pyrex/injector
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: pyrex:cc2d7dc9bfacccd413787f1f06e969e303f61611
Branches Tags
pyrex:main
..
compare: pyrex:main
Branches Tags
pyrex:main

9 Commits
cc2d7dc9bf ... main

Author SHA1 Message Date
Nyeogmi
18c6c3d235 Dump various process files into the repo 2025-04-26 14:14:55 -07:00
Nyeogmi
a7f5828f96 Rename stuff and move it around 2025-04-25 23:07:00 -07:00
Nyeogmi
03a4e89918 Make the type coercions in compiler more explicit 2025-04-25 22:24:12 -07:00
Nyeogmi
9a07551a22 Clean up the analyzer (somewhat!) 2025-04-25 22:18:53 -07:00
Nyeogmi
f777d9ecf8 Trim, switch from std to core 2025-04-25 22:14:28 -07:00
Nyeogmi
893f7917ef Add RLE 2025-04-25 21:50:29 -07:00
Nyeogmi
941b7a1f07 Inline the file 2025-04-25 21:31:49 -07:00
Nyeogmi
b20846c797 Better file format 1 2025-04-25 21:30:11 -07:00
Nyeogmi
f5cb818123 A notepad window that skreeks like a bat 2025-04-25 19:58:24 -07:00
43 changed files with 1013 additions and 1111 deletions
Expand all files Collapse all files

11
analyzer/binaries/main.json
View File

File diff suppressed because one or more lines are too long

0
analyzer/dumps/data.dat
View File

BIN
analyzer/dumps/rdata.dat
View File

Binary file not shown.

BIN
analyzer/dumps/starting_state.dat
View File

Binary file not shown.

BIN
analyzer/dumps/text.dat
View File

Binary file not shown.

84
analyzer/main.py
View File

@ -1,84 +0,0 @@
import base64
from io import BytesIO
import json
import pefile
def main():
subject = pefile.PE("subjects\\main.exe")
def _single_or_none(x):
items = [i for i in x]
if len(items) == 0:
return None
assert len(items) == 1
return items[0]
def _dump(fname, section):
with open(fname, "wb") as f:
if section is not None:
if isinstance(section, bytes):
f.write(section)
else:
f.write(section.get_data())
for i in subject.sections:
print(i)
text_section = _single_or_none(i for i in subject.sections if i.Name == b".text\0\0\0")
data_section = _single_or_none(i for i in subject.sections if i.Name == b".data\0\0\0")
rdata_section = _single_or_none(i for i in subject.sections if i.Name == b".rdata\0\0")
_dump("dumps\\text.dat", text_section)
_dump("dumps\\data.dat", data_section)
_dump("dumps\\rdata.dat", rdata_section)
relevant_sections = [section for section in (text_section, data_section, rdata_section) if section is not None]
if len(relevant_sections) == 0:
raise ValueError("no sections to plot")
min_address = min(i.VirtualAddress for i in relevant_sections)
max_address = max(_round_up_to_page(i.VirtualAddress + i.SizeOfRawData) for i in relevant_sections)
print(min_address, max_address)
buffer = bytearray(max_address - min_address)
for section in relevant_sections:
data = section.get_data() # TODO: De-pad the text section from 0xccs
start = section.VirtualAddress - min_address
buffer[start:start+len(data)] = data
buffer = bytes(buffer)
_dump("dumps\\starting_state.dat", buffer)
binary = {
"startingState": base64.b64encode(buffer).decode("utf8"),
"imports": [],
}
# find imports
# print(subject)
# print(dir(subject))
for entry in subject.DIRECTORY_ENTRY_IMPORT:
# print(entry.dll)
for imp in entry.imports:
# print(dir(imp))
import_address = imp.address - subject.OPTIONAL_HEADER.ImageBase - min_address
print(hex(import_address), imp.name)
binary["imports"].append({
"dll": entry.dll.decode("utf8"),
"symbol": imp.name.decode("utf8"),
"address": import_address,
})
entry_point_rva = subject.OPTIONAL_HEADER.AddressOfEntryPoint
binary["entryPoint"] = entry_point_rva - min_address
with open("binaries/main.json", "wt") as f:
f.write(json.dumps(binary, indent=4))
def _round_up_to_page(x: int):
# TODO: Is this the page size on x64? I think it is
return ((x + 0x1000 - 1) // 0x1000) * 0x1000
if __name__ == "__main__":
main()

BIN
analyzer/subjects/main.exe
View File

Binary file not shown.

BIN
arrows.xcf Normal file
View File

Binary file not shown.

BIN
audio_file/755272__garuda1982__bat-echolocation-at-0.wav Normal file
View File

Binary file not shown.

2
audio_file/notes.txt Normal file
View File

@ -0,0 +1,2 @@
From https://freesound.org/people/Garuda1982/sounds/755272/
Trick from https://stackoverflow.com/questions/2049825/simplest-way-to-play-mp3-from-visual-c

1
audio_file/repackage.bat Normal file
View File

@ -0,0 +1 @@
"C:\Program Files\ShareX\ffmpeg.exe" -i shortened.mp3 -c copy -f wav shortened_as_wav.wav

BIN
audio_file/shortened.mp3 Normal file
View File

Binary file not shown.

BIN
audio_file/shortened_as_wav.wav Normal file
View File

Binary file not shown.

BIN
diagram.xcf Normal file
View File

Binary file not shown.

