https://github.com/tomchuoi/pe_analysis

Windows malware training and development.
https://github.com/tomchuoi/pe_analysis

assembly-x86 cpp malware masm32 pe-injection shellcode trojan

Last synced: 3 months ago
JSON representation

Windows malware training and development.

• Host: GitHub
• URL: https://github.com/tomchuoi/pe_analysis
• Owner: tomchuoi
• Created: 2024-01-10T17:02:56.000Z (over 1 year ago)
• Default Branch: main
• Last Pushed: 2024-11-07T05:24:46.000Z (8 months ago)
• Last Synced: 2025-03-28T18:51:57.137Z (3 months ago)
• Topics: assembly-x86, cpp, malware, masm32, pe-injection, shellcode, trojan
• Language: Assembly
• Homepage:
• Size: 352 KB
• Stars: 4
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
# Shellcode development and PE Injection 

This project is designed to understand the shellcode development, Portable Executable (PE) file structure and the process of injecting shellcode by modifying its structure.

## Features

  +  PE Parsing: This program extracts information from PE Headers, including sections, imported modules and more.

  +  TCP reverse shell: A shellcode written in MASM that sets up backdoor on Windows. It adds itself to the registry for persistence, establishes a reverse shell to the attacker and dynamically resolves API functions and system calls at run time.

  +  Shellcode Injection: Create new section in the PE file and inject tcp reverse shell into it.

## Note

This project is designed for educational purposes only.

## How to use the reverse shell

Start the listener on port 4444 on the attack machine using netcat  nc -lvp 4444  .

Make sure to change the ip address of the attacker in the shellcode first.