admin/SuperMega
1
0
Fork 0
mirror of https://github.com/dobin/SuperMega synced 2026-06-02 17:27:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

doc: reorder

Browse Source
This commit is contained in:
Dobin Rutishauser
2025-06-22 23:24:01 +02:00
parent 5044f4011f
commit 77e0a7f23e
1 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+9 -9
View File
@@ -260,6 +260,15 @@ Located in the `data/source/decoder/*.c` directory.
* xor\_2: Two byte xor key, random. **Recommended**. * xor\_2: Two byte xor key, random. **Recommended**.
### Carrier Invoke
How the carrier (which will load the payload shellcode) is invoked.
`--carrier_invoke <carrier_invoke_name>`
* overwrite: Overwrites the `main()` function in `.text` with the carrier
* backdoor: Parse main function for a few unconditional jmp's, and change last jmp to jump to the carrier shellcode, located randomly in .text. **Recommended**.
### Anti-Emulation ### Anti-Emulation
`--antiemulation <anti_emulation_name>` `--antiemulation <anti_emulation_name>`
@@ -296,15 +305,6 @@ the payload, as it never gets decrypted. Until they install Visual Studio 2022
community edition. Use AD or NETLOGON (type `set` in cmd.exe to view env vars). community edition. Use AD or NETLOGON (type `set` in cmd.exe to view env vars).
### Carrier Invoke
How the carrier (which will load the payload shellcode) is invoked.
`--carrier_invoke <carrier_invoke_name>`
* overwrite: Overwrites the `main()` function in `.text` with the carrier
* backdoor: Parse main function for a few unconditional jmp's, and change last jmp to jump to the carrier shellcode, located randomly in .text. **Recommended**.
### DLL as Injectable ### DLL as Injectable
When injecting INTO a DLL, `dllMain()` will be used instead of `main()`. When injecting INTO a DLL, `dllMain()` will be used instead of `main()`.