Documentation
¶
Overview ¶
Copyright (c) 2019-2022 0x9ef. All rights reserved. Use of this source code is governed by an MIT license that can be found in the LICENSE file.
Copyright (c) 2019-2022 0x9ef. All rights reserved. Use of this source code is governed by an MIT license that can be found in the LICENSE file.
Copyright (c) 2019-2022 0x9ef. All rights reserved. Use of this source code is governed by an MIT license that can be found in the LICENSE file.
Copyright (c) 2019-2022 0x9ef. All rights reserved. Use of this source code is governed by an MIT license that can be found in the LICENSE file.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var InfoOnceCmstp = Info{
Id: 1,
Type: "once",
Name: "cmstp",
Description: "Using cmstp.exe and .ini file manipulations",
}
var InfoOnceComputerdefaults = Info{
Id: 2,
Type: "once",
Name: "computerdefaults",
Description: "Using computerdefaults.exe and registry keys manipulations",
}
var InfoOnceEventvwr = Info{
Id: 3,
Type: "once",
Name: "eventvwr",
Description: "Using eventvwr.exe and registry keys manipulations",
}
var InfoOnceFodhelper = Info{
Id: 4,
Type: "once",
Name: "fodhelper",
Description: "Using fodhelper.exe and registry keys manipulations",
}
var InfoOnceSdcltcontrol = Info{
Id: 5,
Type: "once",
Name: "sdcltcontrol",
Description: "Using sdclt.exe folder and registry keys manipulations",
}
var InfoOnceSilentcleanup = Info{
Id: 6,
Type: "once",
Name: "silentcleanup",
Description: "Using silentcleanup.exe and registry keys manipulations",
}
var InfoOnceSlui = Info{
Id: 7,
Name: "slui",
Type: "once",
Description: "Using slui.exe and registry keys manipulations",
}
var InfoOnceWsreset = Info{
Id: 8,
Type: "once",
Name: "wsreset",
Description: "Using wsreset.exe and registry keys manipulations",
}
var InfoPersistCortana = Info{
Id: 9,
Type: "persist",
Name: "cortana",
Description: "Using registry key class manipulation",
}
var InfoPersistHkcu = Info{
Id: 10,
Type: "persist",
Name: "hkcu",
Description: "Using registry key (HKEY_CURRENT_USER) manipulation",
}
var InfoPersistHklm = Info{
Id: 11,
Type: "persist",
Name: "hklm",
Description: "Using registry key (HKEY_LOCAL_MACHINE) manipulation",
}
var InfoPersistMagnifier = Info{
Id: 12,
Type: "persist",
Name: "magnifier",
Description: "Using magnifier.exe, Image File Execution Options debugger and accessibility application",
}
var InfoPersistPeople = Info{
Id: 13,
Type: "persist",
Name: "people",
Description: "Using registry key class manipulation",
}
var InfoPersistStartup = Info{
Id: 14,
Type: "persist",
Name: "startup",
Description: "Using malicious lnk file in startup directory",
}
var InfoPersistUserinit = Info{
Id: 15,
Type: "persist",
Name: "userinit",
Description: "Using userinit registry key manipulations",
}
Functions ¶
func GetBuildNumber ¶
func GetBuildNumber() int
func GetUACLevel ¶
func GetUACLevel() int
func KeybdEvent ¶
func ShellExecute ¶
Types ¶
type OnceExecutor ¶
OnceExecutor is suitable for all single-use options that clean up data immediately after their work
type PersistExecutor ¶
PersistExecutor same as OnceExecutor, but has Revert function that can be called manually and revert all changes which were applied.
Source Files
Directories