loader

package
v0.0.0-...-56df863 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 19, 2025 License: MIT Imports: 15 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	NAM = "NtAllocateVirtualMemory"
	NPM = "NtProtectVirtualMemory"
	NCT = "NtCreateThreadEx"
)
View Source 
const (
	Kernel32 = "kernel32.dll"

	NtCreateThreadEx        = "NtCreateThreadEx"
	NtProtectVirtualMemory  = "NtProtectVirtualMemory"
	NtAllocateVirtualMemory = "NtAllocateVirtualMemory"
	WaitForSingleObject     = "WaitForSingleObject"
	WriteProcessMemory      = "WriteProcessMemory"
)

Variables

This section is empty.

Functions

func ADsMem 

func ADsMem(shellcode []byte) error

func AllocMemory 

func AllocMemory(shellcode []byte) (uintptr, error)

func CreateProcessWithPipe 

func CreateProcessWithPipe(shellcode []byte, program string) error

func CreateRemoteThread 

func CreateRemoteThread(shellcode []byte, pid int) error

func CreateRemoteThreadHalos 

func CreateRemoteThreadHalos(shellcode []byte) error

func CreateThread 

func CreateThread(shellcode []byte) error

func Direct 

func Direct(shellcode []byte)

func EarlyBird 

func EarlyBird(shellcode []byte, path string) error

func EnumChildWindowsX 

func EnumChildWindowsX(sc []byte) error

EnumChildWindowsX C++ EnumChildWindows(NULL, (WNDENUMPROC)addr, 0);

func EnumDesktopWindowsX 

func EnumDesktopWindowsX(sc []byte) error

EnumDesktopWindowsX C++ EnumDesktopWindows(NULL,(WNDENUMPROC)addr, 0);

func EnumPageFilesWX 

func EnumPageFilesWX(sc []byte) error

func EnumSystemLocalesAX 

func EnumSystemLocalesAX(sc []byte) error

EnumSystemLocalesAX C++ EnumSystemLocalesA((LOCALE_ENUMPROCA)addr, 0);

func EnumSystemLocalesExX 

func EnumSystemLocalesExX(shellcode []byte) error

func EnumSystemLocalesHalos 

func EnumSystemLocalesHalos(shellcode []byte) error

EnumSystemLocalesHalos Hell's Gate + Halo's Gate technique

func EnumThreadWindowsX 

func EnumThreadWindowsX(sc []byte) error

EnumThreadWindowsX C++ EnumThreadWindows(0, (WNDENUMPROC)addr, 0);

func EnumTimeFormatsAX 

func EnumTimeFormatsAX(sc []byte) error

EnumTimeFormatsAX C++ EnumTimeFormatsA((TIMEFMT_ENUMPROCA)addr, 0, 0);

func EnumWindowsX 

func EnumWindowsX(sc []byte) error

EnumWindowsX C++ EnumWindows((WNDENUMPROC)addr, 0);

func EnumerateLoadedModulesX 

func EnumerateLoadedModulesX(sc []byte) error

func EtwpCreateEtwThreadX 

func EtwpCreateEtwThreadX(shellcode []byte) error

func Fiber 

func Fiber(shellcode []byte) error

func HalosGate 

func HalosGate(shellcode []byte) error

func Ipv4AddressA 

func Ipv4AddressA(shellcode []string)

func MacAddressA 

func MacAddressA(shellcode []string)

func NoRwx 

func NoRwx(shellcode []byte, path string) error

func NtQueueApcThreadEx 

func NtQueueApcThreadEx(shellcode []byte) error

func ProcessHollowing 

func ProcessHollowing(sc []byte, program string) error

func Run 

func Run(sc []byte, callback func(uintptr) error) error

func SPFGate 

func SPFGate(sc []byte) error

func Sha256 

func Sha256(data []byte) []byte

func Sha256Hex 

func Sha256Hex(s string) string

func ShellcodeToUUID 

func ShellcodeToUUID(shellcode []byte) ([]string, error)

ShellcodeToUUID takes in sc bytes, pads it to 16 bytes, breaks them into 16 byte chunks (size of a UUID), converts the first eight bytes into Little Endian format, creates a UUID from the bytes, and returns an array of UUIDs

func StaneAlone 

func StaneAlone(shellcode []byte)

func UUIDFromString 

func UUIDFromString(shellcode []byte) error

Types

type ProcessHollower 

type ProcessHollower struct {
	// contains filtered or unexported fields
}

ProcessHollower 进程镂空结构体

func NewProcessHollower 

func NewProcessHollower(shellcode []byte, program string) *ProcessHollower

NewProcessHollower 创建新的进程镂空实例

func (*ProcessHollower) AllocateMemory 

func (ph *ProcessHollower) AllocateMemory() (uintptr, error)

AllocateMemory 在目标进程中分配内存

func (*ProcessHollower) ChangeMemoryProtection 

func (ph *ProcessHollower) ChangeMemoryProtection(addr uintptr) error

ChangeMemoryProtection 修改内存保护属性

func (*ProcessHollower) Cleanup 

func (ph *ProcessHollower) Cleanup()

Cleanup 清理资源

func (*ProcessHollower) CreateProcess 

func (ph *ProcessHollower) CreateProcess() error

CreateProcess 创建挂起的进程

func (*ProcessHollower) CreateTrampoline 

func (ph *ProcessHollower) CreateTrampoline(shellcodeAddr uintptr) ([]byte, error)

CreateTrampoline 创建跳转代码

func (*ProcessHollower) Execute 

func (ph *ProcessHollower) Execute() error

Execute 执行完整的进程镂空流程

func (*ProcessHollower) GetPEBAddress 

func (ph *ProcessHollower) GetPEBAddress() error

GetPEBAddress 获取PEB地址

func (*ProcessHollower) ReadImageBaseFromPEB 

func (ph *ProcessHollower) ReadImageBaseFromPEB() error

ReadImageBaseFromPEB 从PEB中读取镜像基地址

func (*ProcessHollower) ReadImageHeaders 

func (ph *ProcessHollower) ReadImageHeaders() (uintptr, error)

ReadImageHeaders 读取镜像头信息

func (*ProcessHollower) ResumeProcess 

func (ph *ProcessHollower) ResumeProcess() error

ResumeProcess 恢复进程执行

func (*ProcessHollower) WriteShellcode 

func (ph *ProcessHollower) WriteShellcode(addr uintptr) error

WriteShellcode 将shellcode写入目标进程

func (*ProcessHollower) WriteTrampoline 

func (ph *ProcessHollower) WriteTrampoline(entryPoint uintptr, trampoline []byte) error

WriteTrampoline 将跳转代码写入入口点

type SysID 

type SysID struct {
	NtAllocateVirtualSysID *gabh.SPFG
	NtProtectVirtualSysID  *gabh.SPFG
	NtCreateThreadExSysID  *gabh.SPFG
	WaitForSingleObjectPtr uint64
	WriteProcessMemoryPtr  uint64
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.