weedrefa.blogg.se - Donut lode runner 2

#Donut lode runner 2 generator

For dotNET EXE/DLL assemblies, Donut uses the Unmanaged CLR Hosting API to load the Common Language Runtime. How It Worksĭonut contains individual loaders for each supported file type.

There's also a python module which you can read more about in Building and using the Python extension. There are dynamic and static libraries for both Linux and Windows that can be integrated into your own projects.

Multiple output formats: C, Ruby, Python, PowerShell, Base64, C#, Hexadecimal, and UUID string.

Patching exit-related API to avoid termination of host process.

Patching Event Tracing for Windows (ETW).

Patching Antimalware Scan Interface (AMSI) and Windows Lockdown Policy (WLDP).

Storing native PEs in MEM_IMAGE memory.

Using entropy for API hashes and generation of strings.

Compression of input files with aPLib and LZNT1, Xpress, Xpress Huffman via RtlCompressBuffer.

#Donut lode runner 2 generator

The generator and loader support the following features: After the file is loaded and executed in memory, the original reference is erased to deter memory scanners. The module is optionally encrypted using the Chaskey block cipher and a 128-bit randomly generated key. A module created by Donut can either be staged from a HTTP server or embedded directly in the loader itself. Donut is a position-independent code that enables in-memory execution of VBScript, JScript, EXE, DLL files and dotNET assemblies.