-
Notifications
You must be signed in to change notification settings - Fork 49
Expand file tree
/
Copy pathcode.cpp
More file actions
53 lines (41 loc) · 1.23 KB
/
Copy pathcode.cpp
File metadata and controls
53 lines (41 loc) · 1.23 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
/*
Shellcode Loader
Archive of Reversing.ID
Executing shellcode by jump to it.
Cast the payload as function and invoke it.
Compile:
$ cl.exe /nologo /Ox /MT /W0 /GS- /DNDEBUG /Tccode.cpp
Technique:
- allocation: VirtualAlloc
- writing: RtlMoveMemory
- permission: VirtualProtect
- execution:
*/
#include <windows.h>
#include <stdint.h>
int main ()
{
void * runtime;
BOOL retval;
DWORD old_protect = 0;
// shellcode storage in stack
uint8_t payload [] = { 0x90, 0x90, 0xCC, 0xC3 };
uint32_t payload_len = 4;
// allocate memory buffer for payload as READ-WRITE (no executable)
runtime = VirtualAlloc (0, payload_len, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
// copy payload to the buffer
RtlMoveMemory (runtime, payload, payload_len);
// make buffer executable (R-X)
retval = VirtualProtect (runtime, payload_len, PAGE_EXECUTE_READ, &old_protect);
if (retval != 0)
{
// create pointer to function and assign with address of shellcode
int (*func)();
func = (int (*)())runtime;
// executing
func();
}
// deallocate the space
VirtualFree (runtime, payload_len, MEM_RELEASE);
return 0;
}