From 660cbfa575d36ff424243257d02c9cb684a3b12d Mon Sep 17 00:00:00 2001 From: S4ntiagoP <93993799+S4ntiagoP@users.noreply.github.com> Date: Sun, 21 Apr 2024 12:16:21 -0300 Subject: [PATCH] update no-consolation script --- NoConsolation/bin/NoConsolation.x64.o | Bin 30254 -> 34852 bytes NoConsolation/bin/NoConsolation.x86.o | Bin 25394 -> 29353 bytes NoConsolation/no-consolation.py | 99 +++++++++++++++++++------- 3 files changed, 74 insertions(+), 25 deletions(-) diff --git a/NoConsolation/bin/NoConsolation.x64.o b/NoConsolation/bin/NoConsolation.x64.o index 4770dc194754bf63513f0616875d861a52038fe8..4e8996bd643b76a369bc370e4ea3e625d70788f4 100644 GIT binary patch delta 12724 zcmaKy4_uU0y2sB9pi~xE2&9mMpjnxcl9^c!#@MJJ_=hqr1p|W(frTNpVh2N8r-{N| zy_YR3+WHjzxkZf?dhJGLVc8ayZEm+e)aLFO{c&$@xwS3#_nhZ_pLbwv=hJk)@9%le zbN-+A%)zI=ay;DXJhkk$;fg-9Zc=LH)>BhX?_H_XB!^NXDz&c0JGM?=Gi<3-sei88 z`ulN{^Fc+cmHLg3?FJIJ%63n#D=YPtvPSuSy z`6$+SB7K_U?9iv_x5PLO8rNhLI@*mVGtP9pXuOuOc+9ka3=B~CY5y7+@CG+`B9Awy zyn&a)MaHyok0zh@=YfITE{f=F8P$%EWO5rv$Bj<@>GKHFf0?F4!<9KY`9P%URnydG z6lJ!hq(_=QFilfGF&>vysTVj^39({I9L%{jrIwn zlNUsqelqixgnB1D>r8I`C?eY_7!PVmo6&a88;*xU*PVNQoTI_mIwi?*yYa}Bz0UjI zH#SZ^!|`nBH`(tv9M2m?QK&X=;+=USs>z-DI7X)FsVmv%bRAAT(&f0vnm*ItZwVDlE^ znc2z7zmD{<>U^8=`0VuL%OXuyotK0@p6zy|g!e@RK4b>|xjU4To9>MNRza6_c`<77Z*G=(}Z&u~u7>5ho>qgm#> zJ=7RacyKH|n_|0-Mbpl3oN1)Yot6CTOA(n>3$b*HPg2n#6;O$fw-A_OKEzld-OC{^f@h8d|*n7bnTM{|*FXi2v@Vw{gEzV}o z9tSyI*UN#L5~*Dm?@hRM(ZImKkr$`|evj_IBU^{Ipi8%aE82yM{!&?JO|{P3Aal>rQxHw?EKI3TDkd?+SC0R76Y?Ow!``ynrV$KTwd039}y^qL3ak(+-_B zH!9^j6*Dhh`Gz$&Cd!*(w4TrfD*XCCQMo0UxaKRv3Bw6i($-xOi^p1dk36SWUiS(7 zOLx)A^WVrGT_^CkATpx09OtrsCu-bHb)`leDW!$p+}I^T5euCn%qGEFp1EB!(1zXd z$ZA~ZP4Mscws<-)BRa7*2Hw@(-yL{ofI7Kr0MmhBf1s6SH4%?e^YMgrr_p1NUV4cL zW*Y;qNMZ8=hjdAU*IhBz;jOePdprmI)Q0{{ay z0n5dE*S#6^B=U4ZxK_OwP$6%yjnUkV{!I;NZF~JXPm|`&-BzE*!KA|@9>rvPusA+? z51~CJtbWpScz-TV9@G`Zv`I=Y=ol?qCTf!>)pVk+j#Jcr-Pst2EtB*>d0c}$*dcn8 zJ%m9&q#73M=m<8%1C6>J22aqBk!+ z*<67{qx#|$keB6}7kGVMpch$dqq3UK9sIs~ zhW0JDxoypmZOd3WWrV-S)2{0@WH?dvjw7^dAz%k4Sa0M6!=P@!h_tJQAInh)Sr+Do&98R>Y z8IC1m9UU+x8Iv!KA3K9z3>&}Fvri5XE$t{hu)V_=8#CrY^OcVYQvsFU5c+6=w1l2} zJlAltjFY95c#S(xN*Uhc$)N{h#k@3(nTxo`lST<@F}S@0|Hr1>jq{c_xV@d8A~zFQtYertP=0J60S^sk1x_NHx_!e4`{VS` zX-iA-9*Q_9P5|eU=vX>b3G$cNp-SvfB}2mmJlA;rLqZ2U%c9+u{!(E$+eNiV*TVfv z2CSGtZSnU8JUK%&NZHZSq-bekw3HPsxuT^slJrO<4Cz;+aY1S&&K}}0#2%0Cjkmiu z-tOM`U&=zuUfEfcokbY~^E3Tn*u%l%Wq~3W)6zf@EzB8qo*7o2U~$+Rm@|?6asox! zAaBA8Y7LG#G;_Rz9cjmQ+hN>;t#qId2mQs_fubCZ#ghU>GnldhMYEb4)0FSz@D13g zkDSg2lSJjCmlpjr2s?k&zl1XAd0wC!Tj;i^E%eBTy!n_850Jy4A9P1{`N^ZXu|hTA zM}A|8YB&WaWjfaH;H;fqwCy6T`LdfEUD%fnVqN9&!Mig*SU_V^f%gyAT7H&`s#bFh zRelOy&5hS6U%9uX0BZ=xBrFX+1%x}lrOG#;@_y2&_Mzy?orNk;kqvA9ZE+41*ME6L