Releases: hasherezade/pe_to_shellcode
Releases · hasherezade/pe_to_shellcode
v1.2
FEATURE
- The shellcodified module keeps a state informing whether it was executed, etc
- Added: DLL detach, that allows to cleanly finish execution of a shellcodified DLL
- the shellcodified DLL can be detached simply by a second run (while the first run calls
DllMainwithDLL_PROCESS_ATACH, the second calls it withDLL_PROCESS_DETACH)
- the shellcodified DLL can be detached simply by a second run (while the first run calls
The package contains:
- pe2shc.exe - PE to shellcode converter (supports both 32 and 64 bit PEs)
- a utility to run/test shellcode (loads and deploys):
- runshc32.exe - for 32-bit shellcodes
- runshc64.exe - for 64-bit shellcodes
- a utility to inject shellcode into a given process:
- injector32.exe - for 32-bit shellcodes
- injector64.exe - for 64-bit shellcodes
v1.1
BUGFIX
- Stub cleanup: do not clobber RBX/EBX registers
REFACT
- Removed some useless instructions from 32 bit stub
- Small cleanup in the loader v2
The package contains:
- pe2shc.exe - PE to shellcode converter (supports both 32 and 64 bit PEs)
- a utility to run/test shellcode (loads and deploys):
- runshc32.exe - for 32-bit shellcodes
- runshc64.exe - for 64-bit shellcodes
- a utility to inject shellcode into a given process:
- injector32.exe - for 32-bit shellcodes
- injector64.exe - for 64-bit shellcodes
v1.0
FEATURE
- Added new loaders (old loaders still available with a CMake option), containing:
- improved stability of the 64 bit loader
- support for the executables with TLS callbacks (callbacks are run before the Entry Point)
- support DLLs (
DllMainis run cleanly) - fixed preserving return values
- The shellcode runner (
runshc) checks if the payload has compatibile bitness
The package contains:
- pe2shc.exe - PE to shellcode converter (supports both 32 and 64 bit PEs)
- a utility to run/test shellcode (loads and deploys):
- runshc32.exe - for 32-bit shellcodes
- runshc64.exe - for 64-bit shellcodes
- a utility to inject shellcode into a given process:
- injector32.exe - for 32-bit shellcodes
- injector64.exe - for 64-bit shellcodes
v0.9
FEATURE
- added DCP support: now the generated shellcode can be injected into a processes with DCP ( "Dynamic Code Prohibited" ) enabled (Issue #19 )
The package contains:
- pe2shc.exe - PE to shellcode converter (supports both 32 and 64 bit PEs)
- a utility to run/test shellcode (loads and deploys):
- runshc32.exe - for 32-bit shellcodes
- runshc64.exe - for 64-bit shellcodes
- a utility to inject shellcode into a given process:
- injector32.exe - for 32-bit shellcodes
- injector64.exe - for 64-bit shellcodes
v0.8
- pe2shc.exe - PE to shellcode converter (supports both 32 and 64 bit PEs)
- a utility to run/test shellcode (loads and deploys):
- runshc32.exe - for 32-bit shellcodes
- runshc64.exe - for 64-bit shellcodes
FEATURE
- more detailed verification if the PE contains TLS callback
- do not block conversion of files with TLS callbacks (print a warning instead)
BUGFIX:
- fixed crashes on returning from 64 bit stub
- fixed invalid processing of some Import Tables
v0.7
- pe2shc.exe - PE to shellcode converter
- a utility to run/test shellcode (loads and deploys):
- runshc32.exe - for 32-bit shellcodes
- runshc64.exe - for 64-bit shellcodes
Supports both 32 and 64 bit PEs.
v0.5
- pe2shc32.exe - PE to shellcode converter
- runshc32.exe - a utility to run/test shellcode (loads and deploys)
WARNING: works for 32bit PE only