forked from killeven/DllToShellCode
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathshellcode_data.c
More file actions
218 lines (209 loc) · 21.5 KB
/
shellcode_data.c
File metadata and controls
218 lines (209 loc) · 21.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
#include "shellcode_data.h"
#include <stdint.h>
static char shellcode_main_x86[1278] = {
"\xe9\x46\x04\x00\x00\x55\x8b\xec\x83\xec\x18\x53\x56\x8b\x71\x3c\x57\x89\x55\xf4\x8b\x44\x0e\x78\x85\xc0\x74\x6d\x83\x7c"
"\x0e\x7c\x00\x74\x66\x8b\x5c\x08\x18\x89\x5d\xf8\x85\xdb\x74\x5b\x8b\x54\x08\x1c\x8b\x74\x08\x20\x03\xd1\x8b\x44\x08\x24"
"\x03\xf1\x89\x55\xe8\x03\xc1\x33\xd2\x89\x75\xf0\x89\x45\xec\x85\xdb\x74\x3a\x8b\x3c\x96\x33\xf6\x03\xf9\x89\x7d\xfc\x8a"
"\x07\x84\xc0\x74\x17\x8b\xdf\x69\xf6\x83\x00\x00\x00\x0f\xbe\xc0\x03\xf0\x43\x8a\x03\x84\xc0\x75\xee\x8b\x5d\xf8\x81\xe6"
"\xff\xff\xff\x7f\x3b\x75\xf4\x74\x11\x8b\x75\xf0\x42\x3b\xd3\x72\xc6\x33\xc0\x5f\x5e\x5b\x8b\xe5\x5d\xc3\x83\x7d\x08\x00"
"\x75\x11\x8b\x45\xec\x0f\xb7\x04\x50\x8b\x55\xe8\x8b\x04\x82\x03\xc1\xeb\xe2\x57\x51\xff\x55\x08\xeb\xdb\x55\x8b\xec\x51"
"\x83\x65\xfc\x00\xe8\x00\x00\x00\x00\x58\x2d\xbd\x10\x2f\x01\x89\x45\xfc\x8b\x45\xfc\x8b\xe5\x5d\xc3\x55\x8b\xec\x51\x51"
"\x64\xa1\x30\x00\x00\x00\xba\x54\xb8\xb9\x1a\x56\x57\x8b\xf9\x8b\x40\x0c\x6a\x00\x8b\x40\x14\x8b\x00\x8b\x00\x8b\x70\x10"
"\x8b\xce\xe8\x0e\xff\xff\xff\x50\xba\x78\x1f\x20\x7f\x89\x07\x8b\xce\xe8\xff\xfe\xff\xff\xff\x37\xba\x62\x34\x89\x5e\x89"
"\x47\x04\x8b\xce\xe8\xee\xfe\xff\xff\xff\x37\xba\x73\x80\x48\x06\x89\x47\x08\x8b\xce\xe8\xdd\xfe\xff\xff\xff\x37\xba\xa5"
"\xf2\x5c\x70\x89\x47\x0c\x8b\xce\xe8\xcc\xfe\xff\xff\x83\xc4\x14\x89\x47\x10\x8d\x45\xf8\xc7\x45\xf8\x6e\x74\x64\x6c\x66"
"\xc7\x45\xfc\x6c\x00\x50\xff\x57\x04\xff\x37\x8b\xf0\xba\xcb\x79\xb5\x0d\x8b\xce\xe8\xa2\xfe\xff\xff\xff\x37\xba\xc0\xe9"
"\x18\x15\x89\x47\x14\x8b\xce\xe8\x91\xfe\xff\xff\x59\x59\x89\x47\x18\x5f\x5e\x8b\xe5\x5d\xc3\x55\x8b\xec\x83\xec\x18\x8b"
"\xc2\x89\x4d\xfc\x89\x45\xf4\x53\x56\x85\xc0\x75\x07\x33\xc0\xe9\x92\x02\x00\x00\xba\x4d\x5a\x00\x00\x66\x39\x10\x75\xef"
"\x57\x8b\x78\x3c\x03\xf8\x81\x3f\x50\x45\x00\x00\x0f\x85\x73\x02\x00\x00\xb8\x4c\x01\x00\x00\x66\x39\x47\x04\x0f\x85\x64"
"\x02\x00\x00\x83\xc0\xbf\x66\x39\x47\x18\x0f\x85\x57\x02\x00\x00\x6a\x40\x68\x00\x10\x00\x00\xff\x77\x50\x33\xdb\x53\xff"
"\x51\x08\x8b\xf0\x85\xf6\x0f\x84\x3d\x02\x00\x00\xff\x77\x54\x8b\x45\xfc\xff\x75\xf4\x56\xff\x50\x18\x8b\x7e\x3c\x33\xc0"
"\x03\xfe\x89\x5d\xf0\x89\x7d\xec\x66\x3b\x47\x06\x73\x58\x8b\x5d\xf4\x8d\x87\x08\x01\x00\x00\x89\x45\xf8\x8b\x48\xfc\x85"
"\xc9\x74\x2b\x03\xce\x83\x38\x00\x74\x11\xff\x30\x8b\x40\x04\x03\xc3\x50\x8b\x45\xfc\x51\xff\x50\x18\xeb\x10\x83\x7f\x38"
"\x00\x76\x0d\xff\x77\x38\x8b\x45\xfc\x51\xff\x50\x14\x8b\x45\xf8\x8b\x4d\xf0\x83\xc0\x28\x89\x45\xf8\x41\x0f\xb7\x47\x06"
