Encoding the shellcode three times using the x64 xor Encoder
I'm writing my own exploit and I've wondered if I need to decode the shellcode when adding it in my program or is the decoder stub inside of the shellcode already? If I need to decode, how can I do that, there is no key given?
No. You don't have to decrypt the shellcode. I ran the same command and got something which looked like this
0: 48 31 c9 xor rcx, rcx
3: 48 81 e9 b6 ff ff ff sub rcx, 0xffffffffffffffb6
a: 48 8d 05 ef ff ff ff lea rax, [rip+0xffffffffffffffef] # 0x0
11: 48 bb af cc c5 c0 90 movabs rbx, 0x29153c90c0c5ccaf
18: 3c 15 29
1b: 48 31 58 27 xor QWORD PTR [rax+0x27], rbx
1f: 48 2d f8 ff ff ff sub rax, 0xfffffffffffffff8
25: e2 f4 loop 0x1b
This was the starting part of shellcode followed by xor'd 2nd iteration payload. On decrypting I saw that It had a similar stub attached. So you don't have to decrypt. Just point execution to the start of the buffer.