aljaz/shadow-rs
1
1
Fork 0
mirror of https://github.com/joaoviictorti/shadow-rs.git synced 2025-12-18 15:54:33 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
8f96d4ec09a2489f3db69f5ac413de0adcd4c89f
shadow-rs/docs/thread.md
joaoviictorti 8f96d4ec09 feature(driver): refactor internals and improve callback management 
- Moved and refactored several internal modules to `driver/src/internals/`:
  - Added new files: `enums.rs`, `externs.rs`, `structs.rs`, `types.rs`, and `mod.rs`.
  - Renamed `includes/vad.rs` to `internals/vad.rs` for better organization.
- Updated `callback` module:
  - Refactored `notify_routine.rs`, `object.rs`, `registry.rs`, and supporting files for better callback handling.
  - Improved callback finding mechanism in `find_callback.rs` and `ioctls.rs`.
- Adjusted `injection` module:
  - Refactored callback and I/O control handling in `callbacks.rs` and `ioctls.rs`.
- Miscellaneous improvements:
  - Updated `misc/dse.rs`, `misc/etwti.rs`, and `keylogger/mod.rs`.
  - Refactored `process`, `registry`, and `thread` modules for better maintainability.
  - Simplified utility functions in `utils/`, including `address.rs`, `handles.rs`, `patterns.rs`, and more.
  - Cleaned up and removed unused files like `.gitignore` in multiple directories.
- Updated `Cargo.toml` and `Cargo.lock` to reflect dependency changes.
2024-09-25 18:28:10 -03:00

1.5 KiB
Raw Blame History

Thread

Hide / Unhide thread

Description: This command allows you to hide or reveal specific threads on the system.

shadow.exe thread [hide | unhide] --tid <tid>
  • hide: Hide the specified thread.
  • unhide: Unhide the specified thread.
  • tid: The TID of the thread you want to hide or reveal.

Example of use:

shadow.exe thread hide --tid 1234

This command will hide the thread with TID 1234.

Thread Protection (Anti-Kill)

Description: This command allows you to add or remove thread protection.

shadow.exe thread protection --tid <tid> [--add | --remove]
  • protection: Protect the specified thread.
  • -a / --add: Add the thread.
  • -r / --remove: Remove the thread.
  • tid: The TID of the thread you want to protect.

Example of use:

shadow.exe thread protection --tid 1234 --add

This command will protect the thread with TID 1234.

Lists protected and hidden threads currently on the system

Description: This command allows you to list the thread that are currently protected or hidden.

shadow.exe thread enumerate -l -t <value>

  • enumerate: Terminate the specified thread.

  • -l / --list: List the protected or hidden thread.

  • -t / --type: Specify which type you want to list.

    • Possible values:
      • hide: List of hidden targets
      • protection: List of protected targets

Example of use:

shadow.exe thread enumerate -l -t protection

This command will close and list the currently protected threads.