A collection of position independent resources. Code snippets, blog posts, everything PIC.
During the development of Hannibal, I spent quite a bit of time looking for and adapting functionality. Many libraries were written in ways that were not easy to modify for position independent coding.
This repo is intended to create a central location to find content that is known PIC friendly. This will hopefully aid in the development process.
BOF related content has not been included as there are plenty of resources documenting BOF development. This repo is not dedicated to a specific format. It is designed to include functionality that is written in a PIC friendly way.
If you're looking for BOF resources, simply search Github: https://github.com/search?q=bof&type=repositories
Not all content has been tested. Snippets in general should be PIC friendly, but may require some modification to work with your codebase. Some linked projects are very old and no longer maintained. They may still be of use though.
Snippets are organized in folders per language. Tables per type for external resources.
- Shellcoding Templates
- Position Dependent to Independent Tooling
- Encryption
- Encoding
- Hashing
- References
| Target OS | Link | About |
|---|---|---|
| Windows/Mac/Linux | https://github.com/tijme/dittobytes | Metamorphic cross-compilation of C++ & C-code to PIC, BOF & EXE. |
| Windows | https://github.com/TheWover/donut | Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters |
| Windows | https://github.com/monoxgas/sRDI | Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode |
| Windows | https://github.com/hasherezade/pe_to_shellcode | Converts PE into a shellcode |
| Windows | https://github.com/timwhitez/Doge-sRDI | Shellcode implementation of Reflective DLL Injection by Golang. Convert DLLs to position independent shellcode |
| Windows | https://github.com/maliciousgroup/RDI-SRDI | This repo goes with the blog entry at blog.malicious.group entitled "Writing your own RDI / sRDI loader using C and ASM". |
| Linux | https://github.com/jonatanSh/shelf | Python library to convert elf to os-independent shellcodes |
| Linux | https://github.com/feliam/mkShellcode | This rearranges an ELF object file so it can be used as shellcode. |
| Language | Link | About |
|---|---|---|
| C/C++ | https://github.com/kokke/tiny-AES-c/ | Small portable AES128/192/256 in C |
| Language | Link | About |
|---|---|---|
| C/C++ | https://github.com/zhicheng/base64 | base64 c implementation |
| Language | Link | About |
|---|---|---|
| C/C++ | https://github.com/robertdavidgraham/whats-dec/blob/master/crypto-sha256.c | WhatsApp end-to-end media decryptor |
- https://phasetw0.com/malware/writing-optimized-windows-shellcode-in-c/
- https://web.archive.org/web/20201202085848/http://www.exploit-monday.com/2013/08/writing-optimized-windows-shellcode-in-c.html
- https://nickharbour.wordpress.com/2010/07/01/writing-shellcode-with-a-c-compiler/
- https://kerkour.com/rust-position-independent-shellcode
- https://5pider.net/blog/2024/01/27/modern-shellcode-implant-design
- https://hadess.io/position-independent-code/
- https://www.ired.team/offensive-security/code-injection-process-injection/writing-and-compiling-shellcode-in-c
- https://github.com/thefLink/C-To-Shellcode-Examples
- https://medium.com/@shaddy43/the-epitome-of-evasion-a-custom-shellcode-c751a1a17e5b
- https://web.archive.org/web/20240316161315/https://modexp.wordpress.com/2019/04/24/glibc-shellcode/
- https://web.archive.org/web/20220520143032/http://blog.binamuse.com/2013/01/about-shellcodes-in-c.html
- https://blog.didierstevens.com/programs/shellcode/#ShellCodeWithaCCompiler
- https://web.archive.org/web/20190119221900/https://radare.today/posts/payloads-in-c/
- https://phrack.org/issues/69/4.html
- https://web.archive.org/web/20170501023430/http://winternl.com/2016/05/02/hello-world/
- https://www.blackhat.com/presentations/bh-europe-09/Caillat/BlackHat-Europe-09-Caillat-Wishmaster-whitepaper.pdf
- https://files.brucon.org/2021/PIC-Your-Malware.pdf
- https://wbenny.github.io/2024/12/08/section-order-masm-text-mn-subsection.html
- https://blog.malicious.group/writing-your-own-rdi-srdi-loader-using-c-and-asm/
- https://github.com/m4ul3r/writing_nimless
- https://xacone.github.io/custom_shellcode.html