read_exe_bytes

process_ghosting

Function read_exe_bytes 

Source 
pub fn read_exe_bytes(file_path: &str) -> Result<Vec<u8>, String>
Expand description

Read exe file and return raw bytes

Examples found in repository?
examples/full_demo.rs (line 59)
12fn main() {
13    // ========================================
14    // INITIALIZATION
15    // ========================================
16    init();
17    
18    println!("╔════════════════════════════════════════════╗");
19    println!("║     ProcessGhosting Full Demo              ║");
20    println!("║     By BlackTechX                          ║");
21    println!("╚════════════════════════════════════════════╝\n");
22
23    let args: Vec<String> = env::args().collect();
24    let test_file = if args.len() > 1 { &args[1] } else { "C:\\Windows\\System32\\notepad.exe" };
25
26    // ========================================
27    // SECTION 1: HEX UTILITIES
28    // ========================================
29    println!("┌────────────────────────────────────────────┐");
30    println!("│ Section 1: Hex Utilities                   │");
31    println!("└────────────────────────────────────────────┘\n");
32
33    // 1.1 Parse different hex formats
34    println!("[1.1] Parsing different hex formats:\n");
35    
36    let formats = [
37        "4D5A9000",
38        "4D 5A 90 00",
39        "0x4D, 0x5A, 0x90, 0x00",
40        "\\x4D\\x5A\\x90\\x00",
41    ];
42
43    for fmt in &formats {
44        match parse_hex_string(fmt) {
45            Ok(bytes) => println!("      '{}' -> {:02X?}", fmt, bytes),
46            Err(e) => println!("      '{}' -> Error: {}", fmt, e),
47        }
48    }
49    println!();
50
51    // 1.2 Convert bytes to hex
52    println!("[1.2] Converting bytes to hex string:");
53    let sample_bytes = vec![0x4D, 0x5A, 0x90, 0x00, 0x03, 0x00];
54    let hex_string = bytes_to_hex_string(&sample_bytes);
55    println!("      {:?} -> {}\n", sample_bytes, hex_string);
56
57    // 1.3 Read file as hex (first 64 bytes)
58    println!("[1.3] Reading file header as hex:");
59    match read_exe_bytes(test_file) {
60        Ok(bytes) => {
61            let preview: Vec<u8> = bytes.iter().take(32).cloned().collect();
62            println!("      File: {}", test_file);
63            println!("      Size: {} bytes", bytes.len());
64            println!("      First 32 bytes: {}", bytes_to_hex_string(&preview));
65        }
66        Err(e) => println!("      Error: {}", e),
67    }
68    println!();
69
70    // ========================================
71    // SECTION 2: BUILDER PATTERNS
72    // ========================================
73    println!("┌────────────────────────────────────────────┐");
74    println!("│ Section 2: Builder Patterns                │");
75    println!("└────────────────────────────────────────────┘\n");
76
77    // 2.1 From raw bytes
78    println!("[2.1] Builder from raw bytes:");
79    let sample = vec![0x4D, 0x5A];
80    let config = GhostingBuilder::new(&sample)
81        .x64()
82        .with_logging()
83        .build();
84    println!("      Payload size: {} bytes", config.payload.len());
85    println!("      Architecture: {}", config.architecture);
86    println!("      Verbose: {}\n", config.verbose);
87
88    // 2.2 From file
89    println!("[2.2] Builder from file:");
90    match GhostingBuilder::from_file(test_file) {
91        Ok(builder) => {
92            let config = builder.x64().build();
93            println!("      Loaded: {} bytes\n", config.payload.len());
94        }
95        Err(e) => println!("      Error: {}\n", e),
96    }
97
98    // 2.3 From hex string
99    println!("[2.3] Builder from hex string:");
100    match GhostingBuilder::from_hex_string("0x4D, 0x5A, 0x90, 0x00") {
101        Ok(builder) => {
102            let config = builder.build();
103            println!("      Parsed: {} bytes\n", config.payload.len());
104        }
105        Err(e) => println!("      Error: {}\n", e),
106    }
107
108    // 2.4 Architecture selection
109    println!("[2.4] Architecture selection:");
110    
111    let x64_config = GhostingBuilder::new(&[0x4D, 0x5A])
112        .x64()
113        .build();
114    println!("      .x64() -> {}", x64_config.architecture);
115
116    let x86_config = GhostingBuilder::new(&[0x4D, 0x5A])
117        .x86()
118        .build();
119    println!("      .x86() -> {}", x86_config.architecture);
120
121    let arch_config = GhostingBuilder::new(&[0x4D, 0x5A])
122        .architecture(Architecture::X64)
123        .build();
124    println!("      .architecture(X64) -> {}\n", arch_config.architecture);
125
126    // 2.5 Verbose control
127    println!("[2.5] Verbose control:");
128    
129    let verbose = GhostingBuilder::new(&[0x4D, 0x5A])
130        .with_logging()
131        .build();
132    println!("      .with_logging() -> verbose: {}", verbose.verbose);
133
134    let silent = GhostingBuilder::new(&[0x4D, 0x5A])
135        .silent()
136        .build();
137    println!("      .silent() -> verbose: {}\n", silent.verbose);
138
139    // ========================================
140    // SECTION 3: QUICK FUNCTIONS
141    // ========================================
142    println!("┌────────────────────────────────────────────┐");
143    println!("│ Section 3: Quick Functions                 │");
144    println!("└────────────────────────────────────────────┘\n");
145
146    println!("[3.1] Available quick functions:");
147    println!("      ghost_payload(&bytes)      - Execute from bytes");
148    println!("      ghost_payload_file(path)   - Execute from file");
149    println!("      ghost_payload_hex(hex_str) - Execute from hex string\n");
150
151    // ========================================
152    // SECTION 4: EXECUTION (DISABLED BY DEFAULT)
153    // ========================================
154    println!("┌────────────────────────────────────────────┐");
155    println!("│ Section 4: Execution Demo                  │");
156    println!("└────────────────────────────────────────────┘\n");
157
158    println!("[4.1] To execute process ghosting:");
159    println!();
160    println!("      // Method 1: Builder pattern");
161    println!("      GhostingBuilder::from_file(\"payload.exe\")?");
162    println!("          .x64()");
163    println!("          .with_logging()");
164    println!("          .execute()?;");
165    println!();
166    println!("      // Method 2: Quick function");
167    println!("      ghost_payload_file(\"payload.exe\")?;");
168    println!();
169    println!("      // Method 3: From embedded bytes");
170    println!("      const PAYLOAD: &[u8] = include_bytes!(\"payload.exe\");");
171    println!("      ghost_payload(PAYLOAD)?;");
172    println!();
173
174    // Uncomment below to actually execute
175    /*
176    println!("[4.2] Executing ghosting...\n");
177    
178    match GhostingBuilder::from_file("your_payload.exe") {
179        Ok(builder) => {
180            match builder.x64().with_logging().execute() {
181                Ok(_) => println!("\n[+] Ghosting successful!"),
182                Err(e) => println!("\n[-] Ghosting failed: {}", e),
183            }
184        }
185        Err(e) => println!("[-] Failed to load payload: {}", e),
186    }
187    */
188
189    println!("┌────────────────────────────────────────────┐");
190    println!("│ Demo Complete                              │");
191    println!("└────────────────────────────────────────────┘\n");
192}