Skip to content
This repository has been archived by the owner before Nov 9, 2022. It is now read-only.

Add -Stealth command line switch #272

Open
wants to merge 1 commit into
base: dev
Choose a base branch
from
Open

Conversation

0xdea
Copy link

@0xdea 0xdea commented Nov 8, 2017

Instead of allocating a memory region with full RWX permissions, which might not work in all scenarios and could potentially be seen as malicious by anti-malware protections, by specifying the -Stealth command line switch the Invoke-Shellcode cmdlet will now allocate memory with RW permissions via the VirtualAlloc()/VirtualAllocEx() Windows API functions and then change memory permissions to RX via VirtualProtect()/VirtualProtectEx() after the shellcode has been copied. Of course, this will not work with shellcodes that need RW access to their buffer in memory (e.g. Metasploit Framework Meterpreter).

Instead of allocating a memory region with full RWX permissions, which might not work in all scenarios and could potentially be seen as malicious by anti-malware protections, by specifying the -Stealth command line switch the script will now allocate memory with RW permissions via the VirtualAlloc()/VirtualAllocEx() Windows API functions and then change memory permissions to RX via VirtualProtect()/VirtualProtectEx() after the shellcode has been copied. Of course, this will not work with shellcodes that need RW access to their buffer in memory (e.g. Metasploit Framework Meterpreter).
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

1 participant