Skip to content

NtCreateSection

Directory actions

More options

Directory actions

More options

Latest commit

 

History

History

NtCreateSection

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
c++
c++
 
 
README.md
README.md
 
 

README.md

Shellcode Loader

Allocate memory for executing shellcode later.

Overview

Alokasi menggunakan beberapa fungsi internal:

  • NtCreateSection
  • NtMapViewOfSection

Teknik ini akan membuat sebuah section baru saat runtime yang dapat menampung shellcode. Section haruslah executable saat eksekusi dan telah dipetakan ke process.

NTSTATUS NtCreateSection (PHANDLE SectionHandle, ULONG DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, PLARGE_INTEGER MaximumSize, ULONG PageAttributess, ULONG SectionAttributes, HANDLE FileHandle);

NTSTATUS NtMapViewOfSection (HANDLE SectionHandle, HANDLE ProcessHandle, PVOID *BaseAddress, ULONG ZeroBits, ULONG CommitSize, PLARGE_INTEGER SectionOffset, PULONG ViewSize, DWORD InheritDisposition, ULONG AllocationType, ULONG Protect);

NTSTATUS NtUnmapViewOfSection (HANDLE ProcessHandle, PVOID BaseAddress);

NTSTATUS NtClose (HANDLEObjectHandle);

Reference