From 0e1b5ae78020ae7f95804b8fba8918df84a5d72c Mon Sep 17 00:00:00 2001
From: Thijn <113618658+tdeerenberg@users.noreply.github.com>
Date: Tue, 8 Apr 2025 17:29:27 +0200
Subject: [PATCH] Sample BOF with NtCreateProcessEx

---
 sample_bof/main.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/sample_bof/main.c b/sample_bof/main.c
index e69de29..059e0a7 100644
--- a/sample_bof/main.c
+++ b/sample_bof/main.c
@@ -0,0 +1,18 @@
+#include <windows.h>
+#include "beacon.h"
+#include "syscalls-aio.h"
+
+void go(char* args, int length) {
+    HANDLE hProcess;
+    OBJECT_ATTRIBUTES oa = {sizeof(oa)};
+
+    NTSTATUS status = Sw3NtCreateProcessEx(&hProcess, PROCESS_ALL_ACCESS, &oa, 
+        (HANDLE)(LONG_PTR)-1, 0, NULL, NULL, NULL, 0);
+
+    if (status == 0) {
+        BeaconPrintf(CALLBACK_OUTPUT, "[+] NtCreateProcessEx successful");
+    } else {
+        BeaconPrintf(CALLBACK_ERROR, "[-] NtCreateProcessEx failed: 0x%X\n", status);
+        return;
+    }
+}