diff --git a/No-Consolation.cna b/No-Consolation.cna index d09097a..da323ac 100644 --- a/No-Consolation.cna +++ b/No-Consolation.cna @@ -325,7 +325,23 @@ sub runpe{ } # Pack the arguments - $args = bof_pack($1, "ZzZbziiiZzziiiziiizzziiizzzi", $2 $2, $3, $4, $5, $6, $7, $8, $9, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18, $19, $20, $21, $22, $23, $24, $25, $26, $27); + # $2: PENAME + # $3: PEPATH + # $4: PEBYTES + # $5: PATH + # $6: LOCAL + # $7: TIMEOUT + # $8: HEADERS + # $9: CMDLINE + # $10: METHOD + # $11: USE_UNICODE + # $12: NOOUTPUT + # $13: ALLOC_CONSOLE + # $14: CLOSE_HANDLES + # $15: FREE_LIBS + # $16: DONT_SAVE + # $17: LIST_PES + $args = bof_pack($1, "ZzZbziiiZzziiiiziizzziiizzzi", $2 $2, $3, $4, $5, $6, $7, $8, $9, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18, $19, $20, $21, $22, $23, $24, $25, $26, $27); # Execute BOF beacon_inline_execute($1, $data, "go", $args); diff --git a/dist/NoConsolation.x64.o b/dist/NoConsolation.x64.o index 8fd9825..ef20e8b 100644 Binary files a/dist/NoConsolation.x64.o and b/dist/NoConsolation.x64.o differ diff --git a/dist/NoConsolation.x86.o b/dist/NoConsolation.x86.o index 347d7f7..fd78628 100644 Binary files a/dist/NoConsolation.x86.o and b/dist/NoConsolation.x86.o differ diff --git a/source/entry.c b/source/entry.c index 0ef352c..d252bd6 100644 --- a/source/entry.c +++ b/source/entry.c @@ -51,42 +51,86 @@ int go(IN PCHAR Buffer, IN ULONG Length) BeaconDataParse(&parser, Buffer, Length); pe_wname = (LPWSTR)BeaconDataExtract(&parser, NULL); pe_wname = pe_wname[0] ? pe_wname : NULL; + pe_name = BeaconDataExtract(&parser, NULL); pe_name = pe_name[0] ? pe_name : NULL; + pe_wpath = (LPWSTR)BeaconDataExtract(&parser, NULL); pe_wpath = pe_wpath[0] ? pe_wpath : NULL; + pe_bytes = BeaconDataExtract(&parser, &pe_length); + pe_path = BeaconDataExtract(&parser, NULL); pe_path = pe_path[0] ? pe_path : NULL; + local = BeaconDataInt(&parser); + timeout = BeaconDataInt(&parser); + headers = BeaconDataInt(&parser); + cmdwline = (LPWSTR)BeaconDataExtract(&parser, NULL); + cmdline = BeaconDataExtract(&parser, NULL); + method = BeaconDataExtract(&parser, NULL); + use_unicode = BeaconDataInt(&parser); + nooutput = BeaconDataInt(&parser); + alloc_console = BeaconDataInt(&parser); + close_handles = BeaconDataInt(&parser); + unload_libs = BeaconDataExtract(&parser, NULL); - unload_libs = unload_libs[0] ? unload_libs : NULL; + if (unload_libs) + { + unload_libs = unload_libs[0] ? unload_libs : NULL; + } + dont_save = BeaconDataInt(&parser); list_pes = BeaconDataInt(&parser); + unload_pe = BeaconDataExtract(&parser, NULL); - unload_pe = unload_pe[0] ? unload_pe : NULL; + if (unload_pe) + { + unload_pe = unload_pe[0] ? unload_pe : NULL; + } + username = BeaconDataExtract(&parser, NULL); - username = username[0] ? username : NULL; + if (username) + { + username = username[0] ? username : NULL; + } + loadtime = BeaconDataExtract(&parser, NULL); - loadtime = loadtime[0] ? loadtime : NULL; + if (loadtime) + { + loadtime = loadtime[0] ? loadtime : NULL; + } + link_to_peb = BeaconDataInt(&parser); dont_unload = BeaconDataInt(&parser); load_all_deps = BeaconDataInt(&parser); load_all_deps_but = BeaconDataExtract(&parser, NULL); - load_all_deps_but = load_all_deps_but[0] ? load_all_deps_but : NULL; + if (load_all_deps_but) + { + load_all_deps_but = load_all_deps_but[0] ? load_all_deps_but : NULL; + } + load_deps = BeaconDataExtract(&parser, NULL); - load_deps = load_deps[0] ? load_deps : NULL; + if (load_deps) + { + load_deps = load_deps[0] ? load_deps : NULL; + } + search_paths = BeaconDataExtract(&parser, NULL); - search_paths = search_paths[0] ? search_paths : NULL; + if (search_paths) + { + search_paths = search_paths[0] ? search_paths : NULL; + } + inthread = BeaconDataInt(&parser); peinfo = intAlloc(sizeof(LOADED_PE_INFO));