How do I extract the ShellCode from a small ASM .exe ?

Discuss how to write good code, break bad code, your current pet projects, or the best way to approach novel problems

How do I extract the ShellCode from a small ASM .exe ?

Post by RAFAAJ2000 on Tue Mar 03, 2015 1:28 am
([msg=86988]see How do I extract the ShellCode from a small ASM .exe ?[/msg])

Hi all, This is my first post in this forum :)

I developped a simple hello world! in asm .. This is the working asm code :
Code: Select all
.model flat,stdcall
option casemap:none

include \masm32\include\masm32rt.inc

.data
   MyTitle db   "ASM is Fun!",0
   MyText  db   "Hello World !",0
   msg     dd   0,0
   
.code
   start:
      push 0
      mov eax,  offset MyTitle
      push eax
      mov eax, offset MyText
      push  eax
      push 0
      call MessageBoxA
      ;push eax
      call ExitProcess
   end start


So far soo good .. Now what I want is to extract the shellcode from the above asm executable so I can store it in a VB string and execute the ShellCode in a VB6 program

I used OllyDbg for this which gave me the following listing :
Code: Select all
00401000 >/$ 6A 00          PUSH 0                                   ; |/Style = MB_OK|MB_APPLMODAL
00401002  |. B8 00304000    MOV EAX,MsgShell.00403000                ; ||ASCII "ASM is Fun!"
00401007  |. 50             PUSH EAX                                 ; ||Title => "ASM is Fun!"
00401008  |. B8 0C304000    MOV EAX,MsgShell.0040300C                ; ||ASCII "I hope you're learning!"
0040100D  |. 50             PUSH EAX                                 ; ||Text => "I hope you're learning!"
0040100E  |. 6A 00          PUSH 0                                   ; ||hOwner = NULL
00401010  |. E8 05000000    CALL <JMP.&user32.MessageBoxA>           ; |\MessageBoxA
00401015  \. E8 06000000    CALL <JMP.&kernel32.ExitProcess>         ; \ExitProcess


Below is the VB6 program that should execute the Shellcode .. The sShellCode String variable contains the opcodes from the above OllyDbg listing

Code: Select all
Option Explicit

Private Declare Function CreateThread Lib "kernel32" (ByVal Npdrhkbff As Long, ByVal Drcunuy As Long, ByVal Ache As Long, Wiquwzp As Long, ByVal Ltdplqkqj As Long, Xsawbea As Long) As Long
Private Declare Function VirtualAlloc Lib "kernel32" (ByVal Aacsuf As Long, ByVal Ioo As Long, ByVal Fpihqsli As Long, ByVal Ximedrqa As Long) As Long
Private Declare Function RtlMoveMemory Lib "kernel32" (ByVal Vejyzyxy As Long, ByRef Kalwgz As Any, ByVal Ftnp As Long) As Long
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Long, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long

Private Const MEM_COMMIT = &H1000
Private Const PAGE_EXECUTE_READWRITE = &H40

Sub Test()
    Dim lpMemory As Long
    Dim sShellcode As String
    Dim lResult As Long
       
    sShellcode = sShellcode + Chr(&H6A) + Chr(&H0) + Chr(&HB8) + Chr(&H0) + Chr(&H30)
    sShellcode = sShellcode + Chr(&H40) + Chr(&H0) + Chr(&H50) + Chr(&HB8) + Chr(&HC)
    sShellcode = sShellcode + Chr(&H30) + Chr(&H40) + Chr(&H0) + Chr(&H50) + Chr(&H6A)
    sShellcode = sShellcode + Chr(&H0) + Chr(&HE8) + Chr(&H5) + Chr(&H0) + Chr(&H0) + Chr(&H0)
    sShellcode = sShellcode + Chr(&HE8) + Chr(&H6) + Chr(&H0) + Chr(&H0) + Chr(&H0)
   
    lpMemory = VirtualAlloc(0&, Len(sShellcode), MEM_COMMIT, PAGE_EXECUTE_READWRITE)
    lResult = WriteProcessMemory(-1&, lpMemory, sShellcode, Len(sShellcode), 0&)
    lResult = CreateThread(0&, 0&, lpMemory, 0&, 0&, 0&)
End Sub


Unfortunately, when I run the above VB6 code ,the application crashes
What am I doing wrong ??!! Am I extracting the opcodes correctly from OllyDbg ?

