Thanks for the amazing links.
My objective is not to write my own shellcode, but to inject an already existing .exe into memory.
So it appears I have to get the HEX values of the .text section of the PE file… I’m going to start working on this.
MsfVenom can create this payloads… but what i want is to create one for a custom exe… not their ready reverse tcp…
If anyone knows any good material on this topic, please post links. This is very cools concepts, but hard to find information
The value of decimal 144 can be represented in different ways depending on the context. If you want its hex value, it is 0x90. If you want the instruction associated with hex 0x90, it is nop. These are just representations of the same thing. When dealing with low level values and instructions like this, hex is the most common and preferred representation.
Creating the payload depends on what kind you want. If you want shellcode, it is usually written in assembly and assembled in the target architectural instruction set like x86 Intel, ARM, or MIPS. Alternatively, shellcode can be compiled from a higher level language like C or C++.
A Windows PE file is an executable file format that is the result of assembled and linked assembly or the compilation of a higher level language. The values that make up the PE file can be (and usually is preferred to be) represented as hex. If you open a PE file in a hex editor, you can see its values represented as hex. Again, hex is just a representation of a value. Since PE files are a specific file format, you need to follow the rules of the file format so that it can run properly. Yes, you can inject it into another process but you need to inject it properly rather than just naively copying it.
This may or may not be correct. If you are attempting to just copy a typical PE file’s .text section into an external process and then execute it, it will not work because there are dependencies. Process hollowing doesn’t require much knowledge of PE file internals but you should know at least the basics to achieve it.
Now I’m going to be blunt. You’re confused because you severely lack the fundamental computer science knowledge that lets you do what you want to do. Understanding the definition of “hex” is computer science 101 so not even knowing that puts you right at the bottom. Take a step back and actually build up your basic knowledge.