/PageSplit

Splitting and executing shellcode across multiple pages

Primary LanguageCMIT LicenseMIT

Shellcode PageSplit

Splitting and executing shellcode across multiple pages

Target shellcode is a PopCalc by Bobby Cooke (boku).

The purpose of this PoC is to demonstrate signature evasion by allocating multiple (whole) pages for a relatively small encoded shellcode, splitting, and executing it across these pages.
Each part of the shellcode is decoded only when about to be executed and free'd immediately after.

The main caveat are RIP-relative calls and jmps, which this shellcode has only two instances of (IIRC), however, this poses a limitation on the block size the shellcode can be split into.
Of course, as this is a proof-of-concept, these limitations are not the priority.

Preview

Preview



This project is licensed under the MIT license. Copyrights are respective of each contributor listed at the beginning of each definition file.