top of page

Win32 Message Box

Name hash module (via PEB) and API (via EAT) resolution hash - pops MessageBoxA to desktop window session

Architecture

Size

Mixed code/data

x86

545 bytes

No

Supports API Forwarding

Yes

License

Supported OS

GNU GPLv3

Windows 7 x64

Windows 8.1 x64

Windows 10 x64

Github

Win64 WinExec

Name hash module (via PEB) and API (via EAT) resolution hash - executes notepad.exe

Architecture

Size

Mixed code/data

x64

 621 bytes

No

Supports API Forwarding

Yes

License

Supported OS

GNU GPLv3

Windows 7 x64

Windows 8.1 x64

Windows 10 x64

Github

Win64 EggHunter

Ideal for for a stage one JIT sprayed egg hunter to find and disable DEP on a stage two shellcode - used in Double Star

Architecture

Size

Mixed code/data

x64

673 bytes

No

Supports API Forwarding

Optional

License

Supported OS

GNU GPLv3

Windows 7 x64

Windows 8.1 x64

Windows 10 x64

Github

Win32 MessageBox - EAF/EAF+ Bypass

Basic shellcode to be used in conjunction with testing advanced exploit mitigation systems such as EMET and its succesors. Utilized in conjunction with my 32-bit re-creation of CVE-2020-0674 for EAF/EAF+ bypass

Architecture

Size

Mixed code/data

x86

534 bytes

No

Supports API Forwarding

Optional

License

Supported OS

GNU GPLv3

Windows 7 x64

Windows 8.1 x64

Windows 10 x64

Github

Win32 WinExec

Name hash module (via PEB) and API (via EAT) resolution hash - executes notepad.exe

Architecture

Size

Mixed code/data

x86

494 bytes

No

Supports API Forwarding

Yes

License

Supported OS

GNU GPLv3

Windows 7 x64

Windows 8.1 x64

Windows 10 x64

Github

Win64 Message Box

Name hash module (via PEB) and API (via EAT) resolution hash - pops MessageBoxA to desktop window session

Architecture

Size

Mixed code/data

x64

704 bytes

No

Supports API Forwarding

Yes

License

Supported OS

GNU GPLv3

Windows 7 x64

Windows 8.1 x64

Windows 10 x64

Github
bottom of page