Beacon BOFs

Beacon currently supports the following BOF APIs:

// Data Parser API
char* BeaconDataExtract (datap * parser, int * size)
int BeaconDataInt (datap * parser)
int BeaconDataLength (datap * parser)
void BeaconDataParse (datap * parser, char * buffer, int size)
short BeaconDataShort (datap * parser)

// Output API
void BeaconPrintf (int type, char * fmt, ...)
void BeaconOutput (int type, char * data, int len)

//  Format API
void BeaconFormatAlloc (formatp * obj, int maxsz)
void BeaconFormatAppend (formatp * obj, char * data, int len)
void BeaconFormatFree (formatp * obj)
void BeaconFormatInt (formatp * obj, int val)
void BeaconFormatPrintf (formatp * obj, char * fmt, ...)
void BeaconFormatReset (formatp * obj)
char* BeaconFormatToString (formatp * obj, int * size)

// Internal APIs
BOOL BeaconUseToken (HANDLE token)
void BeaconRevertToken ()
BOOL BeaconIsAdmIn ()
BOOL toWideChar (char * src, wchar_t * dst, int max)

BOOL BeaconAddValue (const char * key, void * ptr);
void * BeaconGetValue (const char * key);
BOOL BeaconRemoveValue (const char * key);

Unsupported BOF APIs:

void BeaconDataPtr(datap * parser, int size)
void BeaconGetSpawnTo (BOOL x86, char * buffer, int length)
BOOL BeaconSpawnTemporaryProcess (BOOL x86, BOOL ignoreToken, STARTUPINFO * sInfo, PROCESS_INFORMATION * pInfo)
void BeaconInjectProcess (HANDLE hProc, int pid, char * payload, int payload_len, int payload_offset, char * arg, int arg_len)
void BeaconInjectTemporaryProcess (PROCESS_INFORMATION * pInfo, char * payload, int payload_len, int payload_offset, char * arg, int arg_len)
void BeaconCleanupProcess (PROCESS_INFORMATION * pInfo)
PDATA_STORE_OBJECT BeaconDataStoreGetItem (size_t index)
void BeaconDataStoreProtectItem (size_t index)
void BeaconDataStoreUnprotectItem (size_t index)
size_t BeaconDataStoreMaxEntries ()
void BeaconInformation (BEACON_INFO * info);
char* BeaconGetCustomUserData ()
BOOL BeaconGetSyscallInformation(PBEACON_SYSCALLS info, BOOL resolveIfNotInitialized)

LPVOID BeaconVirtualAlloc(LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect);
LPVOID BeaconVirtualAllocEx(HANDLE processHandle, LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect);
BOOL BeaconVirtualProtect(LPVOID lpAddress, SIZE_T dwSize, DWORD flNewProtect, PDWORD lpflOldProtect);
BOOL BeaconVirtualProtectEx(HANDLE processHandle, LPVOID lpAddress, SIZE_T dwSize, DWORD flNewProtect, PDWORD lpflOldProtect);
BOOL BeaconVirtualFree(LPVOID lpAddress, SIZE_T dwSize, DWORD dwFreeType);
BOOL BeaconGetThreadContext(HANDLE threadHandle, PCONTEXT threadContext);
BOOL BeaconSetThreadContext(HANDLE threadHandle, PCONTEXT threadContext);
DWORD BeaconResumeThread(HANDLE threadHandle);
HANDLE BeaconOpenProcess(DWORD desiredAccess, BOOL inheritHandle, DWORD processId);
HANDLE BeaconOpenThread(DWORD desiredAccess, BOOL inheritHandle, DWORD threadId);
BOOL BeaconCloseHandle(HANDLE object);
BOOL BeaconUnmapViewOfFile(LPCVOID baseAddress);
SIZE_T BeaconVirtualQuery(LPCVOID address, PMEMORY_BASIC_INFORMATION buffer, SIZE_T length);
BOOL BeaconDuplicateHandle(HANDLE hSourceProcessHandle, HANDLE hSourceHandle, HANDLE hTargetProcessHandle, LPHANDLE lpTargetHandle, DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwOptions);
BOOL BeaconReadProcessMemory(HANDLE hProcess, LPCVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T *lpNumberOfBytesRead);
BOOL BeaconWriteProcessMemory(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T *lpNumberOfBytesWritten);
VOID BeaconDisableBeaconGate();
VOID BeaconEnableBeaconGate();

