- Joined
- Jan 8, 2019
- Messages
- 56,613
- Solutions
- 2
- Reputation
- 32
- Reaction score
- 100,454
- Points
- 2,313
- Credits
- 32,650
6 Years of Service
76%
Converts PE so that it can be then injected just like a normal shellcode.
(At the same time, the output file remains to be a valid PE).
Supports both 32 and 64-bit PEs
Objective:
The goal of this project is to provide a possibility to generate PE files that can be injected with minimal effort. It is inspired by Stephen Fewer’s ReflectiveDLLInjection – but the difference is that with pe2shc you can add the reflective loading stub post-compilation. Also, the header of the PE file is modified in such a way, that you can start executing the injected buffer from the very beginning – just like you would do with a shellcode. It will automatically find the stub and continue loading the full PE.
Changelog v1.1
BUGFIX
Stub cleanup: do not clobber RBX/EBX registers
REFACT
Removed some useless instructions from 32 bit stub
Small cleanup in the loader v2
The package contains:
pe2shc.exe – PE to shellcode converter (supports both 32 and 64 bit PEs)
a utility to run/test shellcode (loads and deploys):
runshc32.exe – for 32-bit shellcodes
runshc64.exe – for 64-bit shellcodes
a utility to inject shellcode into a given process:
injector32.exe – for 32-bit shellcodes
injector64.exe – for 64-bit shellcodes