GhostLoader Steps :)
1. Create C:\Tools
2. Copy Some .NET, any .NET binary to C:\Tools
3. In this example, we use FileHistory.exe, but any .NET app will do.
4. Ensure FileHistory.exe.config is in the same path
5. Execute C:\Tools\FileHistory.exe
Jackson T. jthuraisamy
jthuraisamy
/ _Instructions_Reproduce.md
Created
April 30, 2020 06:28
GhostLoader - AppDomainManager - Injection - 攻壳机动队
jthuraisamy
/ loaded_psp_drivers.cpp
Last active
October 15, 2023 03:01
Loaded Security Product Drivers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <ImageHlp.h> | |
| #include <strsafe.h> | |
| #include "loaded_psp_drivers.h" | |
| #include <set> | |
| #include <string> | |
| #include <algorithm> | |
| #pragma comment(lib, "crypt32.lib") |
jthuraisamy
/ funcnames_from_logger.py
Last active
July 13, 2020 01:48
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Recover function names from logger function calls. | |
| #@author @Jackson_T | |
| #@category _NEW_ | |
| #@keybinding | |
| #@menupath | |
| #@toolbar | |
| import re | |
| from ghidra.program.model.symbol import SourceType |
OlderNewer