Beacon BOFs

AX BOF APIs:

void AxAddScreenshot(char* note, char* data, int len);
void AxDownloadMemory(char* filename, char* data, int len);

Beacon currently supports the following BOF APIs:

// Data Parser API
char* BeaconDataExtract (datap * parser, int * size)
int BeaconDataInt (datap * parser)
int BeaconDataLength (datap * parser)
void BeaconDataParse (datap * parser, char * buffer, int size)
short BeaconDataShort (datap * parser)

// Output API
void BeaconPrintf (int type, char * fmt, ...)
void BeaconOutput (int type, char * data, int len)

//  Format API
void BeaconFormatAlloc (formatp * obj, int maxsz)
void BeaconFormatAppend (formatp * obj, char * data, int len)
void BeaconFormatFree (formatp * obj)
void BeaconFormatInt (formatp * obj, int val)
void BeaconFormatPrintf (formatp * obj, char * fmt, ...)
void BeaconFormatReset (formatp * obj)
char* BeaconFormatToString (formatp * obj, int * size)

// Internal APIs
BOOL BeaconUseToken (HANDLE token)
void BeaconRevertToken ()
BOOL BeaconIsAdmIn ()
BOOL toWideChar (char * src, wchar_t * dst, int max)

BOOL BeaconAddValue (const char * key, void * ptr);
void * BeaconGetValue (const char * key);
BOOL BeaconRemoveValue (const char * key);

Unsupported BOF APIs:

void BeaconDataPtr(datap * parser, int size)
void BeaconGetSpawnTo (BOOL x86, char * buffer, int length)
BOOL BeaconSpawnTemporaryProcess (BOOL x86, BOOL ignoreToken, STARTUPINFO * sInfo, PROCESS_INFORMATION * pInfo)
void BeaconInjectProcess (HANDLE hProc, int pid, char * payload, int payload_len, int payload_offset, char * arg, int arg_len)
void BeaconInjectTemporaryProcess (PROCESS_INFORMATION * pInfo, char * payload, int payload_len, int payload_offset, char * arg, int arg_len)
void BeaconCleanupProcess (PROCESS_INFORMATION * pInfo)
PDATA_STORE_OBJECT BeaconDataStoreGetItem (size_t index)
void BeaconDataStoreProtectItem (size_t index)
void BeaconDataStoreUnprotectItem (size_t index)
size_t BeaconDataStoreMaxEntries ()
void BeaconInformation (BEACON_INFO * info);
char* BeaconGetCustomUserData ()
BOOL BeaconGetSyscallInformation(PBEACON_SYSCALLS info, BOOL resolveIfNotInitialized)

LPVOID BeaconVirtualAlloc(LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect);
LPVOID BeaconVirtualAllocEx(HANDLE processHandle, LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect);
BOOL BeaconVirtualProtect(LPVOID lpAddress, SIZE_T dwSize, DWORD flNewProtect, PDWORD lpflOldProtect);
BOOL BeaconVirtualProtectEx(HANDLE processHandle, LPVOID lpAddress, SIZE_T dwSize, DWORD flNewProtect, PDWORD lpflOldProtect);
BOOL BeaconVirtualFree(LPVOID lpAddress, SIZE_T dwSize, DWORD dwFreeType);
BOOL BeaconGetThreadContext(HANDLE threadHandle, PCONTEXT threadContext);
BOOL BeaconSetThreadContext(HANDLE threadHandle, PCONTEXT threadContext);
DWORD BeaconResumeThread(HANDLE threadHandle);
HANDLE BeaconOpenProcess(DWORD desiredAccess, BOOL inheritHandle, DWORD processId);
HANDLE BeaconOpenThread(DWORD desiredAccess, BOOL inheritHandle, DWORD threadId);
BOOL BeaconCloseHandle(HANDLE object);
BOOL BeaconUnmapViewOfFile(LPCVOID baseAddress);
SIZE_T BeaconVirtualQuery(LPCVOID address, PMEMORY_BASIC_INFORMATION buffer, SIZE_T length);
BOOL BeaconDuplicateHandle(HANDLE hSourceProcessHandle, HANDLE hSourceHandle, HANDLE hTargetProcessHandle, LPHANDLE lpTargetHandle, DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwOptions);
BOOL BeaconReadProcessMemory(HANDLE hProcess, LPCVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T *lpNumberOfBytesRead);
BOOL BeaconWriteProcessMemory(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T *lpNumberOfBytesWritten);
VOID BeaconDisableBeaconGate();
VOID BeaconEnableBeaconGate();

PreviousBeacon NextGopher

Last updated 3 months ago