├── .gitignore ├── BOF ├── DumpShellcode.exe.shellcode ├── entry.obj └── pplfault.cna ├── DumpShellcode ├── DumpShellcode.c ├── DumpShellcode.def ├── DumpShellcode.h └── FunctionOrder.txt ├── LICENSE.txt ├── PPLFault ├── DumpShellcode.exe.shellcode ├── PPLFault.c ├── PPLFault.h ├── Payload.aps ├── Payload.c ├── Payload.h ├── Payload.rc ├── entry.c ├── fnptr.h ├── makebof.bat ├── pplfault.cna ├── relocations └── resource.h ├── README.md ├── Utils ├── Logging.h ├── MemoryCommand.c ├── MemoryCommand.h ├── PayloadUtils.c └── PayloadUtils.h ├── common ├── anticrash.c ├── base.c ├── beacon.h ├── bofdefs.h ├── injection.c ├── ntdefs.h ├── queue.c ├── stack.c ├── wmi.c └── wmi.h ├── images └── cs.jpeg └── phnt ├── README.md ├── include ├── ntbcd.h ├── ntdbg.h ├── ntexapi.h ├── ntgdi.h ├── ntioapi.h ├── ntkeapi.h ├── ntldr.h ├── ntlpcapi.h ├── ntmisc.h ├── ntmmapi.h ├── ntnls.h ├── ntobapi.h ├── ntpebteb.h ├── ntpfapi.h ├── ntpnpapi.h ├── ntpoapi.h ├── ntpsapi.h ├── ntregapi.h ├── ntrtl.h ├── ntsam.h ├── ntseapi.h ├── ntsmss.h ├── nttmapi.h ├── nttp.h ├── ntwow64.h ├── ntxcapi.h ├── ntzwapi.h ├── phnt.h ├── phnt_ntdef.h ├── phnt_windows.h ├── subprocesstag.h └── winsta.h └── zw_options.txt /.gitignore: -------------------------------------------------------------------------------- 1 | .vs 2 | x64 -------------------------------------------------------------------------------- /BOF/DumpShellcode.exe.shellcode: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/BOF/DumpShellcode.exe.shellcode -------------------------------------------------------------------------------- /BOF/entry.obj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/BOF/entry.obj -------------------------------------------------------------------------------- /BOF/pplfault.cna: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/BOF/pplfault.cna -------------------------------------------------------------------------------- /DumpShellcode/DumpShellcode.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/DumpShellcode/DumpShellcode.c -------------------------------------------------------------------------------- /DumpShellcode/DumpShellcode.def: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/DumpShellcode/DumpShellcode.def -------------------------------------------------------------------------------- /DumpShellcode/DumpShellcode.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/DumpShellcode/DumpShellcode.h -------------------------------------------------------------------------------- /DumpShellcode/FunctionOrder.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/DumpShellcode/FunctionOrder.txt -------------------------------------------------------------------------------- /LICENSE.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/LICENSE.txt -------------------------------------------------------------------------------- /PPLFault/DumpShellcode.exe.shellcode: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/PPLFault/DumpShellcode.exe.shellcode -------------------------------------------------------------------------------- /PPLFault/PPLFault.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/PPLFault/PPLFault.c -------------------------------------------------------------------------------- /PPLFault/PPLFault.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | 4 | 5 | -------------------------------------------------------------------------------- /PPLFault/Payload.aps: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/PPLFault/Payload.aps -------------------------------------------------------------------------------- /PPLFault/Payload.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/PPLFault/Payload.c -------------------------------------------------------------------------------- /PPLFault/Payload.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/PPLFault/Payload.h -------------------------------------------------------------------------------- /PPLFault/Payload.rc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/PPLFault/Payload.rc -------------------------------------------------------------------------------- /PPLFault/entry.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/PPLFault/entry.c -------------------------------------------------------------------------------- /PPLFault/fnptr.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/PPLFault/fnptr.h -------------------------------------------------------------------------------- /PPLFault/makebof.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/PPLFault/makebof.bat -------------------------------------------------------------------------------- /PPLFault/pplfault.cna: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/PPLFault/pplfault.cna -------------------------------------------------------------------------------- /PPLFault/relocations: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/PPLFault/relocations -------------------------------------------------------------------------------- /PPLFault/resource.h: -------------------------------------------------------------------------------- 1 | #define RES_PAYLOAD 1000 2 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/README.md -------------------------------------------------------------------------------- /Utils/Logging.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/Utils/Logging.h -------------------------------------------------------------------------------- /Utils/MemoryCommand.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/Utils/MemoryCommand.c -------------------------------------------------------------------------------- /Utils/MemoryCommand.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/Utils/MemoryCommand.h -------------------------------------------------------------------------------- /Utils/PayloadUtils.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/Utils/PayloadUtils.c -------------------------------------------------------------------------------- /Utils/PayloadUtils.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/Utils/PayloadUtils.h -------------------------------------------------------------------------------- /common/anticrash.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/common/anticrash.c -------------------------------------------------------------------------------- /common/base.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/common/base.c -------------------------------------------------------------------------------- /common/beacon.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/common/beacon.h -------------------------------------------------------------------------------- /common/bofdefs.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/common/bofdefs.h -------------------------------------------------------------------------------- /common/injection.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/common/injection.c -------------------------------------------------------------------------------- /common/ntdefs.