fennec 726232111
726232111
/ shellcode_exec_workerfactory.c
Created
May 8, 2023 00:48
— forked from RistBS/shellcode_exec_workerfactory.c
Just another shellcode execution technique :)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Windows.h> | |
| #include <stdio.h> | |
| #define PRINTDEBUG(fmt, ...) printf(fmt "\n", ##__VA_ARGS__) | |
| #define NT_SUCCESS(Status) ((NTSTATUS)(Status) >= 0) | |
| #define WORKER_FACTORY_FULL_ACCESS 0xf00ff | |
| typedef struct _UNICODE_STRING { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // "A process executes until one of the following events occurs: | |
| // - Any thread of the process calls the ExitProcess function. | |
| // - The last thread of the process terminates | |
| // - ..." | |
| // Ref: https://learn.microsoft.com/en-us/windows/win32/procthread/terminating-a-process | |
| // | |
| // -------------------------------------------------------------------------------------------- | |
| // | |
| // The idea is to inject shellcode into another process and stomp the instructions of it's ExitProcess(). | |
| // So when ExitProcess is called, the thread will be redirected to the shellcode instead of exiting. |