# PIC / Shellcode * * {% embed url="" %} Compile runner with nasm & MinGW (stolen from [PIC-Get-Privileges](https://github.com/paranoidninja/PIC-Get-Privileges/blob/main/runshellcode.asm)) for testing purposes: {% code title="runShellcode.asm" %} ```asm ; Compile with: ; nasm -f win64 runShellcode.asm -o runShellcode.o ; x86_64-w64-mingw32-ld runShellcode.o -o runShellcode.exe Global Start Start: incbin "shellcode.bin" ``` {% endcode %} Automated with Bash (like [shcode2exe](https://github.com/accidentalrebel/shcode2exe)): {% code title="bin2compile.sh" %} ```bash #!/usr/bin/env bash # Usage: # bin2compile.sh {32|64} [OUTPUT_EXE] # Examples: # msfvenom -p windows/x64/exec CMD=calc.exe -f raw -o calc.bin # bin2compile.sh 64 calc.bin calc.exe ARCH="${1}" SC_PATH=`realpath "${2}"` SC_NAME=`basename "${SC_PATH}"` SC_NAME="${SC_NAME%.*}" [[ "${#}" -gt 2 ]] && EXE_NAME="${3}" || EXE_NAME="${SC_NAME}.exe" cat << EOT > "/tmp/${SC_NAME}.asm" global _start section .text _start: incbin "${SC_PATH}" EOT if [[ "${ARCH}" == "32" ]]; then NASM_ARCH="win32" LD_ARCH="i386pe" elif [[ "${ARCH}" == "64" ]]; then NASM_ARCH="win64" LD_ARCH="i386pep" fi echo "[*] Compiling x${ARCH}" echo "[*] Compilation time: `date "+%F %H:%M:%S"`" nasm -f "${NASM_ARCH}" -o "/tmp/${SC_NAME}.obj" "/tmp/${SC_NAME}.asm" ld -m "${LD_ARCH}" -o "${EXE_NAME}" "/tmp/${SC_NAME}.obj" #-s --subsystem=windows #strip "${EXE_NAME}" if [[ "$?" -ne 1 ]]; then echo "[+] Success" echo "[+] Output size: `stat -c %s ${EXE_NAME} | numfmt --to=iec`" else echo "[-] Failed" fi rm -f /tmp/${SC_NAME}.{asm,obj} ``` {% endcode %} ## Development Frameworks * * * * * ### Startust-based * * * * * ## Tools ### Binary Ninja Shellcode Compiler (SCC) * *