Any help would be much appreciated .
RAFAAJ2000
New User
New User
 
Posts: 6
Joined: Tue Mar 03, 2015 12:52 am
Blog: View Blog (0)


Re: How do I extract the ShellCode from a small ASM .exe ?

Post by ghost107 on Tue Mar 03, 2015 2:36 am
([msg=86989]see Re: How do I extract the ShellCode from a small ASM .exe ?[/msg])

What you did is to copy the memory from your application to a memory in another application and set the entry point of the new thread as your memory starting location:
So Message Box according to MSDN :
Code: Select all
int WINAPI MessageBox(
  _In_opt_  HWND hWnd,
  _In_opt_  LPCTSTR lpText,
  _In_opt_  LPCTSTR lpCaption,
  _In_      UINT uType
);

Lets take a look at your disassemble code:
Code: Select all
0:PUSH 0                                            ;  uType parameter
1:MOV EAX,MsgShell.00403000
2:PUSH EAX                                   ; lpCaption Parameter
3:MOV EAX,MsgShell.0040300C   
4:PUSH EAX                                   ;lpText parameter
5:PUSH 0                                          ; hWnd parameter
6:ALL <JMP.&user32.MessageBoxA>


The code puhes parameters to the stack til line 6, on line 6 it enters MessageBoxA(here I'm not quite sure if it enters, because here is the call to the application import table, not the actual MessageBoxA), in that function it tries to get the parameters from the stack, and write the text on the message box, but the text doesn't exist, the application will crash with a code C0000005(Access violation), because it tries to access cerain parts of the memory, that it doesn't exist.

The problem with your code is the addressing, you wrote the execution code, but the code references data text from another part of the memory, where it doesn't exist.

Also using the same addresing to access the system API will not work, because you must need to know the API address, the system API loads differently on boot time(you should use GetProcessAdress, to find the Offset of the system API). So the API has the same address till you reboot your computer.

For your code to work, you need to allocate some bytes for your strings, copy the strings there, and reference them in your code:
Code: Select all
0:PUSH 0                                           
1:MOV EAX, XXXXXXXX   ; Offset for lpCaption
2:PUSH EAX                                 
3:MOV EAX, YYYYYYYY   ; Offset for lpText
4:PUSH EAX                                 
5:PUSH 0                                       
6:ALL <JMP.&user32.MessageBoxA> ;  do a call to the Offset for your MessageBoxA
User avatar
ghost107
Poster
Poster
 
Posts: 321
Joined: Wed Jul 02, 2008 7:57 am
Blog: View Blog (0)


Re: How do I extract the ShellCode from a small ASM .exe ?

Post by RAFAAJ2000 on Tue Mar 03, 2015 4:36 am
([msg=86990]see Re: How do I extract the ShellCode from a small ASM .exe ?[/msg])

Thanks for responding Ghost

RAFAAJ2000 wrote:For your code to work, you need to allocate some bytes for your strings, copy the strings there, and reference them in your code:

Do you mean I should copy the strings such as ( Chr(&H6A)) into a byte array in my VB6 execution code ?

Something along these lines :

Code: Select all
Option Explicit

Private Declare Function CreateThread Lib "kernel32" (ByVal Npdrhkbff As Long, ByVal Drcunuy As Long, ByVal Ache As Long, Wiquwzp As Long, ByVal Ltdplqkqj As Long, Xsawbea As Long) As Long
Private Declare Function VirtualAlloc Lib "kernel32" (ByVal Aacsuf As Long, ByVal Ioo As Long, ByVal Fpihqsli As Long, ByVal Ximedrqa As Long) As Long
Private Declare Function RtlMoveMemory Lib "kernel32" (ByVal Vejyzyxy As Long, ByRef Kalwgz As Any, ByVal Ftnp As Long) As Long
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Long, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long

Private Const MEM_COMMIT = &H1000
Private Const PAGE_EXECUTE_READWRITE = &H40

Sub Test()
    Dim lpMemory As Long
    Dim lResult As Long
    Const Bytes_Count = 25
    Dim Asm(Bytes_Count) As Byte
    Dim Counter As Integer
    Dim Code_ASM, bytes() As String
     