zDHUcZ*ZyFY;(?4t+}ML&<&0N2e>QBSi_iv7Czg=%~%rI$;sUmjxOA$DcSsc_On4y~eqABU+3SJuNf-L7pKI1kF(&!G;*I}Zls=5&^U-PaAa7k)%iH*1QHJ(R)Q7CK+LJbFbofqgqqW-T;70Sl z>9Doh=>7+Oo$Ple4@^@p9%)nZ2JhZah+hLb>P)t~*VAm$6U@lCBy~CbAPw#3giV`~ zx4AJ(`S62*R+ih1Lr!h~ukcihp44rQ%*C>99Q|~`qw(|NOh+vpBU5mKN3Q0^TGenD z*M@#Cg^j``nV6k8OD6C!YU4hNiz8*|o+aNoGUH?7;upupIEs{VoEE$Jw3uPHIF%jGXo4xdc$!jgD*XN= zI6p_JLoiT!7~e0zl>TA5Qb)m*md*g63n+aL-w|L+GiE786M)j^@TGehN_Sq0%7ZEW zbhc76z?9B*W8}er_9 zjrh{Lp3)ca?Eq8yExtR!lxF9l^e9N(@_OS>%U28|Z~R7@x?+N# zW>2iTBnC52)4BL75z}u$RO47xb&^t;X`uC>OEi56!fb+e%E^{B1;o}_Aj~gVGfuJS z&o~@%l&?Wt#t8pumY57;@j}sNi*}`GC7{c6=y?fN-W5U{g@PcCSCE8Rt#dpMa%=j| z)cmn(%qVQvTD&jW%JN={QggI+7{s;y8;D!CJJr(WpK0az4ur{!7VjBt(aUL;Uvauc zM?jd{@XJ3-DG$~eupEd<4%!d8Lemc*?!uh0R^}HoEP7k$YoP(5^l_Ho6rlq`9}E37 z4&`&}PR+FFWe`>tDsu=lPg87`Rhh{kx7M0L>~{}{{azElqvE#~J0+Ll7rM_Pzk1q2 zRW`v2cr%CtJ__Pqcn8D<=U}_#f){|;ZykvJ9t5#p`9!PWbwZwVEUjG=+8?XxCtKoX zp#@Vc?OLI!7g$=J&}t!{&{XW>+~PbTFSc{m3PISdQ0}^E*yp(=cS7Wrgh30m`DE<$ zoMj{^Uu#7dTCKYQ#MVZk`-M7%mcxnts)TOFs%OpLA~+MPr9c<50<=)mO(3q|RuETk zk62T&Jrruci$O)2wt*IDdRMeLST>8bRt9owY6C5y_gt)c63Dgb0^vVs-y&hh;~=g= zBKDi5+PV?MIa)xRqfNAjMLXv*D@q=Sb6hF34&-MsAmZafdxWSa?034*W4Ttfx-g6xKHK8wrz89MAvHZM3_Y0-XRjOF`%rl@XHN6VDO4Iuw zF5@#0_tuY~Ww2uZOSr;nNhXL}vJ8aL!9cWwcx2xIxwZBlh=-&f#6vO~0vD12;`x0E z2$Ka-9s=P%& zF89KC5O;qeh^^O&b)8u67VEuY4T-fE%YL~o_%LXNrW8yprtBpspK&F`Yqa^-LYstk zNS5b>-V*v;{QfQ!kGgZbF+!7ta)ta$1*wpO$aqHPncU9|retw*#GSmJJ7tusMf z{qsR+3(D9JGWWj^fv63{%P>!viiBPSVT!=&z+f`X1i7`g5X7NZgE;gJAdXT8;;FX_ zG)Lz+Al483KyG`|3Tv?~61r39fKV)kl?zS zs2BvYC?1rfwGpBv3MGj(RkSoAmsqnznJH*^B^srbvM0--GQ>;5h>k`@{)^5@E3GJu#pM%F3`pIv0Qm@cK5L*w4_K{GZ zSicZ0EcBIFkBW9o=(t$@{}hof5qK2okL6r2-L0@j*9uH@VZ+uW(deRqt!ZL)iAGls zY@I09Nv!$NcDjvVbB>tlR)V!zLT<6jIM%P7b^^(=d ztbAJE8akAVT7gd^zI113E407R&7rOAhC=s;w(>a?x<#~=0Vs5rXe%k`JGxP{l^iH> z{wa~t6_Dt9(RR8H3SBbVN)r^iX|$DXQ0TtVRvv>ww~n?#Gm7pWZRG%z(is>{Tly0u zx`vb44+Z~~lRaNP` zN`FK)`scEAWoZYZSwR<p<+R8Uj=mON?m*RhdME9Y# zQ+y2HhT6&~D0C-kD_KzJW|WodYcTKdq5Dx*Ci}|Q`&fj6iaF@sbUdN{7z?YC9ZQY! zs!Zn-#N*VS#P_0dCBWxZ{xH!t+rH*|VkD8?9m!9mmh*k75473SL0LK*-F$xJ)TAK?Pr1Dx#Ezf+&d=rAut+q8BGF-(Goy zt}AP_VY6mERO(Aft_+(MnQd6D=+84<(MD=dm_D0RH}?IV-@U*0;@#fIm-D&b-=A~N z@0@$#9(UD+y>!|bQ2L826n#dlQtHn70dZHa$yaK$q11vxt*cH|KXFAL6{b|f{Q75x zjXe)rLxED6rEGr~O_oZ}8v8(LNks{3^s_NssqJ^x|1dmkLSb;Qk<>RfagtJ-Tcc|h z4phn;s67FvuAc{Qzp^F5m>GZS5$qhkFU<4AmyTTh zu!vNfCbQ{=BgX#VPe+c4^!PtV|9c0J|vw{yL0KL4Wwo+BSRQsr6Q91pI)F*W?!dSsMZtgvj)y-(e2u8dG- z$;aYq&rHoS z;w~L_WbCjqUUeww%}xr7I*A3?+*&c#tRHuc@uInLdd#@D4)*k%%Im$O^se^3&0x6`8@&~B2VDjVR(fl5_Fz2TK*3Us(;J8+ zy{Fw&Cy_;Gq$v5|3mTzrrf!lSic7McGE?nYOs4MXDY{pn40<9--Gb zuhHj+XYqvFRORrjyUbHx!*e%0H&vZi(KY(Fh>lrpWvjMgiXGR1Ec366;tOh89QXDP zOp9jvWV3#Jx1;BFRpIFsH3+NG?myJ?ArI?