 +24,4 @@ debug: clean
|
|||
$(CC64) -Wall loader/inject_local.c -oinject_local64.exe
|
||||
clean:
|
||||
rm -f exe2h exe2h.exe loader.bin instance donut.o hash.o encrypt.o format.o clib.o hash encrypt donut hash.exe encrypt.exe donut.exe lib/libdonut.a lib/libdonut.so loader.exe loader32.exe loader64.exe inject32.exe inject64.exe inject_local32.exe inject_local64.exe
|
||||
|
||||
|
|
|
@ -16,7 +16,7 @@ donut: clean
|
|||
move donut.dll lib\donut.dll
|
||||
debug: clean
|
||||
cl /nologo -DDEBUG -DBYPASS_AMSI_B -DBYPASS_WLDP_A -DBYPASS_ETW_B -Zp8 -c -nologo -Gy -Os -EHa -GS- -I include loader/loader.c hash.c encrypt.c loader/depack.c loader/clib.c
|
||||
link -nologo -order:@loader\order.txt -subsystem:console loader.obj hash.obj encrypt.obj depack.obj clib.obj
|
||||
link -nologo -order:@loader\order.txt -subsystem:console loader.obj hash.obj encrypt.obj depack.obj clib.obj
|
||||
|
||||
cl -Zp8 -nologo -DDEBUG -DDONUT_EXE -I include donut.c hash.c encrypt.c format.c loader\clib.c lib\aplib64.lib
|
||||
cl -Zp8 -nologo -DDEBUG -DDLL -LD -I include donut.c hash.c encrypt.c format.c loader\clib.c lib\aplib64.lib
|
||||
|
|
14
README.md
14
README.md
|
@ -110,6 +110,20 @@
|
|||
|
||||
<p>For more information, please refer to <a href="https://github.com/TheWover/donut/blob/master/docs/2019-08-21-Python_Extension.md">Building and using the Python extension.</a></p>
|
||||
|
||||
<h3>Docker</h3>
|
||||
|
||||
<p>Building the docker container.</p>
|
||||
|
||||
<pre>
|
||||
docker build -t donut .
|
||||
</pre>
|
||||
|
||||
<p>Running donut.</p>
|
||||
|
||||
<pre>
|
||||
docker run -it --rm -v "${PWD}:/workdir" donut -h
|
||||
</pre>
|
||||
|
||||
<h3>Releases</h3>
|
||||
|
||||
<p>Tags have been provided for each release version of Donut that contain the compiled executables.</p>
|
||||
|
|
|
@ -29,27 +29,8 @@
|
|||
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include <windows.h>
|
||||
#include <stdio.h>
|
||||
#include <tlhelp32.h>
|
||||
#include "inject.h"
|
||||
|
||||
typedef struct _CLIENT_ID {
|
||||
PVOID UniqueProcess;
|
||||
PVOID UniqueThread;
|
||||
} CLIENT_ID, *PCLIENT_ID;
|
||||
|
||||
typedef NTSTATUS (NTAPI *RtlCreateUserThread_t) (
|
||||
IN HANDLE ProcessHandle,
|
||||
IN PSECURITY_DESCRIPTOR SecurityDescriptor OPTIONAL,
|
||||
IN BOOLEAN CreateSuspended,
|
||||
IN ULONG StackZeroBits,
|
||||
IN OUT PULONG StackReserved,
|
||||
IN OUT PULONG StackCommit,
|
||||
IN PVOID StartAddress,
|
||||
IN PVOID StartParameter OPTIONAL,
|
||||
OUT PHANDLE ThreadHandle,
|
||||
OUT PCLIENT_ID ClientID);
|
||||
|
||||
BOOL EnablePrivilege(PCHAR szPrivilege){
|
||||
HANDLE hToken;
|
||||
BOOL bResult;
|
||||
|
|
|
@ -0,0 +1,59 @@
|
|||
/**
|
||||
BSD 3-Clause License
|
||||
|
||||
Copyright (c) 2019, TheWover, Odzhan. All rights reserved.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions are met:
|
||||
|
||||
* Redistributions of source code must retain the above copyright notice, this
|
||||
list of conditions and the following disclaimer.
|
||||
|
||||
* Redistributions in binary form must reproduce the above copyright notice,
|
||||
this list of conditions and the following disclaimer in the documentation
|
||||
and/or other materials provided with the distribution.
|
||||
|
||||
* Neither the name of the copyright holder nor the names of its
|
||||
contributors may be used to endorse or promote products derived from
|
||||
this software without specific prior written permission.
|
||||
|
||||
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
||||
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
||||
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
|
||||
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
|
||||
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
|
||||
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
|
||||
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#if defined(_WIN32) || defined(_WIN64)
|
||||
#include <windows.h>
|
||||
#if defined(_MSC_VER)
|
||||
#pragma comment(lib, "advapi32.lib")
|
||||
#pragma comment(lib, "shell32.lib")
|
||||
#pragma comment(lib, "user32.lib")
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#include <stdio.h>
|
||||
#include <tlhelp32.h>
|
||||
|
||||
typedef struct _CLIENT_ID {
|
||||
PVOID UniqueProcess;
|
||||
PVOID UniqueThread;
|
||||
} CLIENT_ID, *PCLIENT_ID;
|
||||
|
||||
typedef NTSTATUS (NTAPI *RtlCreateUserThread_t) (
|
||||
IN HANDLE ProcessHandle,
|
||||
IN PSECURITY_DESCRIPTOR SecurityDescriptor OPTIONAL,
|
||||
IN BOOLEAN CreateSuspended,
|
||||
IN ULONG StackZeroBits,
|
||||
IN OUT PULONG StackReserved,
|
||||
IN OUT PULONG StackCommit,
|
||||
IN PVOID StartAddress,
|
||||
IN PVOID StartParameter OPTIONAL,
|
||||
OUT PHANDLE ThreadHandle,
|
||||
OUT PCLIENT_ID ClientID);
|
1503
loader_exe_x86.go
1503
loader_exe_x86.go
File diff suppressed because it is too large
Load Diff
|
@ -11,9 +11,9 @@
|
|||
* Python generator
|
||||
* Python wrapper for our dynamic library
|
||||
* Better documentation for debugging, designing with, and integrating Donut.
|
||||
* v1.1:
|
||||
* Added moduler bypass system for ETW
|
||||
* Added option for preserving or overwriting PE headers of native payloads
|
||||
* Fixed some issues with the MingW makefile (#96)
|
||||
* v2.0:
|
||||
* Automatic unloading of Application Domains after the Assembly finishes executing.
|
||||
* Support for HTTP proxies
|
||||
* v2.0:
|
||||
* Added moduler bypass system for ETW
|
||||
* Added option for preserving PE headers of native payloads
|
Loading…
Reference in New Issue