    'Binary Copy of the asm executable obtained from OllyDbg.
    Code_ASM = "6A 00 B8 00 30 40 00 50 B8 0C 30 40 00 50 6A 00 E8 05 00 00 00 E8 06 00 00 00"
   
    bytes = Split(Code_ASM, " ", -1, vbTextCompare)
    For Counter = 0 To UBound(Asm)
        bytes(Counter) = "&H" & bytes(Counter) 'Remain in Unicode
        Asm(Counter) = CByte(bytes(Counter)) 'Transform to bytes
    Next Counter
   
    lpMemory = VirtualAlloc(0&, ByVal UBound(Asm), MEM_COMMIT, PAGE_EXECUTE_READWRITE)
    lResult = WriteProcessMemory(-1&, lpMemory, ByVal VarPtr(Asm(0)), ByVal UBound(Asm), 0&)
    lResult = CreateThread(0&, 0&, lpMemory, 0&, 0&, 0&)
End Sub


Unfortunately, the above VB code still crashes the application :(
RAFAAJ2000
New User
New User
 
Posts: 6
Joined: Tue Mar 03, 2015 12:52 am
Blog: View Blog (0)


Re: How do I extract the ShellCode from a small ASM .exe ?

Post by ghost107 on Tue Mar 03, 2015 5:15 pm
([msg=87001]see Re: How do I extract the ShellCode from a small ASM .exe ?[/msg])

Sorry I was in a hurry this morning, so I didn't post everything.

I said in my previous post that you didn't copy the strings to memory so the application will not know where to find the data that it is pushed.

Also I said in my previous post that the address for the system API are not the same so you should use GetProcessAddress to find the address of that method.

Once you found the address of that function, you should also compute your distance to that function(call, jmp, and conditional Jumps requires to know how many bytes it has to jump).
Code: Select all
destAddr = Destination Address in Memory
IP = Instruction Pointer
IS =   instruction Size
jump_size = destAddr - (IP+ IS);

Also in assembly when you try to make a function and call it with CALL try to add RETN( OPCode - C3) at the end, and restore the stack before you exit the function(use RETN XXXX, OPCode C2 XX XX,or by using ADD ESP, XX)
Code: Select all
   char sShellcode[2048] = {
      'A', 'S', 'M', ' ', 'i', 's', ' ', 'F', 'u', 'n', '!', 0x00,         //"ASM is Fun!",0
      'H', 'e', 'l', 'l', 'o', ' ', 'W', 'o', 'r', 'l', 'd', '!', 0x00,    //"Hello World!",0
      0x6A, 0x00,                                                          //PUSH 0 
      0xB8, 0x00, 0x00, 0x00, 0x00,                                        //MOV EAX,0
      0x50,                                                                //PUSH EAX     
      0xB8, 0x00, 0x00, 0x00, 0x00,                                        //MOV EAX,0
      0x50,                                                                //PUSH EAX 
      0x6A, 0x00,                                                          //PUSH 0 
      0xE8, 0x00, 0x00, 0x00, 0x00,                                        //CALL 0
      0xC3                                                                 //RETN
   };
   DWORD lpMemory = (DWORD)VirtualAlloc(NULL, 2048, MEM_COMMIT, PAGE_EXECUTE_READWRITE);

   // now filling in the blanks
   *((DWORD*)(sShellcode + 28)) = lpMemory;      //MOV EAX, sShellcode               
   *((DWORD*)(sShellcode + 34)) = lpMemory + 12; //MOV EAX, sShellcode 

   //Get the MessageBoxA Call Address fom the User32
   DWORD  dwMsgBoxAddr = (DWORD)GetProcAddress(GetModuleHandleA("User32"), "MessageBoxA");
   *((DWORD*)(sShellcode + 42)) = dwMsgBoxAddr- (lpMemory+46); //CALL MessageBoxA

   //Copy stream to memory
   memcpy((void*)lpMemory, sShellcode, 2048);

   //Execute The new code from memory
   ((void(*)(void))((char*)lpMemory + 25))();


if you want to Access the Windows API from Shellcoding, it is not a good Idea to do that, because you will end up crashing the application, What you can access instead is the BIOS/ DOS/System Interrupt calls, which the coding is at much lower level.

In Win32 there are many types of dynamic addressing(Try to Avoid using static addresses):
- Addresses change each time when you start the application(Application Module)
- Addresses change each time when you reboot your PC (System module).

