x96-combiner

A tool to merge x86 and x64 shellcode to one that can run on x86/x64 at the same time.
This technique is referenced from DoublePulsar, it added some obfuscation instructions to circumvent the feature.

Usage

x96-combiner -x86 x86.bin -x64 x64.bin -o x96.bin

Development

package main

import (
    "fmt"

    "github.com/RSSU-Shellcode/x96-combiner"
)

func main() {
    // xor eax, eax
    // add eax, 0x86
    // ret
    x86 := []byte{
        0x31, 0xC0,
        0x05, 0x86, 0x00, 0x00, 0x00,
        0xC3,
    }
    // xor eax, eax
    // add rax, 0x64
    // ret
    x64 := []byte{
        0x31, 0xC0,
        0x48, 0x83, 0xC0, 0x64,
        0xC3,
    }
    shellcode := combiner.Combine(x86, x64)
    fmt.Println(shellcode)
}

Name		Name	Last commit message	Last commit date
Latest commit History 19 Commits
cmd		cmd
.gitattributes		.gitattributes
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
build.bat		build.bat
build.sh		build.sh
combiner.go		combiner.go
combiner_test.go		combiner_test.go
go.mod		go.mod
go.sum		go.sum
lint.bat		lint.bat
lint.sh		lint.sh
sc_others_test.go		sc_others_test.go
sc_windows_test.go		sc_windows_test.go
test.bat		test.bat
test.sh		test.sh

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

x96-combiner

Usage

Development

About

Uh oh!

Releases 2

Packages

Uh oh!

Languages

License

RSSU-Shellcode/x96-combiner

Folders and files

Latest commit

History

Repository files navigation

x96-combiner

Usage

Development

About

Topics

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases 2

Packages 0

Uh oh!

Languages

Packages