"\x3b\xc8\x89\x4d\xf0\x8b\x45\xf8\x7c\xb6\x33\xdb\x8b\x87\xa0\x00\x00\x00\x85\xc0\x74\x60\x39\x9f\xa4\x00\x00\x00\x74\x58"
"\x8d\x0c\x30\xeb\x45\x8d\x42\xf8\x89\x5d\xf4\xd1\xe8\x89\x45\xf8\x85\xc0\x7e\x31\x0f\xb7\x54\x59\x08\x8b\xc2\xc7\x45\xf4"
"\x00\x30\x00\x00\x25\x00\xf0\x00\x00\x66\x3b\x45\xf4\x75\x10\x81\xe2\xff\x0f\x00\x00\x8b\xc6\x03\x11\x2b\x47\x34\x01\x04"
"\x32\x43\x3b\x5d\xf8\x7c\xd1\x33\xdb\x8b\x45\xf0\x03\x08\x8d\x41\x04\x8b\x10\x89\x45\xf0\x8b\x01\x03\xc2\x75\xad\x8b\x87"
"\x80\x00\x00\x00\x85\xc0\x74\x7f\x39\x9f\x84\x00\x00\x00\x74\x77\x03\xc6\xeb\x69\x03\xc6\x50\x8b\x45\xfc\xff\x50\x04\x89"
"\x45\xe8\x85\xc0\x0f\x84\x22\x01\x00\x00\x8b\x45\xf8\x8b\x08\x85\xc9\x75\x03\x8b\x48\x10\x8b\x50\x10\x03\xce\x89\x4d\xf0"
"\x03\xd6\x89\x55\xf4\x8b\x09\x85\xc9\x74\x33\x8b\x5d\xfc\x8b\xfa\x79\x05\x0f\xb7\xc1\xeb\x05\x8d\x46\x02\x03\xc1\x50\xff"
"\x75\xe8\xff\x13\x89\x07\x83\xc7\x04\x8b\x45\xf0\x83\xc0\x04\x89\x45\xf0\x8b\x08\x85\xc9\x75\xda\x8b\x7d\xec\x33\xdb\x8b"
"\x45\xf8\x83\xc0\x14\x89\x45\xf8\x8b\x40\x0c\x85\xc0\x75\x8d\x8b\x8f\xc0\x00\x00\x00\x85\xc9\x74\x3f\x8b\x4c\x31\x0c\x33"
"\xd2\x6a\x03\x58\x2b\xc1\x89\x4d\xf0\xc1\xe8\x02\x85\xc9\x89\x5d\xf4\x0f\x45\xc2\x89\x45\xe8\x85\xc0\x74\x1f\x8b\xf8\x53"
"\x6a\x01\x56\xff\x11\x8b\x4d\xf0\x8b\x45\xf4\x83\xc1\x04\x40\x89\x4d\xf0\x89\x45\xf4\x3b\xc7\x75\xe6\x8b\x7d\xec\x8b\x47"
"\x28\x03\xc6\x74\x08\xff\x75\x08\x6a\x01\x56\xff\xd0\x83\x7d\x0c\x00\x0f\x84\x8d\x00\x00\x00\x8b\x45\x10\x85\xc0\x0f\x84"
"\x82\x00\x00\x00\x89\x18\x8b\x47\x78\x85\xc0\x74\x79\x39\x5f\x7c\x74\x74\x39\x5c\x30\x18\x74\x6e\x8b\x4c\x30\x1c\x8b\x54"
"\x30\x20\x03\xce\x89\x4d\xf4\x03\xd6\x8b\x4c\x30\x24\x03\xce\x89\x55\xec\x89\x4d\xf0\x39\x5c\x30\x14\x76\x4d\x8b\xf8\x8b"
"\x04\x9a\xff\x75\x0c\x03\xc6\x50\x8b\x45\xfc\xff\x50\x10\x85\xc0\x74\x24\x8b\x55\xec\x43\x3b\x5c\x37\x14\x72\xe3\xeb\x2c"
"\x8b\x45\xfc\x68\x00\x40\x00\x00\xff\x77\x50\x56\xff\x50\x0c\x33\xc0\x5f\x5e\x5b\x8b\xe5\x5d\xc3\x8b\x45\xf0\x8b\x4d\xf4"
"\x0f\xb7\x04\x58\x8b\x04\x81\x8b\x4d\x10\x03\xc6\x89\x01\x33\xc0\x40\xeb\xe0\x55\x8b\xec\x83\xec\x24\x53\x56\x57\x8d\x4d"
"\xdc\xe8\x71\xfc\xff\xff\xe8\x4f\xfc\xff\xff\x83\x65\xfc\x00\x8b\xf0\x81\xc6\xfe\x14\x2f\x01\x33\xdb\x8b\x7e\x0d\x8b\x46"
"\x01\x03\xfe\x85\xc0\x74\x3a\x6a\x04\x68\x00\x10\x00\x00\xff\x76\x05\x03\xc6\x53\x89\x45\xf8\xff\x55\xe4\x8b\xd8\x85\xdb"
"\x75\x04\x33\xc0\xeb\x5f\xff\x76\x05\x53\xff\x76\x09\x57\xff\x55\xf8\x83\xc4\x10\x83\xf8\xff\x74\x20\x3b\x46\x05\x75\x1b"
"\x8b\xfb\x33\xdb\x43\x80\x3e\x00\x8d\x45\xfc\x50\x8b\xd7\x8d\x4d\xdc\x8d\x46\x11\x75\x13\x6a\x00\x50\xeb\x11\x68\x00\x40"
"\x00\x00\xff\x76\x05\x53\xff\x55\xe8\xeb\xbb\x50\x6a\x00\xe8\x9e\xfc\xff\xff\x83\xc4\x0c\x85\xdb\x74\x0c\x68\x00\x40\x00"
