{"id":21904848,"url":"https://github.com/mr-xn/shellcodeloader","last_synced_at":"2025-10-05T01:33:46.150Z","repository":{"id":107914441,"uuid":"556749791","full_name":"Mr-xn/ShellcodeLoader","owner":"Mr-xn","description":"该项目为Shellocde加载器,详细介绍了我们如何绕过防病毒软件,以及该工具如何使用","archived":false,"fork":false,"pushed_at":"2022-10-24T12:51:19.000Z","size":2174,"stargazers_count":39,"open_issues_count":1,"forks_count":9,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-15T23:02:00.483Z","etag":null,"topics":["bypass-antivirus","shellcode","shellcode-loader"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Mr-xn.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2022-10-24T12:51:07.000Z","updated_at":"2025-03-14T11:02:09.000Z","dependencies_parsed_at":null,"dependency_job_id":"16768754-23e3-4a53-b221-4d660c0a090d","html_url":"https://github.com/Mr-xn/ShellcodeLoader","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Mr-xn/ShellcodeLoader","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Mr-xn%2FShellcodeLoader","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Mr-xn%2FShellcodeLoader/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Mr-xn%2FShellcodeLoader/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Mr-xn%2FShellcodeLoader/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Mr-xn","download_url":"https://codeload.github.com/Mr-xn/ShellcodeLoader/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Mr-xn%2FShellcodeLoader/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278399628,"owners_count":25980330,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-04T02:00:05.491Z","response_time":63,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bypass-antivirus","shellcode","shellcode-loader"],"created_at":"2024-11-28T16:19:26.814Z","updated_at":"2025-10-05T01:33:46.145Z","avatar_url":"https://github.com/Mr-xn.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ShellcodeLoader\n\nWindows通用免杀shellcode加载器。\n## V2.1\n更新了shellcode执行方式,增添了文件伪装描述信息,已通过测试,可免杀主流防病毒软件;\n![image1](img/img10.png)\n\nPS:我们时刻关注着该Loader项目的可用性,当发现其被杀软查杀时,我们将在第一时间完成更新;\n## V2.0\n增加了杀软模拟环境监测功能,并更改了shellcode执行位置,以此来绕过AV;\n\nPS:下个版本我们将增加更多高度复杂的混淆代码;\n## V1.1\n在maker中添加了用于程序自身提权的代码,防止可能会因为程序权限不足而导致内存读写失败问题;\n\nPS:下个版本将会更新杀软模拟沙箱检测功能,库代码干扰混淆功能;\n\n## 功能特点\n\n1. 使用MFC框架编写shellcodeLoader模板;\n2. 使用简洁的C++开发LoaderMaker生成器;\n3. 截至发布日期,该shellcodeLoader可免杀国内外主流杀毒软件;\n```\n .--. .-. .-. .-. .-. .-. .-. \n: .--': : : : : : : : : : : : \n`. `. : `-. .--. : : : : .--. .--. .-' : .--. : : .--. .--. .-' : .--. .--. \n _`, :: .. :' '_.': :_ : :_ ' ..'' .; :' .; :' '_.': :__ ' .; :' .; ; ' .; :' '_.': ..'\n`.__.':_;:_;`.__.'`.__;`.__;`.__.'`.__.'`.__.'`.__.':___.'`.__.'`.__,_;`.__.'`.__.':_; \n \n```\n## 项目构成\n LoaderMaker.exe(shellcodeloader生成器)\n \n ShellcodeLoader.exe(shellcodeloader模板文件)\n## 编译环境\n\n 环境:生成器使用C++实现,加载器使用MFC开发,VS2022静态编译。\n\n 方法:下载源码,使用visual studio进行编译。也可以从[realse](https://github.com/ByPassAVTeam/ShellcodeLoader/releases/)下载release版本直接使用。\n\n\n## 使用方法\n\n1. **打开生成器查看帮助**\n\n ```\n C:\\\u003eLoaderMaker.exe\n .--. .-. .-. .-. .-. .-. .-.\n: .--': : : : : : : : : : : :\n`. `. : `-. .--. : : : : .--. .--. .-' : .--. : : .--. .--. .-' : .--. .--.\n _`, :: .. :' '_.': :_ : :_ ' ..'' .; :' .; :' '_.': :__ ' .; :' .; ; ' .; :' '_.': ..'\n`.__.':_;:_;`.__.'`.__;`.__;`.__.'`.__.'`.__.'`.__.':___.'`.__.'`.__,_;`.__.'`.__.':_;\n\n[*]usage:\n[*]LoaderMaker.exe \u003cshellcode.c\u003e \u003coutfile.exe\u003e\n[*]example:\n[*]LoaderMaker.exe shellcode.bin loader.exe\n\nC:\\\u003e\n```\n\n2. **使用CobaltStrike生成payload.c文件**\n\n 1、点击生成payload(也可以在output栏选择生成RAW格式,RAW格式可直接载入LoadMaker)\n ![image1](img/img1.png)\n ![image2](img/img2.png)\n\n3. **将payload.c转换为纯hex编码**\n\n 1、打开第二步所生成的payload.c\n \n 2、复制**引号内**数据(注意!不要复制整个文件,只需要\"\"双引号内的内容)\n \n 3、使用在线工具[CyberChef](https://gchq.github.io/CyberChef/#recipe=From_Hex('Auto'))将数据转换为纯hex(地址:https://gchq.github.io/CyberChef/#recipe=From_Hex('Auto'))\n ![image3](img/img3.png)\n \n 4、将转换后的数据保存到文件\n \n\n4. **生成免杀Loader**\n\n 参数如下:\n ![image4](img/img4.png)\n LoaderMaker.exe是生成器\n \n download.dat是CyberChef生成的hex文件\n \n bypassloader.exe是最终我们生成的免杀shellcode加载器\n ```\n LoaderMaker.exe download.dat bypassLoader.exe\n \n ```\n 直接执行bypassLoader.exe,上线成功\n ![image5](img/img5.png)\n \n## 部分免杀效果展示\n\n\n **Windows Defender**\n![image6](img/img6.png)\n\n **火绒**\n![image7](img/img7.png)\n\n **360**\n![image8](img/img8.png)\n\n **腾讯电脑管家**\n![image9](img/img9.png)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmr-xn%2Fshellcodeloader","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmr-xn%2Fshellcodeloader","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmr-xn%2Fshellcodeloader/lists"}