+c45xBE5$ePe`QYP%xws6yF7CYGPi{? zPjz%lr5WeE4rE1&q7Np?Oe#!>hyPtpJN$3c#yN#4 zMu)kkaMB346tRnr&DZ>HRuoE%+X#EFHZMwt{HbtgMCYcePV-FRkQ78sBsEaI1Aa)$ zyDCse4>RpPW^v+mA+LtsUfp)`K=lc8{Ni}pI##~M-kwqPYoCS@s6G!%cFRHv4VA^J ziWR)8ckrN4umb+S;JdtW+=CvxT_g0^WmYXo>Vv*_bScv)8s@C0o`UUbu3wU({kpYZ zBBo>4T~EOFL(V93YEe=o<%}{*ic*~^^>A%hb8-7rN+BSWp*#-quk ztomucH~(5p{aAkN)#y=qHy)-@7cTij9X`Pe#b=GEt0FgF72elKFlQ|*_N_?4U-j^y zcEd2GmV&8GyiTcdFtwjwuT&+N+9yUTRRgAWz$m5az|^LW#Tx*a+B5j>22=Y|x>8hm zYM=WNemjGyz3xV(jw6ks3+GY4QfT{g0zPrKHet~Z@nA*e{m_3-<1^6BXFGvB5&c*C;LGAZ5 zF?%qz_u!?g+Xy~YS{i0Xl;!ou{PD@JD9eT8^3^4! z__4gCJbBrw`%4~JZ~9jjnx|K$`NktGLQM`=3WW!ayuzkOKv)Q9<$aYJr>PQz+Cw`D zx=B;ND{X5Wh^?6*tPA{7`q}g~esgn{??BvJf8Rh`^nh5rNwle=-67gi5Z()sdRDX@ zTPU_ynlC~PiB;+rEk5nBLq3XAYO>b80gcmi2E?;F5N~U@ zCD;*XLD*Rs*6V|9dNI-V%TBWC&minN_+<=L>Q?MA;5;Crs9dNhj17)O;b0B2QxU$F5zkr`~3pM ze)~Y|_oetP!c&6#xL3$;lTZE1MwK_*PFM!wgeHg+z5(L3OTOOrn*?INEptS$aTXcC6Zqn;%+6gLZN=|XdamI@8UzO(#gVZh*)$`4}`qoBtsp{|4n~Efe<~&+bkTCtM};s8EAYF3Q4w3x&#XJFw3H?l{(TAmG$9+QWLSG3D!}7D= z1ffTTqOfjrbY-3f&DFFQl&9$sh+{thakc&ing=VMe;0u~lV~hDhK41X0mABlwt{$N zUj^~ny$RxoPeHsSuVEwP>xd6P^ELfV=mKbg)&?LMQ!)|mKXj4-72QAgDlV z1t8oqu$GB+Er_SI2Q(4)AI#rrBpNx_-oa%;jUev08N?m8fw*G>dyK8IAhzBBV(T)o zJ}A~l#rlUl^v}Vciush7@5ctkzQM454&r*WfbP)RS0Ii(1>%mwu>-l|2_Uvk0kO3} ztVp0n;Tul--^M7=7%lb}ZIDomSn3QiPC7HgVlBZNkaHC;4X1PsB4G2jVob&Lm> zl{!lZj{wU`wct@>qgaGuS=I%jEfiWT)}^AA3ateBc*f--t`VvLv9(gPhlHxdS|i#P zp{-)A6K%WD4zV`S{m*l16xt=`-J&%K?GbCUXe~moi?vm>!$NIhJ!)ybaMdp6kHy>} z+LuBn#M&uZm(Xdkc8hjS=)71jiAFChqiFu&Dgwx*jv`TO^bW&BFM4c^5iMRQQLM?L z(R&WZju7i;(df;GtrHCNy+%oNH3v2})MUZLB?nkO2)FLCOHVqGlSQlV1Y>QgI4 zEEig1n^lEql|m1RwOX_qp)F$FDq5Y;cCqfz8s;Ca-_Cf{jbh#k_S=LK=2nroU_(D$G zAkle5NO=Ydol1n1W+-$<5mMfQLI)JAl&z*=^DzZ0V=L~itY8s7xZ?~uzM!Y5{+P$B zurthmR;7mhCcHj7#@CK~_J{EsmvYgi3=Fqp6#eHjJ}E9G$E7TCDfi=df_ykpy-Ru4 zrM%}-zI7>AMo407h&Q;D+as_a?GJZOWEgA-ghY{T*?KP5*oxmVTuvYK fQo8yCKd=5{Sg?Q1%i-onk7Sy!JQ8n4Z;Aac?M!_y diff --git a/NoConsolation/bin/NoConsolation.x86.o b/NoConsolation/bin/NoConsolation.x86.o index aeaeaa95d2195f31337333b489c38feb609eeaa4..cad53494e8482e1db0d17ef688eb014f24bb7852 100644 GIT binary patch delta 10098 zcma)C4OmrGx?Tqmu`tj;KoE~W{^n0X{{N7=(fkV)MlDlOptu=0a4_x4-PDnZJ~J!Oi4N@iJ;#k}A8_Fm`gbMkrac^=*Ge!t(f z*0;X3&e0d&b^Q02j-GQI-2{E6<_ocOOV7C8YZeM|3dEkpk{3f9TSga#PYe@cPR^F6 z2ZmHHe&N0Jh?w~!g{W$d+W5tdLU^?ZPgq*p(@nj4TnlydYPzXsxg#WUoKbbt-yMgW z?u{DO<0f}Sgebq^paVY7|2ovz7@zKVrRiXNL5QQ?NKPEn=ZPP?y2#zNpS!xe+Gk!t z4v!lTCXVYf%M?8?MW11{bpQC|BY15)d(Q6ew5b!<^i02$kc7Qo z+QpWOQ^u$LlN~POr~Yw{XPaW3>q8u$8^245bKGp~PI<&}cT-C0%&>&;PwmzNLwF=( z4ELb1VgHjVgpoaDh|xA^Zo-8Bv#U-tRaZC78~l``Z`D8SV$0Kk6EqZK)ZlIj^8!>X z54tg7=u}6c@gGAcI?