"\x00\xff\x76\x05\x57\xff\x55\xe8\x8b\x45\xfc\x5f\x5e\x5b\x8b\xe5\x5d\xc3"
};
static char shellcode_main_x64[1544] = {
"\xe9\x43\x04\x00\x00\xcc\xcc\xcc\x48\x8b\xc4\x48\x89\x58\x08\x48\x89\x68\x10\x48\x89\x70\x18\x48\x89\x78\x20\x41\x56\x48"
"\x83\xec\x20\x48\x63\x41\x3c\x4c\x8b\xc9\x49\x8b\xd8\x8b\x8c\x08\x88\x00\x00\x00\x8b\xea\x85\xc9\x74\x6a\x42\x83\xbc\x08"
"\x8c\x00\x00\x00\x00\x74\x5f\x49\x8d\x04\x09\x44\x8b\x58\x18\x45\x85\xdb\x74\x52\x44\x8b\x40\x20\x8b\x78\x1c\x8b\x70\x24"
"\x4d\x03\xc1\x49\x03\xf9\x49\x03\xf1\x33\xd2\x45\x85\xdb\x74\x38\x45\x8b\x10\x4d\x03\xd1\x33\xc9\x41\x8a\x02\x4d\x8b\xf2"
"\xeb\x11\x69\xc9\x83\x00\x00\x00\x0f\xbe\xc0\x03\xc8\x49\xff\xc6\x41\x8a\x06\x84\xc0\x75\xeb\x0f\xba\xf1\x1f\x3b\xcd\x74"
"\x28\xff\xc2\x49\x83\xc0\x04\x41\x3b\xd3\x72\xc8\x33\xc0\x48\x8b\x5c\x24\x30\x48\x8b\x6c\x24\x38\x48\x8b\x74\x24\x40\x48"
"\x8b\x7c\x24\x48\x48\x83\xc4\x20\x41\x5e\xc3\x48\x85\xdb\x75\x0c\x0f\xb7\x0c\x56\x8b\x04\x8f\x49\x03\xc1\xeb\xd4\x49\x8b"
"\xd2\x49\x8b\xc9\xff\xd3\xeb\xca\xcc\xcc\x48\x8b\xc4\x48\x89\x58\x08\x48\x89\x68\x10\x48\x89\x70\x18\x4c\x89\x48\x20\x57"
"\x41\x54\x41\x55\x41\x56\x41\x57\x48\x83\xec\x20\xb8\x4d\x5a\x00\x00\x4d\x8b\xf9\x4d\x8b\xe0\x48\x8b\xf2\x4c\x8b\xe9\x66"
"\x39\x02\x0f\x85\xfa\x02\x00\x00\x48\x63\x7a\x3c\x48\x03\xfa\x81\x3f\x50\x45\x00\x00\x0f\x85\xe7\x02\x00\x00\xb8\x64\x86"
"\x00\x00\x66\x39\x47\x04\x0f\x85\xd8\x02\x00\x00\xb8\x0b\x02\x00\x00\x66\x39\x47\x18\x0f\x85\xc9\x02\x00\x00\x8b\x57\x50"
"\x33\xc9\x41\xb8\x00\x10\x00\x00\x44\x8d\x49\x40\x41\xff\x55\x10\x48\x8b\xd8\x33\xc0\x48\x85\xdb\x0f\x84\xaa\x02\x00\x00"
"\x44\x8b\x47\x54\x48\x8b\xd6\x48\x8b\xcb\x41\xff\x55\x30\x48\x63\x7b\x3c\x45\x33\xdb\x48\x03\xfb\x41\x8b\xeb\x66\x44\x3b"
"\x5f\x06\x73\x47\x4c\x8d\xb7\x18\x01\x00\x00\x45\x39\x5e\xfc\x74\x2c\x41\x8b\x4e\xfc\x48\x03\xcb\x45\x39\x1e\x74\x10\x41"
"\x8b\x56\x04\x45\x8b\x06\x48\x03\xd6\x41\xff\x55\x30\xeb\x0d\x44\x39\x5f\x38\x76\x0a\x8b\x57\x38\x41\xff\x55\x28\x45\x33"
"\xdb\x0f\xb7\x47\x06\xff\xc5\x49\x83\xc6\x28\x3b\xe8\x7c\xc0\x8b\x87\xb0\x00\x00\x00\x85\xc0\x0f\x84\xb2\x00\x00\x00\x44"
"\x39\x9f\xb4\x00\x00\x00\x0f\x84\xa5\x00\x00\x00\x48\x8d\x14\x03\x44\x8b\x4a\x04\x8b\x0a\x41\x03\xc9\x0f\x84\x92\x00\x00"
"\x00\xbe\x00\xf0\x00\x00\xbd\xff\x0f\x00\x00\x41\x8b\xc1\x4d\x8b\xc3\x48\x83\xe8\x08\x48\xd1\xe8\x4c\x63\xd0\x85\xc0\x7e"
"\x5f\x46\x0f\xb7\x4c\x42\x08\xb9\x00\x30\x00\x00\x41\x0f\xb7\xc1\x66\x23\xc6\x66\x3b\xc1\x75\x13\x8b\x0a\x4c\x23\xcd\x4a"
"\x8d\x04\x0b\x48\x03\xc8\x8b\xc3\x2b\x47\x30\x01\x01\x46\x0f\xb7\x4c\x42\x08\xb9\x00\xa0\x00\x00\x41\x0f\xb7\xc1\x66\x23"
"\xc6\x66\x3b\xc1\x75\x16\x8b\x0a\x4c\x23\xcd\x4a\x8d\x04\x0b\x48\x03\xc8\x48\x8b\xc3\x48\x2b\x47\x30\x48\x01\x01\x49\xff"
"\xc0\x4d\x3b\xc2\x7c\xa1\x8b\x42\x04\x48\x03\xd0\x44\x8b\x4a\x04\x8b\x0a\x41\x03\xc9\x0f\x85\x78\xff\xff\xff\x8b\x87\x90"
