windows shellcode template that generates improved shellcode based on the project at b1tg/rust-windows-shellcode.
First of all, I am very grateful to b1tg/rust-windows-shellcode.
Because I couldn't find any other resources for doing windows shellcode in Rust.
I like Rust, so I was very impressed to be able to do this.
But, there is a problem with the b1tg/rust-windows-shellcode shellcode.
For example, when execute shellcode as a thread of a any process, the thread does not terminate normally.
Since the loop is called at the end of the main function, the shellcode goes into an infinite loop when it's done.
I wanted the shellcode to terminate the thread normally when it was done, so I decided to fork it and make an improved shellcode.
Specifically, before patching the jmp code, i added another shellcode.
This shellcode is called bootstrap code and can call a specific function correctly according to the Windows calling convention(but this is for x64),
so the thread can be terminated normally when it returns.
And Since we are assuming only 64-bit and not a 32-bit environment here, another modification is required if want to run on 32-bit.
Also, the main function can have arguments, but bootstrap code needs to be modified.
Find out more about Windows ABIs.
- x64 Windows(tested Windows 10 x64), because my bootstrap shellcode assumes x64 only
- as Option,
cargo-make
(if have, its easier to build than manually typing the command)
Feel free to edit shellcode/main.rs
and look at the Build section.
shellcode/main.rs
is almost empty. You need to edit it.
Or, example-shellcode
has sample code that calls MessageBoxW
.
So, write your own code, or rename example-shellcode
to shellcode
, or edit win-shellcode-rs/main.rs
like a this:
// let src_path = "shellcode\\target\\x86_64-pc-windows-msvc\\release\\shellcode.exe";
let src_path = "example-shellcode\\target\\x86_64-pc-windows-msvc\\release\\shellcode.exe";
then,
if have cargo-make
, just type cargo make build
if not have,
cd shellcode
cargo build --release
cd ../
cargo run
Done. will generate shellcode.bin to current place.(win-shelcode-rs\
)
Try using the shellcode runner and debugger to make sure that the original process is not affected after the shellcode is finished.
and, The console should show a nice result of disassemble :3
result of building example-shellcode
:
result of executing example-shellcode
shellcode on notepad: