Skip to content

Splitting and executing shellcode across multiple pages

License

Notifications You must be signed in to change notification settings

x0reaxeax/PageSplit

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Shellcode PageSplit

Splitting and executing shellcode across multiple pages

Target shellcode is a PopCalc by Bobby Cooke (boku).

The purpose of this PoC is to demonstrate signature evasion by allocating multiple (whole) pages for a relatively small encoded shellcode, splitting, and executing it across these pages.
Each part of the shellcode is decoded only when about to be executed and free'd immediately after.

The main caveat are RIP-relative calls and jmps, which this shellcode has only two instances of (IIRC), however, this poses a limitation on the block size the shellcode can be split into.
Of course, as this is a proof-of-concept, these limitations are not the priority.

Preview

Preview



This project is licensed under the MIT license. Copyrights are respective of each contributor listed at the beginning of each definition file.

Releases

No releases published

Packages

No packages published

Languages