Updated README.md - Commit abb29d87 - STRLCPY/ekko-rs

Updated README.md
memN0ps committed 2 years ago

abb29d87

1 parent b6e6be9f

Total 2 files Show one by one

■ ■ ■ ■ ■ ■

README.md

		skipped 1 lines
2	2
3	3		A small sleep obfuscation technique that uses `CreateTimerQueueTimer` Win32 API in Rust. This is ported from C https://github.com/Cracked5pider/Ekko/ to Rust.
4	4
	5	+	## Debugging
	6	+
	7	+	For debugging uncomment `env_logger::init();` in main and set Powershell environment variable to `$Env:RUST_LOG="info"`.
	8	+
5	9		## Credits / References
6	10
7	11		- [@C5pider](https://twitter.com/C5pider) https://github.com/Cracked5pider/Ekko/
		skipped 5 lines

■ ■ ■ ■ ■ ■

src/ekko.rs

		skipped 147 lines
148	148		rop_mem_dec.Rsp = -8 as isize as u64;
149	149		rop_mem_dec.Rip = sys_func032.unwrap() as u64;
150	150		rop_mem_dec.Rcx = &mut img as mut UNICODE_STRING as mut c_void as u64;
151		-	rop_mem_dec.Rdx = key.MaximumLength as u64;
	151	+	rop_mem_dec.Rdx = key.Length as u64;
152	152		dump_system_function036_context(&rop_mem_dec);
153	153
154	154		// pub unsafe extern "system" fn VirtualProtect(lpaddress: const c_void, dwsize: usize, flnewprotect: PAGE_PROTECTION_FLAGS, lpfloldprotect: mut PAGE_PROTECTION_FLAGS) -> BOOL
		skipped 15 lines
170	170
171	171		log::info!("[+] Rop chain built");
172	172		log::info!("[+] Queue timers");
	173	+	//unsafe { core::arch::asm!("int3") };
173	174
174	175		let result = unsafe {
175	176		CreateTimerQueueTimer(
		skipped 154 lines

Please wait...

Page is in error, reload to recover