• x86 RunPE Shellcode Wrapper

 #485832  por Scorpio
 26 Abr 2016, 10:27
Wardow escribió: Hello!

I'm here to release a RunPE Shellcode I have made.

Informations:

Gets Kernel32 and Ntdll modules addresses from PEB
Resolves needed functions pointers by walking on the EAT
Is able to apply fixups
Supports Unicode
Does apply proper section memory protection flags
Will technically never fail when the file has a relocation table (fixups)
You can pass custom arguments, program to hollow
Should be the most stable possible
There should not be any memory leak

Call chain:
ntdll!RtlZeroMemory, CreateProcessW, GetThreadContext, ReadProcessMemory, NtUnmapViewOfSection, VirtualAlloc, VirtualAllocEx, ntdll!memcpy, WriteProcessMemory, VirtualProtectEx, SetThreadContext, ResumeThread
Creditos: Wardow (Raped Pony).

//Regards.
 #485836  por comand
 26 Abr 2016, 14:11
hermano excelente contribución
 #485839  por crack81
 26 Abr 2016, 23:40
Lindo runpe Scorpio gracias no conocia la DllCallAddress de autoit se nota que no le doy a ese lenguaje

Saludos...
 #485888  por n0z
 29 Abr 2016, 01:55
Gracias Scorpio,i will deff look at this this weekend. Gracias por traerlo
 #485918  por top10
 30 Abr 2016, 21:54
Buenisima las caracteristicas del runpe sobretodo lo de resolver las apis con el EAT,alguien sabe portarlo a vb6?