Shellcode refers to a payload of raw executable code. The name shellcode comes from the fact that attackers would usually use this code to obtain interactive shell access on the compromised system. However, over time, the term has become commonly used to describe any piece of self-contained executable code.
Shellcode is often used alongside an exploit to subvert a running program, or by malware performing process injection. Exploitation and process injection are similar in that the shellcode is added to a running program and executed after the process has started.
Shellcode requires its authors to manually perform several actions that software developers usually never worry about. For example, the shellcode package cannot rely on actions the Windows loader performs during normal program startup, including the following:
Placing the program at its preferred memory location
Applying address relocations if it cannot be loaded at its preferred memory location
Loading required libraries and resolving external dependencies
This chapter will introduce you to these shellcode techniques, demonstrated by full, working real-world examples.