admin/CowInjecter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0c587f9dc538674008507d47321df78958ff1a5a
CowInjecter/CowInject/main.h
Huoji's 0c587f9dc5 添加项目文件。
2021-01-01 13:54:35 +08:00

11 lines
2.9 KiB
C
Raw Blame History

#pragma once
extern HANDLE __stdcall HkCreateFileW(LPCWSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile);
extern int __stdcall ShellCodeEnd();
extern ULONG_PTR GetProcAddressR(ULONG_PTR hModule, const char* lpProcName, BOOL x64Module);
extern LONG BlackBoneSafeSearchString(IN PUNICODE_STRING source, IN PUNICODE_STRING target, IN BOOLEAN CaseInSensitive);
extern bool _memcpy(PVOID address, PVOID target_address, ULONG length);
//see shell_code_start ,fuck gcc, aways broken shellcode
static BYTE HookCode[] = {
0x48,0x8B,0xC4,0x48,0x89,0x58,0x08,0x48,0x89,0x70,0x10,0x48,0x89,0x78,0x18,0x55,0x41,0x54,0x41,0x55,0x41,0x56,0x41,0x57,0x48,0x8D,0xA8,0xF8,0xFD,0xFF,0xFF,0x48,0x81,0xEC,0xE0,0x02,0x00,0x00,0x45,0x33,0xED,0xC7,0x44,0x24,0x40,0x43,0x00,0x3A,0x00,0x41,0x8B,0xF0,0x66,0x44,0x89,0x6C,0x24,0x58,0x44,0x8B,0xF2,0x66,0x44,0x89,0x6C,0x24,0x78,0x48,0x8B,0xD9,0x66,0x44,0x89,0x6D,0xC0,0x41,0xB8,0x04,0x01,0x00,0x00,0xC7,0x44,0x24,0x44,0x5C,0x00,0x68,0x00,0x48,0x8D,0x55,0xD0,0xC7,0x44,0x24,0x48,0x75,0x00,0x6F,0x00,0x33,0xC9,0xC7,0x44,0x24,0x4C,0x6A,0x00,0x69,0x00,0x48,0xB8,0xEF,0xCD,0xAB,0x91,0x78,0x56,0x37,0x13,0xC7,0x44,0x24,0x50,0x2E,0x00,0x64,0x00,0x49,0x8B,0xF9,0xC7,0x44,0x24,0x54,0x6C,0x00,0x6C,0x00,0xC7,0x44,0x24,0x60,0x43,0x00,0x3A,0x00,0xC7,0x44,0x24,0x64,0x5C,0x00,0x6E,0x00,0xC7,0x44,0x24,0x68,0x74,0x00,0x64,0x00,0xC7,0x44,0x24,0x6C,0x6C,0x00,0x6C,0x00,0xC7,0x44,0x24,0x70,0x2E,0x00,0x64,0x00,0xC7,0x44,0x24,0x74,0x6C,0x00,0x6C,0x00,0xC7,0x45,0xA0,0x43,0x00,0x6F,0x00,0xC7,0x45,0xA4,0x6E,0x00,0x61,0x00,0xC7,0x45,0xA8,0x6E,0x00,0x53,0x00,0xC7,0x45,0xAC,0x61,0x00,0x6E,0x00,0xC7,0x45,0xB0,0x64,0x00,0x62,0x00,0xC7,0x45,0xB4,0x6F,0x00,0x78,0x00,0xC7,0x45,0xB8,0x2E,0x00,0x65,0x00,0xC7,0x45,0xBC,0x78,0x00,0x65,0x00,0xC7,0x45,0x80,0x42,0x00,0x45,0x00,0xC7,0x45,0x84,0x53,0x00,0x65,0x00,0xC7,0x45,0x88,0x72,0x00,0x76,0x00,0xC7,0x45,0x8C,0x69,0x00,0x63,0x00,0xC7,0x45,0x90,0x65,0x00,0x2E,0x00,0xC7,0x45,0x94,0x65,0x00,0x78,0x00,0xC7,0x45,0x98,0x65,0x00,0x00,0x00,0xFF,0xD0,0x48,0x8D,0x55,0xA0,0x49,0xBF,0xEF,0xCD,0xAB,0x91,0x78,0x56,0x34,0x12,0x48,0x8D,0x4D,0xD0,0x41,0xFF,0xD7,0x48,0x85,0xC0,0x74,0x11,0x48,0x8D,0x4C,0x24,0x40,0x48,0xB8,0x37,0x13,0xAB,0x91,0x78,0x56,0x34,0x12,0xFF,0xD0,0x48,0x8D,0x55,0x80,0x48,0x8D,0x4D,0xD0,0x41,0xFF,0xD7,0x48,0x8B,0xCB,0x48,0x85,0xC0,0x74,0x14,0x48,0x8D,0x54,0x24,0x40,0x41,0xFF,0xD7,0x48,0x85,0xC0,0x48,0x8D,0x4C,0x24,0x60,0x48,0x0F,0x44,0xCB,0x48,0x8B,0x85,0x40,0x02,0x00,0x00,0x4C,0x8B,0xCF,0x48,0x89,0x44,0x24,0x30,0x44,0x8B,0xC6,0x8B,0x85,0x38,0x02,0x00,0x00,0x41,0x8B,0xD6,0x89,0x44,0x24,0x28,0x8B,0x85,0x30,0x02,0x00,0x00,0x89,0x44,0x24,0x20,0x48,0xB8,0x78,0x56,0x34,0x12,0x78,0x56,0x34,0x12,0xFF,0xD0,0x4C,0x8D,0x9C,0x24,0xE0,0x02,0x00,0x00,0x49,0x8B,0x5B,0x30,0x49,0x8B,0x73,0x38,0x49,0x8B,0x7B,0x40,0x49,0x8B,0xE3,0x41,0x5F,0x41,0x5E,0x41,0x5D,0x41,0x5C,0x5D,0xC3,0xCC,
};
Reference in New Issue View Git Blame Copy Permalink