Command line invocation
=======================
:title: Shellcode Compiler Runtime
The Shellcode Compiler can be run from the command line. The following describes the command line sytax:
---------------------------------------
scc [options] [...]
This compiler accepts a subset of C99 syntax, with extensions for creating a standalone
environment for writing shellcode. Many standard system calls and C library functions
are automatically available without the need for include files.
Options:
--arch Specify processor architecture
Can be: x86 (default), x64
--align Ensure output is aligned on the given boundary
--allow-return Allow return from shellcode (default is to exit)
--anti-disasm Generate anti-disassembly blocks
--anti-disasm-freq Emit anti-disassembly blocks every instructions
--base Set base address of output (can be a runtime computed
expression, such as "[eax+8]-12")
--blacklist Blacklist the given byte value
--concat Jump to end of output on return for concatenating code
-D [=] Define a preprocessor macro
--decoder Use decoder to decode shellcode before executing
--encode-pointers All code pointers are encoded with a random canary
--encoder Use encoder to encode shellcode
--exec Execute shellcode after generation (does not write
output to a file)
--exec-stack When outputting an executable, make stack executable
--format , -f Specify output format
Can be: bin (default), lib, elf, pe, macho
--frame-reg Use alternate register as the frame pointer
--header Include a precompiled header
-I Add additional directory for include files
-L Include pre-built library
-m32, -m64 Specify target address size
--map Generate map file
--markov-chain Use file for generating random instruction sequences
--max-length Do not let output size exceed given number of bytes
--mixed-mode Randomly choose subarchitecture for each function
-o Set output filename (default is hex dump to stdout)
-O0 Do not run the optimizer
-Os Try to generate the smallest code possible
--pad Pad output to be exactly the maximum length
--pie Always generate position independent code
--platform Specify operating system
Can be: linux (default), freebsd, mac, windows, none
--polymorph Generate different code on each run
--preserve Preserve the value of the given register
--unsafe-stack Stack pointer may be near the code
--return-reg Use alternate register as the return value
--return-high-reg Use alternate register as the upper 32 bits of return
value (32-bit output only)
--seed Specify random seed (to reproduce --polymorph runs)
--shared Generate shared library instead of executable
--stack-grows-up Stack grows toward larger addresses
--stack-reg Use alternate register as the stack pointer
--stdin Read source code from stdin
--stdout Send generated code to stdout for pipelines
Useful extensions:
__noreturn Specifies that a function cannot return
Example: void exit(int value) __noreturn;
__syscall(num, ...) Executes a system call on the target platform
__undefined Gives undefined results, usually omitting code
Example: exit(__undefined);
__initial_ Value of register at start of program
Example: int socketDescriptor = __initial_ebx;
---------------------------------------