search

bytecode77 / r77-rootkit

Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.
https://bytecode77.com/r77-rootkit
BSD 2-Clause "Simplified" License
1.55k stars 383 forks source link

How do I communicate with the rootkit? #37

Closed WilleLX1 closed 1 year ago

WilleLX1 commented 1 year ago

Hello! This is most likely a simple question, but I desperately need assistance. So I know that the rootkit starts a pipe and that any data I send to it is executed. The only issue here is that I have no idea how or what data I should send. Any assistance would be greatly appreciated. Regards WilleLX1

bytecode77 commented 1 year ago

There are several control codes that you can send to the control pipe (documentation section 3.3 Control Pipe).

For example CONTROL_USER_SHELLEXEC or CONTROL_USER_RUNPE are useful control codes to execute an EXE file.

There is a code example in C++ to demonstrate sending a ShellExec control code. Data that you send must be in a specific format that is described in the documentation and that you can get a better grasp on from the example.

Other control codes just have different parameters, but the logic is always the same.

WilleLX1 commented 1 year ago

Hello again! Thank you for the help, I really appreciate it.

Regards WilleLX1