flat assembler
Message board for the users of flat assembler.
Index
> Windows > return addresses |
Author |
|
asmrox 07 May 2008, 14:08
im writing an universal shellcode and i need all return addresses in all version of windows.
2k/2k3/millenium/xp/vista including all SP's thanks. |
|||
07 May 2008, 14:08 |
|
asmrox 07 May 2008, 15:19
umm return addreses from normal .exe/.dll files.
You know, to ExitThread. I have an idea to scan stack for one of them, and obtain version of windows (so i have addreses of kernel32 api's like LoadLibraryA) Quote: Forget it, this is a crazy idea. why? |
|||
07 May 2008, 15:19 |
|
revolution 07 May 2008, 15:27
You can get all the addresses you need by simply linking to the DLL and call GetProcAddress at runtime.
To ask everyone to give you return address is not needed and is very silly. The addresses change because the DLL's are relocatable. |
|||
07 May 2008, 15:27 |
|
asmrox 07 May 2008, 17:13
Quote: DLL's are relocatable can you tell me which function relocate dll? AFAIK kernel32 cant be relocated abyway ;] Returning by 'ret' would have no sense. And LoadLibraryA/GetProcAddress are from kernel32, but not in same place on all systems. And in shellcode i cant link dll, lol. http://www.google.com/search?q=what+is+shellcode |
|||
07 May 2008, 17:13 |
|
revolution 07 May 2008, 17:22
asmrox wrote: can you tell me which function relocate dll? Haha, don't forget about ASLR. Your task is not easy and I doubt many here will support this effort anyway. |
|||
07 May 2008, 17:22 |
|
asmrox 07 May 2008, 17:25
aslr under windows?
Quote: The loader (LoadLibrary) will relocate the DLL i though it just maps into memory space, and if its already mapped it return handle. |
|||
07 May 2008, 17:25 |
|
revolution 07 May 2008, 17:30
asmrox wrote: aslr under windows? asmrox wrote:
|
|||
07 May 2008, 17:30 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.