Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/evilbytecode/ebyte-shellcode-loader

shellcode loader that uses indirect syscalls written in D Lang The loader bypasses user-mode hooks by resolving system calls manually from NTDLL using a hash-based method.
https://github.com/evilbytecode/ebyte-shellcode-loader

av-evasion evasion fud indirect-syscall indirect-syscalls shellcode shellcode-laoder shellcode-runner

Last synced: 2 months ago
JSON representation

shellcode loader that uses indirect syscalls written in D Lang The loader bypasses user-mode hooks by resolving system calls manually from NTDLL using a hash-based method.

Awesome Lists containing this project

README

        

# EByte-Shellcode-Loader

**EByte-Shellcode-Loader** is a shellcode loader that uses indirect syscalls written in **D language**. The loader bypasses user-mode hooks by resolving system calls manually from NTDLL using a hash-based method. The project includes various tools written in **Go** and **Python** to generate shellcode from executables and automate the shellcode extraction and loader compilation process.

## Project Structure

The project consists of the following files:

- **`syscalls.d`**: Implements indirect syscalls using manually resolved system calls from NTDLL. It uses a hash-based approach to identify syscalls like `NtAllocateVirtualMemory`, `NtWriteVirtualMemory`, and `NtCreateThreadEx`.

- **`loader.d`**: The main loader script written in **D**. It uses the syscalls implemented in `syscalls.d` to allocate memory, write shellcode, change memory protections, and execute the shellcode via a newly created thread.

- **`donut.exe`**: A tool for generating shellcode from an executable (PE file). The shellcode is position-independent and can be injected using the loader.

- **`generate_bin_file.go`**: A **Go** script that automates the generation of a binary file from an executable using the Donut tool. This binary file will then be used for shellcode extraction.

- **`generate_shellcode_and_compile.py`**: A **Python** script that automates the extraction of shellcode from a binary file and compiles the loader with the extracted shellcode.

## Usage

### Prerequisites

- **D Language Compiler (`dmd`)**: To compile the D scripts (`loader.d` and `syscalls.d`).
- **Go**: To run the Go script that generates binary files from executables.
- **Python**: To execute the script for shellcode extraction and loader compilation.
- **Donut**: The Donut tool (`donut.exe`) is used to generate shellcode from executables.

### License:
Apache License 2.0

## Detections (Static : Virustotal) (Runtime: Scanner.to) :
![image](https://github.com/user-attachments/assets/da6a788b-2712-4ce9-8473-57ecf1a0e21b)
![image](https://github.com/user-attachments/assets/c1d03232-e696-4062-80dc-d9f497466e92)