bump v0.1.1

Author: h3zh1

.cargo/config.toml

@@ -1,16 +1,18 @@
+[build]
+jobs=8
+
 [net]
 retry = 3
 git-fetch-with-cli = true
 
 [target.x86_64-pc-windows-gnu]
 rustflags = [
     "-C", "link-arg=-s",
-    "-C", "link-arg=-fuse-ld=lld",
 ]
+
 [target.i686-pc-windows-gnu]
 rustflags = [
     "-C", "link-arg=-s",
-    "-C", "link-arg=-fuse-ld=lld",
 ]
 
 [target.x86_64-pc-windows-msvc]

.github/workflows/generate.yaml

@@ -58,24 +58,62 @@ jobs:
       matrix:
         target: ${{ fromJson(needs.set_targets.outputs.targets_json) }}
     steps:
-
       - name: Checkout code
         uses: actions/checkout@v4
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           submodules: recursive
           fetch-depth: 0
 
-      - name: Judge target_triple is win
+      - name: Judge platform and arch
         run: |
           if [[ "${{matrix.target}}" == *"windows"* ]]; then
-            echo "is_win=1" >> $GITHUB_ENV
-            wget https://github.com/chainreactors/malefic/releases/latest/download/resources.zip
-            unzip resources.zip -d resources
+            echo "platform=win" >> $GITHUB_ENV
+          elif [[ "${{matrix.target}}" == *"linux"* ]]; then
+            echo "platform=linux" >> $GITHUB_ENV
+          elif [[ "${{matrix.target}}" == *"darwin"* ]]; then
+            echo "platform=darwin" >> $GITHUB_ENV
+          fi
+          
+          if [[ "${{matrix.target}}" == *"x86_64"* ]]; then
+            echo "arch=x64" >> $GITHUB_ENV
           else
-            echo "is_win=0" >> $GITHUB_ENV
+            echo "arch=x86" >> $GITHUB_ENV
           fi
-          wget https://github.com/chainreactors/malefic/releases/latest/download/malefic-mutant-x86_64-unknown-linux-musl
+
+      - name: Install Resource
+        run: |
+          wget https://github.com/chainreactors/malefic/releases/latest/download/resources.zip
+          unzip resources.zip -d resources
+
+      - name: Generate cache key
+        id: mutant_cache_key
+        run: |
+          HASH=$(find malefic-mutant -name "*.rs" -o -name "Cargo.toml" -o -name "Cargo.lock" | sort | xargs cat | sha256sum | cut -d' ' -f1)
+          echo "key=mutant-$HASH" >> $GITHUB_OUTPUT
+
+      - name: Cache malefic-mutant binary
+        id: cache_mutant
+        uses: actions/cache@v4
+        with:
+          path: |
+            target/x86_64-unknown-linux-musl/release/malefic-mutant
+          key: ${{ steps.mutant_cache_key.outputs.key }}
+
+      - name: Pull Docker image
+        run: |
+          docker pull ghcr.io/chainreactors/malefic-builder:latest
+
+      - name: Build malefic-mutant
+        if: steps.cache_mutant.outputs.cache-hit != 'true'
+        run: |
+          docker run -v $(pwd):/root/src ghcr.io/chainreactors/malefic-builder:latest \
+           bash -c "cargo build -p malefic-mutant --release --target x86_64-unknown-linux-musl"
+
+      - name: Setup malefic-mutant
+        run: |
+          mkdir -p target/x86_64-unknown-linux-musl/release/
+          cp target/x86_64-unknown-linux-musl/release/malefic-mutant malefic-mutant-x86_64-unknown-linux-musl
           chmod +x malefic-mutant-x86_64-unknown-linux-musl
 
       - name: Generate config.yaml
@@ -95,48 +133,84 @@ jobs:
           echo "SECRET_AUTORUN_YAML_CONTENT=$SECRET_AUTORUN_YAML_CONTENT" >> $GITHUB_ENV
           echo "$SECRET_AUTORUN_YAML_CONTENT" | base64 -d > autorun.yaml
 