All Win32 PE have a Import Addressing Table(IAT). When you want to use a function, try to call the function from the IAT, not from the from the module itself.
User avatar
ghost107
Poster
Poster
 
Posts: 321
Joined: Wed Jul 02, 2008 7:57 am
Blog: View Blog (0)


Re: How do I extract the ShellCode from a small ASM .exe ?

Post by RAFAAJ2000 on Tue Mar 03, 2015 7:02 pm
([msg=87002]see Re: How do I extract the ShellCode from a small ASM .exe ?[/msg])

Ghost,
Thank you very much for taking the time to answer my questions and for the valuable explanations (and advices) which I am going to study carefully
I tend to understand better with code examples .. The example you provided is written in C which is a language I didnt learn as opposed to classic VB .. I am doing my best to translate the code below to VB6 but with no luck so far

Code: Select all
char sShellcode[2048] = {
      'A', 'S', 'M', ' ', 'i', 's', ' ', 'F', 'u', 'n', '!', 0x00,         //"ASM is Fun!",0
      'H', 'e', 'l', 'l', 'o', ' ', 'W', 'o', 'r', 'l', 'd', '!', 0x00,    //"Hello World!",0
      0x6A, 0x00,                                                          //PUSH 0
      0xB8, 0x00, 0x00, 0x00, 0x00,                                        //MOV EAX,0
      0x50,                                                                //PUSH EAX     
      0xB8, 0x00, 0x00, 0x00, 0x00,                                        //MOV EAX,0
      0x50,                                                                //PUSH EAX
      0x6A, 0x00,                                                          //PUSH 0
      0xE8, 0x00, 0x00, 0x00, 0x00,                                        //CALL 0
      0xC3                                                                 //RETN
   };
   DWORD lpMemory = (DWORD)VirtualAlloc(NULL, 2048, MEM_COMMIT, PAGE_EXECUTE_READWRITE);

   // now filling in the blanks
   *((DWORD*)(sShellcode + 28)) = lpMemory;      //MOV EAX, sShellcode               
   *((DWORD*)(sShellcode + 34)) = lpMemory + 12; //MOV EAX, sShellcode

   //Get the MessageBoxA Call Address fom the User32
   DWORD  dwMsgBoxAddr = (DWORD)GetProcAddress(GetModuleHandleA("User32"), "MessageBoxA");
   *((DWORD*)(sShellcode + 42)) = dwMsgBoxAddr- (lpMemory+46); //CALL MessageBoxA

   //Copy stream to memory
   memcpy((void*)lpMemory, sShellcode, 2048);

   //Execute The new code from memory
   ((void(*)(void))((char*)lpMemory + 25))();


As I said, I am trying to translate the above code into VB6 but I ma finding it difficult .. If it is not too much trouble, would you be kind enough to translate it for me (Obviously, if you happen to know VB)

Again, I appreciate your kind support with this.
RAFAAJ2000
New User
New User
 
Posts: 6
Joined: Tue Mar 03, 2015 12:52 am
Blog: View Blog (0)


Re: How do I extract the ShellCode from a small ASM .exe ?

Post by ghost107 on Wed Mar 04, 2015 2:46 am
([msg=87009]see Re: How do I extract the ShellCode from a small ASM .exe ?[/msg])

I avoided WriteProcessMemory because it requires a handle to the process opened(if you don't have the handle of the process, it will not write anything)
http://www.pinvoke.net/default.aspx/url ... emory.html
Also you should check the results of GetModuleHandle, CreateThread and GetProcAddress to be different from 0.

Not sure if this works correctly, but you can try.
Code: Select all
   
     Private Declare Function CopyMemory Lib "kernel32" (ByVal Destination As Long, ByVal Source As Long,  ByVal nSize As Long)
     Private Declare Function GetModuleHandle Lib "kernel32" (ByVal Destination As String) as Long
     Private Declare Function GetProcAddress Lib "kernel32" (ByVal hModul As Long, ByVal Destination As String) as Long

