// PE-to-Shellcode Masterclass
Master the industry-standard framework for generating position-independent shellcode from PE files, .NET assemblies, VBS/JS scripts, and XSL files. Learn the complete architecture from PE loading fundamentals through CLR hosting to Chaskey-encrypted PIC loaders. By TheWover & Odzhan.
Why you'd want to convert an EXE/DLL/.NET assembly to shellcode, use cases, and the difference between loaders and converters.
02 BeginnerWhat a PE loader must do: map sections, resolve imports, apply base relocations, execute TLS callbacks, and call the entry point.
03 BeginnerLoading the CLR runtime, AppDomain creation, Assembly::Load, and how Donut executes .NET assemblies entirely in-memory.
04 IntermediateThe DONUT_MODULE structure, DONUT_INSTANCE configuration, payload compression with aPLib and LZNT1/Xpress, and staging.
05 IntermediatePIC loader shellcode: API resolution via PEB walking, decryption, decompression, and module-type dispatch to the correct handler.
06 IntermediateChaskey block cipher, random instance keys, entropy reduction, AMSI/WLDP/ETW bypass stubs built into the loader.
07 AdvancedVBS/JS/XSL execution via COM objects, unmanaged DLL loading with custom arguments, PE with parameters, and exit options.
08 AdvancedCommand-line usage, C API integration, detection vectors, YARA rules, memory forensics, and defensive countermeasures.
github.com/TheWover/donutthewover.github.io/Introducing-Donut/github.com/monoxgas/sRDIgithub.com/stephenfewer/ReflectiveDLLInjectiondocs.microsoft.com/en-us/dotnet/framework/unmanaged-api/hosting/ibsensoftware.com/products_aPLib.htmlmouha.be/chaskey/ (Nicky Mouha)docs.microsoft.com/en-us/windows/win32/amsi/