Skip to content
/ DynamicKernelShellcode Public

An example of how x64 kernel shellcode can dynamically find and use APIs

103 stars 31 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

DownWithUp/DynamicKernelShellcode

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
ExampleUsage.c
ExampleUsage.c
 
 
README.md
README.md
 
 
Shellcode.asm
Shellcode.asm
 
 
djb2.py
djb2.py
 
 

Repository files navigation

DynamicKernelShellcode

An example of how x64 kernel shellcode can dynamically find and use kernel APIs (exported from ntoskrnl).
Tested on Windows 10 x64 (1903)
The shellcode is capable of returning function addresses from ntoskrnl. For more practical use, it can easily be modified to call these functions. I used FASM as the assembler, but there is no special syntax so others should work. The Python file included is capable of generating the hashes needed.

Useful resources

About

An example of how x64 kernel shellcode can dynamically find and use APIs

Resources

Readme
Activity

Stars

103 stars

Watchers

5 watching

Forks

31 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages