
 

   - ,        .exe  .dll,    .

 "" -      .


1.     (32/64);       .
2.   - .dll,    CreateProcess.      ,  reloc', /,    .
3.   - .exe,   .  ProcessHollowing.
      .
4.    :
4.1.  "" ,  ()  GUI- (    GDI),  COM-
4.2.  "" :  ,  COM-, . , ,     ,    ,  -      
4.3.    -  ,   .
4.4.   / .    XOR-   .   -         .
4.5.    ,    - .        (.text, .data, .rdata ).
       .
5.   "   "
6.       LLVMO,    Microsoft C++.
7.    ,   ,    .
     .

           .
        , ,   -  .
       .
 ,         (     ).

 

    -     -,         .
           (   1  10  ).

8.       .
 ,           (     MSVS -  ).
   - unsigned char payload[] = {..}   ,    ,
    ,     ,    .
    .
9.    . , build.bat (  .  ).
           -.
10.        . , Release_Dll_Payload1, Release_Exe_Payload1   1, 
Release_Dll_Payload2, Release_Exe_Payload2   2   .
       .
       ,   ,  .
       CMake.

 1:  

echo Build started %DATE% %TIME%

rem    
rem       GIT  !

set msbuild="C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\Common7\IDE\devenv.exe"
set sln=D:\Projects\project\project.sln
set buildlog=project.log

rem type nul > %buildlog%
echo Build started %DATE% %TIME% > %buildlog%

:buildmain
set buildprofile="Release|Win32"
%msbuild% %sln% /Clean %buildprofile%
%msbuild% %sln% /Build %buildprofile% /Out %buildlog% || goto builderr

:over
echo Build finished successfully %DATE% %TIME%
echo Build finished successfully %DATE% %TIME% >> %buildlog%

exit(0)

:builderr
echo Build %buildprofile% failed %DATE% %TIME%
echo Build %buildprofile% failed %DATE% %TIME% >> %buildlog%
exit(1)
