Hi, I was fiddling around with WMI to see how it all works and I'm having problems achieving WMI persistence in C++.
What I'm trying to do is get calc.exe to launch every time the system has booted up.
I've found a good explanation about what is needed to achieve this on slide 27 here: https://files.sans.org/summit/Digital_F ... onKerr.pdf
Another document I've found interesting is the following: https://www.blackhat.com/docs/us-15/mat ... oor-wp.pdf
On page 16 there is a powershell example of what I want to do from the SEADADDY malware.
The problem is that I don't know how to translate this from powershell to C++, most of the WMI documentation on MSDN is for vbscript or powershell.
There are some C++ examples here but none of them describe how to create a permanent event: https://msdn.microsoft.com/en-us/librar ... s.85).aspx
Forum for discussion about user-mode development.
1 post • Page 1 of 1