Rust-for-Malware-Development

Shellcode Execution via Remote Process using NtAPI

Overview

This Rust program demonstrates shellcode execution in a remote process using Windows NT API calls:

• NtAllocateVirtualMemory
• NtWriteVirtualMemory
• NtCreateThreadEx

Download NtMapViewOfSection PoC: Download

How this program works ?

1. Setup:
   • Accepts a target PID as a command-line argument
   • Contains a shellcode array (328 bytes, partially shown)
2. Process Access:
   • Opens the target process with PROCESS_ALL_ACCESS rights using OpenProcess
   • Loads ntdll.dll dynamically
3. Memory Allocation:
   • Uses NtAllocateVirtualMemory to allocate memory in the target process
   • Sets PAGE_EXECUTE_READWRITE (0x40) protection

   • Uses MEM_COMMIT

     MEM_RESERVE (0x3000) allocation type

4. Shellcode Injection:
   • Writes the shellcode to the allocated memory using NtWriteVirtualMemory
5. Execution:
   • Creates a new thread in the target process using NtCreateThreadEx
   • Sets the thread start address to the allocated memory containing shellcode
   • Uses maximum access rights (0x2000000) for thread creation
6. Cleanup:
   • Closes process and thread handles

Functionality

1. Allocates memory in the target process
2. Writes shellcode to the allocated memory
3. Creates a thread to execute the shellcode

Requirements

• rustc 1.85.1 (4eb161250 2025-03-15)
• Rust toolchain (stable-x86_64-pc-windows-msvc (default))
• Target process PID

Usage

cargo run --release <target_pid>

Credits / Resources

• @5mukx

This site is open source. Improve this page.