Skip to content

Release 2.0

Latest
Latest
Compare
Choose a tag to compare
@kkent030315 kkent030315 released this 20 May 14:44
· 15 commits to main since this release
release_2.0
fbf1774
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Release 2.0 includes libanycall, the powerful c++ static-library for anycall exploit execution.

Usage

  1. link it (e.g, #pragma comment( lib, "libanycall64" ))
  2. include (e.g, #include "libanycall.h")

For example:

#include <windows.h>
#include <iostream>

#include "libanycall.h"

#pragma comment( lib, "libanycall64" )

using PsGetCurrentProcessId = HANDLE( __fastcall* )( void );

int main( const int argc, const char** argv, const char** envp )
{
    if ( !libanycall::init( "ntdll.dll", "NtTraceControl" ) )
    {
        printf( "[!] failed to init libanycall\n" );
        return EXIT_FAILURE;
    }
    
    // invoke NT kernel APIs from usermode
    const uint32_t process_id =
        ( uint32_t )ANYCALL_INVOKE( PsGetCurrentProcessId );

    printf( "PsGetCurrentProcessId returns %d\n", process_id );

    return EXIT_SUCCESS;
}
Assets 3
Loading