C++ (Cpp) CreateAPCEvent Exemples

Exemple #1

0

Afficher le fichier

Fichier : RemoteExec.cpp Projet : topblast/Blackbone

/// <summary>
/// Create environment for future remote procedure calls
///
/// _userData layout (x86/x64):
/// --------------------------------------------------------------------------------------------------------------------------
/// | Internal return value | Return value |  Last Status code  |  Event handle   |  Space for copied arguments and strings  |
/// -------------------------------------------------------------------------------------------------------------------------
/// |       8/8 bytes       |   8/8 bytes  |      8/8 bytes     |   16/16 bytes   |                                          |
/// --------------------------------------------------------------------------------------------------------------------------
/// </summary>
/// <param name="noThread">Create only codecave and sync event, without thread</param>
/// <returns>Status</returns>
NTSTATUS RemoteExec::CreateRPCEnvironment( bool noThread /*= false*/ )
{
    NTSTATUS dwResult = STATUS_SUCCESS;
    DWORD thdID = 0;
    bool status = true;

    //
    // Allocate environment codecave
    //
    if (!_workerCode.valid())
        _workerCode = _memory.Allocate( 0x1000 );

    if (!_userData.valid())
        _userData = _memory.Allocate( 0x4000, PAGE_READWRITE );

    if (!_userCode.valid())
        _userCode = _memory.Allocate( 0x1000 );

    // Create RPC thread and sync event
    if (noThread == false)
        thdID = CreateWorkerThread();
    else
    // Randomize thread id for event name
        thdID = GetTickCount();
             
    auto& barrier = _proc.core().native()->GetWow64Barrier();
    if (barrier.type != wow_32_64)
        status = CreateAPCEvent( thdID );

    if ((noThread == false && thdID == 0) || status == false)
        dwResult = LastNtStatus();

    return dwResult;
}

Exemple #2

0

Afficher le fichier

Fichier : RemoteExec.cpp Projet : hezzrrah/Blackbone

/// <summary>
/// Create environment for future remote procedure calls
///
/// _userData layout (x86/x64):
/// --------------------------------------------------------------------------------------------------------------------------
/// | Internal return value | Return value |  Last Status code  |  Event handle   |  Space for copied arguments and strings  |
/// -------------------------------------------------------------------------------------------------------------------------
/// |       8/8 bytes       |   8/8 bytes  |      8/8 bytes     |   16/16 bytes   |                                          |
/// --------------------------------------------------------------------------------------------------------------------------
/// </summary>
/// <param name="noThread">Create only codecave and sync event, without thread</param>
/// <returns>Status</returns>
NTSTATUS RemoteExec::CreateRPCEnvironment( bool noThread /*= false*/ )
{
    NTSTATUS dwResult = STATUS_SUCCESS;
    DWORD thdID = 0;
    bool status = true;

    //
    // Allocate environment codecave
    //
    if (!_workerCode.valid())
        _workerCode = _memory.Allocate( 0x1000 );

    if (!_userData.valid())
        _userData = _memory.Allocate( 0x4000, PAGE_READWRITE );

    if (!_userCode.valid())
        _userCode = _memory.Allocate( 0x1000 );

    // Create RPC thread and sync event
    if (noThread == false)
    {
        thdID = CreateWorkerThread();
        if (thdID)
            status = CreateAPCEvent( thdID );
    }

    if (thdID == 0 || status == false)
        dwResult = LastNtStatus();

    return dwResult;
}

Exemple #3

0

Afficher le fichier

Fichier : RemoteExec.cpp Projet : ApocalypsEnd/Blackbone

/// <summary>
/// Create environment for future remote procedure calls
///
/// _userData layout (x86/x64):
/// --------------------------------------------------------------------------------------------------------------------------
/// | Internal return value | Return value |  Last Status code  |  Event handle   |  Space for copied arguments and strings  |
/// -------------------------------------------------------------------------------------------------------------------------
/// |       8/8 bytes       |   8/8 bytes  |      8/8 bytes     |   16/16 bytes   |                                          |
/// --------------------------------------------------------------------------------------------------------------------------
/// </summary>
/// <param name="bThread">Create worker thread</param>
/// <param name="bEvent">Create sync event for worker thread</param>
/// <returns>Status</returns>
NTSTATUS RemoteExec::CreateRPCEnvironment( bool bThread /*= true*/, bool bEvent /*= true*/ )
{
    DWORD thdID = GetTickCount();       // randomize thread id
    NTSTATUS status = STATUS_SUCCESS;

    //
    // Allocate environment codecave
    //
    if (!_workerCode.valid())
        _workerCode = _memory.Allocate( 0x1000 );

    if (!_userData.valid())
        _userData = _memory.Allocate( 0x4000, PAGE_READWRITE );

    if (!_userCode.valid())
        _userCode = _memory.Allocate( 0x1000 );

    // Create RPC thread
    if (bThread)
        thdID = CreateWorkerThread();

    // Create RPC sync event
    if (bEvent)
    {
        if (_proc.core().native()->GetWow64Barrier().type != wow_32_64)
        {
            status = CreateAPCEvent( thdID );
        }
        else
        {
            status = LastNtStatus( STATUS_NOT_SUPPORTED );
        }
    }
   
    if (bThread && thdID == 0)
        status = LastNtStatus();

    return status;
}