daniel/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2026-06-17 00:09:23 +00:00
Code Issues Projects Releases Wiki Activity

updates and moves

Browse Source 
n/a
This commit is contained in:
vxunderground
2022-04-11 20:00:13 -05:00
parent 1275ea2e03
commit 900263ea6f
809 changed files with 149115 additions and 1594 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Win32/Proof of Concepts/herpaderping/source/ProcessHerpaderping/herpaderp.hpp
+73
View File
@@ -0,0 +1,73 @@
//
// Copyright (c) Johnny Shaw. All rights reserved.
//
// File: source/ProcessHerpaderping/herpaderp.hpp
// Author: Johnny Shaw
// Abstract: Herpaderping Functionality
//
#pragma once
namespace Herpaderp
{
#pragma warning(push)
#pragma warning(disable : 4634) // xmldoc: discarding XML document comment for invalid target
/// <summary>
/// Waits for process to exit before returning.
/// </summary>
constexpr static uint32_t FlagWaitForProcess = 0x00000001ul;
/// <summary>
/// Opens and hold the target file handle exclusive for as long as
/// reasonable. This flag is incompatible with FlagCloseFileEarly.
/// </summary>
constexpr static uint32_t FlagHoldHandleExclusive = 0x00000002ul;
/// <summary>
/// Flushes file buffers of target file.
/// </summary>
constexpr static uint32_t FlagFlushFile = 0x00000004ul;
/// <summary>
/// Closes the file handle early, before creating the initial thread
/// (before process notification would fire in the kernel). This flag is
/// not compatible with FlagHoldHandleExclusive.
/// </summary>
constexpr static uint32_t FlagCloseFileEarly = 0x00000008ul;
/// <summary>
/// Terminates the spawned process on success, this can be useful in some
/// automation environments. Not compatible with FlagWaitForProcess.
/// </summary>
constexpr static uint32_t FlagKillSpawnedProcess = 0x00000010ul;
#pragma warning(pop)
/// <summary>
/// Executes process herpaderping.
/// </summary>
/// <param name="SourceFileName">
/// Source binary to execute.
/// </param>
/// <param name="TargetFileName">
/// File name to copy source to and obfuscate.
/// </param>
/// <param name="ReplaceWithFileName">
/// Optional, if provided the file is replaced with the content of this
/// file. If not provided the file is overwritten with a pattern.
/// </param>
/// <param name="Pattern">
/// Pattern used for obfuscation.
/// </param>
/// <param name="Flags">
/// Flags controlling behavior of herpaderping (Herpaderp::FlagXxx).
/// </param>
/// <returns>
/// Success if the herpaderping executed. Failure otherwise.
/// </returns>
_Must_inspect_result_ HRESULT ExecuteProcess(
_In_ const std::wstring& SourceFileName,
_In_ const std::wstring& TargetFileName,
_In_opt_ const std::optional<std::wstring>& ReplaceWithFileName,
_In_ std::span<const uint8_t> Pattern,
_In_ uint32_t Flags);
}