combiner

package module
v1.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 29, 2024 License: MIT Imports: 4 Imported by: 0

README

x96-combiner

A tool to merge x86 and x64 shellcode to one that can run on x86/x64 at the same time.
This technique is referenced from DoublePulsar, it added some obfuscation instructions to circumvent the feature.

Usage

x96-combiner -x86 x86.bin -x64 x64.bin -o x96.bin

Development

package main

import (
    "fmt"

    "github.com/RSSU-Shellcode/x96-combiner"
)

func main() {
    // xor eax, eax
    // add eax, 0x86
    // ret
    x86 := []byte{
        0x31, 0xC0,
        0x05, 0x86, 0x00, 0x00, 0x00,
        0xC3,
    }
    // xor eax, eax
    // add rax, 0x64
    // ret
    x64 := []byte{
        0x31, 0xC0,
        0x48, 0x83, 0xC0, 0x64,
        0xC3,
    }
    shellcode := combiner.Combine(x86, x64)
    fmt.Println(shellcode)
}

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Combine 

func Combine(x86, x64 []byte) []byte

Combine is used to combine x86 and x64 shellcode to one.

Types

This section is empty.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.