Explore Enterprise Education Gitee Premium Gitee AI AI teammates
Fetch the repository succeeded.
Donate
Please sign in before you donate.
Scan WeChat QR to Pay
Cancel
Complete
Prompt
Switch to Alipay.
OK
Cancel
1 Star 0 Fork 18

CTO Plus/shellcode_driver

Create your Gitee Account
Explore and code with more than 14 million developers,Free private repositories !:)
Sign up
Already have an account? Sign in
文件
master
Branches (1)
master
This repository doesn't specify license. Please pay attention to the specific project description and its upstream code dependency when using it.
The license selected for the repository is subject to the license used by the main branch of the repository.
master
Branches (1)
master
Clone or Download
Clone/Download
Prompt
To download the code, please copy the following command and execute it in the terminal
To ensure that your submitted code identity is correctly recognized by Gitee, please execute the following command.
When using the SSH protocol for the first time to clone or push code, follow the prompts below to complete the SSH configuration.
1 Generate RSA keys.
2 Obtain the content of the RSA public key and configure it in SSH Public Keys
To use SVN on Gitee, please visit the usage guide
When using the HTTPS protocol, the command line will prompt for account and password verification as follows. For security reasons, Gitee recommends configure and use personal access tokens instead of login passwords for cloning, pushing, and other operations.
Username for 'https://gitee.com': userName
Password for 'https://userName@gitee.com': # Private Token
master
Branches (1)
master
shellcode_driver
/
genShellCode
/
genShellCode.cpp
shellcode_driver
/
genShellCode
/
genShellCode.cpp
genShellCode.cpp 5.00 KB
Copy Edit Raw Blame History
老爷爷 authored 2017年09月19日 20:33 +08:00 . #up add x32 support and example for no cmd script build
// genShellCode.cpp : 定义控制台应用程序的入口点。
//
#include "stdafx.h"
//pe to shellcode to header file
#include <windows.h>
#include <bcrypt.h>
#include <stdio.h>
#pragma comment (lib, "crypt32.lib")
#pragma comment (lib, "bcrypt.lib")
typedef unsigned __int64 QWORD;
VOID Util_SHA256(_In_ PBYTE pb, _In_ DWORD cb, _Out_ __bcount(32) PBYTE pbHash)
{
BCRYPT_ALG_HANDLE hAlg = NULL;
BCRYPT_HASH_HANDLE hHash = NULL;
BCryptOpenAlgorithmProvider(&hAlg, BCRYPT_SHA256_ALGORITHM, NULL, 0);
BCryptCreateHash(hAlg, &hHash, NULL, 0, NULL, 0, 0);
BCryptHashData(hHash, pb, cb, 0);
BCryptFinishHash(hHash, pbHash, 32, 0);
BCryptDestroyHash(hHash);
BCryptCloseAlgorithmProvider(hAlg, 0);
}
_Success_(return) BOOL PEGetSectionRawData(_In_ HMODULE hModule, _In_ LPSTR szSection, _Out_ PDWORD pdwSectionBaseRel, _Out_ PDWORD pdwSectionSize)
{
PIMAGE_DOS_HEADER dosHeader = (PIMAGE_DOS_HEADER)hModule;
if (!dosHeader || dosHeader->e_magic != IMAGE_DOS_SIGNATURE) { return FALSE; }
PIMAGE_NT_HEADERS ntHeader = (PIMAGE_NT_HEADERS)((ULONG_PTR)hModule + dosHeader->e_lfanew);
if (!ntHeader ||
ntHeader->Signature != IMAGE_NT_SIGNATURE
/*||ntHeader->FileHeader.Machine != IMAGE_FILE_MACHINE_AMD64 ||
ntHeader->OptionalHeader.Magic != IMAGE_NT_OPTIONAL_HDR64_MAGIC*/) {
return FALSE;
}
WORD nSections = ntHeader->FileHeader.NumberOfSections;
for (int i = 0; i < nSections; i++) {
PIMAGE_SECTION_HEADER sectionHeader = (PIMAGE_SECTION_HEADER)((ULONG_PTR)hModule + dosHeader->e_lfanew + sizeof(IMAGE_NT_HEADERS) + i * sizeof(IMAGE_SECTION_HEADER));
if (strcmp((char*)sectionHeader->Name, szSection) == 0) {
*pdwSectionBaseRel = sectionHeader->PointerToRawData;
*pdwSectionSize = sectionHeader->Misc.VirtualSize;
return TRUE;
}
}
return FALSE;
}
BOOL ExistsDataDirectoryForbidden(_In_ HMODULE hModule)
{
PIMAGE_DOS_HEADER dosHeader = (PIMAGE_DOS_HEADER)hModule;
PIMAGE_NT_HEADERS ntHeader = (PIMAGE_NT_HEADERS)((ULONG_PTR)hModule + dosHeader->e_lfanew);
for (DWORD i = 0; i < IMAGE_NUMBEROF_DIRECTORY_ENTRIES; i++) {
if (i != IMAGE_DIRECTORY_ENTRY_EXCEPTION && i != IMAGE_DIRECTORY_ENTRY_DEBUG) {
if (ntHeader->OptionalHeader.DataDirectory[i].Size) {
return TRUE;
}
}
}
return FALSE;
}
_Success_(return) BOOL Util_LoadFile(_In_ LPSTR szFileName, _Out_ PBYTE* ppb, _Out_ DWORD* pcb)
{
BOOL result;
HANDLE hFile = CreateFileA(
szFileName,
GENERIC_READ,
FILE_SHARE_READ,
NULL,
OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,
NULL);
if (!hFile) { return FALSE; }
*ppb = (PBYTE)LocalAlloc(LMEM_ZEROINIT, 0x400000);
result = ReadFile(hFile, *ppb, 0x400000, pcb, NULL);
CloseHandle(hFile);
return result;
}
_Success_(return) BOOL Util_WriteFile(_In_ LPSTR szFileName, _In_ PBYTE pb, _In_ DWORD cb, _In_ BOOL fOverwrite)
{
DWORD cbWritten;
BOOL result;
HANDLE hFile = CreateFileA(
szFileName,
GENERIC_WRITE,
FILE_SHARE_READ,
NULL,
fOverwrite ? CREATE_ALWAYS : CREATE_NEW,
FILE_ATTRIBUTE_NORMAL,
NULL);
if (!hFile) { return FALSE; }
result = WriteFile(hFile, pb, cb, &cbWritten, NULL);
CloseHandle(hFile);
return result;
}
void Util_OutHeaderFile(LPCSTR lpszFileName, PBYTE _buffer, DWORD _buffSize)
{
CHAR szHeaderName[MAX_PATH] = {};
auto pFileName = PathFindFileNameA(lpszFileName);
memcpy(szHeaderName, pFileName, strlen(pFileName));
memcpy(szHeaderName + strlen(pFileName) - 2, "0円0円", 2);
DeleteFileA(lpszFileName);
auto pfile = std::experimental::make_unique_resource(fopen(lpszFileName, "w+"), &fclose);
auto _file = pfile.get();
fprintf(_file, "#pragma once\n");
fprintf(_file, "unsigned char code_%s[]={\n\t", szHeaderName);
for (auto i = 0ul; i < _buffSize; i++)
{
if (i > 0)
fprintf(_file, ", ");
if (i != 0 && (i % 16) == 0)
fprintf(_file, "\n\t");
fprintf(_file, "0x%02x", _buffer[i]);
}
fprintf(_file, "\n};\n");
}
int main(_In_ unsigned int argc, _In_ char* argv[])
{
PBYTE pb, pbCode;
DWORD cb, cbCode, cbCodeRVA;
CHAR szFileBIN[MAX_PATH] = {};
CHAR szFileHeader[MAX_PATH] = {};
LPSTR szPE;
if (argc != 2)
{
printf("usage:shellcode_maker <pefile>\r\n");
return 1;
}
szPE = argv[1];
memset(szFileBIN, 0, MAX_PATH);
memcpy(szFileBIN, szPE, strlen(szPE));
memcpy(szFileBIN + strlen(szPE) - 3, "bin", 3);
memcpy(szFileHeader, szPE, strlen(szPE));
memcpy(szFileHeader + strlen(szPE) - 3, "h0円", 2);
if (!Util_LoadFile(szPE, &pb, &cb)) {
printf("failed! cannot open file: %s\n", szPE);
return 1;
}
if (!PEGetSectionRawData((HMODULE)pb, ".text", &cbCodeRVA, &cbCode)) {
printf("failed! cannot parse 64-bit PE information.\n");
return 1;
}
if (ExistsDataDirectoryForbidden((HMODULE)pb)) {
{
printf("failed! data directory which may invalidate the shell code exists.\n");
return 1;
}
printf("warning! data directory which may invalidate the shell code exists.\n");
}
pbCode = pb + cbCodeRVA;
Util_WriteFile(szFileBIN, pbCode, cbCode, TRUE);
//这里开始干活
Util_OutHeaderFile(szFileHeader, pbCode, cbCode);
printf("Succeeded! Loaded PE contents from file: '%s'\nWrote 0x%x (%i) bytes of shell code to files:\n'%s'\n", szPE, cbCode, cbCode, szFileBIN);
return 0;
}
Loading...
Report
Report success
We will send you the feedback within 2 working days through the letter!
Please fill in the reason for the report carefully. Provide as detailed a description as possible.
Please select a report type
Cancel
Send
误判申诉

此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。

如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。

取消
提交

About

无导入表的driver与shellcode化——因为SEH问题项目报废--2018年正式解封开源
Cancel

Releases

No release

Contributors

All

Activities

can not load any more
Edit
About
Homepage
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
1
https://gitee.com/SteveRocket/shellcode_driver.git
git@gitee.com:SteveRocket/shellcode_driver.git
SteveRocket
shellcode_driver
shellcode_driver
master
Going to Help Center

Search

Comment
Repository Report
Back to the top
Login prompt
This operation requires login to the code cloud account. Please log in before operating.
Go to login
No account. Register

AltStyle によって変換されたページ (->オリジナル) /