Personal commit

2024-08-21 19:01:00 -07:00
parent ba567d1bba
commit bdaa48defd
14 changed files with 424 additions and 0 deletions
@@ -0,0 +1,22 @@
+[build]
+target = "i686-unknown-none.json"
+rustflags = [
+    "-Z", "no-unique-section-names=yes",
+    "-C", "link-args=--script=shellcode.ld --build-id=none"
+]
+
+[unstable]
+build-std-features = ["compiler-builtins-mem"]
+build-std = ["core", "compiler_builtins", "alloc"]
+trim-paths = true
+
+[profile.release]
+debug = false
+debug-assertions = false
+overflow-checks = false
+strip = true
+lto = "fat"
+opt-level = "z"
+panic = "abort"
+trim-paths = "all"
+
@@ -0,0 +1,15 @@
+cargo-features = ["different-binary-name"]
+
+[package]
+name = "code"
+version = "0.1.0"
+edition = "2021"
+
+[[bin]]
+name = "code"
+filename = "code.bin"
+
+[dependencies]
+shellcode-util = { path = "../shellcode-util" }
+utf16_lit = { workspace = true }
+windows-sys = { workspace = true }
@@ -0,0 +1,32 @@
+{
+  "arch": "x86",
+  "code-model": "kernel",
+  "cpu": "i686",
+  "crt-objects-fallback": "false",
+  "data-layout": "e-m:e-p:32:32-p270:32:32-p271:32:32-p272:64:64-i128:128-f64:32:64-f80:32-n8:16:32-S128",
+  "disable-redzone": true,
+  "features": "-mmx,-sse,-sse2,-sse3,-ssse3,-sse4.1,-sse4.2,-avx,-avx2,+soft-float",
+  "linker": "rust-lld",
+  "linker-flavor": "gnu-lld",
+  "llvm-target": "i686-unknown-none-elf",
+  "max-atomic-width": 32,
+  "metadata": {
+    "description": "Freestanding/bare-metal i686 softfloat",
+    "host_tools": false,
+    "std": false,
+    "tier": 2
+  },
+  "panic-strategy": "abort",
+  "plt-by-default": false,
+  "position-independent-executables": true,
+  "relro-level": "full",
+  "stack-probes": {
+    "kind": "inline"
+  },
+  "static-position-independent-executables": true,
+  "supported-sanitizers": [
+    "kcfi",
+    "kernel-address"
+  ],
+  "target-pointer-width": "32"
+}
@@ -0,0 +1,62 @@
+#![no_std]
+#![no_main]
+extern crate core;
+
+use core::{
+    arch::asm,
+    ffi::c_void,
+    mem,
+    ptr
+};
+use shellcode_util::{get_module_handle_from_peb, get_procedure_from_edt};
+use utf16_lit::utf16;
+use windows_sys::{
+    core::PCSTR,
+    Win32::Foundation::{BOOL, HANDLE, HMODULE, HWND},
+};
+
+#[panic_handler]
+pub fn panic(_panic: &core::panic::PanicInfo) -> ! {
+    loop {}
+}
+
+// Always ensure _start() is at beginning of .text, despite what the linker thinks it should do.
+// Placed at top of .text section in shellcode.ld, may not be needed since wildcard matches alphabetically
+#[no_mangle]
+#[link_section = ".text._start"]
+unsafe extern "C" fn _start() {
+    let kernel32 = get_module_handle_from_peb(&utf16!("KERNEL32.DLL")).unwrap();
+    let LoadLibraryA: extern "system" fn(PCSTR) -> HMODULE =
+        get_procedure_from_edt(kernel32, "LoadLibraryA\0").unwrap();
+    let GetProcAddress: extern "system" fn(HMODULE, PCSTR) -> *const () =
+        get_procedure_from_edt(kernel32, "GetProcAddress\0").unwrap();
+
+    let user32 = LoadLibraryA("user32.dll\0".as_ptr());
+    let MessageBoxA: extern "system" fn(HWND, PCSTR, PCSTR, u32) -> i32 =
+        mem::transmute(GetProcAddress(user32, "MessageBoxA\0".as_ptr()));
+
+    let GetStdHandle: extern "system" fn(u32) -> HANDLE =
+        mem::transmute(GetProcAddress(kernel32, "GetStdHandle\0".as_ptr()));
+    let output_handle = GetStdHandle(u32::MAX - 11);
+    let WriteConsoleA: extern "system" fn(HANDLE, PCSTR, u32, *mut u32, *mut c_void) -> BOOL =
+        mem::transmute(GetProcAddress(kernel32, "WriteConsoleA\0".as_ptr()));
+
+    let text = "Hello from Console!\n\0";
+    WriteConsoleA(
+        output_handle,
+        text.as_ptr(),
+        text.len() as u32,
+        ptr::null_mut(),
+        ptr::null_mut(),
+    );
+
+    let text1 = "Hello World!\0";
+    MessageBoxA(ptr::null_mut(), text1.as_ptr(), text1.as_ptr(), 0);
+
+    let text2 = "Bye World\0";
+    MessageBoxA(ptr::null_mut(), text2.as_ptr(), text2.as_ptr(), 0);
+
+    let ExitProcess: extern "system" fn(u32) =
+        mem::transmute(GetProcAddress(kernel32, "ExitProcess\0".as_ptr()));
+    ExitProcess(4);
+}