420
injectable/batclip.h Normal file
View File

@ -0,0 +1,420 @@
unsigned char batclip_wav[] = {
0x52, 0x49, 0x46, 0x46, 0x80, 0x13, 0x00, 0x00, 0x57, 0x41, 0x56, 0x45,
0x66, 0x6d, 0x74, 0x20, 0x1e, 0x00, 0x00, 0x00, 0x55, 0x00, 0x01, 0x00,
0x40, 0x1f, 0x00, 0x00, 0xa0, 0x0f, 0x00, 0x00, 0x40, 0x02, 0x00, 0x00,
0x0c, 0x00, 0x01, 0x00, 0x02, 0x00, 0x00, 0x00, 0x80, 0x04, 0x01, 0x00,
0x71, 0x05, 0x66, 0x61, 0x63, 0x74, 0x04, 0x00, 0x00, 0x00, 0x40, 0x26,
0x00, 0x00, 0x4c, 0x49, 0x53, 0x54, 0x1a, 0x00, 0x00, 0x00, 0x49, 0x4e,
0x46, 0x4f, 0x49, 0x53, 0x46, 0x54, 0x0e, 0x00, 0x00, 0x00, 0x4c, 0x61,
0x76, 0x66, 0x35, 0x39, 0x2e, 0x32, 0x37, 0x2e, 0x31, 0x30, 0x30, 0x00,
0x64, 0x61, 0x74, 0x61, 0x20, 0x13, 0x00, 0x00, 0xff, 0xe3, 0x48, 0xc4,
0x00, 0x3b, 0x1b, 0xd2, 0x18, 0x01, 0x45, 0x78, 0x01, 0x21, 0x08, 0x42,
0x10, 0x8d, 0xce, 0x73, 0x9f, 0xff, 0xff, 0xe7, 0xfa, 0x9c, 0xe4, 0x21,
0x08, 0x42, 0x10, 0x38, 0x00, 0x28, 0xd5, 0xec, 0xec, 0x69, 0xf3, 0x9c,
0xeb, 0x73, 0x3f, 0x04, 0xdc, 0x5c, 0xce, 0xb8, 0xcc, 0x07, 0x21, 0xa0,
0x4e, 0x07, 0xa0, 0x43, 0xc4, 0xdc, 0x85, 0x97, 0x34, 0x3d, 0x5f, 0x1e,
0x44, 0xe1, 0x3b, 0x2e, 0x6a, 0x38, 0xf0, 0x18, 0x15, 0x91, 0x21, 0xab,
0x19, 0x35, 0x7b, 0xe1, 0xe4, 0x4c, 0xbc, 0x89, 0x97, 0xea, 0xf5, 0x7a,
0xbd, 0x9d, 0xfb, 0xc7, 0x91, 0x29, 0xaf, 0x77, 0xea, 0xf5, 0x02, 0x71,
0x58, 0xac, 0x56, 0x2b, 0x15, 0x87, 0x21, 0x38, 0x10, 0xf1, 0x37, 0x21,
0x67, 0x5b, 0x3c, 0x7b, 0xde, 0xef, 0x15, 0x87, 0x21, 0xa0, 0x68, 0x1d,
0x0a, 0x0a, 0xb1, 0xa1, 0x88, 0x62, 0x18, 0x86, 0x21, 0x8a, 0x05, 0x63,
0x23, 0xc7, 0xef, 0xef, 0xba, 0x3c, 0x56, 0x3c, 0x89, 0x7b, 0xbf, 0xbe,
0xe0, 0x3c, 0x56, 0x32, 0x3f, 0x57, 0xab, 0xdf, 0xd9, 0x81, 0x40, 0xe1,
0x0c, 0xe4, 0x34, 0x0d, 0x02, 0xd8, 0x68, 0x1a, 0x08, 0x62, 0x18, 0xa0,
0x43, 0xd0, 0xf4, 0x3d, 0x0f, 0x34, 0xcd, 0x33, 0xad, 0x57, 0x21, 0xce,
0x75, 0xa8, 0xe3, 0xc0, 0x56, 0x21, 0x88, 0x62, 0x81, 0x46, 0xfe, 0xf7,
0x63, 0x39, 0xc8, 0x39, 0x0b, 0x32, 0xce, 0x83, 0x90, 0xb6, 0x10, 0x41,
0x6c, 0x13, 0x41, 0x70, 0x2e, 0x0e, 0x98, 0x26, 0x53, 0xa1, 0xea, 0x38,
0xf0, 0x15, 0x8a, 0xc5, 0x7a, 0xbd, 0x9d, 0xfd, 0xef, 0x7b, 0xde, 0x20,
0x00, 0x00, 0x00, 0x00, 0x78, 0x78, 0x78, 0x78, 0x60, 0x00, 0x00, 0x00,
0x00, 0x78, 0x78, 0x78, 0x7a, 0xca, 0xc3, 0x08, 0x00, 0x80, 0x01, 0x86,
0x7f, 0xf8, 0xa1, 0xff, 0x3c, 0x5f, 0xff, 0xff, 0xff, 0x97, 0xff, 0xfe,
0xaf, 0x7f, 0xff, 0xfd, 0xb7, 0x01, 0xfd, 0x7f, 0x9e, 0x87, 0x7d, 0xb7,
0x83, 0xdf, 0xe7, 0xaa, 0x18, 0xa6, 0x82, 0x59, 0xff, 0xe3, 0x48, 0xc4,
0x26, 0x41, 0x9b, 0xba, 0x61, 0x89, 0x81, 0xe0, 0x00, 0x5b, 0x6d, 0x02,
0xbb, 0xcb, 0x2c, 0x44, 0x05, 0x05, 0x0d, 0xc0, 0x42, 0x40, 0xc0, 0x2a,
0x71, 0x18, 0x0c, 0x24, 0x65, 0x00, 0xb4, 0xa1, 0xfc, 0xaf, 0x1b, 0x7e,
0xd9, 0x03, 0xc8, 0xd3, 0x15, 0x4c, 0xbd, 0x74, 0x23, 0x40, 0x89, 0xa2,
0xd4, 0x1a, 0x28, 0xcc, 0x3a, 0x63, 0x34, 0x99, 0x74, 0xd6, 0xc2, 0x83,
0x07, 0x81, 0x8d, 0x64, 0xb0, 0x31, 0x88, 0xc4, 0x50, 0x2a, 0xc1, 0xcc,
0x26, 0x77, 0x33, 0x18, 0xdc, 0xfa, 0x52, 0x73, 0x33, 0x0e, 0xcc, 0x8c,
0x09, 0x30, 0x08, 0x08, 0xc3, 0xc2, 0x50, 0xe1, 0xb8, 0x40, 0x01, 0x53,
0xac, 0x77, 0x5e, 0xa4, 0x9e, 0x6a, 0xc4, 0x63, 0x08, 0x41, 0x9d, 0xd1,
0x40, 0x43, 0xa9, 0x80, 0xc3, 0x91, 0x84, 0x66, 0x50, 0x76, 0xb5, 0xef,
0x6c, 0x3d, 0x2f, 0x6f, 0x08, 0x41, 0xc2, 0x10, 0xf0, 0x58, 0x1e, 0x8d,
0x2c, 0x5e, 0x12, 0xbf, 0xd0, 0x51, 0xfd, 0x7e, 0xe1, 0x95, 0x07, 0xad,
0xbb, 0x76, 0xf2, 0x95, 0xcb, 0x28, 0x30, 0x8a, 0xcf, 0x40, 0x75, 0xa9,
0xa5, 0x2f, 0x35, 0xd9, 0x44, 0x47, 0x56, 0xee, 0x37, 0x4a, 0x93, 0xdd,
0x9f, 0xa5, 0x69, 0x71, 0x0b, 0x54, 0xd6, 0xe4, 0x92, 0xbb, 0x51, 0xaa,
0xb6, 0xf8, 0xfe, 0xcc, 0x4b, 0x2c, 0x6e, 0x63, 0x92, 0x39, 0x7d, 0xc8,
0xfc, 0xc6, 0x76, 0xe6, 0x69, 0x62, 0x56, 0xff, 0xe5, 0x35, 0x68, 0x6f,
0xc0, 0x12, 0x99, 0xaa, 0x4b, 0x16, 0x25, 0x12, 0xf8, 0xb6, 0x77, 0x72,
0xef, 0xc0, 0x30, 0xf4, 0x07, 0xc8, 0xc4, 0x5b, 0x97, 0x2b, 0xc7, 0xac,
0x4b, 0xa3, 0x10, 0xd5, 0x4b, 0x35, 0xff, 0xff, 0xfa, 0x4f, 0xff, 0xfd,
0x55, 0xff, 0xff, 0xfb, 0xeb, 0xa0, 0xc0, 0xc1, 0xf0, 0x60, 0x50, 0x60,
0x04, 0x61, 0xf0, 0x01, 0x82, 0x46, 0x06, 0x0a, 0x0e, 0x80, 0x02, 0x89,
0xcc, 0x84, 0x85, 0xa0, 0x5d, 0x70, 0x00, 0x08, 0xb4, 0xc2, 0x40, 0x30,
0x80, 0x02, 0x1f, 0xc5, 0x91, 0x59, 0x32, 0x57, 0xff, 0xe3, 0x48, 0xc4,
0x32, 0x49, 0x9b, 0xbe, 0x50, 0x01, 0x80, 0xe0, 0x00, 0xe2, 0x94, 0xaf,
0x72, 0x80, 0x28, 0x70, 0x2c, 0xc2, 0x80, 0x30, 0x12, 0x18, 0xc5, 0x06,
0xf0, 0x28, 0xa0, 0xcf, 0x02, 0x03, 0x88, 0x8b, 0x44, 0x23, 0x93, 0x2b,
0x02, 0x8c, 0xa6, 0x31, 0x4b, 0x72, 0xf8, 0x8d, 0x03, 0x4c, 0x1a, 0x08,
0x31, 0x51, 0xdc, 0xc5, 0x45, 0x53, 0x08, 0x00, 0xcc, 0x3e, 0x2f, 0x0b,
0x8d, 0x88, 0x00, 0x2c, 0xa0, 0xb7, 0x8a, 0xe8, 0x40, 0x0c, 0x31, 0x88,
0x94, 0xcc, 0x41, 0xd0, 0x08, 0xac, 0xb5, 0x0c, 0x28, 0xc2, 0x60, 0x83,
0x1f, 0x17, 0x40, 0x21, 0x83, 0x0d, 0x85, 0x54, 0xb2, 0x52, 0x5c, 0x16,
0x26, 0xf6, 0xb4, 0xc5, 0x76, 0xdb, 0xaf, 0x16, 0x9e, 0xcf, 0xc2, 0xc1,
0x66, 0x95, 0x61, 0x53, 0x2e, 0xa9, 0x43, 0x41, 0x58, 0x07, 0xaa, 0x5a,
0x62, 0xe0, 0xf0, 0x04, 0x7a, 0x63, 0xb0, 0x99, 0x41, 0x24, 0xc4, 0xc9,
0x03, 0x5e, 0x15, 0x0f, 0xbc, 0xe6, 0x32, 0xeb, 0x24, 0xd0, 0x21, 0x50,
0x10, 0xbd, 0xa7, 0x2e, 0x46, 0x97, 0x19, 0x77, 0x76, 0xd6, 0x21, 0xa9,
0x97, 0x7d, 0xc1, 0xa7, 0xbd, 0x3b, 0x0d, 0xb5, 0xb8, 0x6e, 0x66, 0xdd,
0x89, 0xcc, 0xdf, 0xc9, 0x63, 0xb9, 0x67, 0x38, 0x2e, 0x29, 0x60, 0xb6,
0x89, 0xa8, 0xab, 0x61, 0xe9, 0x5b, 0x32, 0x67, 0x4c, 0xbe, 0x4f, 0x14,
0x67, 0x50, 0xe4, 0xd7, 0x25, 0x74, 0x31, 0x97, 0x05, 0x83, 0x35, 0xb7,
0x8d, 0xe1, 0x85, 0x46, 0x67, 0x99, 0x2c, 0xb9, 0xc5, 0x8f, 0x77, 0x5f,
0x49, 0x4f, 0x17, 0xa6, 0x93, 0xba, 0xee, 0xd4, 0x49, 0xc4, 0x79, 0xa0,
0x87, 0x96, 0x47, 0x1e, 0x64, 0xb8, 0x7f, 0xf6, 0x2f, 0x49, 0x5b, 0x07,
0xee, 0x3c, 0xcc, 0x65, 0x30, 0xc4, 0x1d, 0x00, 0x3a, 0x32, 0x88, 0x45,
0x16, 0x2a, 0x02, 0x50, 0x00, 0x02, 0x6f, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xf9, 0x6b, 0xb8, 0xe9, 0xb4, 0xa6, 0x99, 0x1d, 0x6f,
0x9b, 0x24, 0x11, 0x00, 0x34, 0x97, 0x92, 0x03, 0xff, 0xe3, 0x48, 0xc4,
0x1e, 0x45, 0x63, 0xb2, 0x74, 0x51, 0x80, 0xe8, 0x01, 0x9d, 0x90, 0xc4,
0xa0, 0xc7, 0x26, 0x4f, 0x19, 0xb8, 0xe9, 0x33, 0xc5, 0x5c, 0xfe, 0xc0,
0x93, 0x0d, 0x19, 0x78, 0x01, 0x80, 0x50, 0x80, 0x18, 0x30, 0x22, 0x21,
0x04, 0xcc, 0x25, 0x05, 0xda, 0xea, 0xde, 0x58, 0x46, 0x08, 0x0a, 0x04,
0x0c, 0x01, 0x13, 0xcc, 0x32, 0x1b, 0x8c, 0x67, 0x3b, 0x0d, 0x2a, 0x05,
0x0b, 0x07, 0x81, 0x80, 0x00, 0x21, 0x80, 0xc0, 0x00, 0x38, 0x0f, 0x53,
0x13, 0x01, 0xc0, 0x53, 0x1f, 0x83, 0xf3, 0x0b, 0xe6, 0x43, 0x58, 0x94,
0x53, 0x3f, 0x0e, 0xb3, 0x0b, 0x84, 0xd3, 0x2c, 0xc3, 0xb3, 0x2f, 0x8f,
0xe3, 0x48, 0x0a, 0x43, 0x54, 0x50, 0x53, 0x0c, 0xc8, 0x80, 0x29, 0xfa,
0x69, 0x01, 0xd6, 0x63, 0x60, 0xa8, 0x2c, 0x3d, 0x2e, 0x69, 0x5b, 0x0d,
0x31, 0x7d, 0x82, 0x38, 0xc5, 0x02, 0x32, 0x58, 0xad, 0x31, 0x90, 0x92,
0x07, 0x1a, 0x46, 0x53, 0x97, 0x82, 0x42, 0xea, 0x96, 0xba, 0x12, 0x6a,
0x6a, 0x53, 0x06, 0x40, 0xc0, 0x12, 0x52, 0x14, 0x04, 0x8a, 0x09, 0xa1,
0xa2, 0x78, 0x1c, 0x4c, 0x98, 0x0c, 0x03, 0xad, 0x88, 0x3e, 0x5b, 0xbe,
0xbd, 0x8d, 0x6e, 0x1c, 0xed, 0x78, 0xdd, 0xec, 0x65, 0x95, 0xf9, 0x5f,
0x5a, 0x48, 0xd4, 0xf4, 0x86, 0xea, 0xc2, 0x23, 0x52, 0x99, 0x5c, 0xa6,
0xd4, 0xee, 0x34, 0xd6, 0xaf, 0xd7, 0xca, 0x53, 0x86, 0xae, 0xd3, 0xd0,
0xf7, 0x2d, 0xd6, 0xce, 0x96, 0x2d, 0x7f, 0x72, 0xab, 0x38, 0xee, 0x5d,
0x47, 0x44, 0xea, 0xea, 0x51, 0x62, 0xc7, 0xfe, 0x53, 0x51, 0xfb, 0x77,
0xdf, 0xf7, 0xee, 0x53, 0x18, 0xb7, 0x9d, 0x0c, 0x3b, 0x29, 0x94, 0xde,
0xff, 0xa7, 0x82, 0xe3, 0x2e, 0x14, 0x66, 0x82, 0x53, 0x33, 0xf9, 0x41,
0x95, 0x25, 0xd2, 0x90, 0xfa, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe4,
0x0e, 0x6d, 0x2d, 0x35, 0xd9, 0xd3, 0xd0, 0xd7, 0x40, 0x20, 0x60, 0xa0,
0xb4, 0x37, 0x57, 0x10, 0x5b, 0x33, 0x06, 0x82, 0xff, 0xe3, 0x48, 0xc4,
0x1b, 0x40, 0x93, 0xa2, 0x64, 0x01, 0xc1, 0xd8, 0x01, 0x98, 0x58, 0x59,
0x76, 0xd8, 0x02, 0x38, 0x39, 0x92, 0xa9, 0x54, 0xa1, 0xdc, 0x5d, 0x8c,
0x92, 0x1e, 0x2a, 0x02, 0x29, 0x42, 0x44, 0x26, 0x63, 0x5f, 0x72, 0x8b,
0x8a, 0xb3, 0x17, 0xd9, 0x7d, 0x44, 0x00, 0xa8, 0x5c, 0x21, 0x09, 0x16,
0x2f, 0x25, 0x1f, 0x30, 0xb2, 0x03, 0x09, 0x00, 0x1d, 0x3c, 0x36, 0x59,
0x43, 0x5e, 0x39, 0x39, 0xd3, 0xc1, 0x41, 0x73, 0x6d, 0x55, 0x10, 0x33,
0x19, 0xb1, 0xc0, 0x28, 0x74, 0x8a, 0x98, 0xc3, 0xca, 0x4c, 0x04, 0xec,
0xd3, 0x4f, 0x4c, 0x34, 0xd1, 0x44, 0x4d, 0x54, 0x04, 0xc8, 0x5a, 0x4c,
0x7c, 0x90, 0x6a, 0xf4, 0xc5, 0x82, 0x80, 0xf4, 0x26, 0xb6, 0x6e, 0x76,
0xf2, 0xa6, 0x3f, 0x20, 0x72, 0x81, 0x66, 0xaa, 0xa6, 0x62, 0x81, 0xc6,
0x8c, 0x6a, 0x6f, 0xb4, 0x27, 0x06, 0xd2, 0x6a, 0x01, 0xc6, 0x57, 0x02,
0x74, 0x3b, 0xe7, 0xa7, 0x2a, 0x67, 0xe1, 0x46, 0x6c, 0x6c, 0x66, 0xc1,
0x43, 0xa1, 0xe6, 0x2a, 0x16, 0x61, 0x80, 0xc6, 0x1c, 0x1c, 0x61, 0x80,
0xc8, 0x0c, 0x8a, 0x43, 0x2f, 0x5c, 0xff, 0x70, 0xa7, 0x7a, 0x1e, 0x46,
0x76, 0xdc, 0x94, 0x11, 0xd1, 0x7e, 0xa3, 0x73, 0xf2, 0x5c, 0xf5, 0x62,
0x72, 0xf4, 0xba, 0xcd, 0x99, 0x5c, 0xc5, 0xeb, 0x54, 0x18, 0x53, 0x4b,
0x2d, 0xeb, 0x7f, 0x4f, 0x57, 0x93, 0x97, 0xf7, 0x45, 0x4b, 0x6f, 0x96,
0x72, 0xf8, 0xc6, 0xb5, 0x8d, 0x9c, 0x3b, 0xad, 0x6b, 0x52, 0x9c, 0x77,
0x6e, 0xaf, 0xca, 0xed, 0x54, 0xab, 0x53, 0x58, 0xc4, 0xf7, 0x72, 0x9f,
0xbf, 0xf6, 0xb9, 0x6e, 0xa5, 0x35, 0x07, 0xe3, 0x52, 0xbc, 0xd5, 0xe5,
0xea, 0xff, 0xff, 0xff, 0xff, 0xe7, 0xed, 0x47, 0x54, 0x00, 0xaa, 0x08,
0x2d, 0x04, 0x21, 0x3d, 0x1a, 0x52, 0x8a, 0x00, 0xba, 0x5b, 0x92, 0xfe,
0x99, 0x82, 0x60, 0x31, 0xb5, 0x01, 0x8e, 0x67, 0xae, 0x03, 0x71, 0x77,
