3 releases
Uses new Rust 2024
| 0.1.2 | Mar 1, 2026 |
|---|---|
| 0.1.1 | Feb 15, 2026 |
| 0.1.0 | Feb 8, 2026 |
#140 in Debugging
520KB
134 lines
Components · Prerequisites · Building · Usage · Notes & Limitations · Contributing · Support · License
Components
extract-shellcode: reads a PE, finds the.textsection, and uses a linker map file to decide how many bytes to keep.test-shellcode: loads a binary blob, allocates executable memory withVirtualAllocon Windows, and jumps to it.
Prerequisites
- Rust toolchain (edition 2024).
- Windows for
test-shellcodeexecution (other platforms bail out). - A PE executable and its corresponding
.mapfile; the map line for.textshould look like0001:00000000 00000XXXH .text CODE.
Instalation
cargo install extract-shellcode
Building
cargo build
Usage
Extract shellcode from a PE using its map file:
cargo run --bin extract-shellcode -- -e path\\to\\program.exe -m path\\to\\program.map -o shellcode.bin
Inspect and execute a shellcode blob (Windows only):
cargo run --bin test-shellcode -- -i shellcode.bin
The runner prints the byte count and first few bytes before executing. Execution uses RWX pages; use only in a controlled environment.
Notes and limitations
- The extractor looks for the first
.textsection named exactly.textand trusts the map file length; malformed inputs will error out. - The tester does not apply mitigations (no DEP/CFG bypass), so only run known-safe shellcode.
- CI/tests are not provided; use
cargo clippyandcargo fmtlocally if desired.
Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
- Fork the repository
- Create your feature branch (
git checkout -b feature/cool-feature) - Commit your changes (
git commit -m 'Add some cool feature') - Push to the branch (
git push origin feature/cool-feature) - Open a Pull Request
Support
If this crate saves you time or helps your work, support is appreciated:
License
This project is licensed under the MIT License; see the license for details.
Dependencies
~3MB
~52K SLoC