# BOF and Extensions

{% hint style="info" %}
Official extensions: <https://github.com/Adaptix-Framework/Extension-Kit>
{% endhint %}

## Beacon Object Files

BOF is just a block of position-independent code that receives pointers to some Beacon internal APIs. BOFs are single-file C programs that call Win32 APIs and limited [Beacon APIs](https://hstechdocs.helpsystems.com/manuals/cobaltstrike/current/userguide/content/topics/beacon-object-files_bof-c-api.htm).

AdaptixC2 expects that your BOFs are single-threaded programs that run for a short period of time. BOFs will block other agent tasks and functionality from executing. BOFs execute inside of your agent. If a BOF crashes, you will lose access. Write your BOFs carefully.

### Description of BOF for agents

{% content-ref url="../extenders/agents/beacon/beacon-bofs" %}
[beacon-bofs](https://adaptix-framework.gitbook.io/adaptix-framework/extenders/agents/beacon/beacon-bofs)
{% endcontent-ref %}

{% content-ref url="../extenders/agents/gopher/gopher-bofs" %}
[gopher-bofs](https://adaptix-framework.gitbook.io/adaptix-framework/extenders/agents/gopher/gopher-bofs)
{% endcontent-ref %}

## Extensions

{% content-ref url="../development/axscript/how-to-execute-axscript" %}
[how-to-execute-axscript](https://adaptix-framework.gitbook.io/adaptix-framework/development/axscript/how-to-execute-axscript)
{% endcontent-ref %}

<figure><img src="https://2104178602-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FS8p8XLFtLmf0NkofQvoa%2Fuploads%2FPVXLw0sNpy9JDkze8fti%2FScreenshot_20250724_194751.png?alt=media&#x26;token=e164eeab-6183-4695-8145-d74a92fe22dc" alt=""><figcaption></figcaption></figure>

The extension file is an AxScript that must start with a global definition of the metadata variable that has the following properties: .

* `name` - extension name,
* `description` - extension description
* `store` - determines whether the extension should be stored in the database (default: `true`).

```javascript
var metadata = {
    name: "Elevation-BOF",
    description: "BOFs for context elevation",
    store: true
};

// AxScript code
// ...
```

Typically, extensions register new commands to call already registered commands. An example of defining a `shell` command that calls the command `ps run -o ...`.  [See more details here](https://adaptix-framework.gitbook.io/adaptix-framework/development/axscript/axcommand-type).

{% code fullWidth="false" %}

```json
let cmd_shell = ax.create_command("shell", "Execute command via cmd.exe", "shell whoami /all");
cmd_shell.addArgString("cmd_params", true);
cmd_shell.setPreHook(function (id, cmdline, parsed_json, ...parsed_lines) {
    let new_cmd = "ps run -o C:\\Windows\\System32\\cmd.exe /c " + parsed_json["cmd_params"];
    ax.execute_alias(id, cmdline, new_cmd);
});

```

{% endcode %}

## AxScript and BOFs

You'll likely want to use AxScript to run your finalized BOF implementations within AdaptixC2. A BOF is a good place to implement a lateral movement technique, an escalation of privilege tool, or a new reconnaissance capability.

Each agent has its own command to execute BOF. For example, for a beacon agent it is `execute bof`. Here is a script to run a `screenshot_bof` BOF:

```javascript
var cmd_screenshot = ax.create_command("screenshot_bof", "Alternative screenshot capability that does not do fork n run by @codex_tf2", "screenshot -n screen1 -p 812");
cmd_screenshot.addArgFlagString("-n", "note", "Screenshot caption", "ScreenshotBOF");
cmd_screenshot.addArgFlagInt("-p", "pid", "PID of the application whose window screenshot will be taken. If 0, then a full-screen screenshot", 0);
cmd_screenshot.setPreHook(function (id, cmdline, parsed_json, ...parsed_lines) {
    let note = parsed_json["note"];
    let pid  = parsed_json["pid"];

    let bof_params = ax.bof_pack("cstr,int", [note, pid]);
    let bof_path = ax.script_dir() + "_bin/Screenshot." + ax.arch(id) + ".o";

    ax.execute_alias(id, cmdline, `execute bof ${bof_path} ${bof_params}`, "Task: Screenshot BOF");
});

```

First, the script gets the `note` and `pid` values. The next step is to pack our arguments. The [bof\_pack](https://adaptix-framework.gitbook.io/adaptix-framework/development/axscript/axfunction#bof_pack) function packs arguments in a way that is compatible with Beacon's internal data parser API. This script uses [execute\_alias](https://adaptix-framework.gitbook.io/adaptix-framework/development/axscript/axcommand-type/commands-and-hooks#execute_alias) to run BOF with its arguments.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://adaptix-framework.gitbook.io/adaptix-framework/adaptix-c2/bof-and-extensions.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.