"\x00\x00\x00\x85\xc0\x0f\x84\x90\x00\x00\x00\x44\x39\x9f\x94\x00\x00\x00\x0f\x84\x83\x00\x00\x00\x48\x8d\x34\x03\x8b\x46"
"\x0c\x85\xc0\x74\x78\x8b\xc8\x48\x03\xcb\x41\xff\x55\x08\x45\x33\xdb\x48\x8b\xe8\x48\x85\xc0\x0f\x84\x31\x01\x00\x00\x8b"
"\x0e\x85\xc9\x75\x03\x8b\x4e\x10\x44\x8b\x7e\x10\x44\x8b\xf1\x4c\x03\xf3\x4c\x03\xfb\xeb\x30\x48\xb9\x00\x00\x00\x00\x00"
"\x00\x00\x80\x48\x85\xc1\x74\x05\x0f\xb7\xd0\xeb\x07\x48\x8d\x53\x02\x48\x03\xd0\x48\x8b\xcd\x41\xff\x55\x00\x49\x83\xc6"
"\x08\x49\x89\x07\x49\x83\xc7\x08\x45\x33\xdb\x49\x8b\x06\x48\x85\xc0\x75\xc8\x8b\x46\x20\x48\x83\xc6\x14\x85\xc0\x75\x8d"
"\x4c\x8b\x7c\x24\x68\x8b\x87\xd0\x00\x00\x00\x85\xc0\x74\x39\x48\x8b\x6c\x18\x18\xbe\x07\x00\x00\x00\x4d\x8b\xf3\x48\x2b"
"\xf5\x48\xc1\xee\x03\x48\x85\xed\x49\x0f\x45\xf3\x48\x85\xf6\x74\x19\x45\x33\xc0\x48\x8b\xcb\x41\x8d\x50\x01\xff\x55\x00"
"\x49\xff\xc6\x48\x8d\x6d\x08\x4c\x3b\xf6\x75\xe7\x8b\x47\x28\x48\x03\xc3\x74\x0d\x4d\x8b\xc4\xba\x01\x00\x00\x00\x48\x8b"
"\xcb\xff\xd0\x33\xc0\x4d\x85\xff\x0f\x84\xae\x00\x00\x00\x4c\x8b\x74\x24\x70\x4d\x85\xf6\x0f\x84\xa0\x00\x00\x00\x8b\x8f"
"\x88\x00\x00\x00\x49\x89\x06\x85\xc9\x0f\x84\x8f\x00\x00\x00\x39\x87\x8c\x00\x00\x00\x0f\x84\x83\x00\x00\x00\x48\x8d\x3c"
"\x0b\x39\x47\x18\x74\x7a\x44\x8b\x67\x20\x8b\x6f\x1c\x44\x8b\x7f\x24\x4c\x03\xe3\x48\x03\xeb\x4c\x03\xfb\x8b\xf0\x39\x47"
"\x14\x76\x5f\x48\x8b\x54\x24\x68\x8b\xc6\x41\x8b\x0c\x84\x48\x03\xcb\x41\xff\x55\x20\x85\xc0\x74\x38\xff\xc6\x3b\x77\x14"
"\x72\xe3\xeb\x40\x8b\x57\x50\x41\xb8\x00\x40\x00\x00\x48\x8b\xcb\x41\xff\x55\x18\x33\xc0\x48\x8b\x5c\x24\x50\x48\x8b\x6c"
"\x24\x58\x48\x8b\x74\x24\x60\x48\x83\xc4\x20\x41\x5f\x41\x5e\x41\x5d\x41\x5c\x5f\xc3\x8b\xc6\x41\x0f\xb7\x0c\x47\x8b\x44"
"\x8d\x00\x48\x03\xc3\x49\x89\x06\xb8\x01\x00\x00\x00\xeb\xcb\xcc\x48\x89\x5c\x24\x18\x48\x89\x74\x24\x20\x55\x57\x41\x54"
"\x41\x56\x41\x57\x48\x8b\xec\x48\x83\xec\x70\x65\x48\x8b\x04\x25\x60\x00\x00\x00\x45\x33\xc0\xba\x54\xb8\xb9\x1a\x48\x8b"
"\x48\x18\x48\x8b\x41\x30\x48\x8b\x08\x48\x8b\x01\x48\x8b\x58\x10\x48\x8b\xcb\xe8\x7c\xfb\xff\xff\xba\x78\x1f\x20\x7f\x48"
"\x8b\xcb\x4c\x8b\xc0\x48\x8b\xf0\x48\x89\x45\xc0\xe8\x65\xfb\xff\xff\x4c\x8b\xc6\xba\x62\x34\x89\x5e\x48\x8b\xcb\x48\x8b"
"\xf8\x48\x89\x45\xc8\xe8\x4e\xfb\xff\xff\x4c\x8b\xc6\xba\x73\x80\x48\x06\x48\x8b\xcb\x4c\x8b\xf0\x48\x89\x45\xd0\xe8\x37"
"\xfb\xff\xff\x4c\x8b\xc6\xba\xa5\xf2\x5c\x70\x48\x8b\xcb\x4c\x8b\xf8\x48\x89\x45\xd8\xe8\x20\xfb\xff\xff\x48\x8d\x4d\x30"
"\xc7\x45\x30\x6e\x74\x64\x6c\x48\x89\x45\xe0\x66\xc7\x45\x34\x6c\x00\xff\xd7\x4c\x8b\xc6\xba\xcb\x79\xb5\x0d\x48\x8b\xc8"
"\x48\x8b\xd8\xe8\xf6\xfa\xff\xff\x4c\x8b\xc6\xba\xc0\xe9\x18\x15\x48\x8b\xcb\x48\x89\x45\xe8\xe8\xe2\xfa\xff\xff\x48\x83"
