evasion

package

v0.2.1 Latest Latest Go to latest Published: Oct 27, 2024 License: GPL-3.0 Imports: 17 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/MrTuxx/OffensiveGolang

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func AMSIByPass(pn string)
func CheckMouse(sec int)
func CheckNameEXE(name string)
func CheckScreen()
func CheckVMFilepath() bool
func CodeBrainfuck(input string) string
func DecodeBrainfuck(code string, input string) string
func EkkoObf(duration int, newKey [16]byte)
func ExtractMatchedStringFromURL(url, pattern string) (string, error)
func FuckETW() error
func GetNameEXE() string
func GetPID(name string) int
func RandLlave() ([16]byte, error)
func Rander() int
func SendPID(name string, url_target string)
func UnhookNTDLL(hNtdll windows.Handle, pMapping uintptr) error
type Context
type IMAGE_DATA_DIRECTORY
type IMAGE_DOS_HEADER
type IMAGE_FILE_HEADER
type IMAGE_NT_HEADERS
type IMAGE_OPTIONAL_HEADER64
type IMAGE_SECTION_HEADER
type ImageDosHeader
type ImageNtHeaders

Constants ¶

View Source

const LOAD_LIBRARY_AS_DATAFILE = 0x00000002

View Source

const (
	SEC_IMAGE = 0x1000000
)

View Source

const (
	THREAD_SUSPEND_RESUME = 0x0002
)

Variables ¶

View Source

var (
	VirtualProtect      = windows.NewLazySystemDLL("kernel32.dll").NewProc("VirtualProtect")
	CryptEncrypt        = windows.NewLazySystemDLL("advapi32.dll").NewProc("CryptEncrypt")
	WaitForSingleObject = windows.NewLazySystemDLL("kernel32.dll").NewProc("WaitForSingleObject")
	CryptDecrypt        = windows.NewLazySystemDLL("advapi32.dll").NewProc("CryptDecrypt")
	SetEvent            = windows.NewLazySystemDLL("kernel32.dll").NewProc("SetEvent")
	GetCurrentProcessId = windows.NewLazySystemDLL("kernel32.dll").NewProc("GetCurrentProcessId")
	OpenThread          = windows.NewLazySystemDLL("kernel32.dll").NewProc("OpenThread")
	SuspendThread       = windows.NewLazySystemDLL("kernel32.dll").NewProc("SuspendThread")
	ResumeThread        = windows.NewLazySystemDLL("kernel32.dll").NewProc("ResumeThread")
	RtlRestoreContext   = windows.NewLazySystemDLL("ntdll.dll").NewProc("RtlRestoreContext")
)

View Source

var Debug = true // Set this to true to enable Debug messages or false to disable them

View Source

var (
	NtdllPath = "C:\\Windows\\System32\\ntdll.dll"
)

Functions ¶

func AMSIByPass ¶ added in v0.2.0

func AMSIByPass(pn string)

func CheckMouse ¶

func CheckMouse(sec int)

func CheckNameEXE ¶

func CheckNameEXE(name string)

func CheckScreen ¶

func CheckScreen()

func CheckVMFilepath ¶

func CheckVMFilepath() bool

func CodeBrainfuck ¶ added in v0.2.0

func CodeBrainfuck(input string) string

func DecodeBrainfuck ¶ added in v0.2.0

func DecodeBrainfuck(code string, input string) string

func EkkoObf ¶ added in v0.2.0

func EkkoObf(duration int, newKey [16]byte)

func ExtractMatchedStringFromURL ¶ added in v0.2.0

func ExtractMatchedStringFromURL(url, pattern string) (string, error)

func FuckETW ¶ added in v0.2.0

func FuckETW() error

func GetNameEXE ¶

func GetNameEXE() string

func GetPID ¶

func GetPID(name string) int

func RandLlave ¶ added in v0.2.0

func RandLlave() ([16]byte, error)

func Rander ¶ added in v0.2.0

func Rander() int

func SendPID ¶

func SendPID(name string, url_target string)

func UnhookNTDLL ¶ added in v0.2.0

func UnhookNTDLL(hNtdll windows.Handle, pMapping uintptr) error

Types ¶

type Context ¶ added in v0.2.0

type Context struct {
	Rsp, Rip, Rcx, Rdx, R8, R9 uintptr
}

type IMAGE_DATA_DIRECTORY ¶ added in v0.2.0

type IMAGE_DATA_DIRECTORY struct {
	VirtualAddress uint32
	Size           uint32
}

type IMAGE_DOS_HEADER ¶ added in v0.2.0

type IMAGE_DOS_HEADER struct {
	E_magic    uint16
	E_cblp     uint16
	E_cp       uint16
	E_crlc     uint16
	E_cparhdr  uint16
	E_minalloc uint16
	E_maxalloc uint16
	E_ss       uint16
	E_sp       uint16
	E_csum     uint16
	E_ip       uint16
	E_cs       uint16
	E_lfarlc   uint16
	E_ovno     uint16
	E_res      [4]uint16
	E_oemid    uint16
	E_oeminfo  uint16
	E_res2     [10]uint16
	E_lfanew   int32
}

type IMAGE_FILE_HEADER ¶ added in v0.2.0

type IMAGE_FILE_HEADER struct {
	Machine              uint16
	NumberOfSections     uint16
	TimeDateStamp        uint32
	PointerToSymbolTable uint32
	NumberOfSymbols      uint32
	SizeOfOptionalHeader uint16
	Characteristics      uint16
}

type IMAGE_NT_HEADERS ¶ added in v0.2.0

type IMAGE_NT_HEADERS struct {
	Signature      uint32
	FileHeader     IMAGE_FILE_HEADER
	OptionalHeader IMAGE_OPTIONAL_HEADER64
}

type IMAGE_OPTIONAL_HEADER64 ¶ added in v0.2.0

type IMAGE_OPTIONAL_HEADER64 struct {
	Magic                       uint16
	MajorLinkerVersion          uint8
	MinorLinkerVersion          uint8
	SizeOfCode                  uint32
	SizeOfInitializedData       uint32
	SizeOfUninitializedData     uint32
	AddressOfEntryPoint         uint32
	BaseOfCode                  uint32
	ImageBase                   uint64
	SectionAlignment            uint32
	FileAlignment               uint32
	MajorOperatingSystemVersion uint16
	MinorOperatingSystemVersion uint16
	MajorImageVersion           uint16
	MinorImageVersion           uint16
	MajorSubsystemVersion       uint16
	MinorSubsystemVersion       uint16
	Win32VersionValue           uint32
	SizeOfImage                 uint32
	SizeOfHeaders               uint32
	CheckSum                    uint32
	Subsystem                   uint16
	DllCharacteristics          uint16
	SizeOfStackReserve          uint64
	SizeOfStackCommit           uint64
	SizeOfHeapReserve           uint64
	SizeOfHeapCommit            uint64
	LoaderFlags                 uint32
	NumberOfRvaAndSizes         uint32
	DataDirectory               [16]IMAGE_DATA_DIRECTORY
}

type IMAGE_SECTION_HEADER ¶ added in v0.2.0

type IMAGE_SECTION_HEADER struct {
	Name                 [8]byte
	VirtualSize          uint32
	VirtualAddress       uint32
	SizeOfRawData        uint32
	PointerToRawData     uint32
	PointerToRelocations uint32
	PointerToLinenumbers uint32
	NumberOfRelocations  uint16
	NumberOfLinenumbers  uint16
	Characteristics      uint32
}

type ImageDosHeader ¶ added in v0.2.0

type ImageDosHeader struct {
	E_magic    uint16     // Magic number
	E_cblp     uint16     // Bytes on last page of file
	E_cp       uint16     // Pages in file
	E_crlc     uint16     // Relocations
	E_cparhdr  uint16     // Size of header in paragraphs
	E_minalloc uint16     // Minimum extra paragraphs needed
	E_maxalloc uint16     // Maximum extra paragraphs needed
	E_ss       uint16     // Initial (relative) SS value
	E_sp       uint16     // Initial SP value
	E_csum     uint16     // Checksum
	E_ip       uint16     // Initial IP value
	E_cs       uint16     // Initial (relative) CS value
	E_lfarlc   uint16     // File address of relocation table
	E_ovno     uint16     // Overlay number
	E_res      [4]uint16  // Reserved uint16s
	E_oemid    uint16     // OEM identifier (for E_oeminfo)
	E_oeminfo  uint16     // OEM information; E_oemid specific
	E_res2     [10]uint16 // Reserved uint16s
	E_lfanew   int32      // File address of new exe header
}

type ImageNtHeaders ¶ added in v0.2.0

type ImageNtHeaders struct {
	Signature      uintptr
	FileHeader     [20]byte // We won't use this part, so we don't need the exact structure
	OptionalHeader struct {
		SizeOfImage uintptr
	}
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL