Skip to content
/ Protect_Loader Public

A fucking real shellcode loader with a GUI. Work-in-Progress.

License

View license
67 stars 11 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

furax124/Protect_Loader

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

72 Commits
GUI
GUI
 
 
utils
utils
 
 
Gui.bat
Gui.bat
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 
template.txt
template.txt
 
 

Repository files navigation

Logo

Protect Loader

Description

Protect Loader is a shellcode loader written in pure golang designed to provide various security and evasion techniques for Go applications. It includes features such as shellcode loading, obfuscation, the use of indirect syscalls, and much more.

Features

  • Shellcode Loading: Secure shellcode loading using apc method.
  • GUI: User interface created with Fyne.
  • Obfuscation: Code obfuscation with garble with optionnaly his controlflow (need to set the environment variable GARBLE_EXPERIMENTAL_CONTROLFLOW=1).
  • Indirect Syscalls: Use of indirect syscalls by acheron for evasion.
  • Api ashing: Acheron package have a integrated api hashing for evasion
  • Bypass AMSI and EDR: Techniques to bypass AMSI and EDR.
  • Admin Privileges Check: Check if admin privileges are enabled.
  • Random Sleep: Adding random delays.
  • Block Non-Microsoft DLLs: Blocking the injection of non-Microsoft DLLs.
  • Phantom Technique: Suspension of event logs.
  • Unhooking: Removal of hooks for av evasion.
  • PE file To Shellcode: The PE file is automatically transformed into a .bin using Donut and encoded using Shikata ga nai and encrypted using two layer of encryption (aes and xor)
  • Key Encryption: The key generated is encrypted using XOR to prevent his extraction

Roadmap

  • 🚧 = Priority Features

  • Create a GUI with Fyne

  • Rework it to be more user-friendly (need to add option and bunch of things)

  • Make the code obfuscation with garble

  • Use indirect syscalls

  • Implement techniques to bypass AMSI and EDR

  • Check if admin privileges are enabled

  • Add random delays

  • Block the injection of non-Microsoft DLLs

  • Phantom technique to suspend event logs

  • Unhooking

  • Call Stack spoofing

  • Polymorphic code

  • Remote shellcode to avoid detection

  • Encrypt XOR and AES keys in main.go

  • Sign shellcode and loader with a certificate 🚧

  • Enchance the sleep duration to sleep obfuscation

  • Adding control flow obfuscation with garble

  • Support of shellcode file (.bin)

  • Anti debug/Anti vm

  • Spamming of admin prompt

  • Add .ico support for the generated PE file

How to use it

  • Run the GUI.bat
  • Select your PE file
  • The GUI will compile it automatically (may take some time)

Notes:

  • In the GUI and subfolder there is a lot of PE file (exe) if you don't trust them,feel free to download them from their official repo.
  • In complementary you can use this to obfuscate the IAT table with UPX and auto patch
  • If you want to debug make sure to remove the elevation code from main.go

Credit

Screenshots of the GUI

App Screenshot

AV detection (may increase) as of 6/01/2025

  • VirusTotal as you can see even with no anti debug or anti vm. Detection rate is still good enough to be used image

  • Avast one Runtime: image

Authors

Disclaimer !

  • This tool is entended to be used for educational purpose,I don't take any responsability about what you do with this software

License

This Project is licensed under CC BY-NC 4.0

About

A fucking real shellcode loader with a GUI. Work-in-Progress.

Resources

Readme

License

View license
Activity

Stars

67 stars

Watchers

2 watching

Forks

11 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages