Documentation
¶
Rendered for windows/amd64
Index ¶
- func ExitProcess(code int)
- func GetIMOML() uintptr
- func GetMetrics() (*metric.Metrics, error)
- func GetPEB() uintptr
- func GetProcAddressByHash(mHash, pHash, hKey uint, redirect bool) (uintptr, error)
- func GetProcAddressByHashML(list uintptr, mHash, pHash, hKey uint, redirect bool) (uintptr, error)
- func GetProcAddressByName(hModule uintptr, name string, redirect bool) (uintptr, error)
- func GetProcAddressOriginal(hModule uintptr, name string) (uintptr, error)
- func GetTEB() uintptr
- func Sleep(d time.Duration) error
- type Options
- type RuntimeM
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetMetrics ¶
GetMetrics is used to get runtime metrics.
func GetProcAddressByHash ¶
GetProcAddressByHash is used to get procedure address by hash.
func GetProcAddressByHashML ¶
GetProcAddressByHashML is used to get procedure address by hash with list.
func GetProcAddressByName ¶
GetProcAddressByName is used to get procedure address by name.
func GetProcAddressOriginal ¶
GetProcAddressOriginal is used to call original GetProcAddress.
Types ¶
type Options ¶
type Options struct {
BootInstAddress uintptr `toml:"boot_inst_address" json:"boot_inst_address"`
EnableSecurityMode bool `toml:"enable_security_mode" json:"enable_security_mode"`
DisableDetector bool `toml:"disable_detector" json:"disable_detector"`
DisableSysmon bool `toml:"disable_sysmon" json:"disable_sysmon"`
DisableWatchdog bool `toml:"disable_watchdog" json:"disable_watchdog"`
NotEraseInstruction bool `toml:"not_erase_instruction" json:"not_erase_instruction"`
NotAdjustProtect bool `toml:"not_adjust_protect" json:"not_adjust_protect"`
TrackCurrentThread bool `toml:"track_current_thread" json:"track_current_thread"`
}
Options contains options about initialize runtime.
type RuntimeM ¶
type RuntimeM struct {
HashAPI struct {
FindAPI uintptr
FindAPIML uintptr
FindAPIA uintptr
FindAPIW uintptr
}
Library struct {
LoadA uintptr
LoadW uintptr
LoadExA uintptr
LoadExW uintptr
Free uintptr
GetProc uintptr
Lock uintptr
Unlock uintptr
Status uintptr
FreeAll uintptr
}
Memory struct {
Alloc uintptr
Calloc uintptr
Realloc uintptr
Free uintptr
Size uintptr
Cap uintptr
Lock uintptr
Unlock uintptr
Status uintptr
FreeAll uintptr
}
Thread struct {
New uintptr
Exit uintptr
Sleep uintptr
Lock uintptr
Unlock uintptr
Status uintptr
KillAll uintptr
}
Resource struct {
LockMutex uintptr
UnlockMutex uintptr
LockEvent uintptr
UnlockEvent uintptr
LockSemaphore uintptr
UnlockSemaphore uintptr
LockWaitableTimer uintptr
UnlockWaitableTimer uintptr
LockFile uintptr
UnlockFile uintptr
Status uintptr
FreeAll uintptr
}
Argument struct {
GetValue uintptr
GetPointer uintptr
Erase uintptr
EraseAll uintptr
}
Storage struct {
SetValue uintptr
GetValue uintptr
GetPointer uintptr
Delete uintptr
DeleteAll uintptr
}
WinBase struct {
ANSIToUTF16 uintptr
UTF16ToANSI uintptr
ANSIToUTF16N uintptr
UTF16ToANSIN uintptr
}
WinFile struct {
ReadFileA uintptr
ReadFileW uintptr
WriteFileA uintptr
WriteFileW uintptr
}
WinHTTP struct {
Init uintptr
Get uintptr
Post uintptr
Do uintptr
FreeDLL uintptr
}
WinCrypto struct {
RandBuffer uintptr
Hash uintptr
HMAC uintptr
AESEncrypt uintptr
AESDecrypt uintptr
RSAGenKey uintptr
RSAPubKey uintptr
RSASign uintptr
RSAVerify uintptr
RSAEncrypt uintptr
RSADecrypt uintptr
FreeDLL uintptr
}
Random struct {
Seed uintptr
Int uintptr
Int8 uintptr
Int16 uintptr
Int32 uintptr
Int64 uintptr
Uint uintptr
Uint8 uintptr
Uint16 uintptr
Uint32 uintptr
Uint64 uintptr
IntN uintptr
Int8N uintptr
Int16N uintptr
Int32N uintptr
Int64N uintptr
UintN uintptr
Uint8N uintptr
Uint16N uintptr
Uint32N uintptr
Uint64N uintptr
Byte uintptr
Bool uintptr
BOOL uintptr
Buffer uintptr
Sequence uintptr
}
Crypto struct {
Encrypt uintptr
Decrypt uintptr
}
Compressor struct {
Compress uintptr
Decompress uintptr
}
Serialization struct {
Serialize uintptr
Unserialize uintptr
}
MemScanner struct {
ScanByValue uintptr
ScanByConfig uintptr
BinToPattern uintptr
}
Procedure struct {
GetProcByName uintptr
GetProcByHash uintptr
GetProcByHashML uintptr
}
Detector struct {
Detect uintptr
Status uintptr
}
Sysmon struct {
Status uintptr
// contains filtered or unexported fields
}
Watchdog struct {
SetHandler uintptr
Kick uintptr
Enable uintptr
Disable uintptr
IsEnabled uintptr
Status uintptr
// contains filtered or unexported fields
}
Env struct {
GetPEB uintptr
GetTEB uintptr
GetIMOML uintptr
}
Raw struct {
GetProcAddress uintptr
ExitProcess uintptr
}
Core struct {
Sleep uintptr
Hide uintptr
Recover uintptr
Metrics uintptr
Cleanup uintptr
Exit uintptr
Stop uintptr
}
Data struct {
Mutex uintptr
}
}
RuntimeM contains exported methods of runtime.
func InitRuntime ¶
InitRuntime is used to initialize runtime from shellcode instance. Each shellcode instance can only initialize once.
func NewRuntime ¶
NewRuntime is used to create runtime from initialized instance. It will copy memory for prevent runtime encrypt memory page when call runtime methods or call SleepHR.
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.