+      - name: Setup Cargo cache directories
+        run: |
+          mkdir -p ~/.cargo/registry
+          mkdir -p ~/.cargo/git
+          mkdir -p ./cargo-cache/registry
+          mkdir -p ./cargo-cache/git
+
+      - name: Cache Rust dependencies
+        id: cache_rust
+        uses: actions/cache@v4
+        with:
+          path: |
+            ./cargo-cache/registry
+            ./cargo-cache/git
+            target
+          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}-${{ matrix.target }}-${{ github.event.inputs.package }}
+          restore-keys: |
+            ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}-${{ matrix.target }}-
+            ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}-
+            ${{ runner.os }}-cargo-
+
+      - name: Verify cache restore
+        run: |
+          echo "Cache hit: ${{ steps.cache_rust.outputs.cache-hit }}"
+          echo "Checking cargo cache directories:"
+          ls -la ./cargo-cache/ || echo "cargo-cache directory not found"
+          ls -la ./cargo-cache/registry/ || echo "registry directory not found"
+          ls -la ./cargo-cache/git/ || echo "git directory not found"
+
       - name: Build(${{ github.event.inputs.package }}, ${{matrix.target}})
         if : ${{ github.event.inputs.package == 'beacon' }}
         shell: 'script --return --quiet --log-out /dev/null --command "bash -e {0}"'
         run: |
-          docker run -v $(pwd):/root/src ghcr.io/chainreactors/malefic-builder:latest \
-           bash -c "./malefic-mutant-x86_64-unknown-linux-musl generate beacon;./malefic-mutant-x86_64-unknown-linux-musl build malefic --target ${{matrix.target}} "
+          docker run -v $(pwd):/root/src -v $(pwd)/cargo-cache/registry:/root/cargo/registry -v $(pwd)/cargo-cache/git:/root/cargo/git ghcr.io/chainreactors/malefic-builder:latest \
+           bash -c "./malefic-mutant-x86_64-unknown-linux-musl generate beacon && ./malefic-mutant-x86_64-unknown-linux-musl build malefic --target ${{matrix.target}}"
 
       - name: Build(${{ github.event.inputs.package }}, ${{matrix.target}})
         if : ${{ github.event.inputs.package == 'pulse' }}
         shell: 'script --return --quiet --log-out /dev/null --command "bash -e {0}"'
         run: |
-          docker run -v $(pwd):/root/src ghcr.io/chainreactors/malefic-builder:latest \
-           bash -c "./malefic-mutant-x86_64-unknown-linux-musl generate pulse x64 win;./malefic-mutant-x86_64-unknown-linux-musl build pulse;"
+          docker run -v $(pwd):/root/src -v $(pwd)/cargo-cache/registry:/root/cargo/registry -v $(pwd)/cargo-cache/git:/root/cargo/git ghcr.io/chainreactors/malefic-builder:latest \
+           bash -c "./malefic-mutant-x86_64-unknown-linux-musl generate pulse -p $platform -a $arch && ./malefic-mutant-x86_64-unknown-linux-musl build pulse --target ${{matrix.target}}"
 
       - name: Build(${{ github.event.inputs.package }}, ${{matrix.target}})
         if : ${{ github.event.inputs.package == 'bind' }}
         shell: 'script --return --quiet --log-out /dev/null --command "bash -e {0}"'
         run: |
-          docker run -v $(pwd):/root/src ghcr.io/chainreactors/malefic-builder:latest \
-           bash -c "./malefic-mutant-x86_64-unknown-linux-musl generate bind;./malefic-mutant-x86_64-unknown-linux-musl build bind --target ${{matrix.target}} "
+          docker run -v $(pwd):/root/src -v $(pwd)/cargo-cache/registry:/root/cargo/registry -v $(pwd)/cargo-cache/git:/root/cargo/git ghcr.io/chainreactors/malefic-builder:latest \
+           bash -c "./malefic-mutant-x86_64-unknown-linux-musl generate bind && ./malefic-mutant-x86_64-unknown-linux-musl build bind --target ${{matrix.target}}"
 
       - name: Build(${{ github.event.inputs.package }}, ${{matrix.target}})
         if : ${{ github.event.inputs.package == 'prelude' }}
         shell: 'script --return --quiet --log-out /dev/null --command "bash -e {0}"'
         run: |
-          docker run -v $(pwd):/root/src ghcr.io/chainreactors/malefic-builder:latest \
-          bash -c "./malefic-mutant-x86_64-unknown-linux-musl generate prelude autorun.yaml;./malefic-mutant-x86_64-unknown-linux-musl build prelude"
+          docker run -v $(pwd):/root/src -v $(pwd)/cargo-cache/registry:/root/cargo/registry -v $(pwd)/cargo-cache/git:/root/cargo/git ghcr.io/chainreactors/malefic-builder:latest \
+          bash -c "./malefic-mutant-x86_64-unknown-linux-musl generate prelude autorun.yaml && ./malefic-mutant-x86_64-unknown-linux-musl build prelude --target ${{matrix.target}}"
+
+      - name: Build(${{ github.event.inputs.package }},${{matrix.target}})
+        if : ${{ github.event.inputs.package == '3rd' }}
+        shell: 'script --return --quiet --log-out /dev/null --command "bash -e {0}"'
+        run: |
+          docker run -v $(pwd):/root/src -v $(pwd)/cargo-cache/registry:/root/cargo/registry -v $(pwd)/cargo-cache/git:/root/cargo/git ghcr.io/chainreactors/malefic-builder:latest \
+           bash -c "./malefic-mutant-x86_64-unknown-linux-musl generate modules -m full && ./malefic-mutant-x86_64-unknown-linux-musl build 3rd -m ${{ github.event.inputs.malefic_modules_features }} --target ${{matrix.target}}"
 
       - name: Build(${{ github.event.inputs.package }},${{matrix.target}})
         if : ${{ github.event.inputs.package == 'modules' }}
         shell: 'script --return --quiet --log-out /dev/null --command "bash -e {0}"'
         run: |
-          docker run -v $(pwd):/root/src ghcr.io/chainreactors/malefic-builder:v0.0.4 \
-           bash -c "./malefic-mutant-x86_64-unknown-linux-musl generate modules ${{ github.event.inputs.malefic_modules_features }};./malefic-mutant-x86_64-unknown-linux-musl build modules"
+          docker run -v $(pwd):/root/src -v $(pwd)/cargo-cache/registry:/root/cargo/registry -v $(pwd)/cargo-cache/git:/root/cargo/git ghcr.io/chainreactors/malefic-builder:latest \
+           bash -c "./malefic-mutant-x86_64-unknown-linux-musl generate modules -m ${{ github.event.inputs.malefic_modules_features }} && ./malefic-mutant-x86_64-unknown-linux-musl build modules -m ${{ github.event.inputs.malefic_modules_features }} --target ${{matrix.target}}"
 
       - name: Move ${{ github.event.inputs.package }} to output
         run: |
           mkdir -p output
           sudo chmod -R 777 target
           sudo chmod -R 777 output
           export prefix=./target/${{matrix.target}}/release
-          export suffix=$([ "$is_win" = "1" ] && echo ".exe" || echo "")
+          export suffix=$([ "$platform" = "win" ] && echo ".exe" || echo "")
           tree ./target
           if ${{ github.event.inputs.package == 'beacon' }} || ${{ github.event.inputs.package == 'bind' }}; then \
             mv $prefix/malefic$suffix output/malefic-${{ github.event.inputs.package }}$suffix; \
@@ -145,7 +219,9 @@ jobs:
           elif ${{ github.event.inputs.package == 'pulse' }}; then \
             mv $prefix/malefic-pulse$suffix output/malefic-pulse$suffix;
           elif ${{ github.event.inputs.package == 'modules' }}; then \
-            mv $prefix/modules.dll output/modules-${{matrix.target}}.dll; \
+            mv $prefix/malefic_modules.dll output/malefic_modules-${{matrix.target}}.dll; \
+          elif ${{ github.event.inputs.package == '3rd' }}; then \
+            mv $prefix/malefic_3rd.dll output/malefic_3rd-${{matrix.target}}.dll; \
           fi
 
       - name: Upload artifact ${{matrix.target}}
@@ -154,4 +230,4 @@ jobs:
         with:
           name: malefic-${{matrix.target}}-${{ github.run_id }}
           path: output/*
-          retention-days: 3 # you can change this value
+          retention-days: 2 # you can change this value

