{"id":14358167,"url":"https://github.com/hasherezade/pe_to_shellcode","last_synced_at":"2025-05-15T09:04:23.902Z","repository":{"id":37431021,"uuid":"145343356","full_name":"hasherezade/pe_to_shellcode","owner":"hasherezade","description":"Converts PE into a shellcode","archived":false,"fork":false,"pushed_at":"2023-08-15T14:42:12.000Z","size":160,"stargazers_count":2510,"open_issues_count":16,"forks_count":448,"subscribers_count":54,"default_branch":"master","last_synced_at":"2025-04-07T03:17:21.843Z","etag":null,"topics":["pe-file","pe-to-shellcode","pe2shc","pe2shellcode","shellcode","shellcode-development"],"latest_commit_sha":null,"homepage":"https://www.youtube.com/watch?v=WQCiM0X11TA","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-2-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hasherezade.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2018-08-19T22:57:07.000Z","updated_at":"2025-04-07T03:11:45.000Z","dependencies_parsed_at":"2024-04-09T18:55:31.835Z","dependency_job_id":"935a424b-6991-4d4b-ba02-64f71ae6340a","html_url":"https://github.com/hasherezade/pe_to_shellcode","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hasherezade%2Fpe_to_shellcode","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hasherezade%2Fpe_to_shellcode/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hasherezade%2Fpe_to_shellcode/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hasherezade%2Fpe_to_shellcode/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hasherezade","download_url":"https://codeload.github.com/hasherezade/pe_to_shellcode/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248890783,"owners_count":21178505,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["pe-file","pe-to-shellcode","pe2shc","pe2shellcode","shellcode","shellcode-development"],"created_at":"2024-08-27T12:01:01.352Z","updated_at":"2025-04-14T13:47:53.481Z","avatar_url":"https://github.com/hasherezade.png","language":"C++","readme":"# pe_to_shellcode\n[![Build status](https://ci.appveyor.com/api/projects/status/w3dy81u0k3up7459?svg=true)](https://ci.appveyor.com/project/hasherezade/pe-to-shellcode)\n[![GitHub release](https://img.shields.io/github/release/hasherezade/pe_to_shellcode.svg)](https://github.com/hasherezade/pe_to_shellcode/releases)\n[![Github All Releases](https://img.shields.io/github/downloads/hasherezade/pe_to_shellcode/total.svg)](https://github.com/hasherezade/pe_to_shellcode/releases)\n[![Github Latest Release](https://img.shields.io/github/downloads/hasherezade/pe_to_shellcode/latest/total.svg)](https://github.com/hasherezade/pe_to_shellcode/releases)\n\nConverts PE so that it can be then injected just like a normal shellcode.\u003cbr/\u003e\n(At the same time, the output file remains to be a valid PE).\u003cbr/\u003e\n\u003cb\u003eSupports both 32 and 64 bit PEs\u003c/b\u003e\n\n*Authors: [@hasherezade](https://github.com/hasherezade) \u0026 [@hh86](https://github.com/86hh)*\n\nObjective\n-\nThe goal of this project is to provide a possibility to generate PE files that can be injected with minimal effort.\nIt is inspired by Stephen Fewer's [ReflectiveDLLInjection](https://github.com/stephenfewer/ReflectiveDLLInjection) - but the difference is that with pe2shc you can add the reflective loading stub post-compilation. Also, the header of the PE file is modified in such a way, that you can start executing the injected buffer from the very beginning - just like you would do with a shellcode. It will automatically find the stub, and continue loading the full PE.\n\nScope of the project\n-\n🟢 The stub supports only basic structures of PE format, such as:\n+ relocations\n+ imports\n+ TLS callbacks (called once, before the Entry Point is executed)\n\nPlease keep in mind, that although for the majority of PE files this is sufficient, some executables you encounter may be using other, more complex aspects of the PE format. It means, **not every PE can be successfuly converted to a shellcode**.\n\n🚫 Examples of currently not supported elements:\n+ exceptions (if the executable you converted will be run as a shellcode, and throw the exception, the appropriate exception handler will not be found, and the application will crash)\n+ Delay Load Imports (only the basic Import Table support is implemented)\n+ MUI files (if the executable you converted expects some elements of the GUI have to be loaded from a MUI file, it won't work)\n\nBuilds\n-\n📦 ⚙️ Download the latest [release](https://github.com/hasherezade/pe_to_shellcode/releases).\n\nClone\n-\nUse recursive clone to get the repo together with all the submodules:\n\n```console\ngit clone --recursive https://github.com/hasherezade/pe_to_shellcode.git\n```\n\nHow to use it\n-\n1. Use **pe2shc.exe** to convert a PE of your choice:\n```\npe2shc.exe \u003cpath to your PE\u003e [output path*]\n* - optional\n```\nIf the PE was successfuly converted, **pe2shc** will let you know where the output was saved:\n```\n[+] Saved to file: \u003cconverted file\u003e\n```\ni.e.\n```\n[+] Saved to file: test_file.shc.exe\n```\n2. Use **runshc.exe**(*) to run the output file and check if the conversion went fine.\n```\nrunshc.exe \u003cconverted file\u003e\n```\n\n(*)Warning: remember to use the version of **runshc** with a bitness appropriate to your converted application (32 or 64 bit) - otherwise the application will crash!\n\n3. If the file runs as the original PE, it confirms that the conversion was successful!\u003cbr/\u003e\nNow you can use the converted PE just like you would use a shellcode: inject it to a target and execute from the beginning of the buffer. No additional PE loaders are required.\u003cbr/\u003e\nAt the same time, you can keep using the converted file as a regular PE.\n","funding_links":[],"categories":["C++","webshell_shellcode","\u003ca id=\"620af0d32e6ac1f4a3e97385d4d3efc0\"\u003e\u003c/a\u003ePE","Pentesting"],"sub_categories":["资源传输下载","\u003ca id=\"574db8bbaafbee72eeb30e28e2799458\"\u003e\u003c/a\u003e工具","ShellCodes"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhasherezade%2Fpe_to_shellcode","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhasherezade%2Fpe_to_shellcode","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhasherezade%2Fpe_to_shellcode/lists"}