0x9f, 0x27, 0xf5, 0xce, 0x2e, 0x6a, 0xc4, 0x49, 0xff, 0xe3, 0x48, 0xc4,
0x2b, 0x46, 0xe3, 0xa2, 0x6c, 0x00, 0x06, 0x3a, 0xcd, 0xa2, 0x47, 0x8f,
0x38, 0x0c, 0x15, 0x34, 0x55, 0xea, 0x66, 0xf5, 0x31, 0xf6, 0x5a, 0x35,
0x05, 0x9c, 0xdd, 0xdb, 0x80, 0x3a, 0xc0, 0x77, 0x80, 0x40, 0x80, 0xd2,
0x10, 0x10, 0xc3, 0x20, 0x80, 0xc1, 0x80, 0x64, 0xc4, 0x31, 0x18, 0xc4,
0x10, 0xb8, 0x14, 0xaf, 0x18, 0xf8, 0x46, 0x1a, 0x34, 0x93, 0x1a, 0x60,
0xb7, 0x1a, 0x98, 0x03, 0x99, 0x8a, 0x15, 0x98, 0xae, 0x46, 0x98, 0xdc,
0x53, 0x19, 0x26, 0xa3, 0x99, 0xd8, 0xcb, 0x18, 0x59, 0x15, 0x99, 0x42,
0xba, 0x18, 0xa8, 0xcc, 0x98, 0xc0, 0x86, 0x19, 0x96, 0x8b, 0x9b, 0x7e,
0x57, 0x9b, 0x28, 0x63, 0x1c, 0x36, 0x01, 0x9a, 0x18, 0x68, 0x98, 0x6a,
0x72, 0x19, 0xc6, 0x21, 0x07, 0x29, 0x26, 0x38, 0x08, 0xe6, 0x11, 0x99,
0xc6, 0x72, 0x1a, 0xa6, 0x67, 0x24, 0xa6, 0x78, 0x06, 0xa6, 0x0f, 0x93,
0xc6, 0x5f, 0x8f, 0x46, 0x08, 0x84, 0xa6, 0x23, 0x07, 0x66, 0x1b, 0x03,
0xa0, 0x20, 0x34, 0xc0, 0x10, 0x09, 0x00, 0xd2, 0x74, 0x89, 0x87, 0xda,
0xec, 0x32, 0xc3, 0x9d, 0x17, 0x9a, 0x28, 0x5b, 0xa5, 0x83, 0x4b, 0x83,
0x04, 0x40, 0x04, 0x3d, 0x73, 0x17, 0x94, 0x0b, 0x3f, 0x02, 0x3f, 0x57,
0x6a, 0xb5, 0xe8, 0x05, 0xca, 0x6c, 0xeb, 0x82, 0x36, 0xe1, 0x2e, 0x58,
0xe4, 0x6b, 0xb2, 0xca, 0x1f, 0x94, 0xcf, 0x61, 0x73, 0x19, 0xab, 0x7b,
0xfb, 0xf5, 0xf3, 0x97, 0xd2, 0xca, 0xac, 0xf7, 0x1a, 0xf6, 0xa9, 0x67,
0xf1, 0xbb, 0xdc, 0xb0, 0xbb, 0x3d, 0x8f, 0x3f, 0x2b, 0x5f, 0xc9, 0x44,
0x30, 0xfa, 0x4e, 0x43, 0x71, 0x2b, 0x11, 0xca, 0xb4, 0xd7, 0xbb, 0x73,
0xf2, 0x83, 0xe1, 0xfc, 0x2f, 0xd2, 0xda, 0xb3, 0x52, 0xaa, 0xff, 0xff,
0xff, 0xff, 0xdf, 0xfd, 0x2b, 0xcb, 0x2c, 0xac, 0xbb, 0x9a, 0xf5, 0x5a,
0xcb, 0x9a, 0x36, 0xfa, 0xc3, 0x2e, 0x05, 0x34, 0x6f, 0x16, 0x62, 0xfb,
0xcc, 0xcc, 0xdf, 0x8f, 0xe6, 0xe9, 0x41, 0xb0, 0xff, 0xe3, 0x48, 0xc4,
0x22, 0x39, 0x8b, 0x92, 0x6c, 0x00, 0x07, 0x52, 0xd5, 0xcc, 0x3d, 0x3d,
0x0f, 0x4a, 0x99, 0x43, 0x18, 0x7b, 0xe5, 0x52, 0xc6, 0xef, 0x65, 0x4e,
0xd1, 0xcc, 0xc1, 0x60, 0x30, 0xc0, 0xc0, 0xbc, 0xc0, 0xf0, 0xb4, 0x02,
0x1d, 0x18, 0x70, 0x2c, 0x18, 0x5e, 0x4b, 0x19, 0x20, 0x19, 0x19, 0x3a,
0xae, 0x99, 0x2d, 0x16, 0x1b, 0xee, 0x81, 0x9a, 0x88, 0x76, 0x83, 0x88,
0x03, 0x16, 0x0b, 0xe3, 0x32, 0xc1, 0x23, 0x0e, 0x40, 0x33, 0x05, 0xc6,
0xe0, 0x40, 0x7a, 0x30, 0x12, 0x12, 0x8b, 0x66, 0x29, 0x08, 0xa1, 0x70,
0x88, 0xc1, 0x51, 0x1c, 0xc0, 0x01, 0xbc, 0xc1, 0xb1, 0x28, 0xc2, 0x81,
0xc8, 0x50, 0x58, 0x30, 0xf4, 0x40, 0x31, 0x0c, 0x18, 0x07, 0x0d, 0x21,
0x88, 0x11, 0x8b, 0x61, 0x39, 0x89, 0xa1, 0xd0, 0xf0, 0xc6, 0x09, 0x11,
0x4c, 0x1d, 0x08, 0x05, 0x40, 0x25, 0x80, 0x42, 0x95, 0x29, 0x81, 0x93,
0x51, 0xdc, 0x72, 0x69, 0x24, 0xcf, 0xd8, 0x94, 0xf2, 0x88, 0x57, 0x81,
0x0b, 0x40, 0x69, 0x12, 0x14, 0x25, 0x14, 0xa8, 0x2d, 0x12, 0xd3, 0x07,
0x59, 0x25, 0x91, 0xf6, 0x60, 0xaa, 0x04, 0xfc, 0x9b, 0x8a, 0xb9, 0x89,
0xdd, 0xdc, 0x13, 0x76, 0xab, 0x5b, 0x65, 0x7c, 0xe1, 0x4d, 0x47, 0x34,
0x89, 0x32, 0x74, 0x94, 0x5c, 0x61, 0x75, 0x52, 0xb4, 0x31, 0xe0, 0x93,
0x47, 0x97, 0x59, 0x43, 0xb0, 0x99, 0x17, 0x29, 0x24, 0x2a, 0xe5, 0x22,
0x84, 0xd5, 0xff, 0xff, 0xff, 0xff, 0xef, 0xfc, 0x18, 0xdb, 0xa5, 0xa4,
0xc3, 0xf0, 0xca, 0x9d, 0xd9, 0x64, 0x82, 0x47, 0x6d, 0x86, 0xb9, 0x15,
0xe3, 0xb1, 0x58, 0x7e, 0x2f, 0x1e, 0x86, 0xec, 0xd4, 0x72, 0x9e, 0x89,
0xe7, 0x66, 0x12, 0xef, 0x46, 0x63, 0x8f, 0x43, 0x53, 0x71, 0xd9, 0x0a,
0x9e, 0x6b, 0xe0, 0x80, 0x08, 0x08, 0x04, 0x8e, 0x00, 0xc0, 0x50, 0x5c,
0x00, 0x61, 0x42, 0x09, 0x33, 0x40, 0xd6, 0x2c, 0x26, 0xcc, 0x6a, 0xb0,
0x99, 0xbe, 0x07, 0x26, 0x53, 0x69, 0x1c, 0x14, 0xff, 0xe3, 0x48, 0xc4,
0x4e, 0x39, 0xeb, 0x92, 0x60, 0x00, 0x07, 0x18, 0xd5, 0x5e, 0x6e, 0x32,
0x99, 0xb0, 0x0b, 0xe6, 0x51, 0x67, 0x98, 0x24, 0x7e, 0x58, 0x24, 0x18,
0x44, 0x64, 0x64, 0x90, 0x59, 0x8a, 0x86, 0x46, 0x5d, 0x3e, 0x81, 0x57,
0xe6, 0x8e, 0x23, 0x18, 0x7c, 0xd2, 0x60, 0x51, 0x29, 0x8d, 0xc9, 0x61,
0x04, 0xa3, 0x0b, 0x03, 0x4c, 0x5e, 0x7a, 0x32, 0xe9, 0xd8, 0xd3, 0x64,
0x63, 0x2a, 0x8b, 0xcc, 0x18, 0x43, 0x22, 0x75, 0x1a, 0x24, 0xa0, 0x3a,
0x58, 0x33, 0x50, 0x78, 0x14, 0x05, 0x01, 0x00, 0x50, 0x00, 0x1c, 0x02,
0x54, 0x6d, 0x95, 0xa9, 0xb8, 0x72, 0x69, 0xa8, 0xb8, 0x74, 0xc4, 0x16,
0xa2, 0x23, 0xc0, 0x96, 0xc8, 0x03, 0xf2, 0x2a, 0x95, 0x54, 0x42, 0xb4,
0xed, 0x09, 0xba, 0x9c, 0xf7, 0xbb, 0x5f, 0x60, 0xc1, 0x6a, 0x9a, 0x3d,
0x46, 0x56, 0x21, 0x43, 0xd5, 0x97, 0x54, 0x5f, 0xd3, 0xd9, 0xb6, 0xe1,
0x43, 0xc7, 0x6c, 0xcc, 0x39, 0xd8, 0xc5, 0xd6, 0x41, 0x34, 0x54, 0x8e,
0x3e, 0xcb, 0xbf, 0x13, 0x28, 0x9d, 0x92, 0xd4, 0x6a, 0x09, 0xcb, 0x48,
0x4e, 0xba, 0x99, 0x7b, 0xca, 0x6c, 0x4a, 0xf9, 0xa7, 0x29, 0xe3, 0x77,
0xa0, 0xa6, 0xcd, 0x21, 0x72, 0xa5, 0xf0, 0x2c, 0xb6, 0xbc, 0x96, 0x03,
0x75, 0xe8, 0x61, 0xc8, 0xd4, 0x6a, 0x35, 0x2d, 0xb5, 0x1f, 0xb5, 0x66,
0x02, 0x81, 0x31, 0x97, 0xb1, 0xf8, 0x53, 0xc8, 0xd3, 0xfd, 0xad, 0x08,
0x00, 0x30, 0xeb, 0x4a, 0x95, 0x80, 0x42, 0x00, 0xa0, 0x28, 0x41, 0xb9,
0x04, 0x06, 0x1f, 0x22, 0x82, 0x87, 0xe3, 0xa8, 0x63, 0x06, 0x0f, 0xcc,
0xd6, 0xb3, 0x3b, 0x41, 0xc0, 0xc3, 0x51, 0x03, 0x7f, 0xa9, 0xcd, 0x70,
0x90, 0x31, 0xf0, 0x64, 0xd2, 0x26, 0x33, 0x2a, 0x1a, 0x4c, 0x10, 0x7d,
0x0a, 0x83, 0x4c, 0xb0, 0x22, 0x31, 0xa9, 0x1c, 0x80, 0xaa, 0x60, 0x82,
0x98, 0x10, 0x16, 0x5e, 0x20, 0x40, 0x38, 0x99, 0x56, 0x62, 0x40, 0xe8,
0xf0, 0xe8, 0xc6, 0x60, 0xc3, 0x26, 0x85, 0x10, 0xff, 0xe3, 0x48, 0xc4,
0x79, 0x37, 0xc3, 0xa2, 0x5c, 0x00, 0x07, 0x12, 0xf1, 0x68, 0xc1, 0x63,
0xe3, 0x3b, 0xa4, 0x03, 0x9b, 0xe3, 0x81, 0xe1, 0xc0, 0x31, 0x80, 0xc1,
0xa8, 0x36, 0x9e, 0x09, 0x15, 0x2b, 0x54, 0xcc, 0x06, 0xb6, 0x0e, 0x9e,
0xc4, 0x46, 0x3a, 0x32, 0x71, 0x22, 0x24, 0x62, 0x96, 0x0e, 0x44, 0x0a,
0x48, 0xca, 0xa2, 0x84, 0x04, 0x82, 0x71, 0x58, 0x88, 0xc8, 0x94, 0x40,
0x4c, 0x6a, 0x9d, 0x3b, 0x4c, 0xfe, 0xa1, 0x4a, 0xfd, 0xa8, 0xa5, 0xea,
0xab, 0x63, 0x9f, 0x50, 0x38, 0x29, 0x60, 0x3c, 0xd9, 0x2b, 0x4a, 0x3d,
0x46, 0x51, 0x22, 0x59, 0x9a, 0x46, 0x48, 0xd8, 0x6a, 0x61, 0xac, 0x45,
0x64, 0x88, 0x89, 0x11, 0x20, 0x0d, 0x2c, 0x40, 0x39, 0x23, 0xc9, 0x2c,
0xa4, 0xd0, 0x16, 0xfb, 0x91, 0xb6, 0xce, 0xef, 0x35, 0x47, 0xf6, 0xb4,
0x37, 0x35, 0x49, 0x1f, 0x92, 0x54, 0x91, 0xcd, 0x6e, 0xc4, 0xb2, 0x5f,
0x26, 0x88, 0xbc, 0xf2, 0x38, 0xa5, 0x1b, 0xa9, 0x20, 0x82, 0xa2, 0x51,
0x97, 0x41, 0xe1, 0x66, 0xb2, 0xd8, 0x11, 0x25, 0x97, 0x0c, 0x60, 0xac,
0x12, 0xad, 0x2e, 0x88, 0x14, 0x02, 0x04, 0x05, 0x98, 0xa8, 0x36, 0x64,
0xb2, 0x19, 0x96, 0x4b, 0x26, 0x04, 0x43, 0x98, 0x4c, 0x7c, 0x6a, 0x89,
0x59, 0xc6, 0x12, 0xa6, 0xcf, 0x24, 0x1a, 0x9c, 0x20, 0x5a, 0xe3, 0x1e,
0x93, 0x01, 0xce, 0x93, 0x34, 0x09, 0x8c, 0xd2, 0x8a, 0x30, 0xb1, 0x6c,
0x00, 0x48, 0x32, 0xa8, 0xf0, 0x2c, 0x4e, 0x33, 0x60, 0x74, 0x2e, 0x40,
0x11, 0x0e, 0x8c, 0x16, 0x5c, 0x0a, 0x87, 0x8c, 0x90, 0x3d, 0x31, 0xe8,
0x30, 0xc5, 0x83, 0x03, 0x02, 0x9d, 0x4c, 0x1e, 0x51, 0x31, 0x41, 0x74,
0x12, 0x53, 0x1e, 0x14, 0x21, 0x34, 0x78, 0x0e, 0x22, 0x01, 0xb2, 0x26,
0xe0, 0xed, 0xc0, 0x8e, 0x8b, 0xbd, 0xc9, 0x49, 0xe8, 0x15, 0x4a, 0x89,
0xa7, 0x4a, 0x24, 0x84, 0x86, 0x30, 0x3d, 0x1a, 0x0f, 0x3e, 0x25, 0xa0,
0x59, 0xa2, 0xe4, 0x08, 0x67, 0x0a, 0x93, 0x9e, 0xff, 0xe3, 0x48, 0xc4,
0xad, 0x38, 0x7b, 0x9e, 0x58, 0x00, 0x07, 0x18, 0xf1, 0xac, 0x3b, 0x96,
0x5c, 0xf8, 0x8b, 0x8b, 0x9a, 0xa1, 0xfe, 0xbf, 0xd5, 0x98, 0x5c, 0xa3,
0x4c, 0xb2, 0x6b, 0x75, 0x25, 0x24, 0x71, 0xae, 0xbd, 0xec, 0x52, 0x4d,
0x12, 0xd5, 0xcc, 0x9e, 0x1e, 0xd8, 0xbc, 0x5f, 0x2c, 0x1c, 0x9f, 0xa4,
0xb9, 0x5e, 0x85, 0xb3, 0x78, 0xf5, 0xe6, 0x07, 0xe2, 0xa5, 0xe0, 0xe6,
0xd6, 0xe1, 0x4c, 0x41, 0x4d, 0x45, 0x33, 0x2e, 0x31, 0x30, 0x30, 0x55,
0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
0xff, 0x6b, 0xcd, 0xf4, 0x45, 0xb9, 0x40, 0x0f, 0x33, 0xf3, 0x4f, 0x17,
0x95, 0xc3, 0x31, 0x16, 0xeb, 0x07, 0x41, 0x34, 0x91, 0x48, 0x44, 0xa6,
0x55, 0x62, 0x03, 0x77, 0x64, 0x10, 0xd5, 0x79, 0x99, 0x0b, 0xbf, 0x92,
0xec, 0x5e, 0x92, 0x38, 0x21, 0xd2, 0x58, 0x05, 0xa0, 0x00, 0x04, 0x49,
0xf5, 0xca, 0x61, 0xc2, 0x61, 0x51, 0x31, 0xe0, 0x53, 0x29, 0x38, 0x35,
0xe2, 0x73, 0x1c, 0xe3, 0x37, 0x2a, 0x13, 0x12, 0x79, 0x37, 0xca, 0xb1,
0x91, 0xc3, 0x1c, 0x5c, 0x04, 0x37, 0x1b, 0x60, 0x71, 0xb3, 0xa1, 0x89,
0x16, 0x19, 0xe8, 0x21, 0xbd, 0x41, 0x99, 0x68, 0xa8, 0x52, 0x0d, 0x11,
0x4d, 0x8c, 0x20, 0x1a, 0x2e, 0x60, 0x65, 0x83, 0xc4, 0x46, 0x62, 0xb6,
0x68, 0xe0, 0x21, 0xd8, 0x48, 0xaa, 0x6d, 0x60, 0x07, 0x26, 0xe0, 0x60,
0x2a, 0xe4, 0x46, 0xc6, 0x50, 0x48, 0x63, 0x86, 0xc8, 0x80, 0x9d, 0x75,
0xe3, 0xaa, 0x76, 0xcf, 0xe5, 0x2d, 0xd6, 0x29, 0x74, 0x86, 0x51, 0x2a,
0x12, 0x17, 0x2d, 0x14, 0xdc, 0xdc, 0x42, 0x36, 0x3b, 0x42, 0x14, 0x2d,
0x84, 0xc5, 0x6f, 0x73, 0x47, 0x91, 0x65, 0xb8, 0x43, 0x4a, 0xc0, 0xe1,
0xc6, 0x78, 0xab, 0xf8, 0xd5, 0x63, 0xa7, 0x76, 0x76, 0x95, 0x5c, 0xc3,
0x6c, 0x13, 0x5a, 0xd3, 0x68, 0x53, 0xaf, 0x57, 0x0c, 0x4f, 0xca, 0xa3,
0x23, 0x89, 0x6a, 0xe8, 0x47, 0xab, 0x4f, 0x1d, 0xff, 0xe3, 0x48, 0xc4,
0xc8, 0x36, 0xdb, 0xa2, 0x54, 0x00, 0x06, 0xd8, 0xf1, 0x57, 0x01, 0x84,
0xad, 0x7c, 0xd1, 0xee, 0x2d, 0xc4, 0x55, 0x7d, 0x4a, 0x72, 0xc9, 0x34,
0x92, 0xa1, 0x12, 0xe1, 0xea, 0xfe, 0x7f, 0xd2, 0x2f, 0x78, 0x65, 0x86,
0xab, 0x73, 0x28, 0x5a, 0xca, 0xaf, 0x1a, 0x6d, 0xa2, 0xed, 0xac, 0x55,
0x61, 0xa6, 0x94, 0x84, 0x25, 0x85, 0xb9, 0x31, 0xa6, 0x98, 0x82, 0xf0,
0x2a, 0x9e, 0x94, 0x3f, 0x0c, 0x99, 0xef, 0x5a, 0x29, 0x84, 0x05, 0x00,
0x25, 0xc1, 0x6d, 0x94, 0xa9, 0x20, 0xd3, 0x7d, 0x55, 0x16, 0x69, 0x84,
0x40, 0x26, 0x1c, 0x06, 0x98, 0xb0, 0x3a, 0x06, 0x1c, 0x18, 0x78, 0x32,
0x63, 0x11, 0xe9, 0x9d, 0x8f, 0x66, 0xa3, 0x32, 0x18, 0xf0, 0xc8, 0x64,
0xf3, 0x69, 0x92, 0x68, 0x26, 0xf7, 0x75, 0x1a, 0x55, 0x2c, 0x69, 0xd7,