"\x65\x38\x00\x48\x8d\x1d\xd6\x00\x00\x00\x8b\x7b\x0d\x33\xf6\x48\x89\x45\xf0\x48\x03\xfb\x39\x73\x01\x74\x4a\x44\x8b\x63"
"\x01\x8b\x53\x05\x44\x8d\x4e\x04\x33\xc9\x41\xb8\x00\x10\x00\x00\x4c\x03\xe3\x41\xff\xd6\x4c\x8b\xf0\x48\x85\xc0\x75\x07"
"\x33\xc0\xe9\x82\x00\x00\x00\x44\x8b\x4b\x05\x8b\x53\x09\x4c\x8b\xc0\x48\x8b\xcf\x41\xff\xd4\x83\xf8\xff\x74\x20\x3b\x43"
"\x05\x75\x1b\x49\x8b\xfe\xbe\x01\x00\x00\x00\x80\x3b\x00\x75\x1f\x48\x85\xff\x74\x3f\x4c\x8d\x43\x11\x45\x33\xc9\xeb\x1d"
"\x8b\x53\x05\x41\xb8\x00\x40\x00\x00\x49\x8b\xce\x41\xff\xd7\xeb\xb3\x48\x85\xff\x74\x20\x4c\x8d\x4b\x11\x45\x33\xc0\x48"
"\x8d\x45\x38\x48\x8d\x4d\xc0\x48\x8b\xd7\x48\x89\x44\x24\x20\xe8\x0a\xfb\xff\xff\x4c\x8b\x7d\xd8\x85\xf6\x74\x0f\x8b\x53"
"\x05\x41\xb8\x00\x40\x00\x00\x48\x8b\xcf\x41\xff\xd7\x48\x8b\x45\x38\x4c\x8d\x5c\x24\x70\x49\x8b\x5b\x40\x49\x8b\x73\x48"
"\x49\x8b\xe3\x41\x5f\x41\x5e\x41\x5c\x5f\x5d\xc3\xcc\xcc"
};
static char shellcode_aplib_x86[720] = {
"\x55\x8b\xec\x51\xff\x75\x10\x8b\x4d\x08\xe8\x71\x00\x00\x00\x83\xc4\x08\x5d\xc3\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc"
"\xcc\xcc\x56\x8b\xf1\x57\xbf\x01\x00\x00\x00\x8b\x46\x0c\x8b\x56\x08\x90\x8b\xc8\x48\x85\xc9\x75\x0b\x8b\x06\x0f\xb6\x10"
"\x40\x89\x06\x8d\x41\x07\x8b\xca\x03\xd2\xc1\xe9\x07\x83\xe1\x01\x8d\x3c\x79\x8b\xc8\x48\x85\xc9\x75\x0b\x8b\x06\x0f\xb6"
"\x10\x40\x89\x06\x8d\x41\x07\x8b\xca\x03\xd2\xc1\xe9\x07\x83\xe1\x01\x75\xc3\x89\x46\x0c\x8b\xc7\x5f\x89\x56\x08\x5e\xc3"
"\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\x55\x8b\xec\x83\xe4\xf8\x83\xec\x24\x8b\x55\x08\x8a\x01\x53\x56\x33\xf6\x88\x02\x42\x89"
"\x74\x24\x0c\x83\xcb\xff\x89\x74\x24\x14\x41\x89\x5c\x24\x10\x57\x8b\x7c\x24\x28\x89\x54\x24\x0c\x89\x54\x24\x24\x89\x4c"
"\x24\x20\x8b\xc6\x4e\x85\xc0\x75\x0b\x0f\xb6\x39\x8d\x70\x07\x41\x89\x4c\x24\x20\x8b\xc7\x03\xff\xc1\xe8\x07\x83\xe0\x01"
"\x0f\x84\xb4\x01\x00\x00\x8b\xc6\x4e\x89\x74\x24\x2c\x85\xc0\x75\x11\x0f\xb6\x39\xbe\x07\x00\x00\x00\x41\x89\x74\x24\x2c"
"\x89\x4c\x24\x20\x8b\xc7\x03\xff\xc1\xe8\x07\x89\x7c\x24\x28\x83\xe0\x01\x0f\x84\xd1\x00\x00\x00\x8b\xc6\x4e\x85\xc0\x75"
"\x0b\x0f\xb6\x39\x8d\x70\x07\x41\x89\x4c\x24\x20\x8b\xc7\x03\xff\xc1\xe8\x07\x89\x7c\x24\x1c\x83\xe0\x01\x74\x47\x33\xdb"
"\x8d\x53\x04\x90\x8b\xc6\x4e\x85\xc0\x75\x07\x0f\xb6\x39\x8d\x70\x07\x41\x8b\xc7\x03\xff\xc1\xe8\x07\x83\xe0\x01\x8d\x1c"
"\x58\x4a\x75\xe2\x8b\x54\x24\x0c\x89\x4c\x24\x20\x85\xdb\x74\x0e\x8b\xc2\x2b\xc3\x8a\x00\x88\x02\x42\xe9\x2e\x01\x00\x00"
"\xc6\x02\x00\x42\xe9\x25\x01\x00\x00\x0f\xb6\x19\x41\x8b\xc3\x89\x4c\x24\x20\x83\xe0\x01\x83\xc0\x02\xd1\xeb\x89\x44\x24"
"\x10\x89\x5c\x24\x14\x74\x37\x85\xc0\x74\x3b\x8b\xda\x8b\xf8\x2b\x5c\x24\x14\x8d\xa4\x24\x00\x00\x00\x00\x8a\x03\x8d\x5b"
"\x01\x88\x02\x42\x89\x54\x24\x24\x4f\x75\xf1\x8b\x7c\x24\x1c\x89\x54\x24\x0c\xc7\x44\x24\x10\x01\x00\x00\x00\xe9\xe2\x00"