{~ShK^0BIB9n_(~PyRDRNk2NdK2k*v0v#_{)#Fx;$Ekv14?6 zLPdbi!O6|zWcG=LmgIv(+earS91M_JV>oYo2kw>LS*zT=2^6!Tow>>4fS;lcOqy4FZh|Ks~5+z}vs&YXwBrkwHr z<>Utb@)O{X$+*)RcNlw%-h#W2Vv5|6-R5-0a2~B2XgT| z8t*0w^eSa^^=r6ywCYg@BJ9eyz3(|$9eo}Bx1tVc?bRV}?TSNMMR3@0Z$&-6wyUe_ zyhkS1Ndel|`1$Rm#E?WMrqq^%F0-&F0c9%*Obw5$vnDdcG~ezU!#8A&oE(%=r+-SF zk`kySZOo>s1KX_bM7O8?<<0Hz|S-(dv1xI+~XnEbkgx>W{p+ zC|Shhf`nrNtZUX zN459H1`Fs{AIV#bRm{E~XjbU-e^R}1Yco6A1nGk}h3iJV(0u$m^oTb%Xru=VfJij& zp0~VOv?p4|(dCv2igNmgpeR^y*mIO}D@q?kk$y}!W33$**s$e9#baW_#$w!sYrh z8fNzV?`84-(&*yi}n(~HS)up z_y&I4!;fA3kX@xk+kyDaEm}R1UQI4B6+X(NM%#$G-bn)4@8qq)Mxyh1b*%$O?8atS zH*CuGZZZwo5i5gycx2L4dE_&|QyW^Qa@3|AwFRi133&fZ4H! zEa3f!`HuZW^W)JD2PiZLydMg9KN#@-(sdGP^lFW2Vj9)NG@9y*0w=P;t2HS72BqI{ z9rt^@+8(98N2%{Ie$E`I*L$^kZ|-NFZ1ggKQ=V*8GhL~8y<1InZ*IM3DsD4SIp)bu z@@k(%y(|i`A5jyZ`0Lm#0Qrv!&R**HTHKlhL)d$7CWCE>cEtqVQ! ze7Zc78-;5j=0%=E=!giFLa*3DG|cLt{&fBt%G^)GU=6=-6z5Mu!(GuK%6rKx0UBU$Wm4=qGW=_W1PFOoOn{{M^q(G~QsyM7_4Jjj2( zY6Yc3RZid`j;Z_4&+Et@tsJ2-k(IcI$mD71X{dAL*Mhd~uS#F?-1$5x@%9Z^Tz7Le z4RzK8So;Wl^0Ha~}v(&09r!{I8|R4Zs0a_xf` zW90PMei#ld0@eoXCiIs>#&r+jSHNH}q1rlGqV?X&TBBA= z>qk*_r9v?E_NS~BI&;s=zN4odP=xnpaVpZ#j3KnE(>|D+|yzmpt#kb<>)Q;-wH19b6%952gVQm+!yu2HQO&J^I z)po&5Uh=lWqp@RVY#i-pGmiO?O@_XW^5sij)tfqJ-V+i&Gp{&*b%8N!cD7MJyHuZ7 zGOeVztYmebtEi+nyI^*~ddfHFfr8QkXCD3(mpIGv))wSDv$Zm3QL*!(f`>{<*NcS~ zH(m^P7Uw-wFy47f*{#miC3*SKUAdlLT}3PqrLZC=x0H#(yrR`Wt`aAanQIH|BzYhP zAD^a4Itxon9x~HeSyY@?T2xSG44I?rqoExxhNCBrk?5w;GNR&ozU2$3Pt!$9LC zx&Sm@qPQNGG!=-YcL7b1((X4{Xk4VFHywzhE!7oyzao9yCdKVgdV7H;O4lpUnmMg< zg|;bF55z%s1Klny=Jyg}l0>_KCIji=;wME8>n+3-DgO1%mT_T>5SfzO0L0;{fq0xJ z6t^JOviJh%PHAEEvC!E#%XU({g`NPKN*B6taSCvnL>GXjOEfk?2u-3@Ks=c>K%Byw zL{R{dYgeJOT8;V9IZ!x6X{}@1x2Ppr-3-|4?yg2kkfLQ4a5$21F_zlK&*EO zhy%wDu=HLB;=q4XC_9BXo${}jkkAtYEyaBbT>|3r$sc4%*DKU_h{cUmXud*)3cUct zUM?z>G8FMSuQ5X{H)5EDx&h4;l$H~S$2lH|$N3weyQFkC5PN9=nkBg-w_0Ow2V$uh zZlM%~^f3zluR<3U`W*i*!^T$?+BHgu*)qsGKyxHI1H=jb48#czy3LaA1)9rg0nL-B zFDBz|`hg%^ECOWmZJ=x^{tAfKI4NC-`I5^3;$$*`cmu8jVm%#*Q>X)4AT6Sx&K8My zu*D$7r32|q*4$yaX#`@EcN99O&^3jU(KuNzU7^wFH_Xje=*h8GT7L%OnK=Q(C7MC; z+2k&T{!JmDbO`iWZ?Zxw6e?HfWrdC@G!X5QZJz~NC}(E)B%D-0=zp1jxsuEUV#Pcl zo|#90ekG;91>y_1e%^MKr| z{|Uq<(NnA-lYlT7=xxcgT-O1y-U~qNdNR5$yI!bJxk8&1YEbCSI}x8v98)cai9kHM zwTj!UxUUpP9h>#0195^6DpaG;euWMKakSTgE-&v)y9>?Q|@OK%%crd;Fa zl=J`)kNqMLZ?=IrDi|$O==Ta81LDA^fH?4FAPzhXU5ljXe-i*%JRgX~n@n-I*si3F zN_t*Ne^AmW7_zO72c`*&xD|-!;|-vDCD#tbXx4%3_w6mKQHyQy})GTMULNLNQU9C@-H?A7XHb`xqyfI2=CAEH5e}H)5@g z$zQ!%oTO&yGrI$3Svbdi%nUG*s8JuY6wHe@W(}BAHfAH38}LQSXH^F#!^Sj#SqVn> zDK&%IY*RW8=2aVW4$K)F^BtIXa0l@D=@tsNC^#R}2h687<`ys~GohmktMt-ArQ$&H zncWGd+Q!@s=C3wpIhYchCTz9*{t{XvF%C_VnGvpnbuP&fgXMG3e;*n`P=4a+?