PortableExecutable shellcodifier
Project description
PEOR - PortableExecutable Shellcodifier
This project is made to create embedded-shellcodes out of PE files.
NOTE that PEOR isn't made to easily shellcodify Windows usermode-executables,
As it won't resolve imports for you. For such features, use pe2shellcode.
What can PEOR do?
PEOR is the worst PE shellcodifier! ¡El peor del mundo!
It won't resolve your imports, nor optimize your PE-sections.
PEOR is intended to shellcodify PE-files for embedded usage,
Thus not using allocations / setting page-protections for sections.
You can use PEOR to shellcodify kernel modules, but PEOR won't resolve imports for you.
You can use it to shellcodify uefi applications, but PEOR won't locate the EFI_SYSTEM_TABLE nor provide a image_handle to the entrypoint.
You can use PEOR to write a simple piece of code, that compiles into a PE-file, and make a shellcode out of it.
The resulted shellcode can be executed on any machine (as long as it has a x86/x64 cpu).
Advantages over normal pe-shellcodifiers:
- you can write your embedded-code once and execute it anywhere (windows usermode/kernel, linux, uefi, embedded-flash devices, ...)
Disadvanteges over normal pe-shellcodifiers:
- we only support embedded-code, thus custom features like
implicit importsandexceptionsare not supported by the shellcodifier, and should be implemented by the user, within the shellcode scope - we can't trust the existence of allocation functions (like
VirtualAllocorExAllocatePoolWithTag), thus the whole PE-file is resolved (including the bss sections!), highly increasing the shellcode size - we can't assume that
PAGE-PROTECTIONconcept even exists, thusPEORassumes that the whole shellcode is mapped toRWXmemory
How to use PEOR?
Simply provide a PE-file whose code fits to your target platform (i.e. do not access CR3 register from usermode context) and has no exceptions / implicit-imports.
You may use exceptionless cpp-code using etl, or rust-code with custom allocator.
Simply install PEOR using pip:
pip install --upgrade peor
Then use it with an input PE-file:
peor -i my_pe.exe -o my_shellcode.bin
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file peor-1.0.0.tar.gz.
File metadata
- Download URL: peor-1.0.0.tar.gz
- Upload date:
- Size: 3.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.9.21
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d32f9995c988be59508c0dd212c5d2d1cc413dd95f34c9c0427cf851a899b2e1
|
|
| MD5 |
512931274c77e7b96d4317355aee6666
|
|
| BLAKE2b-256 |
04d7320b5c0885da82339b8faa5e3580f4af99cf8565486976afd90e4a950715
|
File details
Details for the file peor-1.0.0-py3-none-any.whl.
File metadata
- Download URL: peor-1.0.0-py3-none-any.whl
- Upload date:
- Size: 3.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.9.21
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
69b67dce85e730a242c498d21cc51d2c9343931ccc989d0f5a5538985c08b4d8
|
|
| MD5 |
b982f1ba7aaa3cc26c505cfed5e5eac0
|
|
| BLAKE2b-256 |
ab06492f9afa5504803ef8f1449281179a93cff62c7adf0df46aa27c219e103b
|
