Last active
May 12, 2021 02:16
-
-
Save 3ts75/fc3d41af5b58a8b0f7bb231292f8f851 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <Windows.h> | |
| #include <iostream> | |
| using namespace std; | |
| using _ZwAllocateVirtualMemory = NTSTATUS(NTAPI*)( | |
| _In_ HANDLE ProcessHandle, | |
| _Inout_ PVOID* BaseAddress, | |
| _In_ ULONG_PTR ZeroBits, | |
| _Inout_ PSIZE_T RegionSize, | |
| _In_ ULONG AllocationType, | |
| _In_ ULONG Protect | |
| ); | |
| int main() { | |
| _ZwAllocateVirtualMemory ZwAllocateVirtualMemory = (_ZwAllocateVirtualMemory)GetProcAddress(GetModuleHandleA("ntdll.dll"), "ZwAllocateVirtualMemory"); | |
| PBYTE pbShellcode = (PBYTE)"test"; | |
| SIZE_T ShellSize = sizeof(&pbShellcode); | |
| PVOID BaseAddress = NULL; | |
| ZwAllocateVirtualMemory( | |
| GetCurrentProcess(), | |
| &BaseAddress, | |
| 0xFFFFFFF, | |
| &ShellSize, | |
| MEM_COMMIT, | |
| PAGE_EXECUTE_READWRITE | |
| ); | |
| memcpy(BaseAddress, pbShellcode, ShellSize); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment