Fix Ekko sleep mask for .dll/.bin payloads

[chvancooten]

Currently, the Ekko sleep mask feature only works with the normal executable payloads and not with DLL/shellcode since it targets the parent process' base image for encryption. This is a known issue with Ekko described in this blog.

With some research, the Ekko module could be enhanced to target only the correct section of the present payload for encryption.

[Cracked5pider]

hit me up on discord if you need help.