Where is the final file saved?

Question

Where is the final file saved?

tailerbro opened this issue a year ago · comments

Hello boss. please tell me, where is the final shellcode saved?

D3Ext · Answer 1 · Sat May 27 2023 19:07:37 GMT+0800 (China Standard Time)

What do you mean?
The image shows how the shellcode is injected on the same thread, it takes the shellcode (in this case it's generated with msfvenom) from a file (in this case called shellcode.bin). This doesn't generates a new shellcode

D3Ext · Answer 2 · Sat May 27 2023 19:09:11 GMT+0800 (China Standard Time)

The purpose of the tool is evading basic AV analysis via injecting shellcode on memory

tailerbro · Answer 3 · Sat May 27 2023 20:00:31 GMT+0800 (China Standard Time)

Understood, I meant that the shellcode.bin remains the same, the file is not changed in any way . I thought maybe a patched shellcode.bin file was created and saved somewhere else.

D3Ext · Answer 4 · Sat May 27 2023 21:08:07 GMT+0800 (China Standard Time)

No problem. If you want to convert a binary to shellcode you can use Donut, it has a lot of different options and formats for your shellcode