-> A project that demonstrates embedding shellcode payloads into image files (like PNGs) using Python and extracting them using C/C++. Payloads can be retrieved directly from the file on disk or from the image stored in a binary's resources section (.rsrc)
- payload-embedder.py
- Append shellcode payloads to the end of an image file.
- payload-extractor-from-file.cpp
- Extract payloads from modified image files stored on disk.
- payload-extractor-from-resource.cpp
- Extracts payloads from image files stored in the binary's resources section (.rsrc) using WinAPI functions like
FindResourceandLockResource.
- Extracts payloads from image files stored in the binary's resources section (.rsrc) using WinAPI functions like
- (NEW) payload-extractor-from-resource-via-peb.cpp
- Extracts payloads from image files stored in the binary's resources section by manually parsing the Process Environment Block (PEB) and PE headers, avoiding WinAPI functions for increased stealth.
- Stealthier Payload Extraction: Implemented manual PE header parsing to retrieve resources without WinAPI calls, avoiding detection vectors.
- PEB Reliability Fix: Replaced function
hGetCurrentModuleHandle's unsafe backward header parsing with direct PEB access via __readgsqword/__readfsdword, resolving compiler-optimization crashes and supporting x86/x64. This new function has two alternatives, based on whether the project is a DLL or a EXE. - PEB Structure Support: Added
PEB_Structs.hfor portable PEB/PE definitions, eliminating dependencies on Windows headers.
👉 Watch the full video demo here:
- Updated to include payload-extractor-from-resource-via-peb.cpp demo.
Enjoying my content? Show your support by sharing or starring the repo!
You can also support me on buy me a ko-fi to fuel more awesome content:
💬 Have feedback or ideas? I’d love to hear your thoughts or suggestions!
- The
GetResourceDatafunction is based on code from @NUL0x4C's AtomLdr
Made with 💙 by @WafflesExploits