Skip to content

NtCreateSectionEx

Directory actions

More options

Directory actions

More options

Latest commit

 

History

History

NtCreateSectionEx

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
c++
c++
 
 
README.md
README.md
 
 

README.md

Shellcode Loader

Allocate memory for executing shellcode later.

Overview

Alokasi menggunakan beberapa fungsi internal:

  • NtCreateSectionEx
  • NtMapViewOfSection

Teknik ini akan membuat sebuah section baru saat runtime yang dapat menampung shellcode. Section haruslah executable saat eksekusi dan telah dipetakan ke process.

NTSTATUS NtCreateSectionEx (PHANDLE SectionHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes, PLARGE_INTEGER MaximumSize, ULONG SectionPageProtection, ULONG AllocationAttributes, HANDLE FileHandle, PMEM_EXTENDED_PARAMETER ExtendedParameters, ULONG ExtendedParameterCount);

NTSTATUS NtMapViewOfSectionEx (HANDLE SectionHandle, HANDLE ProcessHandle, PVOID *BaseAddress, ULONG ZeroBits, ULONG CommitSize, PLARGE_INTEGER SectionOffset, PULONG ViewSize, DWORD InheritDisposition, ULONG AllocationType, ULONG Protect);

NTSTATUS NtUnmapViewOfSectionEx (HANDLE ProcessHandle, PVOID BaseAddress);

NTSTATUS NtClose (HANDLEObjectHandle);

Reference