-8Z> zd9FMr!te-nObFX@XNcioe1u^A8%#%UPp&;gyAm&OC6Wblz-TH9&jPBOEH6IIun6e;da}e`P5OXMq`LMf) zRMA4jrKbJ&b_*>mEGo`Ne^|b9{c`%{M##3auB3E%iR?bh>GvLz7Zn$lh~@VexFka+ zP%S7ZURAn&jZ40*E-Ld0%ScK;^RRl;{$(*?M#QR{jn`LdakI4r^RzkXx2I*n!p7p delta 6339 zcmZ{o4OEm>8prQD3^*zXx_ph`FbN8RAmtY*>gYD1i8;ep<{HYbpRI+l(5@*vbiiyJ zDe&6LZscmG*3G32cXVSn^N?$SW@a0kmSpWwkC;@fX(wB^+5f$F-aGTon;eDT`+uJ2 z|J?U}4TqO6DSvrei7HaU3Hv%&Mo3vpRKlp(`GoXAc(I766x}qB|3@5~6H@S^z{X4uPhu#WP6z_3C(&6$ z>2DJ6RE~Rl5?2|NcAAqkJ^tnY`h2YZ*7rW2$NrgzFo%nDQ&N8XQh(?b9_kaJXX%Ng zt>!sbe7^3x(@bn=_-Sla2rt|~A4;~EO(D^j{Ly^6H`$`RPrH&642DbeqvUO)v-`D1 z@A*?JF4C`35-mM=?EmJnHs@1+PP*4SW~{;d`Xy~xwHTmZrdX6l8f8sT4td8}HyV^{ z^!H;ElvMiK*vFOS-n&xg8_n_OwbkPd;!O%EP0us_Ih7E)V!{OaZTcef!cVlR1^(2{ z-inOpmC?_h(}q>2x6iOwp|*^0b45ss>hKI*m^n`=r%z`VD6#aN%sg|`$6B-b{$5AC z$yptSlw)VK;R=8F#s@y1+de=$rX`x2LUJBeEogGi?$IB9sC8(?O0uON@`1NE=PSkh zZm%}p=&%0X+m|~fOlhGbr+jSQ39;Ll7KPfqY%BOqUyWzm;YF`;YLjC2ozi-=`#o~$ z{%IC-Pe@dKhnw`@h_-}8)zKfNiPL@NjqhrmPx_trdvo*NQcNwF=Pg||)A&4WdPke9 zzA5(qj4@_=NOZq{9v<_qobd-G<;mmP;xGM;UVDp8bU&>xNHi}F$x+v;o-QqzZT_}L z>u}xgFo7N@C{J`F>M0v^m!_H6#IZ?atMIxvW!5O1U4wV>>@3At(lAg%heufGW2O=#6{FyE;AgPET3C z+Y!UzqT3Pcv7e3pD{1Vi2?t#b7xP!v>7JL!Q+nNwWZa0+uaVW*OUU^wI0sYQC#(B{ zBayuNwA*3jaMJBa^Vre9?3mk;(NH%)YVyQVn40XZY(+fwLAK^S{JO18V)J6bHLpEb zS33CWwz=Q**jqgqC3cLvD9y+!FJLon>8ed+l{0jeS2toDu7)lLOKrFrNL`>$U5r$g zR`7Wstx}(s;ZO7ZCy=&DpQbcpte88C#~#t^Vag(Qsh+#^4LsxaI&LX zo_JJy7`J24%xA$7cAO73)Ey)>*cWJCiZVnz_Jh9D4Fks8Sx0i~H&PN^```Rw>vL}~ z>yC!Hjv(tuZru^E&X%K2Rofe39WNhH;6KOeXtHF<9iT`yWc(&j6Nd-dwK&#{IdjOA zdjw&Jm||%21TI7%P&OF^M^p0J?4bE&??Wnj| z@Y%SF<=a-EfNcj)GrLzA)Hl9 zDh@JWO{GCQU0lozP8DZ7fEGz?1h&lxkK|)vhm`H7YuEg{7F!<)zd{1vR`uJFfYa;Q z@f6F%QGiJv&v76pM-Y8tZfp)N7*w)D8?x@MhPq>90M=JFF!Wq#Xdl!-#>aLU89cV{=C2?`=jQd^vKQJbCHtC$wsIcbdW^YmH zQUh%-chK+3Ym!!1u3NuqrM0HYy1uG%CBFTva=rDZ>mI4B-bk~TxLlL)E)gUfXDOG{ z^ARe24!V(Rh_UOi*jH6IF79X5s@F(|;0J!08jv zEKV6_LS}O+0Zrjl2NFYAk)%?sq+OEQC7qIVK~iihMF_>-;o5Bb(+@j`<1Btv6kjUE%5_uOvqT5ZCTqG$)6>}xM2NI31fP`U!RW-DM zgyAlb$U6YC5jL1lL87tg4mIx;kZ62Vl5H&0T&!d}M@H`PYT|B5pMu2pDNR?S>m&`E zplT_S=1MA;v=<~?&Py7ViT+|->6xm{prjk1x%{1CP$}Ls6C~dAG0;37-31aZZJ-}> zt#hLK?&m-vIw)xr1fjXoB_5Y_UeZ5tJ&451l6K-$-OZaE0@*qBg2Vv71lhQjfXhQf zp99^)wN6kWr(rli^Kt$#>4iWcdO-_#_+yY*<4D{x_i`-_BnFcULIP^nf<#^wNDSdA z&_W*dfkee{Yza}301{d%$R)%&+$h3k4@iU$Njf8GK+*`@BYqo6<6$ARnUXwt>abn{ z+4!)!L1K%hxp23Ll6*-^B~?i>&s6hrBsnCllC)3KVM+10T11a$K}CEBV`dSu2!#7D z7kD2R?I4lp1c{k>2(*|-e+?27yc1;O+6jOelr+?)I-4b>+Fa@gXFdCpE9s&Vl$GxyUsj28qU|dFmu>1&MZTl5R*Eh9fSb z4}!$Wd0Nt&ATj-?K*ISVNKF4ANYvf{m5BRqDvmRD8iueCB*OQD#JfKO61%lql26if z9B~nS7$h3kfka~p5{*yFXrGK;v!lNVXW@Pj#WO*o*a;HRZ8G{h8SRi!E2aPs82)6C zn2#0sQOdRLAmL0w!nqwJoXzKD_>v5N&%$)p%2!?1BtjHoB?egGH%a`Tg-^$T@)DF+ zEy2n$D1~r5c|FfvPi5Cgubym!bS^k}FvH22wh1cTu*yy7rOf8&;9sxMBlF zVVI~~Y=?jn&lKF60mTYs2v)@Jv+ftnhOE{oE7z|lC#GX}1j?qOY#J`kfKmwMmPT0y zpVeq#$%u|IYdLs=4#x*%=VB=thsuTd^T>D4ITKskg< zSNJSnQ-!