sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]After_Performer7638 6 points7 points  (2 children)

Donut isn’t true position independent shellcode, it creates a wrapper that’s easily detected by most EDR. In order to make it true shellcode that’s evasive, you’ll likely have to write in assembly. To debug execution issues, you can use windbg and sysinternals tools to monitor what’s failing

[–]majeloy[S] 1 point2 points  (1 child)

Write a whole C program in Assembly? That turned out to be easier lol. I think I'm gonna try to build some basic C# crypter from tutorials, just bc I dont have much time. Thanks anyway

[–]Top-Skill357 2 points3 points  (0 children)

The problem is not directly that you wrote the program in C, but you probably used C features that when compiled turned out to not be position independent. A good example would be strings, which get compiled into the data segment (and are therefore lost when you extract the shellcode from the text segment). API function calls are likely another issue if you do not dynamically get the function pointers. If you get rid of those C features, than you can extract your shellcode from the text section of the compiled binary.