More shellcode formats

XaFF-XaFF · XaFF-XaFF · commit e408cf9d7208 · 2022-12-25T15:42:29.000+01:00
diff --git a/Shellcodev/Shellcodev.vcxproj b/Shellcodev/Shellcodev.vcxproj
@@ -27,6 +27,7 @@
     <ClCompile Include="command.cpp" />
     <ClCompile Include="eval.cpp" />
     <ClCompile Include="init.cpp" />
+    <ClCompile Include="inject.cpp" />
     <ClCompile Include="loop.cpp" />
     <ClCompile Include="main.cpp" />
     <ClCompile Include="print.cpp" />
diff --git a/Shellcodev/Shellcodev.vcxproj.filters b/Shellcodev/Shellcodev.vcxproj.filters
@@ -50,5 +50,8 @@
     <ClCompile Include="str.cpp">
       <Filter>Source Files</Filter>
     </ClCompile>
+    <ClCompile Include="inject.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
   </ItemGroup>
 </Project>
diff --git a/Shellcodev/command.cpp b/Shellcodev/command.cpp
@@ -352,16 +352,49 @@ static BOOL shelldev_edit(shell_t* sh, std::vector<asm_t>* assemblies, std::vect
 
 static BOOL shelldev_toshell(std::vector<asm_t>* assemblies, std::vector<std::string> parts)
 {
-	if (parts[0] == "c" || parts[0] == "C")
+	if (parts[0] == "c")
 	{
+		int count = 0;
 		std::cout << "unsigned char shellcode[] = {" << std::endl;
-		for (asm_t assembly : *assemblies)
+		for (int i = 0; i < assemblies->size(); i++)
 		{
-			for (unsigned char byte : assembly.bytes)
-				printf("0x%x, ", byte);
+			for (int j = 0; j < assemblies->at(i).instruction.size(); j++)
+			{
+				if (count % 12 == 0)
+					printf("\n");
+				else
+					printf("0x%x, ", assemblies->at(i).instruction[j]);
+
+				count++;
+			}
 		}
 		std::cout << "};" << std::endl;
 	}
+	else if (parts[0] == "cs")
+	{
+		int count = 0;
+		std::cout << "byte[] shellcode = {" << std::endl;
+		for (int i = 0; i < assemblies->size(); i++)
+		{
+			for (int j = 0; j < assemblies->at(i).instruction.size(); j++)
+			{
+				if (count % 12 == 0)
+					printf("\n");
+				else
+					printf("0x%x, ", assemblies->at(i).instruction[j]);
+
+				count++;
+			}
+		}
+		std::cout << "};" << std::endl;
+	}
+	else if (parts[0] == "raw")
+	{
+		for (int i = 0; i < assemblies->size(); i++)
+			for (int j = 0; j < assemblies->at(i).instruction.size(); j++)
+				printf("%X", assemblies->at(i).instruction[j]);
+		printf("\n");
+	}
 
 	return TRUE;
 }
@@ -385,7 +418,8 @@ static BOOL winrepl_command_help()
 	std::cout << ".del line\t\tDelete specified line from list." << std::endl;
 	std::cout << ".read addr size\t\tRead from a memory address." << std::endl;
 	std::cout << ".write addr hexdata\tWrite to a memory address." << std::endl;
-	std::cout << ".toshell format\t\tConvert list to selected shellcode format. Available formats: c" << std::endl;
+	std::cout << ".toshell format\t\tConvert list to selected shellcode format. Available formats: c, cs, raw" << std::endl;
+	//std::cout << ".inject pid\t\tTest shellcode by injecting it into the process." << std::endl;
 	std::cout << ".allocate size\t\tAllocate a memory buffer." << std::endl;
 	std::cout << ".loadlibrary path\tLoad a DLL into the process." << std::endl;
 	std::cout << ".kernel32 func\t\tGet address of a kernel32 export." << std::endl;
@@ -412,6 +446,8 @@ BOOL shelldev_run_command(shell_t* sh, std::string command, std::vector<asm_t>*
 		return shelldev_edit(sh, assemblies, parts);
 	else if (mainCmd == ".toshell")
 		return shelldev_toshell(assemblies, parts);
+	else if (mainCmd == ".inject")
+		return shelldev_inject_shellcode(assemblies, parts[0]);
 	else if (mainCmd == ".read")
 		return shelldev_command_read(sh, parts);
 	else if (mainCmd == ".del")
diff --git a/Shellcodev/inject.cpp b/Shellcodev/inject.cpp
@@ -0,0 +1,21 @@
+#include "repl.h"
+
+static std::vector<unsigned char> get_shellcode(std::vector<asm_t>* assemblies)
+{
+	std::vector<unsigned char> bytes;
+
+	for (asm_t assembly : *assemblies)
+		bytes.insert(bytes.end(), assembly.bytes.begin(), assembly.bytes.end());
+	
+	return bytes;
+}
+
+BOOL shelldev_inject_shellcode(std::vector<asm_t>* assemblies, std::string pid)
+{
+	DWORD PID = std::stoi(pid);
+	shelldev_print_good("Injecting shellcode into %d", PID);
+
+	std::vector<unsigned char> bytes = get_shellcode(assemblies);
+
+	return TRUE;
+}
diff --git a/Shellcodev/repl.h b/Shellcodev/repl.h
@@ -46,4 +46,6 @@ void shelldev_print_registers_all(shell_t* sh);
 void shelldev_print_assembly(unsigned char* encode, size_t size);
 void shelldev_print_bytes(unsigned char* addr, int len, unsigned long long start_addr = 0);
 void shelldev_print_good(const char* format, ...);
-void shelldev_print_errors(const char* format, ...);
+void shelldev_print_errors(const char* format, ...);
+
+BOOL shelldev_inject_shellcode(std::vector<asm_t>* assemblies, std::string pid);