      '...
      Dim lpMemory As Long
      Dim dwMsgBoxAddr  as Long
      Dim sShellcode(2048) As Byte = { _
          "A", "S", "M", " ", "i", "s", " ", "F", "u", "n", "!", 0, _
          "H", "e", "l", "l", "o", " ", "W", "o", "r", "l", "d", "!", 0, _
          &H6A, 0, _
          &HB8, 0, 0, 0, 0, _
          &H50, _
          &HB8, 0, 0, 0, 0, _
          &H50, _
          &H6A, 0, _
          &hE8, 0, 0, 0, 0, _
          &HC3 _
     }
    lpMemory = VirtualAlloc(0&, 2048, MEM_COMMIT, PAGE_EXECUTE_READWRITE)
    CopyMemory(lpMemory, lpMemory, 2048);
    CopyMemory(lpMemory + 28, lpMemory,4);
    CopyMemory(lpMemory + 34, lpMemory+12,4);

    dwMsgBoxAddr = GetProcAddress(GetModuleHandleA("User32"), "MessageBoxA");
    CopyMemory(lpMemory + 42,  dwMsgBoxAddr- (lpMemory+46),4);
    CreateThread(0&, 0&, lpMemory, 0&, 0&, 0&)



VB6 is kinda an old language, if you want to remote Execute code you will have to do a a lot more coding, in my opinion you should try, to select a C like language, basics of C takes only a week to learn.
http://aelinik.free.fr/c/
User avatar
ghost107
Poster
Poster
 
Posts: 321
Joined: Wed Jul 02, 2008 7:57 am
Blog: View Blog (0)


Re: How do I extract the ShellCode from a small ASM .exe ?

Post by RAFAAJ2000 on Thu Mar 05, 2015 4:30 pm
([msg=87020]see Re: How do I extract the ShellCode from a small ASM .exe ?[/msg])

Sorry I couldn't respond earlier because the website was down

Thank you Ghost,

I edited the code to VB but I still cannot get it to work .. It keeps crashing the application .. I'll keep trying and see if anything good comes up .. Also I am still trying to get a grab on the addressing issue.

That said, the following code does work and shows a Msgbox successfully BUT it is not the ShellCode approach which I am trying to understand how it works

Code: Select all
Private Declare Function CallWindowProc Lib "user32" Alias "CallWindowProcA" _
(ByVal lpPrevWndFunc As Long, ByVal hwnd As Long, ByVal Msg As Long, _
ByVal wParam As Long, ByVal lParam As Long) As Long

Private Declare Function GetModuleHandle Lib "KERNEL32" Alias "GetModuleHandleA" _
(ByVal lpModuleName As String) As Long

Private Declare Function GetProcAddress Lib "kernel32.dll" ( _
                 ByVal hModule As Long, _
                 ByVal strProcName As String) As Long

Sub Test()
    Dim lngMsgBoxAddr As Long
    Dim hUser32 As Long
    Dim bytMsg(5) As Byte
    Dim bytCaption(6) As Byte
     
    hUser32 = GetModuleHandle("user32.dll")
    lngMsgBoxAddr = GetProcAddress(hUser32, "MessageBoxA")
   
    bytMsg(0) = Asc("W")
    bytMsg(1) = Asc("o")
    bytMsg(2) = Asc("r")
    bytMsg(3) = Asc("l")
    bytMsg(4) = Asc("d")
   
    bytCaption(0) = Asc("H")
    bytCaption(1) = Asc("e")
    bytCaption(2) = Asc("l")
    bytCaption(3) = Asc("l")
    bytCaption(4) = Asc("o")
    bytCaption(5) = Asc("!")
   
    CallWindowProc lngMsgBoxAddr, 0, VarPtr(bytMsg(0)), VarPtr(bytCaption(0)), 0
End Sub


I am trying to figure out how to write shellcode (out of a dll function or an exe) then store the shellcode in a VB string or Byte array and finally execute the shellcode inside a VB routine

I know this can be done and here is an example that shows how to execute a MessageBox from a shellcode stored in VB string :
http://blog.didierstevens.com/2008/10/23/excel-exercises-in-style/

Following is yet another working shellcode example that runs Calc.exe from shellcode in VB
Code: Select all
'Runs Calc.exe from shellcode  - safe

Private Declare Function CreateThread Lib "KERNEL32" (ByVal Npdrhkbff As Long, ByVal Drcunuy As Long, ByVal Ache As Long, Wiquwzp As Long, ByVal Ltdplqkqj As Long, Xsawbea As Long) As Long
Private Declare Function VirtualAlloc Lib "KERNEL32" (ByVal Aacsuf As Long, ByVal Ioo As Long, ByVal Fpihqsli As Long, ByVal Ximedrqa As Long) As Long
Private Declare Function RtlMoveMemory Lib "KERNEL32" (ByVal Vejyzyxy As Long, ByRef Kalwgz As Any, ByVal Ftnp As Long) As Long

Sub Afutfo_Open()
    Dim Wkbiqmw As Long, Hmbo As Variant, Rwvxs As Long, Xinzcm As Long, Abegogwui As Long
    Hmbo = Array(232, 137, 0, 0, 0, 96, 137, 229, 49, 210, 100, 139, 82, 48, 139, 82, 12, 139, 82, 20, _
139, 114, 40, 15, 183, 74, 38, 49, 255, 49, 192, 172, 60, 97, 124, 2, 44, 32, 193, 207, _
13, 1, 199, 226, 240, 82, 87, 139, 82, 16, 139, 66, 60, 1, 208, 139, 64, 120, 133, 192, _
116, 74, 1, 208, 80, 139, 72, 24, 139, 88, 32, 1, 211, 227, 60, 73, 139, 52, 139, 1, _
214, 49, 255, 49, 192, 172, 193, 207, 13, 1, 199, 56, 224, 117, 244, 3, 125, 248, 59, 125, _
36, 117, 226, 88, 139, 88, 36, 1, 211, 102, 139, 12, 75, 139, 88, 28, 1, 211, 139, 4, _
139, 1, 208, 137, 68, 36, 36, 91, 91, 97, 89, 90, 81, 255, 224, 88, 95, 90, 139, 18, _
235, 134, 93, 106, 1, 141, 133, 185, 0, 0, 0, 80, 104, 49, 139, 111, 135, 255, 213, 187, _
224, 29, 42, 10, 104, 166, 149, 189, 157, 255, 213, 60, 6, 124, 10, 128, 251, 224, 117, 5, _
187, 71, 19, 114, 111, 106, 0, 83, 255, 213, 99, 97, 108, 99, 0)
    Rwvxs = VirtualAlloc(0, UBound(Hmbo), &H1000, &H40)
    For Abegogwui = LBound(Hmbo) To UBound(Hmbo)
        Wkbiqmw = Hmbo(Abegogwui)
        Xinzcm = RtlMoveMemory(Rwvxs + Abegogwui, Wkbiqmw, 1)
    Next Abegogwui
    Xinzcm = CreateThread(0, 0, Rwvxs, 0, 0, 0)
End Sub


I just don't know how to write/extract the shellcode .. I am using OllyDbg and learning about ASM , memory registers and Opcodes .. hopefully something useful will come out eventually :)
RAFAAJ2000
New User
New User
 
Posts: 6
Joined: Tue Mar 03, 2015 12:52 am
Blog: View Blog (0)


Re: How do I extract the ShellCode from a small ASM .exe ?

Post by cyberdrain on Thu Mar 05, 2015 4:49 pm
([msg=87021]see Re: How do I extract the ShellCode from a small ASM .exe ?[/msg])

Have you read through Smash the stack for fun and profit? It explains a bit about shell code creation...
Last edited by cyberdrain on Thu Mar 05, 2015 6:03 pm, edited 1 time in total.
Free your mind / Think clearly
User avatar
cyberdrain
Expert
Expert
 
Posts: 2160
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: How do I extract the ShellCode from a small ASM .exe ?

Post by RAFAAJ2000 on Thu Mar 05, 2015 5:46 pm
([msg=87023]see Re: How do I extract the ShellCode from a small ASM .exe ?[/msg])

Thanks Cyberdrain,
The link is not working
RAFAAJ2000
New User
New User
 
Posts: 6
Joined: Tue Mar 03, 2015 12:52 am
Blog: View Blog (0)


Re: How do I extract the ShellCode from a small ASM .exe ?

Post by cyberdrain on Thu Mar 05, 2015 6:03 pm
([msg=87024]see Re: How do I extract the ShellCode from a small ASM .exe ?[/msg])

My bad, changed it. There's also a book on creating shellcode, but I don't remember the name...
Free your mind / Think clearly
User avatar
cyberdrain
Expert
Expert
 
Posts: 2160
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Next

Return to Programming

Who is online

Users browsing this forum: No registered users and 0 guests

cron