Search the Community

Converts PE so that it can be then injected just like a normal shellcode. (At the same time, the output file remains to be a valid PE). Supports both 32 and 64-bit PEs Objective: The goal of this project is to provide a possibility to generate PE files that can be injected with minimal effort. It is inspired by Stephen Fewer’s ReflectiveDLLInjection – but the difference is that with pe2shc you can add the reflective loading stub post-compilation. Also, the header of the PE file is modified in such a way, that you can start executing the injected buffer from the very beginning – just like you would do with a shellcode. It will automatically find the stub and continue loading the full PE. Changelog v1.1 BUGFIX Stub cleanup: do not clobber RBX/EBX registers REFACT Removed some useless instructions from 32 bit stub Small cleanup in the loader v2 The package contains: pe2shc.exe – PE to shellcode converter (supports both 32 and 64 bit PEs) a utility to run/test shellcode (loads and deploys): runshc32.exe – for 32-bit shellcodes runshc64.exe – for 64-bit shellcodes a utility to inject shellcode into a given process: injector32.exe – for 32-bit shellcodes injector64.exe – for 64-bit shellcodes [hide][Hidden Content]]

Converts PE so that it can be then injected just like a normal shellcode. (At the same time, the output file remains to be a valid PE). Supports both 32 and 64-bit PEs Objective: The goal of this project is to provide a possibility to generate PE files that can be injected with minimal effort. It is inspired by Stephen Fewer’s ReflectiveDLLInjection – but the difference is that with pe2shc you can add the reflective loading stub post-compilation. Also, the header of the PE file is modified in such a way, that you can start executing the injected buffer from the very beginning – just like you would do with a shellcode. It will automatically find the stub and continue loading the full PE. Changelog v1.0 FEATURE Added new loaders (old loaders still available with a CMake option), containing: improved stability of the 64 bit loader support for the executables with TLS callbacks (callbacks are run before the Entry Point) support DLLs (DllMain is run cleanly) fixed preserving return values The shellcode runner (runshc) checks if the payload has compatibile bitness The package contains: pe2shc.exe – PE to shellcode converter (supports both 32 and 64 bit PEs) a utility to run/test shellcode (loads and deploys): runshc32.exe – for 32-bit shellcodes runshc64.exe – for 64-bit shellcodes a utility to inject shellcode into a given process: injector32.exe – for 32-bit shellcodes injector64.exe – for 64-bit shellcodes [hide][Hidden Content]]