Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/Cracked5pider/Stardust
A modern 64-bit position independent implant template
https://github.com/Cracked5pider/Stardust
Last synced: about 2 months ago
JSON representation
A modern 64-bit position independent implant template
- Host: GitHub
- URL: https://github.com/Cracked5pider/Stardust
- Owner: Cracked5pider
- Created: 2022-02-20T01:23:35.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2024-05-18T17:56:03.000Z (4 months ago)
- Last Synced: 2024-07-29T05:37:09.479Z (about 2 months ago)
- Language: C
- Homepage: https://5pider.net/blog/2024/01/27/modern-shellcode-implant-design
- Size: 129 KB
- Stars: 991
- Watchers: 20
- Forks: 154
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Stardust
An modern 64-bit position independent implant template.
- raw strings
- global instance
- compile time hashing
```c
#include
#include
FUNC VOID Main(
_In_ PVOID Param
) {
STARDUST_INSTANCE
PVOID Message = { 0 };
//
// resolve kernel32.dll related functions
//
if ( ( Instance()->Modules.Kernel32 = LdrModulePeb( H_MODULE_KERNEL32 ) ) ) {
if ( ! ( Instance()->Win32.LoadLibraryW = LdrFunction( Instance()->Modules.Kernel32, HASH_STR( "LoadLibraryW" ) ) ) ) {
return;
}
}
//
// resolve user32.dll related functions
//
if ( ( Instance()->Modules.User32 = Instance()->Win32.LoadLibraryW( L"User32" ) ) ) {
if ( ! ( Instance()->Win32.MessageBoxW = LdrFunction( Instance()->Modules.User32, HASH_STR( "MessageBoxW" ) ) ) ) {
return;
}
}
Message = NtCurrentPeb()->ProcessParameters->ImagePathName.Buffer;
//
// pop da message
//
Instance()->Win32.MessageBoxW( NULL, Message, L"Stardust MessageBox", MB_OK );
}
```
## How does it work ?
I have written a [Blog post](https://5pider.net/blog/2024/01/27/modern-shellcode-implant-design/) about how it fully works and the reason behind it.