@iNY!k5WX{b zQ=Zc)2bSujvpVGqof2o{Bjw-3p!0P~1wFKO>bSRc`qw%omPW5jbrpt(dalwbn{>)P zo$|g;`C6w8iwNzNiw{NlC0@y?Qy$hSZk@7UrySQQ{W`@oq)c}AUpy&8LX|w7vPh?_ d)+mkM*B=TG^JYB~ZKNgDbLf<6Gu=_0@P9X)N1p%y diff --git a/NoConsolation/no-consolation.py b/NoConsolation/no-consolation.py index d1ee022..f65d114 100644 --- a/NoConsolation/no-consolation.py +++ b/NoConsolation/no-consolation.py @@ -1,6 +1,7 @@ import os from havoc import Demon, RegisterCommand +from datetime import datetime def is_windows_path(path): return re.match(r'^[a-zA-Z]:\\', path) is not None @@ -8,6 +9,9 @@ def is_windows_path(path): def is_linux_path(path): return re.match(r'^/[a-zA-Z]', path) is not None +def is_pe_name(path): + return re.match(r'^[a-zA-Z].*\.exe', path) is not None + def noconsolation_parse_params( demon, params ): packer = Packer() @@ -20,6 +24,13 @@ def noconsolation_parse_params( demon, params ): alloc_console = False close_handles = False free_libs = False + cmdline = None + cmdwline = None + pename = None + dont_save = False + list_pes = False + unload_pe = None + name_set = False timeout = 60 path_set = False path = '' @@ -66,6 +77,16 @@ def noconsolation_parse_params( demon, params ): close_handles = True elif param == '--free-libraries' or param == '-fl': free_libs = True + elif param == '--dont-save' or param == '-ds': + dont_save = True + elif param == '--list-pes' or param == '-lpe': + list_pes = True + elif param == '--unload-pe' or param == '-upe': + skip = True + if i + 1 >= num_params: + demon.ConsoleWrite( demon.CONSOLE_ERROR, "missing --unload-pe value" ) + return None, None + unload_pe = params[i + 1] elif os.path.exists( param ) or is_windows_path( param ): path_set = True path = param @@ -73,8 +94,12 @@ def noconsolation_parse_params( demon, params ): elif local is False and os.path.exists( param ) is False and is_linux_path( param ): demon.ConsoleWrite( demon.CONSOLE_INFO, f"Specified executable {path} does not exist" ) return None, None + elif local is False and is_pe_name( params[ i ] ): + pename = params[ i ] + name_set = True + break elif param == '--help' or param == '-h': - demon.ConsoleWrite( demon.CONSOLE_INFO, "Usage: noconsolation [--local] [--timeout 60] [-k] [--method funcname] [-w] [--no-output] [--alloc-console] [--close-handles] [--free-libraries] /path/to/binary.exe arg1 arg2" ) + demon.ConsoleWrite( demon.CONSOLE_INFO, "Usage: noconsolation [--local] [--timeout 60] [-k] [--method funcname] [-w] [--no-output] [--alloc-console] [--close-handles] [--free-libraries] [--dont-save] [--list-pes] [--unload-pe pename] /path/to/binary.exe arg1 arg2" ) demon.ConsoleWrite( demon.CONSOLE_INFO, " --local, -l Optional. The binary should