diff options
| -rw-r--r-- | sysmap/src/main.cpp | 2 | ||||
| -rw-r--r-- | sysmap/src/mapper/process.h | 18 |
2 files changed, 18 insertions, 2 deletions
diff --git a/sysmap/src/main.cpp b/sysmap/src/main.cpp index 871be35..4c73340 100644 --- a/sysmap/src/main.cpp +++ b/sysmap/src/main.cpp @@ -43,6 +43,8 @@ int main(int argc, char* argv[]) { g_syscalls.init(); + io::log<info>("waiting for {}", args[0]); + process::process_x64_t proc; if (NT_SUCCESS(proc.attach(args[0]))) { io::log<info>("attached!"); diff --git a/sysmap/src/mapper/process.h b/sysmap/src/mapper/process.h index 77f7185..9d6da35 100644 --- a/sysmap/src/mapper/process.h +++ b/sysmap/src/mapper/process.h @@ -154,7 +154,19 @@ namespace process { return ret; } - NTSTATUS close(HANDLE handle) { + NTSTATUS create_thread(uintptr_t start, HANDLE *out) { + static auto nt_create = g_syscalls.get<decltype(&NtCreateThreadEx)>("NtCreateThreadEx"); + + return nt_create(out, THREAD_ALL_ACCESS, nullptr, handle, reinterpret_cast<LPTHREAD_START_ROUTINE>(start), 0, 0x4, 0, 0, 0, 0); + } + + NTSTATUS wait(HANDLE h) { + static auto nt_wait = g_syscalls.get<decltype(&NtWaitForSingleObject)>("NtWaitForSingleObject"); + + return nt_wait(h, false, nullptr); + } + + static NTSTATUS close(HANDLE handle) { static auto nt_close = g_syscalls.get<decltype(&NtClose)>("NtClose"); auto ret = nt_close(handle); @@ -448,7 +460,9 @@ namespace process { write(shellcode_base, shellcode.data(), shellcode.size()); - CreateRemoteThread(handle, 0, 0, (LPTHREAD_START_ROUTINE)shellcode_base, 0, 0, 0); + HANDLE thread_handle; + create_thread(shellcode_base, &thread_handle); + wait(thread_handle); io::log<log_lvl::info>("mapped target image"); |