V. PreModules and PostModules

PreModules and PostModules are subroutines that execute before or after your payload's shellcode is executed. For example, it can sometimes be useful to perform sandbox checks or execute an AMSI bypass prior to executing the main portion of the payload. PreModules can be used for both of these tasks. Similarly, it sometimes makes sense to perform cleanup routines prior to terminating the payload process. PostModules can be used for this role.

Selecting PreModules and PostModules

You can select an arbitrary number of PreModules and PostModules to include in your payload, so long as they are compatible with the Interface module you selected.

To list all PreModules or PostModules that are compatible with your interface, use the --list, --compatible, and --interface flags as described in II. Listing Modules.

Once you chosen a set of PreModules and PostModules, you can instruct DropEngine to run them using the --premodules and --postmodules flags as shown in the following example.

Command:

python dropengine.py [..snip..] --premodules pre1 pre2 --postmodules postA postB [..snip..]

PreModules and PostModules will be executed by your payload in the order they are listed as they are passed to DropEngine via the command line (in the example above, pre1 would be executed before pre2).

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

V. PreModules and PostModules

Selecting PreModules and PostModules

DropeEngine Wiki

Home

Setup

Quick Start Guide

I. Module Selection

II. Creating the Payload

Operational Guidance

I. Conceptual Overview

II. Building Payloads

III. Listing Modules

Module Types

I. Interfaces

II. Runners

III. Executors

IV. Payload Encryption Modules

V. PreModules and PostModules

VI. Mutator Modules

Developer Guide

I. Creating Output Modules

II. Creating Crypter Modules

III. Creating EKey Modules

IV. Creating Mutator Modules

Acknowledgements

Clone this wiki locally