flat assembler
Message board for the users of flat assembler.

Home Search Register
Log in to check your private messages Log in

Index > Windows > hardcoded adresses
Author
Thread Post new topic Reply to topic
asmrox



Joined: 19 Jan 2008
Posts: 160
asmrox
Code:
format pe console
section '.code' code readable executable
push 0
push 0
push 0
push 0
call 0x77D7050B
ret
section '.idata' import data readable
dd 0,0,0,RVA user32_name,RVA user32_table
dd 0,0,0,0,0
user32_table:
dd rva 1
dd 0
user32_name db 'user32.dll',0

i imported 1 function under index 1, and call to messageboxa work. i understand that user32.dll is loaded only if is imported at least 1 function.

Can i use it in my shellcode, and call to kernel32 (wich is always loaded)?
or msvcrt for sprintf, it helps alot Smile
Post 29 Feb 2008, 08:56
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17278
Location: In your JS exploiting you and your system
revolution
asmrox wrote:
...
call 0x77D7050B
...[/code]
i imported 1 function under index 1, and call to messageboxa work. i understand that user32.dll is loaded only if is imported at least 1 function.

Can i use it in my shellcode, and call to kernel32 (wich is always loaded)?
or msvcrt for sprintf, it helps alot Smile
Short answer NO! You waste your time, the addresses change with patch level and version. That address you show is not even mapped on my XP SP2 with user32 loaded.
Post 29 Feb 2008, 09:27
View user's profile Send private message Visit poster's website Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
And stop writing shellcode ffs, spend your time on something useful.
Post 29 Feb 2008, 13:37
View user's profile Send private message Visit poster's website Reply with quote
asmrox



Joined: 19 Jan 2008
Posts: 160
asmrox
shellcoding is veru useful, i learn opcodes, modyfing programs as well as format specifications and kernel itself. In higher mnemonic-based level i would have never learned so much.
Post 29 Feb 2008, 22:25
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Main index Download Documentation Examples Message board

Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.