0x09, 0xd6, 0x08, 0x46, 0x5f, 0x49, 0x98, 0xca, 0x10, 0x64, 0x14, 0x89,
0x83, 0x10, 0x06, 0x1f, 0x17, 0x18, 0x94, 0x38, 0x6b, 0x75, 0x19, 0x8a,
0x07, 0x06, 0x18, 0x1a, 0x01, 0xa8, 0x86, 0x09, 0x35, 0x18, 0x34, 0x6a,
0x62, 0x51, 0xc8, 0xb4, 0xa0, 0xc6, 0x2b, 0x11, 0x11, 0x70, 0x00, 0x95,
0x34, 0xf4, 0x10, 0xca, 0xce, 0x43, 0x01, 0x13, 0x4c, 0xe8, 0x84, 0x32,
0x3a, 0x34, 0xc4, 0x40, 0x13, 0x00, 0x83, 0x02, 0xc0, 0x05, 0x31, 0x78,
0x57, 0x4c, 0x08, 0xa9, 0xed, 0xa8, 0x03, 0x4f, 0x72, 0xa2, 0x4c, 0x15,
0xa6, 0xd2, 0x54, 0x63, 0x4f, 0x0b, 0x83, 0x01, 0xc2, 0x5d, 0x48, 0x66,
0x50, 0xd7, 0x56, 0x22, 0xe6, 0x82, 0x1c, 0x06, 0x93, 0x20, 0x77, 0x20,
0x1a, 0x25, 0xcb, 0x03, 0xc1, 0x91, 0xe5, 0x4b, 0x19, 0x83, 0x5e, 0xb8,
0xac, 0xae, 0x3e, 0xf5, 0x40, 0xb2, 0xa7, 0x66, 0x2b, 0x1d, 0x61, 0x91,
0x97, 0x66, 0x3e, 0xef, 0x37, 0x19, 0x44, 0x23, 0xd9, 0x64, 0x19, 0x3a,
0xfc, 0x53, 0xb3, 0x96, 0xf1, 0xb3, 0x49, 0x22, 0x33, 0x6a, 0xee, 0x31,
0x10, 0x88, 0xc3, 0x2f, 0x2c, 0xe4, 0x12, 0xe0, 0xff, 0xe3, 0x48, 0xc4,
0xff, 0x46, 0xab, 0xaa, 0x40, 0x00, 0x00, 0x78, 0xc0, 0xc9, 0xa0, 0x46,
0xc9, 0x59, 0xff, 0x47, 0xd8, 0x1e, 0x28, 0xc4, 0x95, 0xec, 0x0f, 0x0d,
0xb5, 0xc8, 0x9c, 0xda, 0x32, 0x30, 0xd8, 0x65, 0xb8, 0x44, 0xef, 0xde,
0xd5, 0xd4, 0xd2, 0xa6, 0x6f, 0x21, 0x72, 0xd8, 0x65, 0x75, 0x45, 0x9a,
0x4c, 0xae, 0x5e, 0xc8, 0x1a, 0xfa, 0x73, 0x39, 0x4d, 0xfb, 0x34, 0x80,
0x9e, 0xc6, 0x25, 0x65, 0xb8, 0xc4, 0xa0, 0xa4, 0xda, 0x5a, 0x8e, 0x1a,
0xc5, 0x0b, 0x00, 0xd6, 0xda, 0xb9, 0x8d, 0x2e, 0x67, 0xd5, 0x7c, 0x3a,
0x0a, 0x5a, 0x1c, 0x0a, 0x00, 0x83, 0x1d, 0x50, 0x51, 0x0c, 0x1c, 0x0d,
0x30, 0x38, 0xb4, 0xc5, 0xe0, 0x50, 0xa2, 0x48, 0x48, 0xa8, 0x67, 0xb0,
0xc1, 0xae, 0x8a, 0x46, 0x0f, 0x70, 0x1c, 0xe5, 0x18, 0x74, 0x37, 0x59,
0xbf, 0xd7, 0xa7, 0x2a, 0x14, 0x9a, 0x94, 0xfc, 0x61, 0x04, 0x21, 0x9e,
0x57, 0xa6, 0x34, 0x51, 0x18, 0xb1, 0x76, 0x02, 0xb3, 0x98, 0xe8, 0x54,
0x61, 0x63, 0x18, 0xea, 0xc9, 0x95, 0x13, 0x83, 0x88, 0xcd, 0x79, 0xac,
0xc2, 0x07, 0xcd, 0x65, 0x70, 0xe9, 0x40, 0x8d, 0x29, 0x4c, 0xd4, 0x14,
0x4c, 0xd4, 0x30, 0xe0, 0x97, 0x4d, 0x34, 0xd4, 0x05, 0xf2, 0x64, 0x07,
0x80, 0xd0, 0xe2, 0xf7, 0x84, 0x06, 0xa3, 0x82, 0x0f, 0x23, 0xa4, 0x38,
0xff, 0x31, 0x46, 0x3d, 0x0e, 0x3c, 0x4c, 0xa1, 0x9d, 0x2e, 0x85, 0x8e,
0xe9, 0x4e, 0x34, 0xc7, 0x59, 0xce, 0x9d, 0x78, 0x14, 0xc1, 0xf7, 0x65,
0x54, 0xee, 0xd3, 0x94, 0xec, 0xc6, 0xe3, 0x4f, 0x3c, 0x6a, 0x28, 0xa8,
0xdc, 0xb7, 0xdd, 0x77, 0xc0, 0xb2, 0xa7, 0x65, 0xd0, 0x91, 0xc2, 0x5d,
0x47, 0x2d, 0xb3, 0xc5, 0x62, 0x9b, 0x77, 0xde, 0x47, 0x8a, 0xed, 0x49,
0xe8, 0x11, 0xdc, 0x95, 0xd7, 0x86, 0xe0, 0x36, 0xbe, 0xce, 0x5a, 0xc4,
0x45, 0xe4, 0x66, 0xec, 0xa6, 0x26, 0xf9, 0xc7, 0x63, 0x13, 0x0e, 0x4b,
0xb5, 0x2f, 0x5d, 0xd2, 0xc6, 0xf9, 0x9a, 0xca, 0xff, 0xe3, 0x48, 0xc4,
0xf7, 0x44, 0x43, 0xaa, 0x40, 0x00, 0x07, 0x36, 0xec, 0xe0, 0xec, 0x5d,
0xc4, 0x6a, 0x6c, 0xf1, 0x66, 0xea, 0xb9, 0x58, 0x53, 0x31, 0x83, 0xd8,
0x3e, 0x0e, 0xbb, 0xfc, 0xec, 0xbd, 0xd2, 0xb7, 0x0e, 0x9b, 0x8a, 0xcb,
0x25, 0x29, 0x65, 0xd1, 0x46, 0x90, 0xcf, 0xd3, 0xa9, 0xca, 0x83, 0xdf,
0x89, 0x63, 0x76, 0x4b, 0x18, 0x7d, 0x96, 0x2f, 0x17, 0xb1, 0x7d, 0x3d,
0x0d, 0xca, 0x58, 0xb6, 0x6c, 0x23, 0xd4, 0x8a, 0x0c, 0x61, 0xab, 0x69,
0xb1, 0x81, 0x80, 0x0f, 0x92, 0x40, 0xb6, 0xe9, 0xf2, 0xae, 0x46, 0x04,
0x46, 0x15, 0x07, 0x97, 0x1c, 0x14, 0x6b, 0x08, 0x36, 0x19, 0x30, 0x34,
0x06, 0x11, 0x99, 0xb4, 0x5a, 0x6b, 0xc1, 0xb9, 0x8c, 0xcb, 0xe6, 0x43,
0x18, 0x98, 0x6c, 0xe0, 0x69, 0x99, 0xf9, 0x8f, 0x0f, 0xc6, 0x85, 0x36,
0x0d, 0x53, 0xcd, 0x0b, 0x01, 0x3d, 0x72, 0x4c, 0xc1, 0xe4, 0x83, 0x05,
0x05, 0x1c, 0x93, 0x40, 0x9d, 0x4c, 0xec, 0x5e, 0x33, 0x89, 0x4c, 0xca,
0x20, 0xa0, 0x48, 0xac, 0xc2, 0xa4, 0xc0, 0xc2, 0x49, 0x91, 0x42, 0x60,
0xc0, 0xd9, 0x9d, 0xd4, 0x46, 0x9a, 0x4d, 0x99, 0x60, 0x7a, 0x61, 0xb5,
0x30, 0x09, 0x5a, 0x67, 0xa1, 0x39, 0x87, 0x1e, 0x86, 0xc5, 0x12, 0x18,
0xd4, 0xdc, 0x60, 0x72, 0x12, 0x11, 0x03, 0x82, 0x88, 0x76, 0x0a, 0x81,
0x17, 0xc8, 0x00, 0x0e, 0xad, 0x02, 0x43, 0x65, 0xce, 0xfc, 0x4b, 0x81,
0x20, 0x04, 0xc7, 0x67, 0x0b, 0xe9, 0x32, 0x16, 0x0e, 0x10, 0xda, 0xc0,
0xcc, 0xa5, 0x09, 0xcc, 0xe5, 0x6b, 0xae, 0x66, 0x51, 0x01, 0xc1, 0x12,
0x15, 0xbc, 0xb1, 0x16, 0x54, 0x1c, 0xb2, 0x92, 0x39, 0x75, 0xbe, 0x6c,
0x69, 0x97, 0xcb, 0xa0, 0xd6, 0xe6, 0xcd, 0x56, 0x8b, 0xa0, 0xcc, 0x5d,
0xe8, 0x61, 0x94, 0x2c, 0x85, 0x4b, 0x03, 0xbd, 0x6a, 0xbd, 0x7c, 0xb8,
0x0a, 0xc2, 0xcc, 0xe0, 0x26, 0xf1, 0xef, 0x7f, 0x24, 0x32, 0xeb, 0xeb,
0xe1, 0xa8, 0x33, 0xe6, 0xb4, 0x98, 0xcd, 0xea, 0xff, 0xe3, 0x48, 0xc4,
0xf9, 0x49, 0x43, 0xaa, 0x34, 0x01, 0x40, 0xe0, 0x00, 0xe9, 0x6b, 0x6c,
0x8a, 0x14, 0xbc, 0xa4, 0xea, 0x1b, 0x03, 0x35, 0xa7, 0x49, 0x12, 0xd5,
0x09, 0x08, 0x02, 0x07, 0x71, 0x15, 0x2d, 0x3a, 0xba, 0x83, 0xa0, 0xc4,
0x57, 0x6a, 0x8c, 0xa9, 0x4f, 0xb1, 0x77, 0x7e, 0x04, 0x69, 0xb0, 0xa8,
0x19, 0xd6, 0x87, 0x65, 0xe9, 0xff, 0x21, 0x2d, 0xfe, 0x84, 0x0f, 0x87,
0xff, 0xc5, 0xc0, 0x00, 0x00, 0x53, 0xff, 0xff, 0x78, 0x7f, 0xff, 0xfd,
0x14, 0x6e, 0x37, 0x6e, 0x31, 0x28, 0xda, 0xa4, 0x55, 0xe8, 0x23, 0x20,
0x02, 0x46, 0x01, 0x03, 0x02, 0x01, 0x83, 0x02, 0xc0, 0xe4, 0xbe, 0x2a,
0x81, 0x46, 0x05, 0x00, 0xad, 0x2c, 0x12, 0x01, 0x3e, 0xea, 0x18, 0x0e,
0x01, 0x01, 0x20, 0x0b, 0x2e, 0x42, 0xa4, 0x6d, 0x50, 0xa2, 0xf1, 0x0d,
0x02, 0xc3, 0x00, 0x40, 0xf0, 0x38, 0x60, 0xb0, 0x28, 0x61, 0x18, 0x1c,
0x09, 0x03, 0x0c, 0x18, 0x05, 0x84, 0x21, 0x81, 0x85, 0xa1, 0x49, 0x89,
0xc0, 0xd1, 0x84, 0x26, 0xc9, 0xa3, 0xa7, 0xe1, 0x95, 0x23, 0x10, 0x8c,
0x00, 0x0b, 0x00, 0x4e, 0x98, 0x04, 0x03, 0x30, 0x04, 0x11, 0x28, 0x34,
0xcc, 0x59, 0x15, 0x0c, 0x1b, 0x2e, 0xcd, 0x6a, 0x2a, 0xcc, 0xde, 0x88,
0x54, 0x99, 0x54, 0x0a, 0x07, 0x00, 0x68, 0xf8, 0x60, 0xb0, 0x14, 0x61,
0x70, 0x40, 0x60, 0x89, 0x4e, 0x64, 0x5a, 0x5a, 0x66, 0x1a, 0xb8, 0x68,
0x54, 0x16, 0x62, 0x30, 0x8a, 0x66, 0x19, 0x34, 0x61, 0xd9, 0x7e, 0x62,
0x98, 0xd2, 0x63, 0x11, 0x74, 0x64, 0x29, 0xb8, 0x60, 0x69, 0x20, 0x62,
0x20, 0xc2, 0x0d, 0x04, 0x8c, 0x10, 0x02, 0xc0, 0xa0, 0x31, 0x76, 0xcd,
0x19, 0x0d, 0x4c, 0x97, 0x64, 0x4c, 0x36, 0x11, 0x0c, 0xc6, 0x1b, 0x4c,
0x9f, 0x1d, 0x0c, 0x58, 0x31, 0xc1, 0x23, 0xc9, 0x91, 0x20, 0xe9, 0x83,
0x20, 0xd0, 0x60, 0x72, 0x0a, 0x01, 0xcb, 0x44, 0x60, 0x91, 0x2e, 0x61,
0xe9, 0x14, 0x24, 0x51, 0x18, 0xd6, 0x3b, 0x98, 0xff, 0xe3, 0x48, 0xc4,
0xe7, 0x67, 0xf3, 0xc2, 0x24, 0x01, 0x85, 0xe8, 0x00, 0xc4, 0x58, 0x99,
0x78, 0x4b, 0x99, 0x18, 0x27, 0x98, 0x6e, 0x1b, 0x18, 0x2c, 0x00, 0x09,
0x00, 0x6a, 0x5a, 0x02, 0x06, 0xc4, 0x00, 0xb1, 0x81, 0x40, 0x08, 0x40,
0x06, 0x8e, 0x25, 0xd3, 0x30, 0x98, 0x03, 0x40, 0x82, 0xc0, 0x15, 0x00,
0x74, 0x12, 0x18, 0x06, 0x03, 0x09, 0x00, 0x09, 0x52, 0x18, 0x11, 0xaa,
0x41, 0x40, 0xd1, 0x21, 0x97, 0xf2, 0x80, 0x04, 0x00, 0x2e, 0x4a, 0x24,
0xa5, 0x84, 0x32, 0x0e, 0x01, 0x54, 0x01, 0x10, 0x53, 0xa1, 0x1b, 0x05,
0x00, 0x46, 0xaf, 0x61, 0x95, 0x18, 0x0a, 0x06, 0xa5, 0x62, 0x01, 0xa8,
0x53, 0x4e, 0x3e, 0x86, 0x85, 0xc7, 0x71, 0x19, 0x13, 0xb8, 0xb9, 0x42,
0x80, 0x50, 0x04, 0x00, 0x0c, 0x0b, 0x45, 0x40, 0x21, 0xe0, 0x01, 0xce,
0x4d, 0x23, 0x00, 0x00, 0x30, 0x50, 0x0e, 0x01, 0x01, 0x13, 0x28, 0x60,
0x12, 0x28, 0x01, 0xac, 0x74, 0xba, 0xc9, 0x12, 0x95, 0xe9, 0x68, 0xa3,
0xa9, 0xe6, 0x18, 0x02, 0x31, 0xc7, 0x70, 0xc0, 0x20, 0x55, 0x20, 0x45,
0x40, 0x63, 0x03, 0x80, 0x11, 0xd0, 0x59, 0x96, 0x2a, 0x83, 0xdf, 0xed,
0x89, 0x4b, 0x4b, 0x8a, 0x9a, 0xeb, 0x4d, 0x38, 0x43, 0x00, 0xa4, 0xb3,
0x0a, 0x80, 0x8b, 0x71, 0x32, 0x51, 0xc6, 0x2c, 0xcb, 0x11, 0xa1, 0xa3,
0xdc, 0xc1, 0xd5, 0x55, 0x55, 0x55, 0x59, 0x99, 0x99, 0x99, 0x99, 0x55,
0x55, 0x55, 0x7f, 0xff, 0xfe, 0xc6, 0x66, 0x66, 0x66, 0x65, 0x55, 0x55,
0x0a, 0x02, 0x02, 0x03, 0x4d, 0x97, 0x7f, 0xf1, 0xc7, 0x1c, 0x7f, 0x1a,
0x5a, 0x5a, 0x5a, 0x5a, 0x5c, 0x6a, 0xd6, 0xa6, 0x8d, 0x3b, 0x4e, 0x53,
0x94, 0xe5, 0x3b, 0xd0, 0xf5, 0x2e, 0xa5, 0x51, 0xa7, 0xf9, 0xca, 0x61,
0xca, 0x99, 0x40, 0x97, 0x6b, 0x11, 0x7e, 0x69, 0x65, 0x2c, 0x04, 0x10,
0x29, 0x98, 0x99, 0xa8, 0x8a, 0x71, 0x02, 0x0d, 0x35, 0x9f, 0x38, 0xa3,
0x38, 0x9f, 0x36, 0x95, 0x33, 0x05, 0x2d, 0xea, 0xff, 0xe3, 0x48, 0xc4,
0x5a, 0x3c, 0x33, 0x8e, 0x24, 0x01, 0xc3, 0xc8, 0x01, 0xe9, 0x76, 0xa1,
0xe8, 0xea, 0xe5, 0x48, 0x52, 0xee, 0x96, 0x54, 0xc0, 0x04, 0x04, 0x0a,
0xba, 0x82, 0xd2, 0xf4, 0xb9, 0x25, 0xc9, 0x45, 0x15, 0xd3, 0x21, 0xcd,
0xd2, 0x48, 0x64, 0x03, 0x24, 0x53, 0x12, 0x72, 0x9a, 0xd3, 0x0e, 0x54,
0xcc, 0xe5, 0xae, 0xb9, 0x2e, 0xeb, 0xfa, 0xfe, 0xbf, 0xaf, 0xeb, 0xb3,
0x1a, 0x8d, 0x46, 0xa1, 0xa7, 0xf9, 0xfe, 0x7f, 0xa1, 0xe8, 0xd5, 0x2f,
0x35, 0x4d, 0x4d, 0x4d, 0x6b, 0x2e, 0xff, 0xff, 0xfe, 0x38, 0xd2, 0xd2,
0xe5, 0xf8, 0xd2, 0xd2, 0xd2, 0xd2, 0xe3, 0xcc, 0x65, 0x31, 0x97, 0xf6,
0x1d, 0x8c, 0xcb, 0x69, 0x69, 0x69, 0xa3, 0x51, 0xa8, 0xd4, 0x6a, 0x35,
0x6b, 0xbf, 0xba, 0xb4, 0xb8, 0xe3, 0x8d, 0x2c, 0x66, 0x33, 0x6a, 0xac,
0xa6, 0x33, 0x19, 0xa5, 0xb3, 0xff, 0xf9, 0x65, 0x5a, 0x9a, 0x9a, 0x55,
0x1a, 0x8d, 0x52, 0xd2, 0x9a, 0x14, 0x14, 0xfc, 0x82, 0x82, 0x82, 0x81,
0x41, 0x41, 0x41, 0x41, 0x82, 0x82, 0x82, 0xbf, 0xff, 0xfc, 0x25, 0xdf,
0x14, 0x14, 0x28, 0x29, 0x4c, 0x41, 0x4d, 0x45, 0x33, 0x2e, 0x31, 0x30,
0x30, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0xff, 0xe3, 0x48, 0xc4,
0x00, 0x00, 0x00, 0x03, 0x48, 0x00, 0x00, 0x00, 0x00, 0x4c, 0x41, 0x4d,
0x45, 0x33, 0x2e, 0x31, 0x30, 0x30, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
0x55, 0x55, 0x55, 0x55, 0x55, 0x4c, 0x41, 0x4d, 0x45, 0x33, 0x2e, 0x31,
0x30, 0x30, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55
};
unsigned int batclip_wav_len = 5000;

