win-shellcode-rs
win-shellcode-rs copied to clipboard
2vg
improved shellcode template for b1tg/rust-windows-shellcode
win-shellcode-rs
windows shellcode template that generates improved shellcode based on the project at b1tg/rust-windows-shellcode.
Overview
First of all, I am very grateful to b1tg/rust-windows-shellcode. Because I couldn't find any other resources for doing windows shellcode in Rust. I like Rust, so I was very impressed to be able to do this. But, there is a problem with the b1tg/rust-windows-shellcode shellcode. For example, when execute shellcode as a thread of a any process, the thread does not terminate normally. Since the loop is called at the end of the main function, the shellcode goes into an infinite loop when it's done. I wanted the shellcode to terminate the thread normally when it was done, so I decided to fork it and make an improved shellcode. Specifically, before patching the jmp code, i added another shellcode. This shellcode is called bootstrap code and can call a specific function correctly according to the Windows calling convention(but this is for x64), so the thread can be terminated normally when it returns. And Since we are assuming only 64-bit and not a 32-bit environment here, another modification is required if want to run on 32-bit. Also, the main function can have arguments, but bootstrap code needs to be modified. Find out more about Windows ABIs.
Requirements
- x64 Windows(tested Windows 10 x64), because my bootstrap shellcode assumes x64 only
- as Option,
cargo-make(if have, its easier to build than manually typing the command)
Usage
Feel free to edit shellcode/main.rs and look at the Build section.
Build
shellcode/main.rs is almost empty. You need to edit it.
Or, example-shellcode has sample code that calls MessageBoxW.
So, write your own code, or rename example-shellcode to shellcode, or edit win-shellcode-rs/main.rs like a this:
// let src_path = "shellcode\\target\\x86_64-pc-windows-msvc\\release\\shellcode.exe";
let src_path = "example-shellcode\\target\\x86_64-pc-windows-msvc\\release\\shellcode.exe";
then,
if have cargo-make, just type cargo make build
if not have,
cd shellcode
cargo build --release
cd ../
cargo run
Done. will generate shellcode.bin to current place.(win-shelcode-rs\)
Try using the shellcode runner and debugger to make sure that the original process is not affected after the shellcode is finished.
and, The console should show a nice result of disassemble :3
result of building example-shellcode:
result of executing example-shellcode shellcode on notepad:
2vg