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/common/ntdefs.h -------------------------------------------------------------------------------- /common/queue.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/common/queue.c -------------------------------------------------------------------------------- /common/stack.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/common/stack.c -------------------------------------------------------------------------------- /common/wmi.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/common/wmi.c -------------------------------------------------------------------------------- /common/wmi.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/common/wmi.h -------------------------------------------------------------------------------- /images/cs.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/images/cs.jpeg -------------------------------------------------------------------------------- /phnt/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/phnt/README.md -------------------------------------------------------------------------------- /phnt/include/ntbcd.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/phnt/include/ntbcd.h -------------------------------------------------------------------------------- /phnt/include/ntdbg.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/phnt/include/ntdbg.h -------------------------------------------------------------------------------- /phnt/include/ntexapi.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/phnt/include/ntexapi.h -------------------------------------------------------------------------------- /phnt/include/ntgdi.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/phnt/include/ntgdi.h -------------------------------------------------------------------------------- /phnt/include/ntioapi.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/phnt/include/ntioapi.h -------------------------------------------------------------------------------- /phnt/include/ntkeapi.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/phnt/include/ntkeapi.h -------------------------------------------------------------------------------- /phnt/include/ntldr.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/phnt/include/ntldr.h -------------------------------------------------------------------------------- /phnt/include/ntlpcapi.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/phnt/include/ntlpcapi.h -------------------------------------------------------------------------------- /phnt/include/ntmisc.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/phnt/include/ntmisc.h -------------------------------------------------------------------------------- /phnt/include/ntmmapi.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/phnt/include/ntmmapi.h -------------------------------------------------------------------------------- /phnt/include/ntnls.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/phnt/include/ntnls.h -------------------------------------------------------------------------------- /phnt/include/ntobapi.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/phnt/include/ntobapi.h -------------------------------------------------------------------------------- /phnt/include/ntpebteb.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/phnt/include/ntpebteb.h -------------------------------------------------------------------------------- /phnt/include/ntpfapi.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/phnt/include/ntpfapi.h -------------------------------------------------------------------------------- /phnt/include/ntpnpapi.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/phnt/include/ntpnpapi.h -------------------------------------------------------------------------------- /phnt/include/ntpoapi.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/phnt/include/ntpoapi.h -------------------------------------------------------------------------------- /phnt/include/ntpsapi.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/phnt/include/ntpsapi.h -------------------------------------------------------------------------------- /phnt/include/ntregapi.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/phnt/include/ntregapi.h -------------------------------------------------------------------------------- /phnt/include/ntrtl.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/phnt/include/ntrtl.h -------------------------------------------------------------------------------- /phnt/include/ntsam.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/phnt/include/ntsam.h -------------------------------------------------------------------------------- /phnt/include/ntseapi.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/phnt/include/ntseapi.h -------------------------------------------------------------------------------- /phnt/include/ntsmss.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/phnt/include/ntsmss.h -------------------------------------------------------------------------------- /phnt/include/nttmapi.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/phnt/include/nttmapi.h -------------------------------------------------------------------------------- /phnt/include/nttp.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/phnt/include/nttp.h -------------------------------------------------------------------------------- /phnt/include/ntwow64.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/phnt/include/ntwow64.h -------------------------------------------------------------------------------- /phnt/include/ntxcapi.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/phnt/include/ntxcapi.h -------------------------------------------------------------------------------- /phnt/include/ntzwapi.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/phnt/include/ntzwapi.h -------------------------------------------------------------------------------- /phnt/include/phnt.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/phnt/include/phnt.h -------------------------------------------------------------------------------- /phnt/include/phnt_ntdef.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/phnt/include/phnt_ntdef.h -------------------------------------------------------------------------------- /phnt/include/phnt_windows.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/phnt/include/phnt_windows.h -------------------------------------------------------------------------------- /phnt/include/subprocesstag.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/phnt/include/subprocesstag.h -------------------------------------------------------------------------------- /phnt/include/winsta.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/phnt/include/winsta.h -------------------------------------------------------------------------------- /phnt/zw_options.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/trustedsec/PPLFaultDumpBOF/HEAD/phnt/zw_options.txt --------------------------------------------------------------------------------