Win32 Message Box
Name hash module (via PEB) and API (via EAT) resolution hash - pops MessageBoxA to desktop window session
Architecture
Size
Mixed code/data
x86
545 bytes
No
Supports API Forwarding
Yes
License
Supported OS
GNU GPLv3
Windows 7 x64
Windows 8.1 x64
Windows 10 x64
Win64 WinExec
Name hash module (via PEB) and API (via EAT) resolution hash - executes notepad.exe
Architecture
Size
Mixed code/data
x64
621 bytes
No
Supports API Forwarding
Yes
License
Supported OS
GNU GPLv3
Windows 7 x64
Windows 8.1 x64
Windows 10 x64
Win64 EggHunter
Ideal for for a stage one JIT sprayed egg hunter to find and disable DEP on a stage two shellcode - used in Double Star
Architecture
Size
Mixed code/data
x64
673 bytes
No
Supports API Forwarding
Optional
License
Supported OS
GNU GPLv3
Windows 7 x64
Windows 8.1 x64
Windows 10 x64
Win32 MessageBox - EAF/EAF+ Bypass
Basic shellcode to be used in conjunction with testing advanced exploit mitigation systems such as EMET and its succesors. Utilized in conjunction with my 32-bit re-creation of CVE-2020-0674 for EAF/EAF+ bypass
Architecture
Size
Mixed code/data
x86
534 bytes
No
Supports API Forwarding
Optional
License
Supported OS
GNU GPLv3
Windows 7 x64
Windows 8.1 x64
Windows 10 x64
Win32 WinExec
Name hash module (via PEB) and API (via EAT) resolution hash - executes notepad.exe
Architecture
Size
Mixed code/data
x86
494 bytes
No
Supports API Forwarding
Yes
License
Supported OS
GNU GPLv3
Windows 7 x64
Windows 8.1 x64
Windows 10 x64
Win64 Message Box
Name hash module (via PEB) and API (via EAT) resolution hash - pops MessageBoxA to desktop window session
Architecture
Size
Mixed code/data
x64
704 bytes
No
Supports API Forwarding
Yes
License
Supported OS
GNU GPLv3
Windows 7 x64
Windows 8.1 x64
Windows 10 x64