"\x00\x00\xc7\x44\x24\x18\x01\x00\x00\x00\xc7\x44\x24\x10\x01\x00\x00\x00\xe9\xcd\x00\x00\x00\x8d\x4c\x24\x20\xe8\x3e\xfe"
"\xff\xff\x83\x7c\x24\x10\x00\x75\x32\x83\xf8\x02\x75\x28\x8d\x4c\x24\x20\xe8\x29\xfe\xff\xff\x8b\x54\x24\x24\x8b\xf0\x85"
"\xf6\x74\x75\x8b\xca\x2b\xcb\x8a\x01\x8d\x49\x01\x88\x02\x42\x89\x54\x24\x24\x4e\x75\xf1\xeb\x60\x83\xe8\x03\xeb\x03\x83"
"\xe8\x02\x8b\x4c\x24\x20\x8b\xd8\xc1\xe3\x08\x0f\xb6\x01\x41\x03\xd8\x89\x4c\x24\x20\x8d\x4c\x24\x20\x89\x5c\x24\x14\xe8"
"\xe2\xfd\xff\xff\x81\xfb\x00\x7d\x00\x00\x72\x01\x40\x81\xfb\x00\x05\x00\x00\x72\x01\x40\x81\xfb\x80\x00\x00\x00\x73\x03"
"\x83\xc0\x02\x8b\x54\x24\x24\x85\xc0\x74\x13\x8b\xf2\x2b\xf3\x8a\x0e\x8d\x76\x01\x88\x0a\x42\x89\x54\x24\x24\x48\x75\xf1"
"\x8b\x74\x24\x2c\x8b\x7c\x24\x28\x8b\x4c\x24\x20\xc7\x44\x24\x10\x01\x00\x00\x00\xeb\x16\x8a\x01\x88\x02\x42\x41\x89\x4c"
"\x24\x20\xc7\x44\x24\x10\x00\x00\x00\x00\x89\x54\x24\x24\x89\x54\x24\x0c\x83\x7c\x24\x18\x00\x8b\x5c\x24\x14\x0f\x84\x01"
"\xfe\xff\xff\x2b\x55\x08\x5f\x5e\x8b\xc2\x5b\x8b\xe5\x5d\xc3\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc"
};
static char shellcode_aplib_x64[720] = {
"\xe9\x0b\x00\x00\x00\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\x48\x89\x5c\x24\x08\x48\x89\x74\x24\x10\x57\x48\x83\xec"
"\x20\x0f\xb6\x11\x49\x8b\xf0\x33\xc0\x83\xcb\xff\x45\x33\xdb\x4d\x8d\x50\x01\x41\x88\x10\x44\x8b\x44\x24\x10\x4c\x8d\x49"
"\x01\x33\xff\x90\x8b\xc8\xff\xc8\x85\xc9\x75\x0a\x45\x0f\xb6\x01\x49\xff\xc1\x8d\x41\x07\x41\x8b\xc8\x45\x03\xc0\xc1\xe9"
"\x07\x83\xe1\x01\x0f\x84\x34\x02\x00\x00\x8b\xc8\xff\xc8\x85\xc9\x75\x0a\x45\x0f\xb6\x01\x49\xff\xc1\x8d\x41\x07\x41\x8b"
"\xc8\x45\x03\xc0\xc1\xe9\x07\x83\xe1\x01\x0f\x84\xb1\x00\x00\x00\x8b\xc8\xff\xc8\x85\xc9\x75\x0a\x45\x0f\xb6\x01\x49\xff"
"\xc1\x8d\x41\x07\x41\x8b\xc8\x45\x03\xc0\xc1\xe9\x07\x83\xe1\x01\x74\x4b\x33\xd2\x44\x8d\x5a\x04\x66\x90\x8b\xc8\xff\xc8"
"\x85\xc9\x75\x0a\x45\x0f\xb6\x01\x49\xff\xc1\x8d\x41\x07\x41\x8b\xc8\x45\x03\xc0\xc1\xe9\x07\x83\xe1\x01\x8d\x14\x51\x41"
"\xff\xcb\x75\xda\x85\xd2\x74\x10\x8b\xca\x49\x8b\xd2\x48\x2b\xd1\x0f\xb6\x0a\xe9\xb5\x01\x00\x00\x41\xc6\x02\x00\xe9\xaf"
"\x01\x00\x00\x41\x0f\xb6\x19\x49\xff\xc1\x8b\xd3\x83\xe2\x01\x83\xc2\x02\xd1\xeb\x74\x23\x85\xd2\x74\x24\x44\x8b\xdb\x49"
"\xf7\xdb\x43\x0f\xb6\x0c\x13\x49\xff\xc2\x41\x88\x4a\xff\xff\xca\x75\xf0\x44\x8d\x5a\x01\xe9\x7f\x01\x00\x00\xbf\x01\x00"
"\x00\x00\x41\xbb\x01\x00\x00\x00\xe9\x6f\x01\x00\x00\xba\x01\x00\x00\x00\x66\x90\x8b\xc8\xff\xc8\x85\xc9\x75\x0a\x45\x0f"
"\xb6\x01\x49\xff\xc1\x8d\x41\x07\x41\x8b\xc8\x45\x03\xc0\xc1\xe9\x07\x83\xe1\x01\x8d\x14\x51\x8b\xc8\xff\xc8\x85\xc9\x75"
"\x0a\x45\x0f\xb6\x01\x49\xff\xc1\x8d\x41\x07\x41\x8b\xc8\x45\x03\xc0\xc1\xe9\x07\x83\xe1\x01\x75\xbf\x45\x85\xdb\x75\x78"
"\x83\xfa\x02\x75\x6e\x8d\x51\x01\x66\x90\x8b\xc8\xff\xc8\x85\xc9\x75\x0a\x45\x0f\xb6\x01\x49\xff\xc1\x8d\x41\x07\x41\x8b"
"\xc8\x45\x03\xc0\xc1\xe9\x07\x83\xe1\x01\x8d\x14\x51\x8b\xc8\xff\xc8\x85\xc9\x75\x0a\x45\x0f\xb6\x01\x49\xff\xc1\x8d\x41"
"\x07\x41\x8b\xc8\x45\x03\xc0\xc1\xe9\x07\x83\xe1\x01\x75\xbf\x85\xd2\x0f\x84\xb7\x00\x00\x00\x44\x8b\xdb\x49\xf7\xdb\x90"
"\x43\x0f\xb6\x0c\x13\x49\xff\xc2\x41\x88\x4a\xff\xff\xca\x75\xf0\x44\x8d\x5a\x01\xe9\xaf\x00\x00\x00\x8d\x5a\xfd\xeb\x03"
"\x8d\x5a\xfe\x41\x0f\xb6\x09\xc1\xe3\x08\xba\x01\x00\x00\x00\x03\xd9\x49\xff\xc1\x8b\xc8\xff\xc8\x85\xc9\x75\x0a\x45\x0f"
"\xb6\x01\x49\xff\xc1\x8d\x41\x07\x41\x8b\xc8\x45\x03\xc0\xc1\xe9\x07\x83\xe1\x01\x8d\x14\x51\x8b\xc8\xff\xc8\x85\xc9\x75"
"\x0a\x45\x0f\xb6\x01\x49\xff\xc1\x8d\x41\x07\x41\x8b\xc8\x45\x03\xc0\xc1\xe9\x07\x83\xe1\x01\x75\xbf\x81\xfb\x00\x7d\x00"
"\x00\x72\x02\xff\xc2\x81\xfb\x00\x05\x00\x00\x72\x02\xff\xc2\x81\xfb\x80\x00\x00\x00\x73\x03\x83\xc2\x02\x85\xd2\x74\x1a"
"\x44\x8b\xdb\x49\xf7\xdb\x0f\x1f\x40\x00\x43\x0f\xb6\x0c\x13\x49\xff\xc2\x41\x88\x4a\xff\xff\xca\x75\xf0\x41\xbb\x01\x00"
"\x00\x00\xeb\x10\x41\x0f\xb6\x09\x49\xff\xc1\x41\x88\x0a\x49\xff\xc2\x45\x33\xdb\x85\xff\x0f\x84\x90\xfd\xff\xff\x48\x8b"
"\x5c\x24\x30\x4c\x2b\xd6\x48\x8b\x74\x24\x38\x41\x8b\xc2\x48\x83\xc4\x20\x5f\xc3\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc"
};
static char shellcode_ntdll_x86[368] = {
"\x55\x8b\xec\xff\x75\x14\x8b\x55\x0c\xff\x75\x10\x8b\x4d\x08\xe8\xbc\x00\x00\x00\x83\xc4\x08\x5d\xc3\x55\x8b\xec\x83\xec"
"\x18\x53\x56\x8b\x71\x3c\x57\x89\x55\xf4\x8b\x44\x0e\x78\x85\xc0\x74\x6d\x83\x7c\x0e\x7c\x00\x74\x66\x8b\x5c\x08\x18\x89"
"\x5d\xf8\x85\xdb\x74\x5b\x8b\x54\x08\x1c\x8b\x74\x08\x20\x03\xd1\x8b\x44\x08\x24\x03\xf1\x89\x55\xe8\x03\xc1\x33\xd2\x89"
"\x75\xf0\x89\x45\xec\x85\xdb\x74\x3a\x8b\x3c\x96\x33\xf6\x03\xf9\x89\x7d\xfc\x8a\x07\x84\xc0\x74\x17\x8b\xdf\x69\xf6\x83"
"\x00\x00\x00\x0f\xbe\xc0\x03\xf0\x43\x8a\x03\x84\xc0\x75\xee\x8b\x5d\xf8\x81\xe6\xff\xff\xff\x7f\x3b\x75\xf4\x74\x11\x8b"
"\x75\xf0\x42\x3b\xd3\x72\xc6\x33\xc0\x5f\x5e\x5b\x8b\xe5\x5d\xc3\x83\x7d\x08\x00\x75\x11\x8b\x45\xec\x0f\xb7\x04\x50\x8b"
"\x55\xe8\x8b\x04\x82\x03\xc1\xeb\xe2\x57\x51\xff\x55\x08\xeb\xdb\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\x55\x8b"
"\xec\x83\xec\x10\x64\xa1\x30\x00\x00\x00\x53\x56\x57\x8b\x40\x0c\x8b\xda\x89\x4d\xfc\xba\x54\xb8\xb9\x1a\x6a\x00\x8b\x40"
"\x14\x8b\x00\x8b\x00\x8b\x70\x10\x8b\xce\xe8\x1a\xff\xff\xff\x8b\xf8\xba\x78\x1f\x20\x7f\x57\x8b\xce\xe8\x0b\xff\xff\xff"
"\x83\xc4\x08\xc7\x45\xf0\x6e\x74\x64\x6c\x8d\x4d\xf0\x66\xc7\x45\xf4\x6c\x00\x51\xff\xd0\x57\xba\x65\x62\x10\x4b\x8b\xc8"
"\xe8\xe8\xfe\xff\xff\x8b\x75\x0c\x8d\x4d\xf8\x83\xc4\x04\x51\x53\xff\x75\xfc\x56\xff\x75\x08\x68\x02\x01\x00\x00\xff\xd0"
