seliaste/malware-m2-2026
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Correction bug mémoire

Browse source
This commit is contained in:
unknown 2026-02-25 21:24:46 +01:00
parent 1dd0ea284b
commit fc0f6f7cd2
3 changed files with 14 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

1
Malware/Malware/Malware.cpp
View file

@ -323,6 +323,7 @@ typedef struct {
} FuncList2; } FuncList2;
int main(int argc, char *argv[]) { int main(int argc, char *argv[]) {
if (argc < 2 || strlen(argv[1]) > 8) { if (argc < 2 || strlen(argv[1]) > 8) {
printf("Arguments invalides.\n"); printf("Arguments invalides.\n");
return 1; return 1;

2
Malware/Malware/functions.cpp
View file

@ -16,7 +16,7 @@ bool verify_signature(unsigned char* signature, unsigned char* starting_loc){
void print_signature(unsigned char* loc){\ void print_signature(unsigned char* loc){\
printf("{"); printf("{");
for(int i = 0; i < 12; i++){ for(int i = 0; i < 5; i++){
printf("0x%x",loc[i]); printf("0x%x",loc[i]);
if (i != 11) printf(", "); if (i != 11) printf(", ");
} }

20
Malware/Malware/functions.h
View file

@ -15,9 +15,10 @@ class Obfuscated_stdFunclist {
private: private:
void find_obfusc_printf() { void find_obfusc_printf() {
// print_signature(printf) // print_signature(printf)
unsigned char signature_printf[12] = {0x8b, 0xff, 0x55, 0x8b, /*unsigned char signature_printf[12] = {0x8b, 0xff, 0x55, 0x8b,
0xec, 0x6a, 0xfe, 0x68, 0xec, 0x6a, 0xfe, 0x68,
0xe0, 0xdb, 0x34, 0x10}; 0xe0, 0xdb, 0x34, 0x10};*/
unsigned char signature_printf[12] = { 0x6A, 0x0C, 0x68, 0x60, 0x57, 0xB0, 0x78, 0xE8, 0xC0, 0xB5, 0xFA, 0xFF };
unsigned char *loc = (unsigned char *)ungetc; // after printf in memory unsigned char *loc = (unsigned char *)ungetc; // after printf in memory
while (!verify_signature(signature_printf, loc)) { while (!verify_signature(signature_printf, loc)) {
loc--; // go back until we find printf loc--; // go back until we find printf
@ -26,22 +27,25 @@ class Obfuscated_stdFunclist {
} }
void find_obfusc_malloc() { void find_obfusc_malloc() {
// print_signature((unsigned char*)malloc); // print_signature((unsigned char*)malloc);
unsigned char signature_malloc[12] = {0x8b, 0xff, 0x55, 0x8b, /*unsigned char signature_malloc[12] = {0x8b, 0xff, 0x55, 0x8b,
0xec, 0x51, 0x6a, 0x0, 0xec, 0x51, 0x6a, 0x0,
0x6a, 0x0, 0x6a, 0x1}; 0x6a, 0x0, 0x6a, 0x1};*/
unsigned char signature_malloc[12] = { 0x8B, 0xFF, 0x55, 0x8B, 0xEC, 0x53, 0x8B, 0x5D, 0x08, 0x83, 0xFB, 0xE0 };
unsigned char *loc = (unsigned char *)free; // after malloc in memory unsigned char *loc = (unsigned char *)free; // after malloc in memory
while (!verify_signature(signature_malloc, loc)) { while (!verify_signature(signature_malloc, loc)) {
loc--; // go backwards until we find malloc loc++; // go backwards until we find malloc
} }
obfusc_malloc = (void *(*)(size_t __size))loc; obfusc_malloc = (void *(*)(size_t __size))loc;
} }
void find_obfusc_memcpy() { void find_obfusc_memcpy() {
auto a = memcpy; // sinon ça crash parce que memcpy est pas chargé en mémoire :c auto a = memcpy; // sinon ça crash parce que memcpy est pas chargé en mémoire :c
/*
unsigned char signature_memcpy[12] = {0xe9, 0xdf, 0x39, 0x0, 0x0, 0xe9, unsigned char signature_memcpy[12] = {0xe9, 0xdf, 0x39, 0x0, 0x0, 0xe9,
0x20, 0x58, 0x0, 0x0, 0xe9, 0xb}; 0x20, 0x58, 0x0, 0x0, 0xe9, 0xb};*/
unsigned char *loc = (unsigned char *)memset; // after memcpy in memory unsigned char signature_memcpy[12] = { 0x55, 0x8B, 0xEC, 0x57, 0x56, 0x8B, 0x75, 0x0C, 0x8B, 0x4D, 0x10, 0x8B };
unsigned char *loc = (unsigned char *)memset; // before memcpy in memory
while (!verify_signature(signature_memcpy, loc)) { while (!verify_signature(signature_memcpy, loc)) {
loc++; // go backwards until we find memcpy loc--; // go forwards until we find memcpy
} }
obfusc_memcpy = obfusc_memcpy =
(void *(*)(void *__restrict __dest, const void *__restrict __src, (void *(*)(void *__restrict __dest, const void *__restrict __src,