Merge pull request for Enhancing Local Mode Implementation

binarytrails · web-flow · commit f1d8552ddb24 · 2025-03-18T23:27:37.000Z
- remove unneeded pml and csv flags
- update readme and example markdown documentation
- add local mode to console help flag
diff --git a/Examples.md b/Examples.md
@@ -96,5 +96,5 @@ Spartacus.exe --mode sign --action sign --pfx "C:\Output\certificate.pfx" --pass
 ### I want to clone a specific DLL and generate a solution for it
 
 ```
-Spartacus.exe --mode local --existing  --dllpath C:\Windows\System32\amsi.dll --solution "C:\Output\AmsiSolution" --pml "C:\Output\ProcMonOutput.pml" --csv "C:\Output\VulnerableDLLs.csv" --verbose
+Spartacus.exe --mode local --existing  --dllpath C:\Windows\System32\amsi.dll --solution "C:\Output\AmsiSolution" --verbose
 ```
diff --git a/README.md b/README.md
@@ -195,7 +195,7 @@ List DLL's exports and check if each function has a pre-generated prototype.
 Generate solution from a specific DLL found locally on the machine.
 
 ```
---mode local --existing --dllpath C:\Windows\System32\amsi.dll --solution "C:\Output\AmsiSolution" --pml "C:\Output\ProcMonOutput.pml" --csv "C:\Output\VulnerableDLLs.csv" --verbose
+--mode local --existing --dllpath C:\Windows\System32\amsi.dll --solution "C:\Output\AmsiSolution" --verbose
 ```
 
 ## Signing DLL Files
diff --git a/Spartacus/Modes/DLL/ModeDLL.cs b/Spartacus/Modes/DLL/ModeDLL.cs
@@ -70,28 +70,6 @@ public override void Run()
             }
         }
 
-        protected void CreateSingleSolutionForDLL(string dllPath) 
-        {
-            string solution = Path.Combine(RuntimeData.Solution, Path.GetFileNameWithoutExtension(dllPath));
-            string dllFile = Helper.LookForFileIfNeeded(dllPath);
-
-            ProxyGeneration proxyMode = new();
-            if (String.IsNullOrEmpty(dllPath) || String.IsNullOrEmpty(dllPath) || !File.Exists(dllPath))
-            {
-                Logger.Warning(" - No DLL Found", true, false);
-                return;
-            }
-            else
-            {
-                Logger.Info(" - Found", true, false);
-            }
-
-            if (!proxyMode.ProcessSingleDLL(dllPath, solution))
-            {
-                Logger.Error("Could not generate proxy DLL for: " + dllFile);
-            }
-        }
-
         protected void CreateSolutionsForDLLs(Dictionary<string, PMLEvent> events)
         {
             // First we collect which files we need to proxy.
diff --git a/Spartacus/Modes/DLL/ModeLocal.cs b/Spartacus/Modes/DLL/ModeLocal.cs
@@ -1,5 +1,4 @@
 ﻿using Spartacus.Modes.PROXY;
-using Spartacus.ProcMon;
 using Spartacus.Spartacus.CommandLine;
 using System;
 using System.IO;
@@ -42,23 +41,10 @@ protected void CreateSingleSolutionForDLL(string dllPath)
 
         public override void SanitiseAndValidateRuntimeData()
         {
-            if (RuntimeData.IsExistingLog)
+            // dllpath.
+            if (String.IsNullOrEmpty(RuntimeData.DLLPath))
             {
-                SanitiseExistingLogProcessing();
-            }
-            else
-            {
-                SanitiseNewLogProcessing();
-            }
-
-            // Check for CSV output file.
-            if (String.IsNullOrEmpty(RuntimeData.CSVFile))
-            {
-                throw new Exception("--csv is missing");
-            }
-            else if (File.Exists(RuntimeData.CSVFile))
-            {
-                Logger.Debug("--csv exists and will be overwritten");
+                throw new Exception("--dllpath is missing, will skip DLL proxy generation");
             }
 