BIN
injectable/batclip.wav Normal file
View File

Binary file not shown.

5
injectable/build.bat Normal file
View File

@ -0,0 +1,5 @@
@xxd -i batclip.wav > batclip.h
@zig cc main.c -o main.exe -Os -nostdlib -nodefaultlibs -lkernel32 -lwinmm

12
injectable/main.c Normal file
View File

@ -0,0 +1,12 @@
#include "batclip.h"
// #include <windows.h>
extern void PlaySound(char* sound, void* exe, int flags);
extern void SleepEx(int milliseconds, int alertable);
void wWinMainCRTStartup() {
while (1) {
PlaySound(&batclip_wav, 0, 0x04); // SND_MEMORY
SleepEx(1000, 0);
}
}

BIN
injectable/main.exe Normal file
View File

Binary file not shown.

4
injectable_binary/build.bat
View File

@ -1,4 +0,0 @@
@zig cc main.c -o main.exe -Os -nostdlib -nodefaultlibs -luser32

5
injectable_binary/main.c
View File

@ -1,5 +0,0 @@
extern void MessageBoxA(int, char*, char*, int);
void wWinMainCRTStartup() {
MessageBoxA(0, "Hello, world!", "Hello, world!", 0);
}

BIN
injectable_binary/main.exe
View File

Binary file not shown.

