C++ (Cpp) ExecuteShellcode Examples

Programming Language: C++ (Cpp)

Method/Function: ExecuteShellcode

Examples at hotexamples.com: 2

C++ (Cpp) ExecuteShellcode - 2 examples found. These are the top rated real world C++ (Cpp) examples of ExecuteShellcode extracted from open source projects. You can rate examples to help us improve the quality of examples.

Example #1

Show file

File: syringe.c Project: rass89rus/syringe

int main(int argc, char* argv[]) {
	char dllPath[MAXLINE] = "";
	unsigned int pid = 0;
	unsigned int injResult;
	unsigned char attackType = 0;
	unsigned char numargs = 4;
	char *usageString = "Syringe v1.2\nA General Purpose DLL & Code Injection Utility\n\nUsage:\n\nInject DLL:\n\tsyringe.exe -1 [ dll ] [ pid ]\n\nInject Shellcode:\n\tsyringe.exe -2 [ shellcode ] [ pid ]\n\nExecute Shellcode:\n\tsyringe.exe -3 [ shellcode ]\n";

	if (argc < 2) {
		printf("%s", usageString);
		return 0;
	}
	if (strncmp(argv[1], "-1", 2) == 0) {
		attackType = ATTACK_TYPE_DLL_INJECTION;
	} else if (strncmp(argv[1], "-2", 2) == 0) {
		attackType = ATTACK_TYPE_SHELL_CODE_INJECTION;
	} else if (strncmp(argv[1], "-3", 2) == 0) {
		attackType = ATTACK_TYPE_EXECUTE_SHELL_CODE;
		numargs = 3;
	} else {
		printf("%s", usageString);
		return 0;
	}
	if (argc != numargs) {
		printf("%s", usageString);
		return 0;
	}

	if ((attackType == ATTACK_TYPE_DLL_INJECTION) || (attackType == ATTACK_TYPE_SHELL_CODE_INJECTION)) {
		pid = atoi(argv[3]);
		if (!pid) {
			printf("Invalid Process ID.\n");
			return 0;
		}
		if (attackType == ATTACK_TYPE_DLL_INJECTION) {
			GetFullPathNameA(argv[2], MAXLINE, dllPath, NULL);
			injResult = InjectDLL(dllPath, pid);
		} else if (attackType == ATTACK_TYPE_SHELL_CODE_INJECTION) {
			injResult = InjectShellcode(argv[2], pid);
		}

		if (injResult == 0) {
			printf("Successfully Injected.\n");
		} else {
			printf("Failed To Inject. \nError: ");
			switch (injResult) {
				case 1: { printf("Invalid Process ID.\n"); break; }
				case 2: { printf("Could Not Open A Handle To The Process.\n"); break; }
				case 3: { printf("Could Not Get The Address Of LoadLibraryA.\n"); break; }
				case 4: { printf("Could Not Allocate Memory In Remote Process.\n"); break; }
				case 5: { printf("Could Not Write To Remote Process.\n"); break; }
				case 6: { printf("Could Not Start The Remote Thread.\n"); break; }
			}
		}
	} else if (attackType == ATTACK_TYPE_EXECUTE_SHELL_CODE) {
		ExecuteShellcode(argv[2]);
	}
	return 0;
}

Example #2

Show file

File: syringe.c Project: LucaBongiorni/syringe

int main(int argc, char* argv[]) {
	CHAR pDllPath[MAXLINE] = "";
	DWORD dwPid = 0;
	DWORD dwResult = 0;
	DWORD dwAttackType = 0;
	DWORD dwNumArgs = 4;
	PBYTE pShellcode = NULL;
	DWORD dwShellcodeLength = 0;

	printf("%s\n", APPLICATION_NAME);
	if (argc < 2) {
		printf(USAGE_STRING);
		return 0;
	}

	if (strncmp(argv[1], "-1", 2) == 0) {
		dwAttackType = ATTACK_TYPE_DLL_INJECTION;
	} else if (strncmp(argv[1], "-2", 2) == 0) {
		dwAttackType = ATTACK_TYPE_SHELL_CODE_INJECTION;
	} else if (strncmp(argv[1], "-3", 2) == 0) {
		dwAttackType = ATTACK_TYPE_EXECUTE_SHELL_CODE;
		dwNumArgs = 3;
	} else {
		printf(USAGE_STRING);
		return 0;
	}
	if (argc != dwNumArgs) {
		printf(USAGE_STRING);
		return 0;
	}

	if ((dwAttackType == ATTACK_TYPE_SHELL_CODE_INJECTION) || (dwAttackType == ATTACK_TYPE_EXECUTE_SHELL_CODE)) {
		if (!CryptStringToBinaryA(argv[2], 0, CRYPT_STRING_BASE64, pShellcode, &dwShellcodeLength, 0, NULL)) {
			printf("Failed to decode the provided shellcode\n");
			return 0;
		}
		pShellcode = (PBYTE)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwShellcodeLength);
		if (pShellcode == NULL) {
			printf("Failed to allocate space for the shellcode\n");
			return 0;
		}
		if (!CryptStringToBinaryA(argv[2], 0, CRYPT_STRING_BASE64, pShellcode, &dwShellcodeLength, 0, NULL)) {
			printf("Failed to decode the provided shellcode\n");
			return 0;
		}
	}

	if ((dwAttackType == ATTACK_TYPE_DLL_INJECTION) || (dwAttackType == ATTACK_TYPE_SHELL_CODE_INJECTION)) {
		dwPid = atoi(argv[3]);
		if (!dwPid) {
			printf("Invalid Process ID.\n");
			return 0;
		}
		if (dwAttackType == ATTACK_TYPE_DLL_INJECTION) {
			GetFullPathNameA(argv[2], MAXLINE, pDllPath, NULL);
			dwResult = InjectDLL(pDllPath, dwPid);
		} else if (dwAttackType == ATTACK_TYPE_SHELL_CODE_INJECTION) {
			dwResult = InjectShellcode(pShellcode, (SIZE_T)dwShellcodeLength, dwPid);
		}

		if (dwResult == 0) {
			printf("Successfully Injected.\n");
		} else {
			printf("Failed To Inject.\nError: ");
			switch (dwResult) {
				case 1: { printf("Invalid Process ID.\n"); break; }
				case 2: { printf("Could Not Open A Handle To The Process.\n"); break; }
				case 3: { printf("Could Not Get The Address Of LoadLibraryA.\n"); break; }
				case 4: { printf("Could Not Allocate Memory In Remote Process.\n"); break; }
				case 5: { printf("Could Not Write To Remote Process.\n"); break; }
				case 6: { printf("Could Not Start The Remote Thread.\n"); break; }
			}
		}
	} else if (dwAttackType == ATTACK_TYPE_EXECUTE_SHELL_CODE) {
		ExecuteShellcode(pShellcode, (SIZE_T)dwShellcodeLength, FALSE);
	}

	if (pShellcode) {
		HeapFree(GetProcessHeap(), 0, pShellcode);
	}
	return 0;
}