-
Notifications
You must be signed in to change notification settings - Fork 2
/
config.go
63 lines (50 loc) · 2.31 KB
/
config.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
package gonut
type Config struct {
Len uint32 // original length of input file
ZLen uint32 // compressed length of input file
// general / misc options for loader
Arch ArchType // target architecture
Bypass BypassType // bypass option for AMSI/WLDP
Headers HeadersType // preserve PE headers option
Compress DonutCompressionType // engine to use when compressing file via RtlCompressBuffer
Entropy EntropyType // entropy/encryption level
Format FormatType // output format for loader
ExitOpt ExitType // return to caller, invoke RtlExitUserProcess to terminate the host process, or block indefinitely
Thread BoolType // run entrypoint of unmanaged EXE as a thread. attempts to intercept calls to exit-related API
OEP uint32 // original entrypoint of target host file
// files in/out
Input string // name of input file to read and load in-memory
Output string // name of output file to save loader
// .NET stuff
Runtime string // runtime version to use for CLR
Domain string // name of domain to create for .NET DLL/EXE
Class string // name of class with optional namespace for .NET DLL
Method string // name of method or DLL function to invoke for .NET DLL and unmanaged DLL
// command line for DLL/EXE
Args string // command line to use for unmanaged DLL/EXE and .NET DLL/EXE
Unicode BoolType // param is passed to DLL function without converting to unicode
// module overloading stuff
Decoy string // path of decoy module
// HTTP/DNS staging information
Server string // points to root path of where module will be stored on remote HTTP server or DNS server
Auth string // username and password for web server
ModuleName string // name of module written to disk for http stager
// DONUT_MODULE
ModuleType ModuleType
// DONUT_INSTANCE
InstanceType InstanceType
Verbose bool // verbose output
// Gonut only
GonutCompress CompressionType // Gonut compression engine
}
func DefaultConfig() *Config {
return &Config{
Arch: DONUT_ARCH_X96,
Bypass: DONUT_BYPASS_CONTINUE,
Headers: DONUT_HEADERS_OVERWRITE,
Format: DONUT_FORMAT_BINARY,
GonutCompress: GONUT_COMPRESS_NONE,
Entropy: DONUT_ENTROPY_DEFAULT,
ExitOpt: DONUT_OPT_EXIT_THREAD,
}
}