Skip to content

Instantly share code, notes, and snippets.

@SolomonSklash

SolomonSklash/dummy_bof.cpp

Created August 20, 2020 18:43
Show Gist options
  • Save SolomonSklash/4db5dc454ee98c2bb41aef25b2484bf7 to your computer and use it in GitHub Desktop.
Save SolomonSklash/4db5dc454ee98c2bb41aef25b2484bf7 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
dummy_bof.cpp
#include <windows.h>
#include <stdio.h>
#include <dsgetdc.h>
#include <psapi.h>
extern "C" {
#include "beacon.h"
};
// Compile as C++ (/TP) for decltype
// cl.exe /c /GS- /TP ./dummy_bof.cpp /Fo./dummy_bof.o
#define BOF_REDECLARE(mod, func) extern "C" __declspec(dllimport) decltype(func) mod ## $ ## func
#define BOF_LOCAL(mod, func) decltype(func) * func = mod ## $ ## func
BOF_REDECLARE(KERNEL32, GetCurrentProcess);
BOF_REDECLARE(KERNEL32, K32EnumProcessModules);
BOF_REDECLARE(KERNEL32, K32GetModuleBaseNameA);
BOF_REDECLARE(KERNEL32, K32GetModuleInformation);
extern "C" void go(char* args, int alen) {
BOF_LOCAL(KERNEL32, GetCurrentProcess);
BOF_LOCAL(KERNEL32, K32EnumProcessModules);
BOF_LOCAL(KERNEL32, K32GetModuleBaseNameA);
BOF_LOCAL(KERNEL32, K32GetModuleInformation);
HANDLE hProcess = GetCurrentProcess();
HMODULE hMods[512];
DWORD cbNeeded;
if (K32EnumProcessModules(hProcess, hMods, sizeof(hMods), &cbNeeded)) {
for (int i = 0; i < (cbNeeded / sizeof(HMODULE)); i++) {
CHAR szProcessName[MAX_PATH];
K32GetModuleBaseNameA(hProcess, hMods[i], szProcessName, sizeof(szProcessName) / sizeof(TCHAR));
MODULEINFO modinfo;
K32GetModuleInformation(hProcess, hMods[i], &modinfo, sizeof(MODULEINFO));
BeaconPrintf(CALLBACK_OUTPUT, "%i: %p %p %s", i, modinfo.lpBaseOfDll, modinfo.SizeOfImage, szProcessName);
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment