Skip to content

Releases: kkent030315/anycall

Release 2.0

20 May 14:44
@kkent030315 kkent030315
release_2.0
fbf1774
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release 2.0 Latest
Latest

Release 2.0 includes libanycall, the powerful c++ static-library for anycall exploit execution.

Usage

  1. link it (e.g, #pragma comment( lib, "libanycall64" ))
  2. include (e.g, #include "libanycall.h")

For example:

#include <windows.h>
#include <iostream>

#include "libanycall.h"

#pragma comment( lib, "libanycall64" )

using PsGetCurrentProcessId = HANDLE( __fastcall* )( void );

int main( const int argc, const char** argv, const char** envp )
{
    if ( !libanycall::init( "ntdll.dll", "NtTraceControl" ) )
    {
        printf( "[!] failed to init libanycall\n" );
        return EXIT_FAILURE;
    }
    
    // invoke NT kernel APIs from usermode
    const uint32_t process_id =
        ( uint32_t )ANYCALL_INVOKE( PsGetCurrentProcessId );

    printf( "PsGetCurrentProcessId returns %d\n", process_id );

    return EXIT_SUCCESS;
}
Assets 3
Loading

Release 1.0

15 May 10:34
@kkent030315 kkent030315
release_1.0
492cab9
Compare
Choose a tag to compare
Release 1.0

Usage

anycall64.exe [module name] [procedure name]

*administrator privilege does not required to run

Following augments are supported:

  • (optional) module name the module exports [procedure name] e.g, ntdll.dll
  • (optional) procedure name the function to hook, used to fetch from both ntoskrnl and [module name] e.g, NtTraceControl

if not specified, ntdll.dll and NtTraceControl are used.

Assets 3
Loading