Skip to content

Shellcode clean#21

Open
DeadmanLabs wants to merge 7 commits into
vxaboveground:mainfrom
DeadmanLabs:shellcode-clean
Open

Shellcode clean#21
DeadmanLabs wants to merge 7 commits into
vxaboveground:mainfrom
DeadmanLabs:shellcode-clean

Conversation

@DeadmanLabs
Copy link
Copy Markdown

@DeadmanLabs DeadmanLabs commented May 10, 2026
edited
Loading

  • Donut (Windows): PE → PIC shellcode (.bin) via donut-manager.ts Flags: -f1 -a -b3 -x1 (continue on AMSI fail, thread exit)
  • Linux shellcode: 113-byte x86_64 memfd_create+execveat stub (linux-shellcode-manager.ts) wraps ELF for memfd_create+execveat
  • Two-pass build for shellcode+persistence: Pass 1 = normal agent with persist compiled in; Pass 2 = selfembed agent that drops+registers Pass 1 on first run (isRunningInMemory() gates the path)
  • Show console option: shellcode_console build tag calls AllocConsole() on start for debug builds; AttachConsole fallback included
  • isRunningInMemory() Windows: VirtualQuery on .data sentinel (MEM_PRIVATE = injected, MEM_IMAGE = normal disk load) replaces os.Executable() which returned host process path when injected
  • Build UI: Donut mode, Linux shellcode mode, show-console checkboxes; settings persisted across sessions via collectFormSettings()
  • GODEBUG=netdns=cgo hardcoded in build env (fixes IPv6 DNS on VPN)
  • Dockerfile: pre-seed Go module cache; add curl to runtime image
  • docker-compose.yml: switch healthcheck to wget (curl absent in slim)

@DeadmanLabs
feat: shellcode output via Donut (Windows) + memfd stub (Linux)
03682f5 
- Donut (Windows): PE → PIC shellcode (.bin) via donut-manager.ts
  Flags: -f1 -a<arch> -b3 -x1 (continue on AMSI fail, thread exit)
- Linux shellcode: 113-byte x86_64 memfd_create+execveat stub
  (linux-shellcode-manager.ts) wraps ELF for memfd_create+execveat
- Two-pass build for shellcode+persistence: Pass 1 = normal agent with
  persist compiled in; Pass 2 = selfembed agent that drops+registers
  Pass 1 on first run (isRunningInMemory() gates the path)
- Show console option: shellcode_console build tag calls AllocConsole()
  on start for debug builds; AttachConsole fallback included
- isRunningInMemory() Windows: VirtualQuery on .data sentinel
  (MEM_PRIVATE = injected, MEM_IMAGE = normal disk load) replaces
  os.Executable() which returned host process path when injected
- Build UI: Donut mode, Linux shellcode mode, show-console checkboxes;
  settings persisted across sessions via collectFormSettings()
- GODEBUG=netdns=cgo hardcoded in build env (fixes IPv6 DNS on VPN)
- Dockerfile: pre-seed Go module cache; add curl to runtime image
- docker-compose.yml: switch healthcheck to wget (curl absent in slim)
@DeadmanLabs DeadmanLabs marked this pull request as draft May 10, 2026 20:56
@DeadmanLabs
Copy link
Copy Markdown
Author

DeadmanLabs commented May 10, 2026

removes static glibc linking (was trying to make dirtyfrag work), which impacts compatibility. I am fixing that now to put static linking BACK and find a way around this issue for plugins.

@DeadmanLabs
fix: add missing shellcode UI functions and restore dynamic linking
0dd0676 
applyDonutMode, applyLinuxShellcodeMode, and updateShellcodeCheckboxVisibility
were called throughout build.js but never defined, breaking platform selection
and the build button. Add the missing implementations.

Also remove forced -extldflags '-static' on Linux CGO builds; fully static
glibc binaries cannot call dlopen, which broke native plugin loading entirely.
@DeadmanLabs
fix: call updateShellcodeCheckboxVisibility on page load
189b2ff 
Shellcode rows were hidden on initial load because the function was only
wired to checkbox change events. Call it at startup and in applyFormSettings
so pre-selected platforms correctly show their shellcode options immediately.
@DeadmanLabs DeadmanLabs marked this pull request as ready for review May 10, 2026 21:03
@DeadmanLabs
Copy link
Copy Markdown
Author

DeadmanLabs commented May 10, 2026

Please also test to prove I am not retarded, cause it works on my system

@DeadmanLabs
feat: Linux plugin subprocess shim for static-agent compatibility
fde6c39 
Static musl binaries cannot call dlopen. Introduce a small C shim
(plugin_host.c) that is compiled at agent-build time into a
dynamically-linked binary, embedded via go:embed, and fork+exec'd to
load .so plugins on behalf of the static agent over a Unix socketpair.

Empty placeholder files allow go:embed to compile without error; the
real binaries are produced by build-process.ts before go build runs and
are never committed. Documents the IPC protocol and build matrix in
PLUGINS.md Section 12.
@DeadmanLabs
fix: define sp_memfd_create/sp_write_all in subproc CGO preamble
0c8d983 
CGO preamble functions are per-file translation units; so_memfd_create
and so_write_all from loader_linux.go are not visible in
loader_linux_subproc.go. Add local equivalents with sp_ prefix.
@DeadmanLabs
fix: use CGO helper for shim memfd_create instead of syscall.SYS_MEMF…
7288f6c 
…D_CREATE

syscall.SYS_MEMFD_CREATE is not defined in Go stdlib syscall package.
Replace with sp_memfd_create_nocloe() CGO helper (flags=0, no CLOEXEC).
@DeadmanLabs
fix: compile plugin host shim statically to avoid glibc version mismatch
263250f 
A dynamically-linked shim compiled on Debian Bookworm (glibc 2.36) fails
on older glibc targets. Compile with -static so the shim is self-contained
and runs on any glibc version. Static glibc can still call dlopen at runtime
via the system ld-linux.so.2.

Also surface subprocess errors instead of silently falling through to dlopen
so failures are visible in the build log.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@DeadmanLabs