-
Notifications
You must be signed in to change notification settings - Fork 7
Expand file tree
/
Copy pathenv.c
More file actions
27 lines (23 loc) · 864 Bytes
/
env.c
File metadata and controls
27 lines (23 loc) · 864 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
#include <windows.h>
#include <processenv.h>
#include <stdio.h>
#include "beacon.h"
#define printf(format, args...) { BeaconPrintf(CALLBACK_OUTPUT, format, ## args); }
DECLSPEC_IMPORT FARPROC WINAPI kernel32$GetProcAddress(HANDLE, CHAR*);
DECLSPEC_IMPORT HANDLE WINAPI kernel32$LoadLibraryA(CHAR*);
FARPROC Resolver(CHAR *lib, CHAR *func) {
FARPROC ptr = kernel32$GetProcAddress(kernel32$LoadLibraryA(lib), func);
return ptr;
}
VOID go() {
FARPROC GetEnvironmentStrings = Resolver("kernel32.dll", "GetEnvironmentStrings");
FARPROC strlen = Resolver("msvcrt.dll", "strlen");
FARPROC FreeEnvironmentStrings = Resolver("kernel32.dll", "FreeEnvironmentStringsA");
LPCH env = GetEnvironmentStrings();
LPCH start = env;
while(env[0] != 0x00) {
printf("%s\n", env);
env += strlen(env) + 1;
}
FreeEnvironmentStrings(start);
}