diff options
Diffstat (limited to 'CodeExecution/Invoke-ReflectivePEInjection_Resources/Shellcode/x64')
4 files changed, 84 insertions, 0 deletions
diff --git a/CodeExecution/Invoke-ReflectivePEInjection_Resources/Shellcode/x64/CallDllMain.asm b/CodeExecution/Invoke-ReflectivePEInjection_Resources/Shellcode/x64/CallDllMain.asm new file mode 100644 index 0000000..02d6848 --- /dev/null +++ b/CodeExecution/Invoke-ReflectivePEInjection_Resources/Shellcode/x64/CallDllMain.asm @@ -0,0 +1,20 @@ +[SECTION .text] +global _start + +_start: + ; Get stack setup + push rbx + mov rbx, rsp + and sp, 0xff00 + + ; Call DllMain + mov rcx, 0x4141414141414141 ; DLLHandle, set by PowerShell + mov rdx, 0x1 ; PROCESS_ATTACH + mov r8, 0x0 ; NULL + mov rax, 0x4141414141414141 ; Address of DllMain, set by PS + call rax + + ; Fix stack + mov rsp, rbx + pop rbx + ret diff --git a/CodeExecution/Invoke-ReflectivePEInjection_Resources/Shellcode/x64/ExitThread.asm b/CodeExecution/Invoke-ReflectivePEInjection_Resources/Shellcode/x64/ExitThread.asm new file mode 100644 index 0000000..d16cbc9 --- /dev/null +++ b/CodeExecution/Invoke-ReflectivePEInjection_Resources/Shellcode/x64/ExitThread.asm @@ -0,0 +1,14 @@ +[SECTION .text] + +global _start + +_start: + ; Set a var to 1, let PS known exe is exiting + mov rbx, 0x4141414141414141 + mov [rbx], byte 0x01 + + ; Call exitthread instead of exitprocess + sub rsp, 0xc0 + and sp, 0xFFf0 ; Needed for stack alignment + mov rbx, 0x4141414141414141 + call rbx diff --git a/CodeExecution/Invoke-ReflectivePEInjection_Resources/Shellcode/x64/GetFuncAddress.asm b/CodeExecution/Invoke-ReflectivePEInjection_Resources/Shellcode/x64/GetFuncAddress.asm new file mode 100644 index 0000000..edeffd6 --- /dev/null +++ b/CodeExecution/Invoke-ReflectivePEInjection_Resources/Shellcode/x64/GetFuncAddress.asm @@ -0,0 +1,27 @@ +[SECTION .text] + +global _start + +_start: + ; Save state of rbx and stack + push rbx + mov rbx, rsp + + ; Set up stack for function call to GetProcAddress + sub rsp, 0x20 + and sp, 0xffc0 + + ; Call getprocaddress + mov rcx, 0x4141414141414141 ; DllHandle, set by PS + mov rdx, 0x4141414141414141 ; Ptr to FuncName string, set by PS + mov rax, 0x4141414141414141 ; GetProcAddress address, set by PS + call rax + + ; Store the result + mov rcx, 0x4141414141414141 ; Ptr to buffer to save result,set by PS + mov [rcx], rax + + ; Restore stack + mov rsp, rbx + pop rbx + ret diff --git a/CodeExecution/Invoke-ReflectivePEInjection_Resources/Shellcode/x64/LoadLibraryA.asm b/CodeExecution/Invoke-ReflectivePEInjection_Resources/Shellcode/x64/LoadLibraryA.asm new file mode 100644 index 0000000..7f16471 --- /dev/null +++ b/CodeExecution/Invoke-ReflectivePEInjection_Resources/Shellcode/x64/LoadLibraryA.asm @@ -0,0 +1,23 @@ +[SECTION .text] + +global _start + +_start: + ; Save rsp and setup stack for function call + push rbx + mov rbx, rsp + sub rsp, 0x20 + and sp, 0xffc0 + + ; Call LoadLibraryA + mov rcx, 0x4141414141414141 ; Ptr to string of library, set by PS + mov rdx, 0x4141414141414141 ; Address of LoadLibrary, set by PS + call rdx + + mov rdx, 0x4141414141414141 ; Ptr to save result, set by PS + mov [rdx], rax + + ; Fix stack + mov rsp, rbx + pop rbx + ret |