Suggestion for Reducing Shellcode Size

TheWover / donut

Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters

BSD 3-Clause "New" or "Revised" License

3.53k stars 628 forks source link

Suggestion for Reducing Shellcode Size #68

Closed hlldz closed 3 years ago

hlldz commented 3 years ago

Hi,

Donut created a ~35KB shellcode for a simple .EXE using the MessageBox API. Do you have any advice to reduce shellcode size with Donut?

Sample Code:

#include <Windows.h>

int main() {
    MessageBoxA(NULL, "A", "B", MB_OK);
    return 0;
}

TheWover commented 3 years ago

Hi, @hlldz . Have you tried using the compression options available in v0.9.3?

-z	engine	Pack/Compress the input file. 1=None, 2=aPLib, 3=LZNT1, 4=Xpress, 5=Xpress Huffman. Currently, the last three are only supported on Windows.

hlldz commented 3 years ago

Hi TheWover,

I was using version 0.9.2. Upgrading to version 0.9.3 and yes, the size has been greatly reduced using the feature you mentioned.

Thank you.