0
runner/.gitignore → injector/.gitignore vendored
View File

83
injector/Cargo.lock generated Normal file
View File

@ -0,0 +1,83 @@
# This file is automatically @generated by Cargo.
# It is not intended for manual editing.
version = 4
[[package]]
name = "runner"
version = "0.1.0"
dependencies = [
"windows-sys",
]
[[package]]
name = "windows-sys"
version = "0.59.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1e38bc4d79ed67fd075bcc251a1c39b32a1776bbe92e5bef1f0bf1f8c531853b"
dependencies = [
"windows-targets",
]
[[package]]
name = "windows-targets"
version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973"
dependencies = [
"windows_aarch64_gnullvm",
"windows_aarch64_msvc",
"windows_i686_gnu",
"windows_i686_gnullvm",
"windows_i686_msvc",
"windows_x86_64_gnu",
"windows_x86_64_gnullvm",
"windows_x86_64_msvc",
]
[[package]]
name = "windows_aarch64_gnullvm"
version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3"
[[package]]
name = "windows_aarch64_msvc"
version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469"
[[package]]
name = "windows_i686_gnu"
version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b"
[[package]]
name = "windows_i686_gnullvm"
version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66"
[[package]]
name = "windows_i686_msvc"
version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66"
[[package]]
name = "windows_x86_64_gnu"
version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78"
[[package]]
name = "windows_x86_64_gnullvm"
version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d"
[[package]]
name = "windows_x86_64_msvc"
version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec"

20
runner/Cargo.toml → injector/Cargo.toml
View File

@ -3,12 +3,16 @@ name = "runner"
version = "0.1.0" version = "0.1.0"
edition = "2021" edition = "2021"
[dependencies] [profile.dev]
serde = {version = "1.0.219", features=["derive"]} panic = "abort"
serde_bytes = "0.11.17"
serde_json = "1.0.140"
serde_with = {version="3.12.0", features=["base64"]}
windows-sys = {version="0.59.0", features=["Win32_System_Memory", "Win32_System_LibraryLoader", "Win32_System_Diagnostics_ToolHelp", "Win32_System_Threading", "Win32_System_Diagnostics_Debug", "Win32_Security"]}
[build-dependencies] [profile.release]
winres = "0.1.12" # source: https://github.com/johnthagen/min-sized-rust
panic = "abort"
opt-level = "z"
strip = true
lto = true
codegen-units = 1
[dependencies]
windows-sys = {version="0.59.0", features=["Win32_System_Memory", "Win32_System_LibraryLoader", "Win32_System_Diagnostics_ToolHelp", "Win32_System_Threading", "Win32_System_Diagnostics_Debug", "Win32_Security"]}

3
injector/build.rs Normal file
View File

@ -0,0 +1,3 @@
fn main() {
println!("cargo:rustc-link-arg=-s")
}

BIN
injector/squeak.bat Normal file
View File

Binary file not shown.

BIN
injector/src/main.dat Normal file
View File

Binary file not shown.

295
injector/src/main.rs Normal file
View File

@ -0,0 +1,295 @@
#![no_std]
#![no_main]
use core::ffi::{c_void, CStr};
use core::marker::PhantomData;
use core::mem::MaybeUninit;
#[cfg(not(test))]
use core::panic::PanicInfo;
use core::ptr;
use windows_sys::Win32::System::Diagnostics::Debug;
use windows_sys::Win32::System::Diagnostics::ToolHelp::{self, PROCESSENTRY32};
use windows_sys::Win32::System::Memory;
use windows_sys::Win32::System::Threading::PROCESS_ALL_ACCESS;
use windows_sys::Win32::System::{LibraryLoader, Threading};
const LOAD_LIBRARY_A: *const c_void = LibraryLoader::LoadLibraryA as *const c_void;
const GET_PROC_ADDRESS: *const c_void = LibraryLoader::GetProcAddress as *const c_void;
#[no_mangle]
pub extern "C" fn WinMain() -> i32 {
unsafe { _main_remote() }
0
}
struct Reader<'a> {
phantom: PhantomData<&'a [u8]>,
ptr: *const u8,
}
impl<'a> Reader<'a> {
unsafe fn read<T: Copy>(&mut self) -> T {
let value = core::ptr::read_unaligned(self.ptr as *const T);
self.ptr = self.ptr.byte_add(core::mem::size_of::<T>());
value
}
unsafe fn read_zt(&mut self) -> &'a [u8] {
let start = self.ptr;
let mut n = 0;
while *self.ptr != 0 {
self.ptr = self.ptr.byte_add(1);
n += 1
}
self.ptr = self.ptr.byte_add(1);
n += 1; // include the null terminator
return core::slice::from_raw_parts(start, n);
}
}
struct Writer {
binary: *mut u8,
base: *mut u8,
ptr: *mut u8,
}
struct Measurer {
count: usize,
}
trait CodeGen {
unsafe fn write(&mut self, u8s: &[u8]) -> *const c_void;
unsafe fn write_ptr(&mut self, ptr: *const c_void) -> *const c_void {
let bytes = unsafe { core::mem::transmute::<*const c_void, [u8; 8]>(ptr) };
self.write(&bytes)
}
unsafe fn address_in_binary(&mut self, offset: usize) -> *const c_void;
}
impl CodeGen for Writer {
unsafe fn write(&mut self, u8s: &[u8]) -> *const c_void {
let addr = self.ptr;
for u in u8s {
*self.ptr = *u;
self.ptr = self.ptr.byte_add(1);
}
self.binary.offset(addr.offset_from(self.base)) as *const c_void
}
unsafe fn address_in_binary(&mut self, offset: usize) -> *const c_void {
self.binary.byte_add(offset) as *const c_void
}
}
impl CodeGen for Measurer {
unsafe fn write(&mut self, u8s: &[u8]) -> *const c_void {
self.count += u8s.len();
return ptr::null();
}
unsafe fn address_in_binary(&mut self, _: usize) -> *const c_void {
return ptr::null();
}
}
unsafe fn write_imports(
strings: &mut impl CodeGen,
prelude: &mut impl CodeGen,
reader: &mut Reader,
) {
let entry_point = reader.read::<u32>();
// push rbp
prelude.write(&[0x55]);
// mov rbp, rsp
prelude.write(&[0x48, 0x89, 0xe5]);
// nop
prelude.write(&[0x90]);
// sub rsp, 0x20
prelude.write(&[0x48, 0x83, 0xec, 0x20]);
// windows needs 32 bytes to clobber: https://en.wikipedia.org/wiki/X86_calling_conventions#Microsoft_x64_calling_convention
loop {
let dll = reader.read_zt();
if dll.len() == 1 {
break;
}
let library_addr = strings.write(dll);
strings.write(&[0]);
loop {
let symbol = reader.read_zt();
if symbol.len() == 1 {
break;
}
let dest = reader.read::<u32>();
let symbol_addr = strings.write(symbol);
// mov rcx, library name
prelude.write(&[0x48, 0xb9]);
prelude.write_ptr(library_addr);
// mov rax, LoadLibraryA
prelude.write(&[0x48, 0xb8]);
prelude.write_ptr(LOAD_LIBRARY_A);
// call rax
prelude.write(&[0xff, 0xd0]);
// mov rcx, rax
prelude.write(&[0x48, 0x89, 0xc1]);
// mov rdx, symbol name
prelude.write(&[0x48, 0xba]);
prelude.write_ptr(symbol_addr);
// mov rax, GetProcAddress
prelude.write(&[0x48, 0xb8]);
prelude.write_ptr(GET_PROC_ADDRESS);
// call rax
prelude.write(&[0xff, 0xd0]);
// mov [import address], rax
prelude.write(&[0x48, 0xa3]);
let addr = prelude.address_in_binary(dest as usize);
prelude.write_ptr(addr);
}
}
// mov rax, original entry point
prelude.write(&[0x48, 0xb8]);
let addr = prelude.address_in_binary(entry_point as usize);
// let addr = load_library_a;
prelude.write_ptr(addr);
// call rax
prelude.write(&[0xff, 0xd0]);
// leave, ret
prelude.write(&[0xc9, 0xc3]);
}
unsafe fn write_starting_state(mut out: *mut u8, reader: &mut Reader) {
let length = reader.read::<u32>() as usize;
let end = out.byte_add(length);
while out < end {
let code = reader.read::<u8>();
if code > 0 {
// RLE: repeat
let byte = reader.read::<u8>();
for _ in 0..code {
*out = byte;
out = out.byte_add(1);
}
} else {
// N literal bytes
let count = reader.read::<u8>();
for _ in 0..count {
let byte = reader.read::<u8>();
*out = byte;
out = out.byte_add(1);
}
}
}
}
unsafe fn _main_remote() {
let buf = include_bytes!("main.dat");
let mut measuring_reader = Reader {
phantom: PhantomData,
ptr: buf.as_ptr(),
};
let mut string_measurer = Measurer { count: 0 };
let mut code_measurer = Measurer { count: 0 };
write_imports(
&mut string_measurer,
&mut code_measurer,
&mut measuring_reader,
);
let starting_state_len = measuring_reader.read::<u32>() as usize;
let Some(victim) = identify_victim() else {
return;
};
let remote = Threading::OpenProcess(PROCESS_ALL_ACCESS, 0, victim);
if remote == ptr::null_mut() {
return;
}
let total_size = starting_state_len as usize + string_measurer.count + code_measurer.count;
let remote_address_space = Memory::VirtualAllocEx(
remote,
ptr::null(),
total_size,
Memory::MEM_COMMIT | Memory::MEM_RESERVE,
Memory::PAGE_EXECUTE_READWRITE,
);
let local_address_space = Memory::VirtualAlloc(
ptr::null(),
total_size,
Memory::MEM_COMMIT | Memory::MEM_RESERVE,
Memory::PAGE_EXECUTE_READWRITE,
);
let mut loading_reader = Reader {
phantom: PhantomData,
ptr: buf.as_ptr(),
};
let strings = local_address_space.byte_add(starting_state_len);
let prelude = strings.byte_add(string_measurer.count);
let mut strings_writer = Writer {
binary: remote_address_space as *mut u8,
base: local_address_space as *mut u8,
ptr: strings as *mut u8,
};
let mut prelude_writer = Writer {
binary: remote_address_space as *mut u8,
base: local_address_space as *mut u8,
ptr: prelude as *mut u8,
};
write_imports(
&mut strings_writer,
&mut prelude_writer,
&mut loading_reader,
);
write_starting_state(local_address_space as *mut u8, &mut loading_reader);
Debug::WriteProcessMemory(
remote,
remote_address_space,
local_address_space,
total_size,
ptr::null_mut(),
);
let entry_point =
remote_address_space.byte_offset(prelude.byte_offset_from(local_address_space));
Threading::CreateRemoteThread(
remote,
ptr::null(),
0,
Some(core::mem::transmute::<
*mut c_void,
unsafe extern "system" fn(*mut c_void) -> u32,
>(entry_point)),
ptr::null(),
0,
ptr::null_mut(),
);
}
unsafe fn identify_victim() -> Option<u32> {
let snapshot = ToolHelp::CreateToolhelp32Snapshot(ToolHelp::TH32CS_SNAPPROCESS, 0);
let mut entry: MaybeUninit<PROCESSENTRY32> = MaybeUninit::uninit();
entry.assume_init_mut().dwSize = core::mem::size_of::<PROCESSENTRY32>() as u32;
let mut process = ToolHelp::Process32First(snapshot, entry.as_mut_ptr());
while process != 0 {
let entry_ref = entry.assume_init_ref();
let name = CStr::from_ptr(entry_ref.szExeFile.as_ptr());
if name.eq(CStr::from_bytes_with_nul_unchecked(b"notepad.exe\x00")) {
return Some(entry_ref.th32ProcessID);
}
process = ToolHelp::Process32Next(snapshot, entry.as_mut_ptr());
}
return None;
}
#[cfg(not(test))]
#[panic_handler]
fn panic(_info: &PanicInfo) -> ! {
loop {}
}

