Skip to content
/ win-shellcode-rs Public

improved shellcode template for b1tg/rust-windows-shellcode

26 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

2vg/win-shellcode-rs

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
example-shellcode
example-shellcode
 
 
images
images
 
 
shellcode
shellcode
 
 
src
src
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
Makefile.toml
Makefile.toml
 
 
README.md
README.md
 
 

Repository files navigation

win-shellcode-rs

windows shellcode template that generates improved shellcode based on the project at b1tg/rust-windows-shellcode.

Overview

First of all, I am very grateful to b1tg/rust-windows-shellcode.
Because I couldn't find any other resources for doing windows shellcode in Rust.
I like Rust, so I was very impressed to be able to do this.
But, there is a problem with the b1tg/rust-windows-shellcode shellcode.
For example, when execute shellcode as a thread of a any process, the thread does not terminate normally.
Since the loop is called at the end of the main function, the shellcode goes into an infinite loop when it's done.
I wanted the shellcode to terminate the thread normally when it was done, so I decided to fork it and make an improved shellcode.
Specifically, before patching the jmp code, i added another shellcode.
This shellcode is called bootstrap code and can call a specific function correctly according to the Windows calling convention(but this is for x64),
so the thread can be terminated normally when it returns.
And Since we are assuming only 64-bit and not a 32-bit environment here, another modification is required if want to run on 32-bit.
Also, the main function can have arguments, but bootstrap code needs to be modified.
Find out more about Windows ABIs.

Requirements

  • x64 Windows(tested Windows 10 x64), because my bootstrap shellcode assumes x64 only
  • as Option, cargo-make(if have, its easier to build than manually typing the command)

Usage

Feel free to edit shellcode/main.rs and look at the Build section.

Build

shellcode/main.rs is almost empty. You need to edit it.
Or, example-shellcode has sample code that calls MessageBoxW.
So, write your own code, or rename example-shellcode to shellcode, or edit win-shellcode-rs/main.rs like a this:

// let src_path = "shellcode\\target\\x86_64-pc-windows-msvc\\release\\shellcode.exe";
let src_path = "example-shellcode\\target\\x86_64-pc-windows-msvc\\release\\shellcode.exe";

then,

if have cargo-make, just type cargo make build

if not have,

cd shellcode
cargo build --release
cd ../
cargo run

Done. will generate shellcode.bin to current place.(win-shelcode-rs\)

Try using the shellcode runner and debugger to make sure that the original process is not affected after the shellcode is finished.

and, The console should show a nice result of disassemble :3

result of building example-shellcode:

alt

result of executing example-shellcode shellcode on notepad:

alt

Reference

About

improved shellcode template for b1tg/rust-windows-shellcode

Resources

Readme
Activity

Stars

26 stars

Watchers

3 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages