codingman
diff --git a/‎README.md
Lines changed: 7 additions & 5 deletions b/‎README.md
Lines changed: 7 additions & 5 deletions
diff --git a/‎syscalls/direct_syscalls/Cargo.toml
Lines changed: 30 additions & 1 deletion b/‎syscalls/direct_syscalls/Cargo.toml
Lines changed: 30 additions & 1 deletion
diff --git a/‎syscalls/direct_syscalls/README.md
Lines changed: 3 additions & 1 deletion b/‎syscalls/direct_syscalls/README.md
Lines changed: 3 additions & 1 deletion
diff --git a/‎syscalls/direct_syscalls/image.png
104 KB b/‎syscalls/direct_syscalls/image.png
104 KB
@@ -15,9 +15,9 @@
 
 ## Table of Contexts
 
-- [Rust for Malware Development](#rust-for-malware-development)
+- [Rust for Malware Development](#malware-techniques)
   * [Walkthrough](#beginner-path)
-  * [Malware Techniques](#techniques)
+  * [Malware Techniques](#malware-techniques)
   * [Malware Encryption Techniques](#encryption-techniques)
   * [Malwre Blogs Regarding the Repository](#rust-malware-blogs-regarding-this-repostitory)
 
@@ -54,7 +54,8 @@
 | [Position Independent Series](position%20independent)     | Position independent series in Rust.                                        |
 | [Shellcode Execution methods](shellcode_exec)             | Shellcode execution methods using WinApi's.                                 |
 | [Sleep Obfuscation](Sleep_Obfuscations/Ekko)              | Sleep Obfuscation implementation in Rust.                                   |
-| [Syscalls](syscalls/)                                     | Syscall Implementation using system call STUB [Direct/Indirect] methods.    |
+| [Direct Syscalls](./syscalls/direct_syscalls/)            | Direct Syscall Impl using system call STUB methods.                         |
+| [Indirect Syscalls](./syscalls/indirect_syscalls/)        | Indirect Syscall Impl using system call STUB methods.                       | 
 | [BSOD](BSOD)                                              | Causes BSOD when Executing.                                                 |
 | [Persistence](Persistence)                                | Persistence Code Snippet.                                                   |
 | [UAC Bypass CMSTP](uac-bypass-cmstp/)                     | Bypass UAC by elevating CMSTP.exe                                           |
@@ -64,8 +65,9 @@
 | [Timer](./timer/)                                         | A Program that uses Time-based execution control mechanism.                 |                          
 | [Keylogger Dropper](keylog_dropper)                       | Downloads keylogger and sender on victim PC and executes in background.     |
 | [Rand_Fill](Malware_Tips/rand_fill/)                      | A Small Parallel Program that Deletes All Files on Disk and Fills with Random Bytes, Making the Recovery Process Impossible. |
-| [Encryfer-X](Malware-Samples/Encryfer/)                   | Ransomware written by combining all Possible POC techniques.                |
-| [Github Stealers](./stealer/GitHub_API/)
+| [Encryfer-X](./Malware-Samples/Encryfer/Encryfer-X/)      | Ransomware written by combining all Possible POC techniques.                |
+| [Github Stealers](./stealer/GitHub_API/)                  | Steal Creds using Github API                                                |
+
 
 ## Encryption Techniques
 
 
@@ -4,5 +4,34 @@ version = "0.1.0"
 edition = "2021"
 
 [dependencies]
-winapi = { version = "0.3.9", features = ["winuser","setupapi","dbghelp","wlanapi","winnls","wincon","fileapi","sysinfoapi", "fibersapi","debugapi","winerror", "wininet" , "winhttp" ,"synchapi","securitybaseapi","wincrypt","psapi", "tlhelp32", "heapapi","shellapi", "memoryapi", "processthreadsapi", "errhandlingapi", "winbase", "handleapi", "synchapi"] }
+rust_syscalls = { git = "https://github.com/janoglezcampos/rust_syscalls", features = ["_DIRECT_"] }
+
+winapi = { version = "0.3.9", features = [
+    "winuser",
+    "setupapi",
+    "dbghelp",
+    "wlanapi",
+    "winnls",
+    "wincon",
+    "fileapi",
+    "sysinfoapi",
+    "fibersapi",
+    "debugapi",
+    "winerror",
+    "wininet",
+    "winhttp",
+    "synchapi",
+    "securitybaseapi",
+    "wincrypt",
+    "psapi",
+    "tlhelp32",
+    "heapapi",
+    "shellapi",
+    "memoryapi",
+    "processthreadsapi",
+    "errhandlingapi",
+    "winbase",
+    "handleapi",
+    "synchapi",
+] }
 ntapi = "0.4.1"
@@ -1,15 +1,17 @@
 ## Direct Syscalls 
 
-![Direct Syscalls](./direct_syscalls.png)
+![Direct Syscalls](./image.png)
 
 ### Working Methodology 
 
 Uses ntdll.dll and GetProcAddress to fetch syscall numbers for injection.
 
 Allocates memory in the target process, writes shellcode, and executes it using NtCreateThreadEx.
 
+Download Here: [Download](https://download.5mukx.site/#/home?url=https://github.com/Whitecat18/Rust-for-Malware-Development/tree/main/syscalls/direct_syscalls)
 ## Credits 
 
+* https://github.com/janoglezcampos/rust_syscalls.gitcode
 * https://redops.at/en/blog/direct-syscalls-vs-indirect-syscalls
 * https://www.ired.team/offensive-security/code-injection-process-injection/ntcreatesection-+-ntmapviewofsection-code-injection