.gitignore

@@ -1,5 +1,4 @@
 /target
 .vscode
 .DS_store
-.idea
-remap-path.env
+.idea

Cargo.lock

@@ -22,13 +22,12 @@ opt-level = 1
 opt-level = 3
 
 [profile.release]
-panic_unwind = false
 panic = "abort"
 opt-level = "z"
 debug-assertions = false
 strip = true
 lto = "fat"
-codegen-units = 1
+codegen-units = 16
 incremental = false
 rustflags = [
     "-Z", "trim-diagnostic-paths",

Cargo.toml

@@ -3,11 +3,19 @@ basic:
   targets:
     - "127.0.0.1:5001"
   protocol: "tcp"
-  tls: false
-  proxy: 
+  tls:
+    enable: true                    # 启用TLS
+    version: "auto"                 # TLS版本: "auto", "1.2", "1.3"
+    sni: "localhost"                # 服务器名称指示（SNI）
+    skip_verification: true
+  #    mtls:                           # mTLS客户端证书配置（可选）
+  #      enable: false                 # 启用mTLS
+  #      client_cert: "client.crt"     # 客户端证书文件路径
+  #      client_key: "client.key"      # 客户端私钥文件路径
+  #      server_ca: ""                 # 用于验证服务端的CA证书路径（可选）
+  proxy:
   interval: 5
   jitter: 0.2
-  ca:
   encryption: aes
   key: maliceofinternal
   rem:
@@ -23,13 +31,27 @@ basic:
       #any-header: any-value
 build:
   zigbuild: false
+  remap: false # Force refresh remap-path-prefix configuration even if it already exists
   ollvm:
     enable: false
     bcfobf: false # Bogus Control Flow Obfuscation
     splitobf: false # Split Control Flow Obfuscation
     subobf: false # Instruction Substitution Obfuscation
     fco: false # Function CallSite  Obfuscation
     constenc: false # Constant Encryption Obfuscation
+  metadata:
+    remap_path: "C:/Windows/Users/"
+    icon: ""
+    compile_time: "24 Jun 2015 18:03:01"
+    file_version: ""
+    product_version: ""
+    company_name: ""
+    product_name: ""
+    original_filename: "normal.exe"
+    file_description: "normal"
+    internal_name: ""
+    require_admin: false  # whether to require admin privilege
+    require_uac: false    # whether to require uac privilege
 
 pulse:
   flags:
@@ -49,19 +71,6 @@ pulse:
     headers:
       User-Agent: "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0"
 
-metadata:
-  remap_path: "C:/Windows/Users/"
-  icon: ""
-  compile_time: "24 Jun 2015 18:03:01"
-  file_version: ""
-  product_version: ""
-  company_name: ""
-  product_name: ""
-  original_filename: "normal.exe"
-  file_description: "normal"
-  internal_name: ""
-  require_admin: false  # whether to require admin privilege
-  require_uac: false    # whether to require uac privilege
 
 implants:
   runtime: tokio          # async runtime: smol/tokio/async-std
@@ -72,11 +81,9 @@ implants:
     - "full"
   enable_3rd: false       # enable 3rd module
   3rd_modules:            # 3rd module when malefic compile
+    #    - curl
+    #    - rem_static
     - full
-#    - curl
-#    - rem_dial
-#    - rem_static
-#    - rem_reflection
 
   autorun: ""             # autorun config filename
   pack:                   # pack
@@ -89,6 +96,14 @@ implants:
     artifact_id: 0x1
 
   # for professional
+  anti: # 反沙箱反调试反编译反取证相关
+    sandbox: true
+    vm: true            # enable anti vm
+    # debug: true         # enable anti debug
+    # disasm: true        # enable anti disasm
+    # emulator: true      # enable anti emulator
+    # forensic: true      # enable anti forensic
+
   apis:
     # apis_level: "sys_apis", "nt_apis"
     level: "nt_apis"
@@ -114,6 +129,7 @@ implants:
     #              "VirtualAllocExNuma", "NtMapViewOfSection"
     crossprocess: "NtAllocateVirtualMemory"
   sleep_mask: true
+  stack_spool: true
   sacrifice_process: true
   fork_and_run: false
   hook_exit: true
@@ -122,4 +138,4 @@ implants:
     feature: true
     modify:
       magic: "\x00\x00"
-      signature: "\x00\x00"
+      signature: "\x00\x00"