Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/ac3ss0r/c2shell

A C/C++ framework designed to simplify shellcode creation on any compilers and platforms using C. Supports Windows & Linux, and practically any existing architecture.
https://github.com/ac3ss0r/c2shell

assembly low-level native reverse-engineering shellcode

Last synced: 3 months ago
JSON representation

A C/C++ framework designed to simplify shellcode creation on any compilers and platforms using C. Supports Windows & Linux, and practically any existing architecture.

Host: GitHub
URL: https://github.com/ac3ss0r/c2shell
Owner: ac3ss0r
License: apache-2.0
Created: 2024-05-22T12:14:03.000Z (8 months ago)
Default Branch: main
Last Pushed: 2024-09-16T22:35:50.000Z (4 months ago)
Last Synced: 2024-11-01T09:51:44.964Z (3 months ago)
Topics: assembly, low-level, native, reverse-engineering, shellcode
Language: C++
Homepage:
Size: 617 KB
Stars: 8
Watchers: 2
Forks: 3
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # c2shell

A C/C++ framework designed to simplify shellcode creation on any compilers and platforms using C. Supports Windows & Linux, and practically any existing architecture.

## ℹ️ Overview & theory

A shellcode is an offset-independent assembly code which can be executed from any part of program. Those are commonly used by cyber-security engineers, hackers and lowlevel developers (anticheats, protections, etc). This project presents a way to create shellcodes easily in pure C, without any ASM usage, allowing to write universal shellcodes across architectures/platforms. On windows PEB (Process Environment Block) and TEB (Thread Environment Block) can be used to obtain function addresses without using any externals. On linux you can just use syscalls.



    

    Two methods are used to mark & dump shellcode from a compiled C method








    

    When compiled, the shellcode is placed in a separete section




This way the shellcode can be extracted via 2 methods: function address substraction during runtime, or PE/ELF section parsing. I prefer the first one, since it's easier + more universal.



    

    Function address substraction to extract shellcode



## ℹ️ Demonstration



    

    Microsoft Visual C++ compiler








    

    Clang (LLVM/MinGW) compiler








    

    Clang ARM64 (Android) compiler