#include "stdafx.h"

namespace Hijack {
	BOOLEAN HijackViaHook(Comm::Process &process, PVOID entry, LPCWSTR moduleName, LPCSTR functionName) {
		printf("\n[-] hijacking execution via hook\n");

		PBYTE remoteModuleBase = NULL;
		DWORD remoteModuleSize = 0;
		if (process.Module(moduleName, &remoteModuleBase, &remoteModuleSize) != ERROR_SUCCESS) {
			errorf("failed to find module %ws in process\n", moduleName);
			return FALSE;
		}

		auto module = LoadLibrary(moduleName);
		if (!module) {
			errorf("failed to load module %ws\n", moduleName);
			return FALSE;
		}

		auto function = reinterpret_cast<PBYTE>(GetProcAddress(module, functionName));
		if (!function) {
			errorf("failed to find function %ws:%s\n", moduleName, functionName);
			return FALSE;
		}

		auto remoteFunction = remoteModuleBase + (function - reinterpret_cast<PBYTE>(module));

		BYTE shellcode[] = { 0x00, 0x48, 0xB8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x48, 0xBA, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x48, 0x89, 0x10, 0x48, 0xBA, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x48, 0x89, 0x50, 0x08, 0x48, 0x83, 0xEC, 0x28, 0x48, 0xBA, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0x15, 0x02, 0x00, 0x00, 0x00, 0xEB, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x48, 0x83, 0xC4, 0x28, 0x48, 0x31, 0xC0, 0xC6, 0x05, 0xAE, 0xFF, 0xFF, 0xFF, 0x01, 0xC3 };
		*reinterpret_cast<PVOID *>(&shellcode[3]) = remoteFunction;
		process.Read(&shellcode[13], remoteFunction, sizeof(ULONG64));
		process.Read(&shellcode[26], remoteFunction + sizeof(ULONG64), sizeof(ULONG64));
		*reinterpret_cast<PVOID *>(&shellcode[60]) = entry;

		auto mappedShellcode = reinterpret_cast<PBYTE>(process.Alloc(sizeof(shellcode), PAGE_EXECUTE_READWRITE));
		if (!mappedShellcode) {
			errorf("failed to allocate virtual memory for hook hijack shellcode\n");
			return FALSE;
		}

		process.Write(mappedShellcode, shellcode, sizeof(shellcode));

		BYTE jump[14] = { 0xFF, 0x25, 0x00, 0x00, 0x00, 0x00 };
		*reinterpret_cast<PVOID *>(&jump[6]) = mappedShellcode + 1;

		DWORD protect = PAGE_EXECUTE_READWRITE;
		process.Protect(remoteFunction, 2 * sizeof(ULONG64), &protect);

		process.Write(remoteFunction, jump, sizeof(jump));

		printf("[+] waiting for shellcode to execute...\n");
		for (auto functionBytes = 0ULL;; Sleep(1)) {
			if (process.Read(&functionBytes, remoteFunction + 6, sizeof(functionBytes)) != ERROR_SUCCESS) {
				errorf("failed to read function bytes at %p\n", remoteFunction + 6);
				return FALSE;
			}

			if (functionBytes != *reinterpret_cast<PULONG64>(&jump[6])) {
				break;
			}
		}

		process.Protect(remoteFunction, sizeof(jump), &protect);

		for (BYTE status = 0;; Sleep(1)) {
			if (process.Read(&status, mappedShellcode, sizeof(status)) != ERROR_SUCCESS) {
				errorf("failed to read shellcode status at %p\n", mappedShellcode);
				return FALSE;
			}

			if (status) {
				break;
			}
		}

		process.Free(mappedShellcode);

		printf("[+] executed\n");

		return TRUE;
	}
}

C++ Online Compiler

Write, Run & Share C++ code online using OneCompiler's C++ online compiler for free. It's one of the robust, feature-rich online compilers for C++ language, running on the latest version 17. Getting started with the OneCompiler's C++ compiler is simple and pretty fast. The editor shows sample boilerplate code when you choose language as C++ and start coding!

Read inputs from stdin

OneCompiler's C++ online compiler supports stdin and users can give inputs to programs using the STDIN textbox under the I/O tab. Following is a sample program which takes name as input and print your name with hello.

#include <iostream>
#include <string>
using namespace std;

int main() 
{
    string name;
    cout << "Enter name:";
    getline (cin, name);
    cout << "Hello " << name;
    return 0;
}

About C++

C++ is a widely used middle-level programming language.

  • Supports different platforms like Windows, various Linux flavours, MacOS etc
  • C++ supports OOPS concepts like Inheritance, Polymorphism, Encapsulation and Abstraction.
  • Case-sensitive
  • C++ is a compiler based language
  • C++ supports structured programming language
  • C++ provides alot of inbuilt functions and also supports dynamic memory allocation.
  • Like C, C++ also allows you to play with memory using Pointers.

Syntax help

Loops

1. If-Else:

When ever you want to perform a set of operations based on a condition If-Else is used.

if(conditional-expression) {
   //code
}
else {
   //code
}

You can also use if-else for nested Ifs and If-Else-If ladder when multiple conditions are to be performed on a single variable.

2. Switch:

Switch is an alternative to If-Else-If ladder.

switch(conditional-expression){    
case value1:    
 // code    
 break;  // optional  
case value2:    
 // code    
 break;  // optional  
......    
    
default:     
 code to be executed when all the above cases are not matched;    
}

3. For:

For loop is used to iterate a set of statements based on a condition.

for(Initialization; Condition; Increment/decrement){  
  //code  
}

4. While:

While is also used to iterate a set of statements based on a condition. Usually while is preferred when number of iterations are not known in advance.

while (condition) {  
// code 
}

5. Do-While:

Do-while is also used to iterate a set of statements based on a condition. It is mostly used when you need to execute the statements atleast once.

do {  
 // code 
} while (condition);

Functions

Function is a sub-routine which contains set of statements. Usually functions are written when multiple calls are required to same set of statements which increases re-usuability and modularity. Function gets run only when it is called.

How to declare a Function:

return_type function_name(parameters);

How to call a Function:

function_name (parameters)

How to define a Function:

return_type function_name(parameters) {  
 // code
}