Documentation
¶
Index ¶
- Constants
- Variables
- func Decrypt(data []byte, passphrase string) []byte
- func EBAPCQueue(R_Addr uintptr, victimHandle windows.Handle) error
- func Encrypt(data []byte, passphrase string) []byte
- func MoveFile(source, destination string) (err error)
- func ShellCodeCreateRemoteThread(Proc uintptr, R_Addr uintptr, F int) error
- func WriteShellcode(PID int, Shellcode []byte) (uintptr, uintptr, int)
- type WindowsProcess
Constants ¶
View Source
const ( MEM_COMMIT = 0x1000 MEM_RESERVE = 0x2000 PAGE_EXECUTE_READWRITE = 0x40 PROCESS_CREATE_THREAD = 0x0002 PROCESS_QUERY_INFORMATION = 0x0400 PROCESS_VM_OPERATION = 0x0008 PROCESS_VM_WRITE = 0x0020 PROCESS_VM_READ = 0x0010 )
View Source
const TH32CS_SNAPPROCESS = 0x00000002
Process Functions Needed to enum process to get pid of process we want to spoof
Variables ¶
View Source
var ( VirtualAllocEx = kernel32.MustFindProc("VirtualAllocEx") WriteProcessMemory = kernel32.MustFindProc("WriteProcessMemory") OpenProcess = kernel32.MustFindProc("OpenProcess") WaitForSingleObject = kernel32.MustFindProc("WaitForSingleObject") CreateRemoteThread = kernel32.MustFindProc("CreateRemoteThread") QueueUserAPC = kernel32.MustFindProc("QueueUserAPC") )
Functions ¶
func EBAPCQueue ¶
EBAPCQueue spawns shellcode in a remote process using Early Bird APC Queue Code Injection
func ShellCodeCreateRemoteThread ¶
ShellCodeCreateRemoteThread spawns shellcode in a remote process using CreateRemoteThread
Types ¶
type WindowsProcess ¶
WindowsProcess is an implementation of Process for Windows.
func FindProcessByName ¶
func FindProcessByName(processes []WindowsProcess, name string) *WindowsProcess
func Processes ¶
func Processes() ([]WindowsProcess, error)
Source Files
Click to show internal directories.
Click to hide internal directories.