639
runner/Cargo.lock generated
View File

@ -1,639 +0,0 @@
# This file is automatically @generated by Cargo.
# It is not intended for manual editing.
version = 4
[[package]]
name = "android-tzdata"
version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e999941b234f3131b00bc13c22d06e8c5ff726d1b6318ac7eb276997bbb4fef0"
[[package]]
name = "android_system_properties"
version = "0.1.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311"
dependencies = [
"libc",
]
[[package]]
name = "autocfg"
version = "1.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ace50bade8e6234aa140d9a2f552bbee1db4d353f69b8217bc503490fc1a9f26"
[[package]]
name = "base64"
version = "0.22.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6"
[[package]]
name = "bumpalo"
version = "3.17.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1628fb46dfa0b37568d12e5edd512553eccf6a22a78e8bde00bb4aed84d5bdbf"
[[package]]
name = "cc"
version = "1.2.19"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8e3a13707ac958681c13b39b458c073d0d9bc8a22cb1b2f4c8e55eb72c13f362"
dependencies = [
"shlex",
]
[[package]]
name = "cfg-if"
version = "1.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
[[package]]
name = "chrono"
version = "0.4.40"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1a7964611d71df112cb1730f2ee67324fcf4d0fc6606acbbe9bfe06df124637c"
dependencies = [
"android-tzdata",
"iana-time-zone",
"num-traits",
"serde",
"windows-link",
]
[[package]]
name = "core-foundation-sys"
version = "0.8.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b"
[[package]]
name = "darling"
version = "0.20.11"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fc7f46116c46ff9ab3eb1597a45688b6715c6e628b5c133e288e709a29bcb4ee"
dependencies = [
"darling_core",
"darling_macro",
]
[[package]]
name = "darling_core"
version = "0.20.11"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0d00b9596d185e565c2207a0b01f8bd1a135483d02d9b7b0a54b11da8d53412e"
dependencies = [
"fnv",
"ident_case",
"proc-macro2",
"quote",
"strsim",
"syn",
]
[[package]]
name = "darling_macro"
version = "0.20.11"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fc34b93ccb385b40dc71c6fceac4b2ad23662c7eeb248cf10d529b7e055b6ead"
dependencies = [
"darling_core",
"quote",
"syn",
]
[[package]]
name = "deranged"
version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9c9e6a11ca8224451684bc0d7d5a7adbf8f2fd6887261a1cfc3c0432f9d4068e"
dependencies = [
"powerfmt",
"serde",
]
[[package]]
name = "equivalent"
version = "1.0.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "877a4ace8713b0bcf2a4e7eec82529c029f1d0619886d18145fea96c3ffe5c0f"
[[package]]
name = "fnv"
version = "1.0.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1"
[[package]]
name = "hashbrown"
version = "0.12.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888"
[[package]]
name = "hashbrown"
version = "0.15.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bf151400ff0baff5465007dd2f3e717f3fe502074ca563069ce3a6629d07b289"
[[package]]
name = "hex"
version = "0.4.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70"
[[package]]
name = "iana-time-zone"
version = "0.1.63"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b0c919e5debc312ad217002b8048a17b7d83f80703865bbfcfebb0458b0b27d8"
dependencies = [
"android_system_properties",
"core-foundation-sys",
"iana-time-zone-haiku",
"js-sys",
"log",
"wasm-bindgen",
"windows-core",
]
[[package]]
name = "iana-time-zone-haiku"
version = "0.1.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f31827a206f56af32e590ba56d5d2d085f558508192593743f16b2306495269f"
dependencies = [
"cc",
]
[[package]]
name = "ident_case"
version = "1.0.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b9e0384b61958566e926dc50660321d12159025e767c18e043daf26b70104c39"
[[package]]
name = "indexmap"
version = "1.9.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bd070e393353796e801d209ad339e89596eb4c8d430d18ede6a1cced8fafbd99"
dependencies = [
"autocfg",
"hashbrown 0.12.3",
"serde",
]
[[package]]
name = "indexmap"
version = "2.9.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cea70ddb795996207ad57735b50c5982d8844f38ba9ee5f1aedcfb708a2aa11e"
dependencies = [
"equivalent",
"hashbrown 0.15.2",
"serde",
]
[[package]]
name = "itoa"
version = "1.0.15"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4a5f13b858c8d314ee3e8f639011f7ccefe71f97f96e50151fb991f267928e2c"
[[package]]
name = "js-sys"
version = "0.3.77"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1cfaf33c695fc6e08064efbc1f72ec937429614f25eef83af942d0e227c3a28f"
dependencies = [
"once_cell",
"wasm-bindgen",
]
[[package]]
name = "libc"
version = "0.2.172"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d750af042f7ef4f724306de029d18836c26c1765a54a6a3f094cbd23a7267ffa"
[[package]]
name = "log"
version = "0.4.27"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "13dc2df351e3202783a1fe0d44375f7295ffb4049267b0f3018346dc122a1d94"
[[package]]
name = "memchr"
version = "2.7.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3"
[[package]]
name = "num-conv"
version = "0.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9"
[[package]]
name = "num-traits"
version = "0.2.19"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841"
dependencies = [
"autocfg",
]
[[package]]
name = "once_cell"
version = "1.21.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "42f5e15c9953c5e4ccceeb2e7382a716482c34515315f7b03532b8b4e8393d2d"
[[package]]
name = "powerfmt"
version = "0.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391"
[[package]]
name = "proc-macro2"
version = "1.0.95"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "02b3e5e68a3a1a02aad3ec490a98007cbc13c37cbe84a3cd7b8e406d76e7f778"
dependencies = [
"unicode-ident",
]
[[package]]
name = "quote"
version = "1.0.40"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1885c039570dc00dcb4ff087a89e185fd56bae234ddc7f056a945bf36467248d"
dependencies = [
"proc-macro2",
]
[[package]]
name = "runner"
version = "0.1.0"
dependencies = [
"serde",
"serde_bytes",
"serde_json",
"serde_with",
"windows-sys",
"winres",
]
[[package]]
name = "rustversion"
version = "1.0.20"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "eded382c5f5f786b989652c49544c4877d9f015cc22e145a5ea8ea66c2921cd2"
[[package]]
name = "ryu"
version = "1.0.20"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "28d3b2b1366ec20994f1fd18c3c594f05c5dd4bc44d8bb0c1c632c8d6829481f"
[[package]]
name = "serde"
version = "1.0.219"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5f0e2c6ed6606019b4e29e69dbaba95b11854410e5347d525002456dbbb786b6"
dependencies = [
"serde_derive",
]
[[package]]
name = "serde_bytes"
version = "0.11.17"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8437fd221bde2d4ca316d61b90e337e9e702b3820b87d63caa9ba6c02bd06d96"
dependencies = [
"serde",
]
[[package]]
name = "serde_derive"
version = "1.0.219"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5b0276cf7f2c73365f7157c8123c21cd9a50fbbd844757af28ca1f5925fc2a00"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
[[package]]
name = "serde_json"
version = "1.0.140"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "20068b6e96dc6c9bd23e01df8827e6c7e1f2fddd43c21810382803c136b99373"
dependencies = [
"itoa",
"memchr",
"ryu",
"serde",
]
[[package]]
name = "serde_with"
version = "3.12.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d6b6f7f2fcb69f747921f79f3926bd1e203fce4fef62c268dd3abfb6d86029aa"
dependencies = [
"base64",
"chrono",
"hex",
"indexmap 1.9.3",
"indexmap 2.9.0",
"serde",
"serde_derive",
"serde_json",
"serde_with_macros",
"time",
]
[[package]]
name = "serde_with_macros"
version = "3.12.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8d00caa5193a3c8362ac2b73be6b9e768aa5a4b2f721d8f4b339600c3cb51f8e"
dependencies = [
"darling",
"proc-macro2",
"quote",
"syn",
]
[[package]]
name = "shlex"
version = "1.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64"
[[package]]
name = "strsim"
version = "0.11.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f"
[[package]]
name = "syn"
version = "2.0.100"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b09a44accad81e1ba1cd74a32461ba89dee89095ba17b32f5d03683b1b1fc2a0"
dependencies = [
"proc-macro2",
"quote",
"unicode-ident",
]
[[package]]
name = "time"
version = "0.3.41"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8a7619e19bc266e0f9c5e6686659d394bc57973859340060a69221e57dbc0c40"
dependencies = [
"deranged",
"itoa",
"num-conv",
"powerfmt",
"serde",
"time-core",
"time-macros",
]
[[package]]
name = "time-core"
version = "0.1.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c9e9a38711f559d9e3ce1cdb06dd7c5b8ea546bc90052da6d06bb76da74bb07c"
[[package]]
name = "time-macros"
version = "0.2.22"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3526739392ec93fd8b359c8e98514cb3e8e021beb4e5f597b00a0221f8ed8a49"
dependencies = [
"num-conv",
"time-core",
]
[[package]]
name = "toml"
version = "0.5.11"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f4f7f0dd8d50a853a531c426359045b1998f04219d88799810762cd4ad314234"
dependencies = [
"serde",
]
[[package]]
name = "unicode-ident"
version = "1.0.18"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5a5f39404a5da50712a4c1eecf25e90dd62b613502b7e925fd4e4d19b5c96512"
[[package]]
name = "wasm-bindgen"
version = "0.2.100"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1edc8929d7499fc4e8f0be2262a241556cfc54a0bea223790e71446f2aab1ef5"
dependencies = [
"cfg-if",
"once_cell",
"rustversion",
"wasm-bindgen-macro",
]
[[package]]
name = "wasm-bindgen-backend"
version = "0.2.100"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2f0a0651a5c2bc21487bde11ee802ccaf4c51935d0d3d42a6101f98161700bc6"
dependencies = [
"bumpalo",
"log",
"proc-macro2",
"quote",
"syn",
"wasm-bindgen-shared",
]
[[package]]
name = "wasm-bindgen-macro"
version = "0.2.100"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7fe63fc6d09ed3792bd0897b314f53de8e16568c2b3f7982f468c0bf9bd0b407"
dependencies = [
"quote",
"wasm-bindgen-macro-support",
]
[[package]]
name = "wasm-bindgen-macro-support"
version = "0.2.100"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8ae87ea40c9f689fc23f209965b6fb8a99ad69aeeb0231408be24920604395de"
dependencies = [
"proc-macro2",
"quote",
"syn",
"wasm-bindgen-backend",
"wasm-bindgen-shared",
]
[[package]]
name = "wasm-bindgen-shared"
version = "0.2.100"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1a05d73b933a847d6cccdda8f838a22ff101ad9bf93e33684f39c1f5f0eece3d"
dependencies = [
"unicode-ident",
]
[[package]]
name = "windows-core"
version = "0.61.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4763c1de310c86d75a878046489e2e5ba02c649d185f21c67d4cf8a56d098980"
dependencies = [
"windows-implement",
"windows-interface",
"windows-link",
"windows-result",
"windows-strings",
]
[[package]]
name = "windows-implement"
version = "0.60.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a47fddd13af08290e67f4acabf4b459f647552718f683a7b415d290ac744a836"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
[[package]]
name = "windows-interface"
version = "0.59.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bd9211b69f8dcdfa817bfd14bf1c97c9188afa36f4750130fcdf3f400eca9fa8"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
[[package]]
name = "windows-link"
version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "76840935b766e1b0a05c0066835fb9ec80071d4c09a16f6bd5f7e655e3c14c38"
[[package]]
name = "windows-result"
version = "0.3.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c64fd11a4fd95df68efcfee5f44a294fe71b8bc6a91993e2791938abcc712252"
dependencies = [
"windows-link",
]
[[package]]
name = "windows-strings"
version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7a2ba9642430ee452d5a7aa78d72907ebe8cfda358e8cb7918a2050581322f97"
dependencies = [
"windows-link",
]
[[package]]
name = "windows-sys"
version = "0.59.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1e38bc4d79ed67fd075bcc251a1c39b32a1776bbe92e5bef1f0bf1f8c531853b"
dependencies = [
"windows-targets",
]
[[package]]
name = "windows-targets"
version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973"
dependencies = [
"windows_aarch64_gnullvm",
"windows_aarch64_msvc",
"windows_i686_gnu",
"windows_i686_gnullvm",
"windows_i686_msvc",
"windows_x86_64_gnu",
"windows_x86_64_gnullvm",
"windows_x86_64_msvc",
]
[[package]]
name = "windows_aarch64_gnullvm"
version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3"
[[package]]
name = "windows_aarch64_msvc"
version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469"
[[package]]
name = "windows_i686_gnu"
version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b"
[[package]]
name = "windows_i686_gnullvm"
version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66"
[[package]]
name = "windows_i686_msvc"
version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66"
[[package]]
name = "windows_x86_64_gnu"
version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78"
[[package]]
name = "windows_x86_64_gnullvm"
version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d"
[[package]]
name = "windows_x86_64_msvc"
version = "0.52.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec"
[[package]]
name = "winres"
version = "0.1.12"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b68db261ef59e9e52806f688020631e987592bd83619edccda9c47d42cde4f6c"
dependencies = [
"toml",
]

11
runner/binaries/main.json
View File

File diff suppressed because one or more lines are too long

22
runner/build.rs
View File

@ -1,22 +0,0 @@
extern crate winres;
fn main() {
/*
let mut res = winres::WindowsResource::new();
res.set_manifest(
r#"
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
"#,
);
res.compile()
.expect("expected to be able to build resources");
*/
}

