This project is made to create embedded-shellcodes out of PE files.
NOTE that PEOR isn't made to easily shellcodify Windows usermode-executables,
As it won't resolve imports for you. For such features, use pe2shellcode.
PEOR is the worst PE shellcodifier! ¡El peor del mundo!
It won't resolve your imports, nor optimize your PE-sections.
PEOR is intended to shellcodify PE-files for embedded usage,
Thus not using allocations / setting page-protections for sections.
You can use PEOR to shellcodify kernel modules, but PEOR won't resolve imports for you.
You can use it to shellcodify uefi applications, but PEOR won't locate the EFI_SYSTEM_TABLE nor provide a image_handle to the entrypoint.
You can use PEOR to write a simple piece of code, that compiles into a PE-file, and make a shellcode out of it.
The resulted shellcode can be executed on any machine (as long as it has a x86/x64 cpu).
Advantages over normal pe-shellcodifiers:
- you can write your embedded-code once and execute it anywhere (windows usermode/kernel, linux, uefi, embedded-flash devices, ...)
Disadvanteges over normal pe-shellcodifiers:
- we only support embedded-code, thus custom features like
implicit importsandexceptionsare not supported by the shellcodifier, and should be implemented by the user, within the shellcode scope - we can't trust the existence of allocation functions (like
VirtualAllocorExAllocatePoolWithTag), thus the whole PE-file is resolved (including the bss sections!), highly increasing the shellcode size - we can't assume that
PAGE-PROTECTIONconcept even exists, thusPEORassumes that the whole shellcode is mapped toRWXmemory
Simply provide a PE-file whose code fits to your target platform (i.e. do not access CR3 register from usermode context) and has no exceptions / implicit-imports.
You may use exceptionless cpp-code using etl, or rust-code with custom allocator.
Simply install PEOR using pip:
pip install --upgrade peorThen use it with an input PE-file:
peor -i my_pe.exe -o my_shellcode.bin