Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/akkuman/gSigFlip
A SigFlip implement in golang
https://github.com/akkuman/gSigFlip
Last synced: 21 days ago
JSON representation
A SigFlip implement in golang
- Host: GitHub
- URL: https://github.com/akkuman/gSigFlip
- Owner: akkuman
- Created: 2021-11-04T03:27:46.000Z (about 3 years ago)
- Default Branch: master
- Last Pushed: 2022-01-05T09:45:25.000Z (almost 3 years ago)
- Last Synced: 2024-08-05T17:30:38.007Z (4 months ago)
- Language: Go
- Size: 6.84 KB
- Stars: 34
- Watchers: 3
- Forks: 8
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - akkuman/gSigFlip - A SigFlip implement in golang (Go)
README
# gSigFlip
A SigFlip implement in golang, SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) in a way that doesn't affect or break the existing authenticode signature, in other words you can change PE file checksum/hash by embedding data (i.e shellcode) without breaking the file signature, integrity checks or PE file functionality.
you can use [SigFlip/Golang](https://github.com/med0x2e/SigFlip/tree/2bc6e9427d48cea9abb8dd0d54201e96922c7240/Golang) to execute the shellcode in the generated file
## Usage
```shell
Usage of gSigFlip.exe:
-out string
output pe file path (default "out.exe")
-pe string
pe file path which you want ot hide data
-sf string
the path of the file where shellcode is stored
-tag string
the tag you want to use, support "\x1a \xdf" "\x1a\xdf" "1a, df" "1a df" (default "fe ed fa ce fe ed fa ce")
-xor string
the xor key you want to use
```
## As a Package
Please view [cmd/gSigFlip/main.go](cmd/gSigFlip/main.go)
## Reference
- [github.com/med0x2e/SigFlip](https://github.com/med0x2e/SigFlip)
- [Gamaredon向带有有效签名的PE中嵌入脚本](https://mp.weixin.qq.com/s/bJrEwoq4QkDJvEk_ThvueQ)