 
 



     :
*       
*           
*   BlueKeep  .


 

           -   .
,  -     http://galamatics.com/jomangi1.png  http://galamatics.com/jomangi2.png
(   DownloadFromUrlA)   .  - :
    ,    ROP.
 ,              .

      :
-    Windows
-  Windows
- LDAP

      module_HOWTO.




       module_HOWTO.

     .

  :
1)    :
-       Exploit(const char* hostname) (       )
-         
-     ,        ,  .
 -   ,       .
 "  "   (     ) -     .

    :
-    config.h ,     .
        .
,    FOO, 

config.h:
#define FOO
#undef BAR

foo.cpp:
#include "config.h"
#ifdef FOO
...
code here
...
#endif

-         
-       Visual Studio   
              .
      .

2)      BlueKeep       .
  BlueKeep:
https://github.com/umarfarook882/CVE-2019-0708
https://github.com/n1xbyte/CVE-2019-0708
https://github.com/adalenv/CVE-2019-0708-Tool
https://github.com/gobysec/CVE-2019-0708
https://github.com/Ekultek/BlueKeep
https://github.com/robertdavidgraham/rdpscan
https://github.com/zerosum0x0/CVE-2019-0708
https://github.com/dothanthitiendiettiende/BlueKeep
https://github.com/Ekultek/BlueKeep/blob/master/bluekeep_poc.py

3)  
-    Andrivet Advanced Obfuscator,    MetaString4.h
-     GetApi
-   :
  + Module wormDll build %date% %time% started -   
  + Trying %sploit% on %hostname% (%addr%)     -     
-       .    ,    ,    .log
   .
-        Debug, Release_logged.   Release_nologs   
(  LOG_TO_FILE, LOG_TO_CONSOLE)
