-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathshellcode.c
49 lines (46 loc) · 1.1 KB
/
shellcode.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
#include <stdio.h>
#include <windows.h>
int main()
{
_asm
{
// se carga libreria msvcrt.dll
push ebp
mov ebp,esp
xor edi,edi
push edi
sub esp,0Ch
mov byte ptr [ebp-0bh],6Dh //m
mov byte ptr [ebp-0ah],73h //s
mov byte ptr [ebp-09h],76h //v
mov byte ptr [ebp-08h],63h //c
mov byte ptr [ebp-07h],72h //r
mov byte ptr [ebp-06h],74h //t
mov byte ptr [ebp-05h],2Eh //.
mov byte ptr [ebp-04h],64h //d
mov byte ptr [ebp-03h],6Ch //l
mov byte ptr [ebp-02h],6Ch //l
lea eax,[ebp-0Bh] //ultima posicion
push eax
mov ebx,0x7c801d7b //direccion de loadlibrary
call ebx
// se cargar calc.exe
push ebp
mov ebp,esp
xor edi,edi
push edi
sub esp,08h
mov byte ptr [ebp-09h],63h //c
mov byte ptr [ebp-08h],61h //a
mov byte ptr [ebp-07h],6Ch //l
mov byte ptr [ebp-06h],63h //c
mov byte ptr [ebp-05h],2Eh //.
mov byte ptr [ebp-04h],65h //e
mov byte ptr [ebp-03h],78h //x
mov byte ptr [ebp-02h],65h //e
lea eax,[ebp-09h] //ultima posicion
push eax
mov ebx,0x77c293c7 //direccion libreria system
call ebx
}
}