be loaded from the target Windows machine" ) demon.ConsoleWrite( demon.CONSOLE_INFO, " --timeout NUM_SECONDS, -t NUM_SECONDS Optional. The number of seconds you wish to wait for the PE to complete running. Default 60 seconds. Set to 0 to disable" ) demon.ConsoleWrite( demon.CONSOLE_INFO, " -k Optional. Overwrite the PE headers" ) @@ -84,7 +109,10 @@ def noconsolation_parse_params( demon, params ): demon.ConsoleWrite( demon.CONSOLE_INFO, " --alloc-console, -ac Optional. Allocate a console. This will spawn a new process" ) demon.ConsoleWrite( demon.CONSOLE_INFO, " --close-handles, -ch Optional. Close Pipe handles once finished. If PowerShell was already ran, this will break the output for PowerShell in the future" ) demon.ConsoleWrite( demon.CONSOLE_INFO, " --free-libraries, -fl Optional. Free all loaded DLLs" ) - demon.ConsoleWrite( demon.CONSOLE_INFO, " /path/to/binary.exe Required. Full path to the windows EXE/DLL you wish you run inside Beacon" ) + demon.ConsoleWrite( demon.CONSOLE_INFO, " --dont-save, -ds Optional. Do not save this binary in memory" ) + demon.ConsoleWrite( demon.CONSOLE_INFO, " --list-pes, -lpe Optional. List all PEs that have been loaded in memory" ) + demon.ConsoleWrite( demon.CONSOLE_INFO, " --unload-pe PE_NAME, -upe PE_NAME Optional. Unload from memory a PE" ) + demon.ConsoleWrite( demon.CONSOLE_INFO, " /path/to/binary.exe Required. Full path to the windows EXE/DLL you wish you run inside Beacon. If already loaded, you can simply specify the binary name." ) demon.ConsoleWrite( demon.CONSOLE_INFO, " ARG1 ARG2 Optional. Parameters for the PE. Must be provided after the path" ) demon.ConsoleWrite( demon.CONSOLE_INFO, "" ) demon.ConsoleWrite( demon.CONSOLE_INFO, " Example: noconsolation --local C:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe $ExecutionContext.SessionState.LanguageMode" ) @@ -95,40 +123,56 @@ def noconsolation_parse_params( demon, params ): demon.ConsoleWrite( demon.CONSOLE_INFO, f"invalid argument: {param}" ) return None, None - if path_set is False: + # allow users to close all handles without having to run a PE + if unload_pe is None and list_pes is False and name_set is False and path_set is False and close_handles is False: demon.ConsoleWrite( demon.CONSOLE_INFO, "PE path not provided" ) return None, None - if os.path.exists(path) is False and local is False: + if path_set is True and os.path.exists(path) is False and local is False: demon.ConsoleWrite( demon.CONSOLE_INFO, f"Specified executable {path} does not exist" ) return None, None - if local is False: - pename = path.split("/")[-1] + if path_set is True and list_pes is True: + demon.ConsoleWrite( demon.CONSOLE_INFO, "The option --list-pes