timwhitez starred PageSplit
2023-6-9 10:55:22 Author: github.com(查看原文) 阅读量:13 收藏

Splitting and executing shellcode across multiple pages

Target shellcode is a PopCalc by Bobby Cooke (boku).

The purpose of this PoC is to demonstrate signature evasion by allocating multiple (whole) pages for a relatively small encoded shellcode, splitting, and executing it across these pages.
Each part of the shellcode is decoded only when about to be executed and free'd immediately after.

The main caveat are RIP-relative calls and jmps, which this shellcode has only two instances of (IIRC), however, this poses a limitation on the block size the shellcode can be split into.
Of course, as this is a proof-of-concept, these limitations are not the priority.

Preview

Preview

This project is licensed under the MIT license. Copyrights are respective of each contributor listed at the beginning of each definition file.


文章来源: https://github.com/x0reaxeax/PageSplit
如有侵权请联系:admin#unsafe.sh