RecycledGate Update

Using NtCreateUserProcess via syscall instead of CreateProcessA.

Author: Whitecat18

syscalls/RecycledGate/Cargo.lock

@@ -5,6 +5,7 @@ edition = "2024"
 
 [dependencies]
 ntapi = "0.4.1"
+widestring = "1.2.0"
 
 [dependencies.windows-sys]
 version = "0.60.2"
@@ -28,4 +29,4 @@ features = [
 
 [build-dependencies]
 cc = "1.2.19"
-nasm-rs = "0.3.0"
+nasm-rs = "0.3.0"

syscalls/RecycledGate/Cargo.toml

@@ -12,6 +12,8 @@ The key evasion aspect is jumping to recycled `syscall; ret` sequences within nt
 
 I have made some changes to the logic and code that support compatibility.
 
+Download RecycledGate PoC: [Downlaod](https://download.5mukx.site/#/home?url=https://github.com/Whitecat18/Rust-for-Malware-Development/tree/main/syscalls/RecycledGate)
+
 ## Credits / Resources
 * [thefLink](https://x.com/thefLinkk) for original C Implementation of [RecycledGate](https://github.com/thefLink/RecycledGate/tree/main)
 * [Sektor7](https://sektor7.net) for inventing and documenting [Halosgate](https://blog.sektor7.net/#!res/2021/halosgate.md) on which this project is based

syscalls/RecycledGate/README.md

@@ -41,6 +41,7 @@ fn main() {
         "NtReadFile",
         "NtWriteFile",
         "NtDeviceIoControlFile",
+        "RtlProcessHeap",
     ];
 
     for name in functions {