Skip to content

h4pp1n3ss/keShellcodeTemplate

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
README.md
README.md
 
 
shellcode.py
shellcode.py
 
 

Repository files navigation

keShellcodeTemplate

Keystone Engine shellcode template

Descriptin

This python script uses keystone-engine to create asm instruction. Keystone is a lightweight multi-platform, multi-architecture assembler framework for more information visit site.

After create the desired instruction this script will Allocate space in memory, Move the encoded ASM instruction to the new allocated space and CreateThread from this location, so basically is a shellcode runner

Runner

The shellcode runner uses it classic invocation

VirtualAlloc function (memoryapi.h)

VirtualAlloc function info

LPVOID VirtualAlloc(
  LPVOID lpAddress,
  SIZE_T dwSize,
  DWORD  flAllocationType,
  DWORD  flProtect
);

RtlMoveMemory function

RtlMoveMemory function info

VOID RtlMoveMemory(
  _Out_       VOID UNALIGNED *Destination,
  _In_  const VOID UNALIGNED *Source,
  _In_        SIZE_T         Length
);

CreateThread function (processthreadsapi.h)

CreateThread function info

HANDLE CreateThread(
  LPSECURITY_ATTRIBUTES   lpThreadAttributes,
  SIZE_T                  dwStackSize,
  LPTHREAD_START_ROUTINE  lpStartAddress,
  __drv_aliasesMem LPVOID lpParameter,
  DWORD                   dwCreationFlags,
  LPDWORD                 lpThreadId
);

WaitForSingleObject function (synchapi.h)

WaitForSingleObject function info

DWORD WaitForSingleObject(
  HANDLE hHandle,
  DWORD  dwMilliseconds
);

Credits / References

Keystone-engine The framework make things more easily.

github-epi052 Good job automating functions.

Offsec Amazing shellcode development course.

About

Keystone Engine shellcode template

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages