Request stub source code

[zhihuba]

I hope to get the stub source code to build it myself. I found stub.c in the root directory, but the result after compilation is inconsistent with the embedded result

[zhihuba]

hello I tested multiple programs but failed to meet expectations. Is it possible to provide the source code contained in the stub?

[EgeBalci]

All the source code is already available in the repository. It seems to me that you don't understand how the stub works. Once you compile the stub.c it will try to execute the last section of it's own PE file. Thus, after you compile the stub, you need to append a new section to the PE file containing the reflective payload that you want to execute.

[zhihuba]

I have already learned some knowledge about pe shells. I don’t know if there is a problem with what I understand

-Modify the new entry to the stub part stub to decrypt the packed file and then run

I tried to compile the stub manually

cd /stub
make
#Get two files stub.exe stub32.exe

-Try to replace STUB32 STUB64 in pkg/static.go -The result is that the packer failed at the end. Not working properly -These two files are inconsistent with the functions in the embedded pkg/static.go and cannot run normally. This is rather confusing to me. Check the source code and comments to get that STUB32 and STUB64 are just empty pe loader. This makes me very confused

[EgeBalci]

As I said earlier stub.c is just a PE loader that executes it's own last section. The STUB32 and STUB64 are the same, only difference is they have a extra .shlcode section at the end for easily replacing the section contents with a reflective payload. In short, after you compile the stub you need to add a extra section with name .shlcode before replacing with STUB32/STUB64.

Lastly, please do not open issues for me to explain the parts you do not understand, all the code available, you can find out yourself if you analyze it carefully :). I expect issues for fixing bugs, improvements, and feature requests.