Created
August 3, 2017 06:22
-
-
Save Jire/c7a527035b052d56137f6617dca82697 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| fun injectShellcode(vararg shellcode: Int) { | |
| val length = shellcode.size | |
| val hProcess = (lms!! as WindowsProcess).handle | |
| val internalBlock = Kernel32.VirtualAllocEx(hProcess, 0, shellcode.size, | |
| WinNT.MEM_COMMIT, WinNT.PAGE_EXECUTE_READWRITE) | |
| val buffer = Memory(shellcode.size.toLong()) | |
| for (i in 0..shellcode.lastIndex) buffer.setByte(i.toLong(), shellcode[i].toByte()) | |
| val bytesWritten = IntByReference(0) | |
| JNAKernel32.INSTANCE.WriteProcessMemory(hProcess, internalBlock.pointer, buffer, length, bytesWritten); | |
| if (bytesWritten.value != length) return | |
| /* cheaphax I know, can implement my own CreateRemoteThread but I'm lazy */ | |
| val startRoutine = WinBase.FOREIGN_THREAD_START_ROUTINE() | |
| val foreignLocation = WinDef.LPVOID(internalBlock.pointer) | |
| startRoutine.javaClass.getField("foreignLocation").set(startRoutine, foreignLocation) | |
| JNAKernel32.INSTANCE.CreateRemoteThread( | |
| hProcess, WinBase.SECURITY_ATTRIBUTES(), 0, | |
| startRoutine, NULL, WinDef.DWORD(0), NULL) | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment