zeromemoryex / amsi-killer Goto Github PK

This does not seem to work for me. Alternatively, I am doing something wrong.

Hello! I've been testing your project.

I've been able to replace the specific PID target (e.g., powershell.exe) with:

tpid = GetCurrentProcessId(); so that I can use it in Nettitude's RunPE: https://github.com/nettitude/RunPE/

I've been trying to add command line arguments so that I can target a specific PID, a specific process name (e.g., powershell.exe) or if no arguments are passed, just use it's own ProcessID.

I'm having issues with GetPID function and passing in command line arguments. For RunPE, the program needs to use CommandLineToArgvW Detailed Here: nettitude/RunPE#11

I'm having trouble getting GetPID to allow me to pass an argument with LPWSTR instead of LPCSTR, but I have been unsuccessful. Even trying to pass a PID directly doesn't seem to work.

Sample code below:

int
wmain() {

	int nArgs;
	LPWSTR* szArglist;

	szArglist = CommandLineToArgvW(GetCommandLineW(), &nArgs);

	BYTE pattern[] = { 0x48,'?','?', 0x74,'?',0x48,'?' ,'?' ,0x74,'?' ,0x48,'?' ,'?' ,'?' ,'?',0x74,0x33 };

	DWORD patternSize = sizeof(pattern);
	DWORD tpid = 0;

	if (nArgs > 1) {
		if (wcscmp(L"-i", szArglist[1]) == 0) {
			tpid = std::stoi(szArglist[2]);
		}
		if (wcscmp(L"-n", szArglist[1]) == 0) {
			USES_CONVERSION;
			tpid = GetPID(W2A(szArglist[2]));
		}
	}
	else {
		tpid = GetCurrentProcessId();
	}

	if (!tpid) {
		printf("Did not get a handle to the process. Exiting.");
		return -1;
	}


	printf("PID: %d\n", tpid);

When i try to run amsi-killer, no outpt nor any help menu and when i passed exe as argument still no output and no changes in passed exe.

Really helpful if you tell how to use

thanks for sharing, actually i get this error compiling the code

Build started...
1>------ Build started: Project: Amsi-Killer, Configuration: Release x64 ------
1>Source.cpp
1>C:\temp\Amsi-Killer\Amsi-Killer\Source.cpp(33,10): error C2664: 'int _stricmp(const char *,const char *)': cannot convert argument 1 from 'WCHAR [260]' to 'const char *'
1>C:\temp\Amsi-Killer\Amsi-Killer\Source.cpp(33,21): message : Types pointed to are unrelated; conversion requires reinterpret_cast, C-style cast or parenthesized function-style cast
1>C:\Program Files (x86)\Windows Kits\10\Include\10.0.22621.0\ucrt\string.h(189,22): message : see declaration of '_stricmp'
1>C:\temp\Amsi-Killer\Amsi-Killer\Source.cpp(33,10): message : while trying to match the argument list '(WCHAR [260], LPCSTR)'
1>Done building project "Amsi-Killer.vcxproj" -- FAILED.
========== Build: 0 succeeded, 1 failed, 0 up-to-date, 0 skipped ==========

using windows 10 version 21h2 (build 19044.2604
Microsoft Visual Studio Community 2022
Version 17.5.0
VisualStudio.17.Release/17.5.0+33414.496
Microsoft .NET Framework
Version 4.8.09037

Installed Version: Community

Visual C++ 2022 00482-90000-00000-AA885
Microsoft Visual C++ 2022

ASP.NET and Web Tools 17.5.317.37931
ASP.NET and Web Tools

Azure App Service Tools v3.0.0 17.5.317.37931
Azure App Service Tools v3.0.0

C# Tools 4.5.0-6.23109.5+6a5a63bbc9f4449d9bd1e95a8f9624939c3ccdc3
C# components used in the IDE. Depending on your project type and settings, a different version of the compiler may be used.

Cookiecutter 17.0.22336.2
Provides tools for finding, instantiating and customizing templates in cookiecutter format.

Microsoft JVM Debugger 1.0
Provides support for connecting the Visual Studio debugger to JDWP compatible Java Virtual Machines

Node.js Tools 1.5.50105.3 Commit Hash:882de61a7c99ae988d4c62029301292a3e0b1d56
Adds support for developing and debugging Node.js apps in Visual Studio

NuGet Package Manager 6.5.0
NuGet Package Manager in Visual Studio. For more information about NuGet, visit https://docs.nuget.org/

Python - Profiling support 17.0.22336.2
Profiling support for Python projects.

Python with Pylance 17.0.22336.2
Provides IntelliSense, projects, templates, debugging, interactive windows, and other support for Python developers.

Test Adapter for Boost.Test 1.0
Enables Visual Studio's testing tools with unit tests written for Boost.Test. The use terms and Third Party Notices are available in the extension installation directory.

Test Adapter for Google Test 1.0
Enables Visual Studio's testing tools with unit tests written for Google Test. The use terms and Third Party Notices are available in the extension installation directory.

TypeScript Tools 17.0.20105.2003
TypeScript Tools for Microsoft Visual Studio

Visual Basic Tools 4.5.0-6.23109.5+6a5a63bbc9f4449d9bd1e95a8f9624939c3ccdc3
Visual Basic components used in the IDE. Depending on your project type and settings, a different version of the compiler may be used.

Visual F# Tools 17.5.0-beta.23053.5+794b7c259d9646a7eb685dad865aa27da7940a21
Microsoft Visual F# Tools

Visual Studio IntelliCode 2.2
AI-assisted development for Visual Studio.