             // Solution folder.
@@ -79,76 +65,5 @@ public override void SanitiseAndValidateRuntimeData()
                 }
             }
         }
-
-        protected void SanitiseExistingLogProcessing()
-        {
-            // Check if the PML file exists.
-            if (String.IsNullOrEmpty(RuntimeData.PMLFile))
-            {
-                throw new Exception("--pml is missing");
-            }
-            else if (!File.Exists(RuntimeData.PMLFile))
-            {
-                throw new Exception("--pml does not exist: " + RuntimeData.PMLFile);
-            }
-            Logger.Debug("--pml is " + RuntimeData.PMLFile);
-        }
-
-        protected void SanitiseNewLogProcessing()
-        {
-            // Check for ProcMon.
-            if (String.IsNullOrEmpty(RuntimeData.ProcMonExecutable))
-            {
-                throw new Exception("--procmon is missing");
-            }
-            else if (!File.Exists(RuntimeData.ProcMonExecutable))
-            {
-                throw new Exception("--procmon does not exist: " + RuntimeData.ProcMonExecutable);
-            }
-
-            // Check for ProcMon config & log file.
-            if (String.IsNullOrEmpty(RuntimeData.PMCFile))
-            {
-                // Since no --pmc has been passed, it means that we can't load the --pml file automatically from
-                // that configuration. This means that we _must_ have --pml passed here.
-                if (String.IsNullOrEmpty(RuntimeData.PMLFile))
-                {
-                    throw new Exception("--pml is missing");
-                }
-                else if (File.Exists(RuntimeData.PMLFile))
-                {
-                    Logger.Debug("--pml exists and will be overwritten");
-                }
-            }
-            else if (!File.Exists(RuntimeData.PMCFile))
-            {
-                // If the argument was passed but does not exist, exit.
-                throw new Exception("--pmc does not exist: " + RuntimeData.PMCFile);
-            }
-            else
-            {
-                // If we reach this, it means that --pmc has been passed through and exists.
-                ProcMonPMC pmc = new(RuntimeData.PMCFile);
-
-                // If the existing PMC file has no logfile/backing file, check to see if --pml has been set.
-                if (String.IsNullOrEmpty(pmc.GetConfiguration().Logfile))
-                {
-                    if (String.IsNullOrEmpty(RuntimeData.PMLFile))
-                    {
-                        throw new Exception("The passed --pmc file that has no log/backing file configured and no --pml argument was passed to set it. " +
-                            "Either setup the backing file in the existing PMC file or pass a --pml parameter");
-                    }
-
-                    // Here, the --pmc config has no PML path for log/backing, but we've passed a --pml argument.
-                    // Therefore, we'll inject our new PML location into the existing PMC config.
-                    RuntimeData.InjectBackingFileIntoConfig = true;
-                }
-                else
-                {
-                    // The PMC file has a backing file, so we don't need the --pml argument.
-                    RuntimeData.PMLFile = pmc.GetConfiguration().Logfile;
-                }
-            }
-        }
     }
 }
diff --git a/Spartacus/Properties/AssemblyInfo.cs b/Spartacus/Properties/AssemblyInfo.cs
@@ -32,5 +32,5 @@
 // You can specify all the values or you can default the Build and Revision Numbers
 // by using the '*' as shown below:
 // [assembly: AssemblyVersion("1.0.*")]
-[assembly: AssemblyVersion("2.3.1.0")]
-[assembly: AssemblyFileVersion("2.3.1.0")]
+[assembly: AssemblyVersion("2.3.2.0")]
+[assembly: AssemblyFileVersion("2.3.2.0")]
diff --git a/Spartacus/Properties/Resources.Designer.cs b/Spartacus/Properties/Resources.Designer.cs
diff --git a/Spartacus/Properties/Resources.resx b/Spartacus/Properties/Resources.resx
@@ -220,8 +220,21 @@ Parse an existing PML event log output, save output to CSV, and generate proxy D
 
     --mode dll --existing --pml C:\MyData\SomeBackup.pml --csv C:\Data\VulnerableDLLFiles.csv --solution C:\Data\Solutions --verbose</value>
   </data>
+  <data name="help\local.txt" xml:space="preserve">
+    <value>Usage: Spartacus.exe --mode local [--help] [OPTIONS]
+
+--dllpath               Path of the DLL to generate a solution.
+--solution              Path to the directory where the solutions for the specified DLL will be stored.
+
+Examples:
+
+Generate solution into C:\DataLocal\Solutions for a specified DLL file.
+
+    --mode local --dllpath C:\Windows\System32\secur32.dll  --solution C:\DataLocal\Solutions --verbose
+	</value>
+  </data>
   <data name="help\main.txt" xml:space="preserve">
-    <value>Usage: Spartacus.exe --mode [dll|proxy|com|detect|sign] [--help] [OPTIONS]
+    <value>Usage: Spartacus.exe --mode [dll|proxy|com|detect|sign|local] [--help] [OPTIONS]
 
 Supported Modes
 ---------------
@@ -232,6 +245,7 @@ com                     Identify COM hijacking vulnerabilities.
 detect                  Identify DLLs that are proxying calls (like 'DLL Hijacking in progress').
                         This isn't a feature to be relied upon, it's there to get the low hanging fruit.
 sign                    Generate self-signed certificates and use them to sign executables/DLLs.
+local                   Generate a solution for a specified DLL file path.
 
 Global Options
 --------------
diff --git a/Spartacus/Utils/Helper.cs b/Spartacus/Utils/Helper.cs
@@ -171,6 +171,7 @@ public string GetHelp()
                 RuntimeData.SpartacusMode.COM => @"help\com.txt",
                 RuntimeData.SpartacusMode.DETECT => @"help\detect.txt",
                 RuntimeData.SpartacusMode.SIGN => @"help\sign.txt",
+                RuntimeData.SpartacusMode.LOCAL => @"help\local.txt",
                 _ => @"help\main.txt"
             };
 
