{"id":13840485,"url":"https://github.com/EddieIvan01/gld","last_synced_at":"2025-07-11T07:34:11.685Z","repository":{"id":105863853,"uuid":"260166486","full_name":"EddieIvan01/gld","owner":"EddieIvan01","description":"Go shellcode LoaDer","archived":true,"fork":false,"pushed_at":"2021-01-30T09:49:47.000Z","size":23,"stargazers_count":171,"open_issues_count":1,"forks_count":53,"subscribers_count":4,"default_branch":"master","last_synced_at":"2024-08-05T17:25:08.406Z","etag":null,"topics":["bypass","shellcode-loader","windows"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/EddieIvan01.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2020-04-30T09:19:11.000Z","updated_at":"2024-08-01T14:33:49.000Z","dependencies_parsed_at":"2023-05-18T05:45:43.604Z","dependency_job_id":null,"html_url":"https://github.com/EddieIvan01/gld","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EddieIvan01%2Fgld","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EddieIvan01%2Fgld/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EddieIvan01%2Fgld/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EddieIvan01%2Fgld/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/EddieIvan01","download_url":"https://codeload.github.com/EddieIvan01/gld/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225705485,"owners_count":17511311,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bypass","shellcode-loader","windows"],"created_at":"2024-08-04T17:00:49.403Z","updated_at":"2024-11-21T09:31:40.232Z","avatar_url":"https://github.com/EddieIvan01.png","language":"Go","funding_links":[],"categories":["Go","Go (531)"],"sub_categories":[],"readme":"# Go shellcode LoaDer\n\n**This repo is a demo and lacks enough features to bypass AV/EDR. I have written a private framework with more evasion techs, it may be made public in the future**\n\n## Usage\n\nGenerate shellcode via CS/MSF first, then use gld to compile wrapped-binary:\n\n```\n./gld shellcode.bin [x64/x86]\n```\n\n## Tech\n\n### Loader\n\n+ Shellcode is encrypted via AES-GCM, it will be decrypted and loaded in runtime\n+ Use `ntdll!ZwProtectVirtualMemory` instead of `kernelbase!VirtualProtect` (bypass possible hooks) to bypass DEP \n+ Use local variable instead of string literal to pass procedure name (`string([]byte{...})`), to avoid static memory matching\n\n### Detector\n\n+ VM\n  + Check if has a blacklist MAC prefixes\n  + Check if physics memory \u003c 2GB or number of CPU cores \u003c 2 (cpuid and `GlobalMemoryStatusEx`)\n+ DBG\n  + Check if there is a debugger process (`CreateToolhelp32Snapshot`)\n  + Check if current process is being debugged by a user-mode debugger (`IsDebuggerPresent`)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FEddieIvan01%2Fgld","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FEddieIvan01%2Fgld","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FEddieIvan01%2Fgld/lists"}