module managers.templateManager
class TemplateManager
Main class responsible for template handling: tag replacement or erase with content generated by __coder bot
Args:
AbstractFactory(type): AbstractClass defining useful functions potentially reusable by other classes
method __init__
__init__(
arch: str = 'x64',
syscall: str = 'syscall',
language: str = 'nim'
) → None
Init method. Will instanciate appropriate self.__coder var depending on the language selected responsible for code generation
Args:
arch(str, optional): Code architecture to generate. Defaults to "x64".syscall(str, optional): Syscall instruction to use. Defaults to "syscall".language(str, optional): Language type used by code generator. Defaults to "nim".
Raises:
NotImplementedError: Error raised when using unsupported architectureNotImplementedError: Error raised when using unsupported syscall instructionNotImplementedError: Error raised when using unsupported languageSystemError: Error raised when unable to load protoypes.jsonSystemError: Error raised when unable to load base template for language specify
method generate_stubs
generate_stubs(names: list) → str
Public method used to generate stubs for all the NtFunctions to hook. Once generated a call is made to self.__generate_definitions() for automated type definitions. Generated code is then used to replace the SPT_STUBS tag in template.
Args:
names(list): List of NtFunctions to hook
Raises:
NotImplementedError: Error raised if NtFunction is not supported
Returns:
str: Template content after modification
method list_common_syscalls
list_common_syscalls() → list
Public method used to retrieve most common functions names defined in prototypes.json
Returns:
list: List of NtFunctions names
method list_donut_syscalls
list_donut_syscalls() → list
Public method used to retrieve functions names defined in prototypes.json used by Donut project (stay tuned for HOMER project ... ;) )
Returns:
list: List of NtFunctions names
method list_supported_syscalls
list_supported_syscalls() → list
Public method used to retrieve all supported functions names defined in prototypes.json
Returns:
list: List of NtFunctions names
method load_stub
load_stub(name) → str
Public method used to load stub pattern file from package
Args:
name(type): Stub name to use
Raises:
SystemError: Error raised if filename does not exists
Returns:
str: File content (text mode)
method scramble
scramble() → str
Public method used to randomize fixed internal function names to avoid static analysis by EDR/AV. Note: The concept behind this method is to let another project randomize the NtFunctions names as Sysplant as no view of the code using it.
Returns:
str: Template content after modification
method set_debug
set_debug() → str
Public method used to generate the language specific code of DEBUG flag definition. Is debug is not set it will erase the tag from template. The debug definition code is then used to replace the SPT_DEBUG tag in template.
Returns:
str: Template content after modification
method set_iterator
set_iterator(name: str) → str
Public method used to retrieve the language specific code of Syscall retrieval iterator. The selected iterator is then used to replace the SPT_ITERATOR tag in template.
Args:
name(str): Iterator name to use
Returns:
str: Template content after modification
method set_method
set_method(name: str) → str
method set_seed
set_seed(seed: int = 0) → str
Public method used to generate the language specific code of SEED value definition. The seed parameter is optional and if omitted it will be automatically generated with a random value. The seed definition code is then used to replace the SPT_SEED tag in template.
Args:
seed(int, optional): Seed value. Defaults to 0.
Returns:
str: Template content after modification
This file was automatically generated via lazydocs.