Sample BOF with NtCreateProcessEx

2025-07-15 00:44:17 +00:00 · 2025-04-08 17:29:27 +02:00
parent 826e928cd0
commit 0e1b5ae780
1 changed files with 18 additions and 0 deletions
--- a/sample_bof/main.c
+++ b/sample_bof/main.c
@ -0,0 +1,18 @@
+#include <windows.h>
+#include "beacon.h"
+#include "syscalls-aio.h"
+
+void go(char* args, int length) {
+    HANDLE hProcess;
+    OBJECT_ATTRIBUTES oa = {sizeof(oa)};
+
+    NTSTATUS status = Sw3NtCreateProcessEx(&hProcess, PROCESS_ALL_ACCESS, &oa, 
+        (HANDLE)(LONG_PTR)-1, 0, NULL, NULL, NULL, 0);
+
+    if (status == 0) {
+        BeaconPrintf(CALLBACK_OUTPUT, "[+] NtCreateProcessEx successful");
+    } else {
+        BeaconPrintf(CALLBACK_ERROR, "[-] NtCreateProcessEx failed: 0x%X\n", status);
+        return;
+    }
+}