aljaz/shadow-rs
1
1
Fork 0
mirror of https://github.com/joaoviictorti/shadow-rs.git synced 2025-12-24 02:34:22 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
05bff9341c84bb278d024cd4c2aca8081c536787
shadow-rs/docs/thread.md
joaoviictorti 8f96d4ec09 feature(driver): refactor internals and improve callback management 
- Moved and refactored several internal modules to `driver/src/internals/`:
  - Added new files: `enums.rs`, `externs.rs`, `structs.rs`, `types.rs`, and `mod.rs`.
  - Renamed `includes/vad.rs` to `internals/vad.rs` for better organization.
- Updated `callback` module:
  - Refactored `notify_routine.rs`, `object.rs`, `registry.rs`, and supporting files for better callback handling.
  - Improved callback finding mechanism in `find_callback.rs` and `ioctls.rs`.
- Adjusted `injection` module:
  - Refactored callback and I/O control handling in `callbacks.rs` and `ioctls.rs`.
- Miscellaneous improvements:
  - Updated `misc/dse.rs`, `misc/etwti.rs`, and `keylogger/mod.rs`.
  - Refactored `process`, `registry`, and `thread` modules for better maintainability.
  - Simplified utility functions in `utils/`, including `address.rs`, `handles.rs`, `patterns.rs`, and more.
  - Cleaned up and removed unused files like `.gitignore` in multiple directories.
- Updated `Cargo.toml` and `Cargo.lock` to reflect dependency changes.
2024-09-25 18:28:10 -03:00

69 lines
1.5 KiB
Markdown
Raw Blame History

## Thread
## Hide / Unhide thread
Description:
This command allows you to hide or reveal specific threads on the system.
```cmd
shadow.exe thread [hide | unhide] --tid <tid>
```
* `hide`: Hide the specified thread.
* `unhide`: Unhide the specified thread.
* `tid`: The TID of the thread you want to hide or reveal.
Example of use:
```cmd
shadow.exe thread hide --tid 1234
```
This command will hide the thread with TID 1234.
## Thread Protection (Anti-Kill)
Description:
This command allows you to add or remove thread protection.
```cmd
shadow.exe thread protection --tid <tid> [--add | --remove]
```
* `protection`: Protect the specified thread.
* `-a / --add`: Add the thread.
* `-r / --remove`: Remove the thread.
* `tid`: The TID of the thread you want to protect.
Example of use:
```cmd
shadow.exe thread protection --tid 1234 --add
```
This command will protect the thread with TID 1234.
## Lists protected and hidden threads currently on the system
Description:
This command allows you to list the thread that are currently protected or hidden.
```cmd
shadow.exe thread enumerate -l -t <value>
```
* `enumerate`: Terminate the specified thread.
* `-l / --list`: List the protected or hidden thread.
* `-t / --type`: Specify which type you want to list.
* Possible values:
- `hide`: List of hidden targets
- `protection`: List of protected targets
Example of use:
```cmd
shadow.exe thread enumerate -l -t protection
```
This command will close and list the currently protected threads.
Reference in New Issue View Git Blame Copy Permalink