breakingmalwareresearch / atom-bombing Goto Github PK

Hi,

I tried the PoC after understanding how the atom bombing technique works.

However, I ran into a problem when testing the technique. The injection itself works flawlessly. The problem lies in the shell code itself.

The first LoadLibraryA, which tries to load "kernel32.dll", fails (returns 0). When I do a GetLastError, it returns 0x57 = INVALID_PARAMETER. I checked that LoadLibrary is effectively called with the right parameter (cfr. screenshot, taken just before the call to LoadLibraryA).

I think this problem has nothing to do with the injection technique itself. But it puzzles me why this shellcode won't work.

Environment:

• Windows 10 build 17134
• I have tried injecting in 2 different processes (bochs.exe and exeinfope.exe). Both gave same result.

C:\Users\IEUser\Downloads\atom-bombing-master\atom-bombing-master\AtomBombingShellcode\Scripts>py Post_Link.py
Traceback (most recent call last):
File "Post_Link.py", line 31, in
main()
File "Post_Link.py", line 8, in main
exe_path = sys.argv[1]
IndexError: list index out of range

Dear BreakingMalwareResearch,

Hope you are fine. How can i use AtomBombing.exe andAtomBombingShellcode.exe in injecting? Could you please explain us?

I tried to go https://breakingmalware.com/injection-techniques/atombombing-brand-new-code-injection-for-windows but it is not answering my requests.

Thanks.

hi guys first thanks for this great job but i can't find where i put my own shellcode in main.c "AtomBombingShellcode"folder.. can you help please!

i installed python 2 and pefile for python 2 , but i got error , and unable to solve it.
or how to solve it.

My target process is mspaint.exe, and I use windows 10 x64 (build 14393).

how to use this?

I can't compile the code because AtomBombingShellcode.h is missing. I couldn't find it the repository.

Thanks

Why declare char p[]={‘c’,’s’,’/0’}; are not declared as {“cs”}
Thanks

Hello,

the Code works fine ! But iam new in Cpp, can some one explain me how to add a "Cmd Input" to Check AtomBombing on differrent Exe..

Like:

CHANGEBYUSERINPUT = Input "ENTER EXE TO TEST"
eReturn = main_OpenProcessByName(L"CHANGEBYUSERINPUT" , &hProcess);

i Tried

#include string
#include iostream

string mystr;
cout << "ENTER EXE ";
getline(cin, mystr);

cout << "EXE TO TEST = " << mystr << ".\n";;

How do i add it to

eReturn = main_OpenProcessByName(L"" , &hProcess); ?

Dear enSilo Family,

Hope you are fine. I just wondered Atom Bombing and compiled it from github. I wanted to look commands from cmd but when i entered the command help, it ran and something happened. I couldn't understand because it was in seconds. I showed you in picture below:

http://prntscr.com/kx7qsj

Could you please what does it mean? And how can i use it?

Thanks in advance.

Best Regards,