WinREPL - x86 and x64 assembly "read-eval-print loop" shell for Windows.

WinREPL – x86 and x64 assembly “read-eval-print loop” shell for Windows.

zerosum0x0/WinREPL is similar to yrp604/rappel (Linux) and Tyilo/asm_repl (Mac), but with a slightly different methodology that should allow for tricks such as self-modifying shellcode crypting/encoding. There is also enferex/asrepl for a Unicorn (emulated) version, but WinREPL is completely native inside a Windows process context.

WinREPL

Methodology
WinREPL is a debugger (parent process) that hollows out a copy of itself (child process).
– Parent process retrieves input from the user
– Machine code is generated with the ASMTK library
– Resulting bytes are written to a child process thread context
– Child process thread is resumed
– Parent process polls for debug events

Download: winrepl_x64.exe  | winrepl_x86.exe
Source: https://github.com/zerosum0x0