← All tools

BOF-PE

https://github.com/NetSPI/BOF-PE

Open Source

Categories

Exploitation

Description

An example reference design for a proposed BOF PE

Keywords

post-ex redteam c++

Example Usage

#include <beacon.h>
#include <string>
#include <format>
#include <exception>
#include <chrono>

// The cpp-pe is in my option the best part to come out of the BOF PE design.
// The benefits of the C++ BOF PE is full use of the C++ runtime, including classes
// with virtual functions, templates, the C++ STL library and more importantly
// exceptions.  This will enable BOF PE developers to create much cleaner code that
// is not if/else heavy which is typical of C based code which often checks for error
// codes during each function call.
//
// The drawback of this form of development is size.  The example below with Clang
// will compile to an PE that is roughly 400KB in size.  Keep in mind this sample is using std::format,
// std::string, std::chrono and exceptions. If we just make use of std::exception alone, it compiles to 80KB 

void throw_message(const char* message) {
    throw std::exception(message);
}

void print_message(const char* arg) {

    auto message = std::format("Hello from Beacon C++ PE {}, the time is now {}\n",
        arg == nullptr ? "unknown" : arg, std::chrono::system_clock::now());
    BeaconOutput(CALLBACK_OUTPUT, message.data(), message.length());

    th