Git Product home page Git Product logo

remotecall's Introduction

RemoteCall

RemoteCall uses Kernel APC and KeUserModeCallback to execute code in arbitary process.

Specific steps are:

  • Queue a kernel APC
  • Inside kernel APC, get and set the context to driver io function, when APC is done, user mode will execute the io function
  • Inside driver io function, Execute KeUserModeCallback since it's now the context of target process
  • Return to normal exection via NtContinue in the rop.


Why not directly set the context to target function in kernel APC?
-- well, it's okay to do this but using KeUserModeCallback gives user better flexibility and user can get the return value of the function.

Pros

  • No RWX memory/Shellcode needed in target process.
  • Allows users to get the return value of the function (needs modify).

Cons

  • Can be detected by query cfg info.

Paste-Friendly

Remote Call is now paste-friendly, which makes it easier to paste and get detected.
The default config is execute a Messagebox in notepad, so you need to open a notepad.

remotecall's People

Contributors

1401199262 avatar

Stargazers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.