21 lines
823 B
Markdown
21 lines
823 B
Markdown
# PE Shellcode
|
|
|
|
## General PE Information
|
|
|
|
* [PE structure](../../../reverse engineering/windows/portable-executable.md)
|
|
|
|
## Inserting Shellcode
|
|
|
|
Multiple sections inside the PE can be used to insert the shellcode. This is defined by how the shellcode variable is initialized. When the shellcode is defined as
|
|
* A __local variable__ inside the main function it will be stored in the `.text` section
|
|
* A __global variable__ it will be stored in the `.data` section
|
|
* A __raw binary__ in an icon image and referencing it will store it in the `.rsrc` section
|
|
* A __custom data section__ it is stored in this unusual section
|
|
|
|
## Crafting Shellcode
|
|
|
|
## Tools & Tipps
|
|
|
|
* [hasherezade's PE-bear](https://github.com/hasherezade/pe-bear-releases.git) gives an overview of the PE's sections
|
|
* [asmtutor.com](https://asmtutor.com)
|