https://github.com/rssu-shellcode/x96-combiner
A tool to merge x86 and x64 shellcode to one that can run on x86/x64 at the same time, it also obfuscate prefix branch instructions.
https://github.com/rssu-shellcode/x96-combiner
shellcode
Last synced: about 1 year ago
JSON representation
A tool to merge x86 and x64 shellcode to one that can run on x86/x64 at the same time, it also obfuscate prefix branch instructions.
- Host: GitHub
- URL: https://github.com/rssu-shellcode/x96-combiner
- Owner: RSSU-Shellcode
- License: mit
- Created: 2024-11-02T07:51:12.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2025-01-17T12:32:11.000Z (about 1 year ago)
- Last Synced: 2025-01-17T13:49:30.186Z (about 1 year ago)
- Topics: shellcode
- Language: Go
- Homepage:
- Size: 24.4 KB
- Stars: 1
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# x96-combiner
A tool to merge x86 and x64 shellcode to one that can run on x86/x64 at the same time.\
This technique is referenced from DoublePulsar, it added some obfuscation instructions to circumvent the feature.
## Usage
```bash
x96-combiner -x86 x86.bin -x64 x64.bin -o x96.bin
```
## Development
```go
package main
import (
"fmt"
"github.com/RSSU-Shellcode/x96-combiner"
)
func main() {
// xor eax, eax
// add eax, 0x86
// ret
x86 := []byte{
0x31, 0xC0,
0x05, 0x86, 0x00, 0x00, 0x00,
0xC3,
}
// xor eax, eax
// add rax, 0x64
// ret
x64 := []byte{
0x31, 0xC0,
0x48, 0x83, 0xC0, 0x64,
0xC3,
}
shellcode := combiner.Combine(x86, x64)
fmt.Println(shellcode)
}
```