Add support for binaries with no reloc info + fix ETW bypass bug

[S4ntiagoP]

Hello!

No relocation information support

I was trying to integrate Cobalt Strike's beacon with donut and found that it failed with:
This file has no relocation information required for in-memory execution.

So I added support for binaries with no relocation information.
What I did:

• If a binary has no relocation directory, simply load it at its preferred address.
• Added support for some other types of relocations: IMAGE_REL_BASED_HIGHLOW, IMAGE_REL_BASED_HIGH and IMAGE_REL_BASED_LOW
• Also, I moved the TLS callback logic further down, so that it is called after the memory permissions have been properly set.

The TLS change also fixed other binaries (with reloc information) like nanodump which crashed when the TLS callback were called.
I also found a DLL with a relocation RVA outside of it's boundaries, so I added a check for that before relocating.

ETW Fix

I found that if I used the debug build and loaded some binary with .\loader64.exe .\instance, it worked perfectly, but if I actually injected the shellcode (loader.bin), it failed.

After some debugging, I found that the problem was at the DisableETW function (with BYPASS_ETW_B, which is the default).
The issue was that the "ret" or "ret 14h" instructions were hardcoded in the code, and the reference to them was broken at runtime.
The fix was very simple, just added those instructions to the "instance" struct so their reference was valid and that solved the problem.

python module

I also fixed some bugs in donutmodule.c which is working fine again.

other

I also added a debug binary called inject_local.c for quick testing and fixed small compiler bugs here and there.

Hope you like it 😄

[TheWover]

Fixes #103

[S4ntiagoP]

🥳