"\x85\xc0\x78\x0e\x39\x75\xf8\x75\x09\x5f\x8b\xc6\x5e\x5b\x8b\xe5\x5d\xc3\x5f\x5e\x83\xc8\xff\x5b\x8b\xe5\x5d\xc3\xcc\xcc"
"\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc"
};
static char shellcode_ntdll_x64[448] = {
"\xe9\xdb\x00\x00\x00\xcc\xcc\xcc\x48\x8b\xc4\x48\x89\x58\x08\x48\x89\x68\x10\x48\x89\x70\x18\x48\x89\x78\x20\x41\x56\x48"
"\x83\xec\x20\x48\x63\x41\x3c\x4c\x8b\xc9\x49\x8b\xd8\x8b\x8c\x08\x88\x00\x00\x00\x8b\xea\x85\xc9\x74\x6a\x42\x83\xbc\x08"
"\x8c\x00\x00\x00\x00\x74\x5f\x49\x8d\x04\x09\x44\x8b\x58\x18\x45\x85\xdb\x74\x52\x44\x8b\x40\x20\x8b\x78\x1c\x8b\x70\x24"
"\x4d\x03\xc1\x49\x03\xf9\x49\x03\xf1\x33\xd2\x45\x85\xdb\x74\x38\x45\x8b\x10\x4d\x03\xd1\x33\xc9\x41\x8a\x02\x4d\x8b\xf2"
"\xeb\x11\x69\xc9\x83\x00\x00\x00\x0f\xbe\xc0\x03\xc8\x49\xff\xc6\x41\x8a\x06\x84\xc0\x75\xeb\x0f\xba\xf1\x1f\x3b\xcd\x74"
"\x28\xff\xc2\x49\x83\xc0\x04\x41\x3b\xd3\x72\xc8\x33\xc0\x48\x8b\x5c\x24\x30\x48\x8b\x6c\x24\x38\x48\x8b\x74\x24\x40\x48"
"\x8b\x7c\x24\x48\x48\x83\xc4\x20\x41\x5e\xc3\x48\x85\xdb\x75\x0c\x0f\xb7\x0c\x56\x8b\x04\x8f\x49\x03\xc1\xeb\xd4\x49\x8b"
"\xd2\x49\x8b\xc9\xff\xd3\xeb\xca\xcc\xcc\xcc\xcc\xcc\xcc\x48\x89\x5c\x24\x08\x48\x89\x6c\x24\x10\x48\x89\x74\x24\x18\x57"
"\x41\x56\x41\x57\x48\x83\xec\x40\x65\x48\x8b\x04\x25\x60\x00\x00\x00\x4d\x8b\xf0\x8b\xf2\x4c\x8b\x50\x18\x48\x8b\xe9\x45"
"\x33\xc0\x49\x8b\x42\x30\xba\x54\xb8\xb9\x1a\x45\x8b\xf9\x4c\x8b\x10\x49\x8b\x02\x48\x8b\x58\x10\x48\x8b\xcb\xe8\xda\xfe"
"\xff\xff\xba\x78\x1f\x20\x7f\x48\x8b\xcb\x4c\x8b\xc0\x48\x8b\xf8\xe8\xc7\xfe\xff\xff\x48\x8d\x4c\x24\x34\xc7\x44\x24\x34"
"\x6e\x74\x64\x6c\x66\xc7\x44\x24\x38\x6c\x00\xff\xd0\x4c\x8b\xc7\x48\x8b\xc8\xba\x65\x62\x10\x4b\xe8\xa1\xfe\xff\xff\x48"
"\x8d\x54\x24\x30\xb9\x02\x01\x00\x00\x48\x89\x54\x24\x28\x4c\x8b\xcd\x45\x8b\xc7\x49\x8b\xd6\x89\x74\x24\x20\xff\xd0\x85"
"\xc0\x78\x0c\x44\x39\x7c\x24\x30\x75\x05\x41\x8b\xc7\xeb\x03\x83\xc8\xff\x48\x8b\x5c\x24\x60\x48\x8b\x6c\x24\x68\x48\x8b"
"\x74\x24\x70\x48\x83\xc4\x40\x41\x5f\x41\x5e\x5f\xc3\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc"
};
void *get_shellcode_main(int is_x64, int *osize) {
if (is_x64 == 0) {
*osize = sizeof(shellcode_main_x86);
return (void *)shellcode_main_x86;
}
*osize = sizeof(shellcode_main_x64);
return (void *)shellcode_main_x64;
};
void *get_shellcode_aplib(int is_x64, int *osize) {
if (is_x64 == 0) {
*osize = sizeof(shellcode_aplib_x86);
return (void *)shellcode_aplib_x86;
}
*osize = sizeof(shellcode_aplib_x64);
return (void *)shellcode_aplib_x64;
};
void *get_shellcode_ntdll(int is_x64, int *osize) {
if (is_x64 == 0) {
*osize = sizeof(shellcode_ntdll_x86);
return (void *)shellcode_ntdll_x86;
}
*osize = sizeof(shellcode_ntdll_x64);
return (void *)shellcode_ntdll_x64;
};