Pe To Shellcode Versions Save

Converts PE into a shellcode

v1.2

1 year ago

FEATURE

  • The shellcodified module keeps a state informing whether it was executed, etc
  • Added: DLL detach, that allows to cleanly finish execution of a shellcodified DLL
    • the shellcodified DLL can be detached simply by a second run (while the first run calls DllMain with DLL_PROCESS_ATACH, the second calls it with DLL_PROCESS_DETACH)

The package contains:

  • pe2shc.exe - PE to shellcode converter (supports both 32 and 64 bit PEs)
  • a utility to run/test shellcode (loads and deploys):
    • runshc32.exe - for 32-bit shellcodes
    • runshc64.exe - for 64-bit shellcodes
  • a utility to inject shellcode into a given process:
    • injector32.exe - for 32-bit shellcodes
    • injector64.exe - for 64-bit shellcodes

v1.1

2 years ago

BUGFIX

  • Stub cleanup: do not clobber RBX/EBX registers

REFACT

  • Removed some useless instructions from 32 bit stub
  • Small cleanup in the loader v2

The package contains:

  • pe2shc.exe - PE to shellcode converter (supports both 32 and 64 bit PEs)
  • a utility to run/test shellcode (loads and deploys):
    • runshc32.exe - for 32-bit shellcodes
    • runshc64.exe - for 64-bit shellcodes
  • a utility to inject shellcode into a given process:
    • injector32.exe - for 32-bit shellcodes
    • injector64.exe - for 64-bit shellcodes

v1.0

2 years ago

FEATURE

  • Added new loaders (old loaders still available with a CMake option), containing:
    • improved stability of the 64 bit loader
    • support for the executables with TLS callbacks (callbacks are run before the Entry Point)
    • support DLLs (DllMain is run cleanly)
    • fixed preserving return values
  • The shellcode runner (runshc) checks if the payload has compatibile bitness

The package contains:

  • pe2shc.exe - PE to shellcode converter (supports both 32 and 64 bit PEs)
  • a utility to run/test shellcode (loads and deploys):
    • runshc32.exe - for 32-bit shellcodes
    • runshc64.exe - for 64-bit shellcodes
  • a utility to inject shellcode into a given process:
    • injector32.exe - for 32-bit shellcodes
    • injector64.exe - for 64-bit shellcodes

v0.9

3 years ago

FEATURE

  • added DCP support: now the generated shellcode can be injected into a processes with DCP ( "Dynamic Code Prohibited" ) enabled (Issue #19 )

The package contains:

  • pe2shc.exe - PE to shellcode converter (supports both 32 and 64 bit PEs)
  • a utility to run/test shellcode (loads and deploys):
    • runshc32.exe - for 32-bit shellcodes
    • runshc64.exe - for 64-bit shellcodes
  • a utility to inject shellcode into a given process:
    • injector32.exe - for 32-bit shellcodes
    • injector64.exe - for 64-bit shellcodes

v0.8

4 years ago
  • pe2shc.exe - PE to shellcode converter (supports both 32 and 64 bit PEs)
  • a utility to run/test shellcode (loads and deploys):
    • runshc32.exe - for 32-bit shellcodes
    • runshc64.exe - for 64-bit shellcodes

FEATURE

  • more detailed verification if the PE contains TLS callback
  • do not block conversion of files with TLS callbacks (print a warning instead)

BUGFIX:

  • fixed crashes on returning from 64 bit stub
  • fixed invalid processing of some Import Tables

v0.7

5 years ago
  • pe2shc.exe - PE to shellcode converter
  • a utility to run/test shellcode (loads and deploys):
    • runshc32.exe - for 32-bit shellcodes
    • runshc64.exe - for 64-bit shellcodes

Supports both 32 and 64 bit PEs.

v0.5

5 years ago
  • pe2shc32.exe - PE to shellcode converter
  • runshc32.exe - a utility to run/test shellcode (loads and deploys)

WARNING: works for 32bit PE only