Shellcode Loader

Allocate memory for executing shellcode later.

Overview

Alokasi menggunakan beberapa fungsi internal:

NtCreateSection
NtMapViewOfSection

Teknik ini akan membuat sebuah section baru saat runtime yang dapat menampung shellcode. Section haruslah executable saat eksekusi dan telah dipetakan ke process.

NTSTATUS NtCreateSection (PHANDLE SectionHandle, ULONG DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, PLARGE_INTEGER MaximumSize, ULONG PageAttributess, ULONG SectionAttributes, HANDLE FileHandle);

NTSTATUS NtMapViewOfSection (HANDLE SectionHandle, HANDLE ProcessHandle, PVOID *BaseAddress, ULONG ZeroBits, ULONG CommitSize, PLARGE_INTEGER SectionOffset, PULONG ViewSize, DWORD InheritDisposition, ULONG AllocationType, ULONG Protect);

NTSTATUS NtUnmapViewOfSection (HANDLE ProcessHandle, PVOID BaseAddress);

NTSTATUS NtClose (HANDLEObjectHandle);

Reference

NTInternals NtCreateSection
NtInternals NtMapViewOfSection
NtInternals NtUnmapViewOfSection
NtInternals NtClose

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Shellcode Loader

Overview

Reference

FilesExpand file tree

README.md

Latest commit

History

README.md

File metadata and controls

Shellcode Loader

Overview

Reference