shellcode – Shellcode generator¶
This module contains functions to generate shellcode.
- Note:
- The intended audience for this documentation is the user. Implementation details are left out where possible.
The idea is that you provide a shellcode generator environment with a highlevel declarative representation of the shellcode your want to assemble and the environment fills in the specifics.
The generic environments target X86, X86_64, ARM, ARM Thumb, ARM Thumb
Mixed and AArch64 on the Linux OS. No restrictions are made on what kind of
bytes end up in the binary output. If you use buffers, the code segment will
need to be writable if you use the Mutable variants. The Stack
variants require an initialized stack that is large enough to hold all the
allocated data and buffers.
X86:
X86_64:
ARM:
ARM Thumb:
ARM with modeswitch to Thumb mode:
AArch64:
Specialized classes are also provided for X86 and X86_64. The MutableNullSafe and StackNullSafe variants attempt to generate binary output that does not contain NUL bytes, carriage returns and line feeds.
X86:
X86_64:
Each shellcode environment defines a set of registers that are available on the architecture and a set of system calls. These are available as properties of the respective environment.
The environment also provides a way to allocate strings and buffers. If you
call alloc_data() with a
bytestring (str on python 2, bytes on python 3) it will be allocated
verbatim and an Offset is returned. If
alloc_data() is called with
a unicode string (unicode on python 2, str on python 3) it will be
converted to a latin1 based bytestring and terminated with a NUL byte (\0).
alloc_buffer() can be used to
allocate an uninitialized block of memory. It will not be embedded in the
shellcode.
There are two ways to use these shellcode environments: