Does anyone know the whereabouts of any info on how to write shellcode for windows. I am looking to understand how various exploits work and hopefully to write my own.
Thank you for your time
Codecfault
Sponsored by: █ Sparkhost - Hosting Without Compromises! █ Hybrid Performance Web Hosting █ Spark Host Stream Hosting █ Hybrid IRC & IRCd Server Shell Accounts
Windows Shellcode
Started by
Codecfault
, Oct 22 2003 11:19 PM
18 replies to this topic
#2
pr0t0type
-
- Members
-
- 104 posts
Specialist
Posted 23 October 2003 - 04:16 AM
Been trying to learn myself. I posted a good into into into buffer overflows in the sticky above and I've found this article to be really helpfull. I'd be interested if anyones got anmy good asm tuts 
#3
Codecfault
-
- Members
-
- 18 posts
Private
Posted 23 October 2003 - 10:09 PM
great link thanks pr0t0type
#4
SLiM577
-
- Members
-
- 83 posts
Private First Class
Posted 06 December 2003 - 11:20 AM
thanks alot guys im also trying to learn to code /etc
#5
nazinofix
-
- Members
-
- 4 posts
Private
#6
Buluemoon
-
- Members
-
- 116 posts
Specialist
Posted 25 December 2003 - 01:53 PM
Thanks to all who posted links on this subject, the last 2 look very useful, and have to go and read them, been looking around but never saw these.
#7
Codecfault
-
- Members
-
- 18 posts
Private
Posted 27 December 2003 - 09:28 PM
thanks a lot nazinofix great link
#8
skorpio
-
- Members
-
- 47 posts
Private First Class
Posted 28 December 2003 - 04:55 AM
thx nazinofix
very interesting link
byee
very interesting link
byee
#10 Guest_Hexboy_*
Guest_Hexboy_*
-
- Guests
Posted 07 January 2004 - 05:49 PM
http://www.shellcode.com.ar has some windows shell code. I've learned a few sweet tricks from code available there.
#12
nipagini
-
- Members
-
- 11 posts
Private
Posted 08 February 2004 - 11:22 AM
wow thx m8!!! that's a realy good documentation about buffer overflows!!
#13
riotz
-
- Members
-
- 118 posts
Specialist
Posted 10 February 2004 - 08:30 AM
these 2 pdfs are a real nice reading..
thnx for shaing
thnx for shaing
#14 Guest_archphase_*
Guest_archphase_*
-
- Guests
Posted 10 February 2004 - 02:11 PM
Windows shellcode is a bitch too write. All of those win32 shellcode papers show how to get it by SEH or you can get it by using the TEB block i think or whatever is at fs:[30]..but i think the more code efficent way is like this..or atleast i think it is.
I think that'll work on a typicall vc++ app which builds the stack frame..just an idea.
mov ebx, ebp mov eax, esp sub eax, ebx; eax = amount of bytes on stack mov ecx, [esp+eax]; ecx = somewhere in k32..search loopme: cmp word ptr [ecx], 'M' + 'Z' jz foundMZ dec ecx jmp loopme foundMZ: nop; found if we find mz header.
I think that'll work on a typicall vc++ app which builds the stack frame..just an idea.
#15
nazinofix
-
- Members
-
- 4 posts
Private
Posted 11 February 2004 - 06:20 PM
The 'Understanding Windows Shellcode' paper cited earlier in this thread covers the technique of walking down in increments of 16 pages (64KB) to locate the MZ header associated with kernel32 by taking an address that is known to be inside kernel32. It applies this technique with both walking the SEH list to the last handler as well as using a known offset from the top of the stack which is in the TEB. The latter ends up being about 25 bytes all told. Is this what you're describing?
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