must be ran alone" ) + return None, None - try: - with open(path, 'rb') as f: - pebytes = f.read() - except: - demon.ConsoleWrite( demon.CONSOLE_INFO, f"could not read PE" ) - return None, None + if unload_pe is not None and list_pes is True: + demon.ConsoleWrite( demon.CONSOLE_INFO, "The option --list-pes must be ran alone" ) + return None, None - if len(pebytes) == 0: - demon.ConsoleWrite( demon.CONSOLE_INFO, f"The PE is empty" ) - return None, None + if unload_pe is not None and path_set is True: + demon.ConsoleWrite( demon.CONSOLE_INFO, "The option --unload-pe must be ran alone" ) + return None, None + + if path_set: + if local is False: + pename = path.split("/")[-1] - path = '' - else: - pename = path.split("\\")[-1] + try: + with open(path, 'rb') as f: + pebytes = f.read() + except: + demon.ConsoleWrite( demon.CONSOLE_INFO, f"could not read PE" ) + return None, None + + if len(pebytes) == 0: + demon.ConsoleWrite( demon.CONSOLE_INFO, f"The PE is empty" ) + return None, None + + path = '' + else: + pename = path.split("\\")[-1] - # Iterate through args given - cmdline = pename - for y in range(i + 1, len(params)): - arg = params[ y ] - arg = arg.replace('\\"', '"') + if path_set or name_set: + # Iterate through args given + cmdline = pename + for y in range(i + 1, len(params)): + arg = params[ y ] + arg = arg.replace('\\"', '"') - cmdline = f'{cmdline} {arg}' + cmdline = f'{cmdline} {arg}' + packer.addstr(pename) packer.addbytes(pebytes) packer.addstr(path) packer.addbool(local) @@ -142,6 +186,11 @@ def noconsolation_parse_params( demon, params ): packer.addbool(alloc_console) packer.addbool(close_handles) packer.addbool(free_libs) + packer.addbool(dont_save) + packer.addbool(list_pes) + packer.addstr(unload_pe) + packer.addstr("") + packer.addstr(datetime.now().strftime('%H:%M:%S %Y-%m-%d')) return packer.getbuffer(), pename @@ -165,4 +214,4 @@ def noconsolation( demonID, *params ): return TaskID -RegisterCommand( noconsolation, "", "noconsolation", "Execute a PE inline", 0, "[--local] [--timeout 60] [-k] [--method funcname] [-w] [--no-output] [--alloc-console] [--close-handles] [--free-libraries] /path/to/binary.exe arg1 arg2", "--local C:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe $ExecutionContext.SessionState.LanguageMode" ) +RegisterCommand( noconsolation, "", "noconsolation", "Execute a PE inline", 0, "[--local] [--timeout 60] [-k] [--method funcname] [-w] [--no-output] [--alloc-console] [--close-handles] [--free-libraries] [--dont-save] [--list-pes] [--unload-pe pename] /path/to/binary.exe arg1 arg2", "--local C:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe $ExecutionContext.SessionState.LanguageMode" )