BOFCode/process.c at main · zurro/BOFCode · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
#include <windows.h>
#include <stdio.h>
#include "beacon.h"

#define printf(format, args...) { BeaconPrintf(CALLBACK_OUTPUT, format, ## args); }

DECLSPEC_IMPORT FARPROC WINAPI kernel32$GetProcAddress(HANDLE, CHAR*);
DECLSPEC_IMPORT HANDLE WINAPI kernel32$LoadLibraryA(CHAR*);

FARPROC Resolver(CHAR *lib, CHAR *func) {
    FARPROC ptr = kernel32$GetProcAddress(kernel32$LoadLibraryA(lib), func);
    printf("%s$%s located at 0x%p\n", lib, func, ptr);
    return ptr;
}

VOID go(char *argv, int argc) {
	FARPROC CreateProcess = Resolver("kernel32.dll", "CreateProcessA");
	FARPROC memset = Resolver("msvcrt.dll", "memset");
	FARPROC GetLastError = Resolver("kernel32.dll", "GetLastError");
	FARPROC SetLastError = Resolver("kernel32.dll", "SetLastError");

	datap parser;
	CHAR *cmd = NULL;
	BeaconDataParse(&parser, argv, argc);
	cmd = BeaconDataExtract(&parser, NULL);
	STARTUPINFO si;
	PROCESS_INFORMATION pi;

	printf("Running the following command %s\n", cmd);

	memset(&si, 0x00, sizeof(STARTUPINFO));
	memset(&pi, 0x00, sizeof(PROCESS_INFORMATION));
	si.cb = sizeof(STARTUPINFO);

	if(CreateProcess != NULL) {
		SetLastError(0);
		BOOL bResult = CreateProcess(cmd, NULL, NULL, NULL, FALSE, 0, NULL, NULL, &si, &pi);
		printf("Result is %d. Error: %d\n", bResult, GetLastError());
	}
}