Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters
I changed how the addres of DLLs and functions are found.
DLLs
Instead of just using LoadLibrary to load and get the address of all DLLs that are needed, now xGetLibAddress is used, which first searches among all already loaded DLLs, trying to find the requested DLL and only if it is not found, it loads it,
Functions
The API GetProcAddress is no longer used, now we find the address of all APIs manually (using xGetProcAddress) to avoid API hooks.
Hey there!
I changed how the addres of DLLs and functions are found.
DLLs
Instead of just using
LoadLibraryto load and get the address of all DLLs that are needed, nowxGetLibAddressis used, which first searches among all already loaded DLLs, trying to find the requested DLL and only if it is not found, it loads it,Functions
The API
GetProcAddressis no longer used, now we find the address of all APIs manually (usingxGetProcAddress) to avoid API hooks.Note: This PR is built on top of this one: https://github.com/TheWover/donut/pull/98
Cheers!