324
runner/src/main.rs
View File

@ -1,324 +0,0 @@
use std::ffi::{c_void, CStr};
use std::mem::MaybeUninit;
use std::ptr;
use std::{fs::File, io::Read};
use serde::Deserialize;
use serde_with::base64::{Base64, Standard};
use serde_with::formats::Padded;
use serde_with::serde_as;
use windows_sys::Win32::Foundation::{GetLastError, PROC};
use windows_sys::Win32::System::Diagnostics::Debug;
use windows_sys::Win32::System::Diagnostics::ToolHelp::{self, PROCESSENTRY32};
use windows_sys::Win32::System::Memory;
use windows_sys::Win32::System::Threading::PROCESS_ALL_ACCESS;
use windows_sys::Win32::System::{LibraryLoader, Threading};
const LOAD_LIBRARY_A: *const c_void = LibraryLoader::LoadLibraryA as *const c_void;
const GET_PROC_ADDRESS: *const c_void = LibraryLoader::GetProcAddress as *const c_void;
#[serde_as]
#[derive(Debug, Deserialize)]
struct Import {
#[serde(with = "serde_bytes")]
dll: Vec<u8>,
#[serde(with = "serde_bytes")]
symbol: Vec<u8>,
address: usize,
}
#[serde_as]
#[derive(Debug, Deserialize)]
struct Binary {
#[serde(rename = "startingState")]
#[serde_as(as = "Base64<Standard, Padded>")]
starting_state: Vec<u8>,
imports: Vec<Import>,
#[serde(rename = "entryPoint")]
entry_point: usize,
}
fn main() {
unsafe { _main_remote() }
}
struct LocalWriter {
binary: *mut u8,
base: *mut u8,
ptr: *mut u8,
}
struct Measurer {
count: usize,
}
impl Measurer {}
trait CodeGen {
unsafe fn write(&mut self, u8s: &[u8]) -> *const c_void;
unsafe fn write_ptr(&mut self, ptr: *const c_void) -> *const c_void {
let bytes = unsafe { std::mem::transmute::<*const c_void, [u8; 8]>(ptr) };
self.write(&bytes)
}
unsafe fn address_in_binary(&mut self, offset: usize) -> *const c_void;
}
impl Measurer {
fn round_up(&mut self) {
self.count = (self.count + 15) / 16 * 16;
}
}
impl CodeGen for LocalWriter {
unsafe fn write(&mut self, u8s: &[u8]) -> *const c_void {
let addr = self.ptr;
for u in u8s {
*self.ptr = *u;
self.ptr = self.ptr.byte_add(1);
}
self.binary.offset(addr.offset_from(self.base)) as *const c_void
}
unsafe fn address_in_binary(&mut self, offset: usize) -> *const c_void {
self.binary.byte_add(offset) as *const c_void
}
}
impl CodeGen for Measurer {
unsafe fn write(&mut self, u8s: &[u8]) -> *const c_void {
self.count += u8s.len();
return ptr::null();
}
unsafe fn address_in_binary(&mut self, offset: usize) -> *const c_void {
return ptr::null();
}
}
unsafe fn write_imports(
strings: &mut impl CodeGen,
code: &mut impl CodeGen,
original_entry_point: usize,
imports: &[Import],
) {
// push rbp
code.write(&[0x55]);
// mov rbp, rsp
code.write(&[0x48, 0x89, 0xe5]);
// nop
code.write(&[0x90]);
// sub rsp, 0x20
code.write(&[0x48, 0x83, 0xec, 0x20]);
// windows needs 32 bytes to clobber: https://en.wikipedia.org/wiki/X86_calling_conventions#Microsoft_x64_calling_convention
for import in imports {
let library_addr = strings.write(&import.dll);
strings.write(&[0]);
let symbol_addr = strings.write(&import.symbol);
strings.write(&[0]);
// mov rcx, library name
code.write(&[0x48, 0xb9]);
code.write_ptr(library_addr);
// mov rax, LoadLibraryA
code.write(&[0x48, 0xb8]);
code.write_ptr(LOAD_LIBRARY_A);
// call rax
code.write(&[0xff, 0xd0]);
// mov rcx, rax
code.write(&[0x48, 0x89, 0xc1]);
// mov rdx, symbol name
code.write(&[0x48, 0xba]);
code.write_ptr(symbol_addr);
// mov rax, GetProcAddress
code.write(&[0x48, 0xb8]);
code.write_ptr(GET_PROC_ADDRESS);
// call rax
code.write(&[0xff, 0xd0]);
// mov [import address], rax
code.write(&[0x48, 0xa3]);
let addr = code.address_in_binary(import.address);
code.write_ptr(addr);
}
// mov rax, original entry point
code.write(&[0x48, 0xb8]);
let addr = code.address_in_binary(original_entry_point);
// let addr = load_library_a;
code.write_ptr(addr);
// call rax
code.write(&[0xff, 0xd0]);
// leave, ret
code.write(&[0xc9, 0xc3]);
}
unsafe fn _main_remote() {
let mut input = File::open("binaries/main.json").unwrap();
let mut buf: Vec<u8> = vec![];
let _ = input.read_to_end(&mut buf).unwrap();
let binary = serde_json::from_slice::<Binary>(&buf).unwrap();
let mut string_measurer = Measurer { count: 0 };
let mut code_measurer = Measurer { count: 0 };
write_imports(
&mut string_measurer,
&mut code_measurer,
binary.entry_point,
&binary.imports,
);
// string_measurer.round_up();
// code_measurer.round_up();
// TODO: Alignment
let Some(victim) = identify_victim() else {
println!("couldn't find victim");
return;
};
let remote = Threading::OpenProcess(PROCESS_ALL_ACCESS, 0, victim);
if remote == ptr::null_mut() {
println!("got null");
return;
}
let total_size = binary.starting_state.len() + string_measurer.count + code_measurer.count;
let remote_address_space = Memory::VirtualAllocEx(
remote,
ptr::null(),
total_size,
Memory::MEM_COMMIT | Memory::MEM_RESERVE,
Memory::PAGE_EXECUTE_READWRITE,
);
let local_address_space = Memory::VirtualAlloc(
ptr::null(),
total_size,
Memory::MEM_COMMIT | Memory::MEM_RESERVE,
Memory::PAGE_EXECUTE_READWRITE,
);
local_address_space.copy_from(
binary.starting_state.as_ptr() as *const c_void,
binary.starting_state.len(),
);
let strings = local_address_space.byte_add(binary.starting_state.len());
let prelude = strings.byte_add(string_measurer.count);
let mut strings_writer = LocalWriter {
binary: remote_address_space as *mut u8,
base: local_address_space as *mut u8,
ptr: strings as *mut u8,
};
let mut prelude_writer = LocalWriter {
binary: remote_address_space as *mut u8,
base: local_address_space as *mut u8,
ptr: prelude as *mut u8,
};
write_imports(
&mut strings_writer,
&mut prelude_writer,
binary.entry_point,
&binary.imports,
);
println!("error: {}", GetLastError());
println!(
"Copying memory to foreign process (at {:?} from {:?} get {:?})",
remote_address_space, local_address_space, total_size
);
Debug::WriteProcessMemory(
remote,
remote_address_space,
local_address_space,
total_size,
ptr::null_mut(),
);
println!("error: {}", GetLastError());
println!("Creating remote thread");
let entry_point =
remote_address_space.byte_add(binary.starting_state.len() + string_measurer.count);
println!("Entry point: {:?}", entry_point);
Threading::CreateRemoteThread(
remote,
ptr::null(),
0,
Some(std::mem::transmute::<
*mut c_void,
unsafe extern "system" fn(*mut c_void) -> u32,
>(entry_point)),
ptr::null(),
0,
ptr::null_mut(),
);
println!("error: {}", GetLastError());
println!("Done!");
}
unsafe fn identify_victim() -> Option<u32> {
let snapshot = ToolHelp::CreateToolhelp32Snapshot(ToolHelp::TH32CS_SNAPPROCESS, 0);
let mut entry: MaybeUninit<PROCESSENTRY32> = MaybeUninit::uninit();
entry.assume_init_mut().dwSize = std::mem::size_of::<PROCESSENTRY32>() as u32;
let mut process = ToolHelp::Process32First(snapshot, entry.as_mut_ptr());
println!("error: {}; process: {}", GetLastError(), process);
while process != 0 {
let entry_ref = entry.assume_init_ref();
let name = CStr::from_ptr(entry_ref.szExeFile.as_ptr());
println!("peeking: {:?}", name);
if name.eq(CStr::from_bytes_with_nul_unchecked(b"notepad.exe\x00")) {
return Some(entry_ref.th32ProcessID);
}
process = ToolHelp::Process32Next(snapshot, entry.as_mut_ptr());
}
return None;
}
/*
unsafe fn _main_local() {
let mut input = File::open("binaries/main.json").unwrap();
let mut buf: Vec<u8> = vec![];
let _ = input.read_to_end(&mut buf).unwrap();
let binary = serde_json::from_slice::<Binary>(&buf).unwrap();
let mut string_measurer = Measurer { count: 0 };
let mut code_measurer = Measurer { count: 0 };
write_imports(
&mut string_measurer,
&mut code_measurer,
binary.entry_point,
&binary.imports,
);
// TODO: Alignment
let address_space = Memory::VirtualAlloc(
ptr::null(),
binary.starting_state.len() + string_measurer.count + code_measurer.count,
Memory::MEM_COMMIT | Memory::MEM_RESERVE,
Memory::PAGE_EXECUTE_READWRITE,
);
address_space.copy_from(
binary.starting_state.as_ptr() as *const c_void,
binary.starting_state.len(),
);
let strings = address_space.byte_add(binary.starting_state.len());
let prelude = strings.byte_add(string_measurer.count);
let mut strings_writer = LocalWriter {
binary: address_space as *mut u8,
ptr: strings as *mut u8,
};
let mut prelude_writer = LocalWriter {
binary: address_space as *mut u8,
ptr: prelude as *mut u8,
};
write_imports(
&mut strings_writer,
&mut prelude_writer,
binary.entry_point,
&binary.imports,
);
let function: unsafe extern "C" fn() -> *const c_void = std::mem::transmute(prelude);
let result = function();
}
*/

BIN
sluggifier/binaries/main.dat Normal file
View File

Binary file not shown.

7
sluggifier/format.txt Normal file
View File

@ -0,0 +1,7 @@
[entry point]
[number of libraries]
<Library> <Import1> <Import1Addr> <Import2> <Import2Addr> 00: Import the following things. (Terminate on 00)
[number of bytes in starting state as a uint32_t]
00 [00-ff] <bytes>: Use the following 00-ff bytes literally
[01-ff] <byte>: Repeat the next byte 01 to ff times

162
sluggifier/main.py Normal file
View File

@ -0,0 +1,162 @@
from dataclasses import dataclass
from io import BytesIO
from typing import Generator
from pefile import PE, Structure
@dataclass
class Import:
library: bytes
procedures: list[tuple[bytes, int]]
@dataclass
class Binary(object):
starting_state: bytes
entry_point: int
imports: list[Import]
def _single_or_none[T](ts: Generator[T]) -> T | None:
items = [t for t in ts]
if len(items) == 0:
return None
if len(items) == 1:
return items[0]
raise ValueError(f"expected 1 or 0, got {len(items)}")
def _single[T](ts: Generator[T]) -> T:
items = [t for t in ts]
if len(items) == 1:
return items[0]
raise ValueError(f"expected 1, got {len(items)}")
def _create_binary(subject: PE) -> Binary:
optional_header = subject.OPTIONAL_HEADER
assert isinstance(optional_header, Structure)
text_section: Structure = _single(i for i in subject.sections if i.Name == b".text\0\0\0")
data_section: Structure | None = _single_or_none(i for i in subject.sections if i.Name == b".data\0\0\0")
rdata_section: Structure | None = _single_or_none(i for i in subject.sections if i.Name == b".rdata\0\0")
relevant_sections: list[Structure] = [section for section in (text_section, data_section, rdata_section) if section is not None]
if len(relevant_sections) == 0:
raise ValueError("no sections to plot")
min_address = min(getattr(i, "VirtualAddress") for i in relevant_sections)
max_address = max(getattr(i, "VirtualAddress") + getattr(i, "SizeOfRawData") for i in relevant_sections)
buffer = bytearray(max_address - min_address)
for section in relevant_sections:
data = getattr(section, "get_data")()
start = getattr(section, "VirtualAddress") - min_address
buffer[start:start+len(data)] = data
starting_state = bytes(buffer)
entry_point_rva = getattr(optional_header, "AddressOfEntryPoint")
entry_point = entry_point_rva - min_address
imports: list[Import] = []
for entry in getattr(subject, "DIRECTORY_ENTRY_IMPORT"):
entry: Structure
library: bytes = getattr(entry, "dll")
procedures: list[tuple[bytes, int]] = []
for imp in getattr(entry, "imports"):
imp: Structure
import_address_rva = getattr(imp, "address") - getattr(optional_header, "ImageBase")
import_address = import_address_rva - min_address
procedures.append((getattr(imp, "name"), import_address))
imports.append(Import(library, procedures))
return Binary(
starting_state=starting_state,
entry_point=entry_point,
imports=imports,
)
def _encode_binary(binary: Binary) -> bytes:
out = BytesIO()
def _write_u32(n: int):
out.write(n.to_bytes(4, "little", signed=False))
def _write_u8(n: int):
out.write(n.to_bytes(1, "little", signed=False))
def _write_zt(s: bytes):
out.write(s)
_write_u8(0)
_write_u32(binary.entry_point)
for i in binary.imports:
_write_zt(i.library)
for (procedure, address) in i.procedures:
_write_zt(procedure)
_write_u32(address)
_write_u8(0)
_write_u8(0)
_write_u32(len(binary.starting_state))
# == encode RLE ==
def _pull_repeats(start: int, data: bytes) -> int | None:
i = 0
first_byte = data[start + i]
while True:
if i >= 255:
break
if start + i >= len(data):
break
if data[start + i] != first_byte:
break
i += 1
if i >= 2:
_write_u8(i)
_write_u8(first_byte)
return start + i
return None
def _pull_non_repeats(start: int, data: bytes):
i = 0
while True:
if i >= 255:
break
if start + i >= len(data):
break
if i >= 1 and data[start + i] == data[start + i - 1]:
break
i += 1
_write_u8(0)
_write_u8(i)
for j in range(i):
_write_u8(data[start + j])
return start + i
i = 0
while i < len(binary.starting_state):
if new_i := _pull_repeats(i, binary.starting_state):
i = new_i
continue
i = _pull_non_repeats(i, binary.starting_state)
return out.getbuffer()
def main():
subject = PE("subjects\\main.exe")
binary = _create_binary(subject)
code = _encode_binary(binary)
with open("binaries\\main.dat", "wb") as f:
f.write(code)
if __name__ == "__main__":
main()

4
analyzer/poetry.lock → sluggifier/poetry.lock generated
View File

@ -13,5 +13,5 @@ files = [
[metadata] [metadata]
lock-version = "2.0" lock-version = "2.0"
python-versions = "^3.10" python-versions = "^3.13"
content-hash = "6f28e4dc3bf3b09c57354693b75dc7975b70a7aac2ee7c83fc81b0058520d7f9" content-hash = "8e680dad2071f9d7a37ca34d4fd6da67ba3922e0de45f0442c7b38d07f8fa9f0"

2
analyzer/pyproject.toml → sluggifier/pyproject.toml
View File

@ -6,7 +6,7 @@ authors = ["Nyeogmi <economicsbat@gmail.com>"]
readme = "README.md" readme = "README.md"
[tool.poetry.dependencies] [tool.poetry.dependencies]
python = "^3.10" python = "^3.13"
pefile = "^2024.8.26" pefile = "^2024.8.26"

BIN
sluggifier/subjects/main.exe Normal file
View File

Binary file not shown.

BIN
thumbnail.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 341 KiB

8
thumbnail.txt Normal file
View File

@ -0,0 +1,8 @@
.\ /.
'. \_ _/ .'
'o. .o'
'"'

BIN
thumbnail.xcf Normal file
View File

Binary file not shown.

BIN
vampiric.xcf Normal file
View File

Binary file not shown.