ksc4cpp is a shellcode framework for windows kernel based on C++
modified from sc4cpp
Tested on Windows 10, Version 21H2
Clang for Windows
must using clang-cl for compiling
/O2 /Os /MT /GS- /Gs1048576 -mno-sse -Wno-address-of-temporary
cmake file:
add_subdirectory("ksd4cpp")
ksc4pp_add_shellcode(helloworld
WINVER 0x0602
shellcode.cpp
)
build:
mkdir build
cd build
cmake ..
# do not use Debug mode
cmake --build --config Release
#include <sc4cpp.h>
SC_NOINLINE
SC_CODESEG_REORDERING
DWORD WINAPI Func(PCSTR lpAnsiMsg) {
SC_IMPORT_API_BATCH_BEGIN();
SC_IMPORT_API_BATCH(DbgPrint);
SC_IMPORT_API_BATCH_END();
DbgPrint(lpAnsiMsg);
return 0;
}
SC_MAIN_BEGIN()
{
Func(SC_PISTRINGA("Hello, world!"));
}
SC_MAIN_END();
Windows x64 shellcode for locating the base address of ntoskrnl.exe
[原创]X64 Kernel Shellcode获取Ntos Base-编程技术-看雪论坛-安全社区|安全招聘|bbs.pediy.com
windpiaoxue/sc4cpp: sc4cpp is a shellcode framework based on C++