Member Avatar for Zarathu

This is my code:

[BITS 32]

.section text
global start

start:
    xor edx, edx         ; Avoids NULL byte
    push edx             ; MsgBox type
    push edx             ; MsgBox body
    push edx             ; MsgBox caption
    push edx             ; Owner hWnd
  mov eax, 0x7E45058A  ; Addr of MessageBox, USER32 should be loaded
    call eax

Now, that should, theoretically, pop up with a blank messagebox. Right?

I assembled it with:

C:\Documents and Settings\Compaq_Owner>nasmw -fbin -l "stuff.txt" "C:\Documents and Settings\Compaq_Owner\Desktop\k.asm"

I popped open a hex editor, grabbed the bytes, threw them into shellcode, and executed this:

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

char shellcode[] =
"\x31\xD2\x52\x52\x52\x52\xB8\x8A\x05\x45\x7E\xFF\xD0";

int main()
{
    int *ret;
    ret = (int *)&ret + 2;
    (*ret) = (int)shellcode;
}

Not working. Could anybody give me a hand?

  • 2 Contributors
  • 3 Replies
  • 265 Views
  • 22 Hours Discussion Span
  • Latest Post Latest Post by Ancient Dragon
Salem commented: Another malware script kiddie wannabe loser type -1

Recommended Answers

All 3 Replies

Member Avatar for Ancient Dragon

what is all that crap? If you want to display a MS-Windows message box why not just call it directly ?

>>mov eax, 0x7E45058A
how do you know that's the address of message box function? The address may change every time the program is run.

>>Not working. Could anybody give me a hand?
Yes -- don't do that. include windows.h and call message box just like every other normal programmer.

Member Avatar for Zarathu

That's not what I'm trying to do. I'd love it if it was that easy.

I'm trying to write POC shellcode. Is there a way to get that done in ASM without calling it from the memory address? If so, how?

>> The address may change every time the program is run.
Not really.... It was the same on my computer every time it was run, and it's also the same address on my friend's computer.

Member Avatar for Ancient Dragon

C language does not recognize inline assembly instructions like that. The way to do inline assembly depends on the compiler you are using. For example, Microsoft compilers are like this:

#include <windows.h>
int main()
{
   _asm
   {
        // put assembly code here
    xor edx, edx         ; Avoids NULL byte
    push edx             ; MsgBox type
    push edx             ; MsgBox body
    push edx             ; MsgBox caption
    push edx             ; Owner hWnd
     lea eax, MessageBox  ; Addr of MessageBox, USER32 should be    loaded
    call eax   
    }
 
   return 0;
}

>>Not really.... It was the same on my computer every time it was run, and it's also the same address on my friend's computer.

You were just lucky. Don't count on that behavior.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.