-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathself_map.h
More file actions
29 lines (26 loc) · 1.01 KB
/
self_map.h
File metadata and controls
29 lines (26 loc) · 1.01 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
#pragma once
#include <Windows.h>
#include <vector>
#include <cstdint>
// Build the self-map shellcode bytes (position-independent, callable with RCX=data_page)
std::vector<uint8_t> BuildSelfMapShellcode();
// Prepare the self-map data page in the remote process.
// Writes function pointers, desired base, and NT file path.
// Returns true on success.
// The data page layout:
// +0x00: result_base (QWORD, out)
// +0x08: result_status (DWORD, out)
// +0x10: NtOpenFile ptr
// +0x18: NtCreateSection ptr
// +0x20: NtMapViewOfSection ptr
// +0x28: NtClose ptr
// +0x30: RtlInitUnicodeString ptr
// +0x38: desired_base hint
// +0x40: done_flag (BYTE, out)
// +0x48: debug_progress (BYTE)
// +0x4C: NtOpenFile status (DWORD)
// +0x50: NtCreateSection status (DWORD)
// +0x54: NtMapView status (DWORD)
// +0x100: NT file path (widestring)
bool SetupSelfMapDataPage(HANDLE process, uint8_t* data_base,
const wchar_t* file_path, void* desired_base);