Another shellcode?

[anasorova]

I changed the test.raw shellcode to a different one and I'm getting the same detects as with original. I noticed that, if I comment out the line memcpy(addressPointer ... ) with "unencrypted" bytes there are no detects. Do you have any ideas why it can happen with my shellcode, but not with meterpreter (as in your code)?

[GetRektBoy724]

if you're commenting the memcpy call, you will not be going to run the shellcode as the shellcode hasn't been written in the correct allocation place yet.