PreviousBeacon NextGopher

Last updated 18 days ago

// Data Parser API char* BeaconDataExtract (datap * parser, int * size) int BeaconDataInt (datap * parser) int BeaconDataLength (datap * parser) void BeaconDataParse (datap * parser, char * buffer, int size) short BeaconDataShort (datap * parser) // Output API void BeaconPrintf (int type, char * fmt, ...) void BeaconOutput (int type, char * data, int len) // Format API void BeaconFormatAlloc (formatp * obj, int maxsz) void BeaconFormatAppend (formatp * obj, char * data, int len) void BeaconFormatFree (formatp * obj) void BeaconFormatInt (formatp * obj, int val) void BeaconFormatPrintf (formatp * obj, char * fmt, ...) void BeaconFormatReset (formatp * obj) char* BeaconFormatToString (formatp * obj, int * size) // Internal APIs BOOL BeaconUseToken (HANDLE token) void BeaconRevertToken () BOOL BeaconIsAdmIn () BOOL toWideChar (char * src, wchar_t * dst, int max) BOOL BeaconAddValue (const char * key, void * ptr); void * BeaconGetValue (const char * key); BOOL BeaconRemoveValue (const char * key);

void BeaconDataPtr(datap * parser, int size) void BeaconGetSpawnTo (BOOL x86, char * buffer, int length) BOOL BeaconSpawnTemporaryProcess (BOOL x86, BOOL ignoreToken, STARTUPINFO * sInfo, PROCESS_INFORMATION * pInfo) void BeaconInjectProcess (HANDLE hProc, int pid, char * payload, int payload_len, int payload_offset, char * arg, int arg_len) void BeaconInjectTemporaryProcess (PROCESS_INFORMATION * pInfo, char * payload, int payload_len, int payload_offset, char * arg, int arg_len) void BeaconCleanupProcess (PROCESS_INFORMATION * pInfo) PDATA_STORE_OBJECT BeaconDataStoreGetItem (size_t index) void BeaconDataStoreProtectItem (size_t index) void BeaconDataStoreUnprotectItem (size_t index) size_t BeaconDataStoreMaxEntries () void BeaconInformation (BEACON_INFO * info); char* BeaconGetCustomUserData () BOOL BeaconGetSyscallInformation(PBEACON_SYSCALLS info, BOOL resolveIfNotInitialized) LPVOID BeaconVirtualAlloc(LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect); LPVOID BeaconVirtualAllocEx(HANDLE processHandle, LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect); BOOL BeaconVirtualProtect(LPVOID lpAddress, SIZE_T dwSize, DWORD flNewProtect, PDWORD lpflOldProtect); BOOL BeaconVirtualProtectEx(HANDLE processHandle, LPVOID lpAddress, SIZE_T dwSize, DWORD flNewProtect, PDWORD lpflOldProtect); BOOL BeaconVirtualFree(LPVOID lpAddress, SIZE_T dwSize, DWORD dwFreeType); BOOL BeaconGetThreadContext(HANDLE threadHandle, PCONTEXT threadContext); BOOL BeaconSetThreadContext(HANDLE threadHandle, PCONTEXT threadContext); DWORD BeaconResumeThread(HANDLE threadHandle); HANDLE BeaconOpenProcess(DWORD desiredAccess, BOOL inheritHandle, DWORD processId); HANDLE BeaconOpenThread(DWORD desiredAccess, BOOL inheritHandle, DWORD threadId); BOOL BeaconCloseHandle(HANDLE object); BOOL BeaconUnmapViewOfFile(LPCVOID baseAddress); SIZE_T BeaconVirtualQuery(LPCVOID address, PMEMORY_BASIC_INFORMATION buffer, SIZE_T length); BOOL BeaconDuplicateHandle(HANDLE hSourceProcessHandle, HANDLE hSourceHandle, HANDLE hTargetProcessHandle, LPHANDLE lpTargetHandle, DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwOptions); BOOL BeaconReadProcessMemory(HANDLE hProcess, LPCVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T *lpNumberOfBytesRead); BOOL BeaconWriteProcessMemory(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T *lpNumberOfBytesWritten); VOID BeaconDisableBeaconGate(); VOID BeaconEnableBeaconGate();