This project enables users to write position-independent code (PIC), or shellcode, in Visual Studio for both x86 and x64 platforms.
Use API's normally- link the proper .lib and that is it, no need to manually resolve function pointers
Output is highly configurable, with options for shellcode output format, compression, and encryption
- Clone the project and open
sc.sln. - Build
LIB/prepareandLIB/ScEntryfor both x86 and x64! - Write your program in
template\ep.cppas normal. To use API's from other libraries, add the correct header and then add the corresponding.libin the template project'sProperties -> Configuration Properties -> Linker -> Input -> Additional Dependencies. - Use the
_YA()and_YW()macros to wrap ANSI and UNICODE strings respectively. Further, any functions passed as callback arguments to APIs should be passed with the_Y()macro. This is required by the x86 build. See theHelloproject for examples of both of these macros. - Compile the template project. Note that due to how this template works, compiling may fail with an error like
The command C:\Users\User\Desktop\SC_DEMO-main\SC_DEMO-main\x64\Release\template.exe" *C:\Users\User\Desktop\SC_DEMO-main\SC_DEMO-main\x64\Release\template.map*x64.obj*imp.x64.asm*template.x64.bin*template.x64.asm*template.x64.exe. This has to do with how the project handles new API calls the first time they are used/seen in a program, so just build once more and you are good to go. - Find your compiled assets at
SC_DEMO\template\template.x64.exeandSC_DEMO\template\template.x64.bin(same place but.x86.for x86 architecture).
- NewScProj: This project produces NewScProj.exe, which can be used to easily create a new project within the overall solution. Usage:
NewScProj.exe *projectname*vcp. This will produce/populate a new folder calledprojectname, which can then be imported into the SC solution byright-clicking the solution -> Add -> Existing Project. - Hello: This is just a demo project of some of the template's capabilities.
- ScEntry: This defines the shellcode entry point and is required to build
Templateor other shellcode projects. - Prepare: This DLL does post-processing work on the generated project executable to extract the shellcode.
- Template: This is a clean/blank project that can be used to create your own shellcode.
- Msvcrt: This contains the files necessary to create
msvcrt.lib, which must be linked to use certain C runtime functions likeprintf. When compiled, this library is created atlib\<arch>\msvcrt.liband can then be linked to by includingmsvcrt.libas described in step 3 of theUsagesection above.
- Shellcode can be produced to work in both EXECUTE_READWRITE (RWX) AND EXECUTE_READ (RX) memory. By default it is generated to support RX memory, which slightly increases its total size as it must be PAGE aligned. If you should want to compile the shellcode to work in RWX memory (and be smaller), uncomment line 3 in
template\x86.asmand line 7 intemplate\x64.asm. - As mentioned in the asset description, some C-runtime functions like
printfpresent a challenge to use due to linker issues concerning the lack of amscvrt.libfile. Themsvcrtfolder included in this repo can be built to createmsvcrt.lib, which can then be included in projects. This code was generated using the ExportPolicy project. Should you want to do this yourself, clone theExportPolicyrepo, useMakeLib.exe *msvcrtto create a project containing the required files within the solution, and then compile it to produce the.libfile. - The inner workings of the shellcode project, including more on how
ScEntryandPreparework and configuration options, are further detailed in this repo. This repository also contains a number of advanced projects that leverage the shellcode template, and is a good source of inspiration / ideas as to just how far this template can be pushed.