Skip to content

Latest commit

 

History

History
74 lines (53 loc) · 2.06 KB

README.md

File metadata and controls

74 lines (53 loc) · 2.06 KB

keShellcodeTemplate

Keystone Engine shellcode template

Descriptin

This python script uses keystone-engine to create asm instruction. Keystone is a lightweight multi-platform, multi-architecture assembler framework for more information visit site.

After create the desired instruction this script will Allocate space in memory, Move the encoded ASM instruction to the new allocated space and CreateThread from this location, so basically is a shellcode runner

Runner

The shellcode runner uses it classic invocation

VirtualAlloc function (memoryapi.h)

VirtualAlloc function info

LPVOID VirtualAlloc(
  LPVOID lpAddress,
  SIZE_T dwSize,
  DWORD  flAllocationType,
  DWORD  flProtect
);

RtlMoveMemory function

RtlMoveMemory function info

VOID RtlMoveMemory(
  _Out_       VOID UNALIGNED *Destination,
  _In_  const VOID UNALIGNED *Source,
  _In_        SIZE_T         Length
);

CreateThread function (processthreadsapi.h)

CreateThread function info

HANDLE CreateThread(
  LPSECURITY_ATTRIBUTES   lpThreadAttributes,
  SIZE_T                  dwStackSize,
  LPTHREAD_START_ROUTINE  lpStartAddress,
  __drv_aliasesMem LPVOID lpParameter,
  DWORD                   dwCreationFlags,
  LPDWORD                 lpThreadId
);

WaitForSingleObject function (synchapi.h)

WaitForSingleObject function info

DWORD WaitForSingleObject(
  HANDLE hHandle,
  DWORD  dwMilliseconds
);

Credits / References

Keystone-engine The framework make things more easily.

github-epi052 Good job automating functions.

Offsec Amazing shellcode development course.