whx
/
killchain-compendium
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

windows PE

This commit is contained in:
Stefan Friese 2022-09-04 23:49:41 +02:00
parent 99a84448b7
commit 3d33b6ef48
1 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
exploit/windows/Portable Executables/Shellcode.md Normal file
View File

@ -0,0 +1,20 @@
# PE Shellcode
## General PE Information
* [PE structure](../../../reverse engineering/windows/portable-executable.md)
## Inserting Shellcode
Multiple sections inside the PE can be used to insert the shellcode. This is defined by how the shellcode variable is initialized. When the shellcode is defined as
* A __local variable__ inside the main function it will be stored in the `.text` section
* A __global variable__ it will be stored in the `.data` section
* A __raw binary__ in an icon image and referencing it will store it in the `.rsrc` section
* A __custom data section__ it is stored in this unusual section
## Crafting Shellcode
## Tools & Tipps
* [hasherezade's PE-bear](https://github.com/hasherezade/pe-bear-releases.git) gives an overview of the PE's sections
* [asmtutor.com](https://asmtutor.com)