Cracked5pider
/ LdrModuleKnown.c
Created
January 23, 2024 14:12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /*! | |
| * @brief | |
| * Loads a module from KnownDlls using | |
| * NtOpenSection & NtMapViewSection | |
| * | |
| * @param ModuleName | |
| * Wide String name of module to | |
| * load from KnownDlls | |
| * | |
| * @return |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| BOOL TransportSend( LPVOID Data, SIZE_T Size, PVOID* RecvData, PSIZE_T RecvSize ) | |
| { | |
| #ifdef TRANSPORT_HTTP | |
| HANDLE hConnect = NULL; | |
| HANDLE hSession = NULL; | |
| HANDLE hRequest = NULL; | |
| DWORD HttpFlags = 0; | |
| LPVOID RespBuffer = NULL; |
Cracked5pider
/ sleep.c
Created
July 7, 2022 10:05
— forked from RobinFassina-Moschini/sleep.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /*! | |
| * | |
| * ROGUE | |
| * | |
| * GuidePoint Security LLC | |
| * | |
| * Threat and Attack Simulation | |
| * | |
| !*/ |
Cracked5pider
/ Buffer.c
Last active
July 21, 2022 04:29
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Buffer.h> | |
| /*! | |
| * Allocates an empty buffer | |
| * @return pointer to empty buffer | |
| */ | |
| PVOID BufferNew( ) | |
| { | |
| // Allocate a buffer that contains * nothing * | |
| return ( PVOID ) LocalAlloc( LPTR, 0 ); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| MapImg = MemAllocateStomped( &fTable, ImgLen ); | |
| if ( !MapImg ) { | |
| sParam.ImgMod = TRUE; | |
| MapImg = MemAllocateVirtual( &fTable, ImgLen ); | |
| }; | |
| InlineZeroMemory( MapImg, ImgLen ); | |
| SecHdr = IMAGE_FIRST_SECTION( NtsHdr ); | |
| for ( INT i = 0 ; i < NtsHdr->FileHeader.NumberOfSections ; ++i ) { |
Cracked5pider
/ ReflectedDll.c
Last active
January 20, 2022 14:01
Get output from injected reflected dll
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //===============================================================================================// | |
| // This is a stub for the actuall functionality of the DLL. | |
| //===============================================================================================// | |
| #include "ReflectiveLoader.h" | |
| #include <stdio.h> | |
| // Note: REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR and REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN are | |
| // defined in the project properties (Properties->C++->Preprocessor) so as we can specify our own | |
| // DllMain and use the LoadRemoteLibraryR() API to inject this DLL. |