1
C - C++ / Re: What to use?
« on: April 28, 2015, 06:37:41 PM »
Code::Blocks <3
This forum is in archive mode. You will not be able to post new content.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
Assembly - Embedded / Re: [ASM] Edit Registry Problem
« on: April 28, 2015, 04:32:31 AM »
after an enormous amount of searching i solved it 
i have win7 64 bits, which redirects 32bits register calls to another subkey, i think that was the mayor problem. Its solved with the KEY_WOW64_64KEY flag
plus i found a bug wich led to a call to nul
<3 OllyDbg <3
i have win7 64 bits, which redirects 32bits register calls to another subkey, i think that was the mayor problem. Its solved with the KEY_WOW64_64KEY flag
plus i found a bug wich led to a call to nul
<3 OllyDbg <3
3
Assembly - Embedded / [ASM] Edit Registry Problem
« on: April 28, 2015, 01:14:22 AM »
Hi everyone,
Today's menu is: RegOpenKeyExA, we'll call it ROK for simplicity
So, i want to execute X file on startup. I'm actually trying to add it to the HKLM-Run register, and in the process ROK wont cooperate and keeps throwing Access Violation Errors
This is the part that matters:
Thanks in advance
Today's menu is: RegOpenKeyExA, we'll call it ROK for simplicity
So, i want to execute X file on startup. I'm actually trying to add it to the HKLM-Run register, and in the process ROK wont cooperate and keeps throwing Access Violation Errors
This is the part that matters:
Code: [Select]
kHandle dd 0
kDir db "SOFTWARE\Microsoft\Windows\CurrentVersion\Run",0
lea edx, [ebp+kHandle] ;ebp is the delta offset, here im getting the pointer to my keyhandler
push edx ;pass the handler
push 0x00000010 ;Ask for reading rights (so i dont get permissions errors)
xor edx, edx
push edx ;push NULL (reserved)
lea edx, [ebp+kDir]
push edx ;subkey string pointer
push 0x80000002 ;HKEY_LOCAL_MACHINE
call 0x75334887 ;Call ROK (i can get it dynamically, but i hardcoded the address to
;reduce error vectors)
Thanks in advance
4
Assembly - Embedded / Re: [ASM] Build script, save your worthless time :)
« on: April 25, 2015, 02:21:43 AM »
may be a good idea 
but you dont feel the thrill of the shellcode
but you dont feel the thrill of the shellcode
5
Assembly - Embedded / [ASM] Build script, save your worthless time :)
« on: April 25, 2015, 01:26:24 AM »
Hi everyone,
i've been coding some shellcode in nasm and found really tedious the building steps asm->bin->shellcode->c->exe so i made a script to automate that stuff, nothing fancy, anyways, here it is:
to use it just pass the name of your asm (if its potatoe.asm, you should run "builder.bat potatoe")
NOTE: the bat and asm files must be in the same directory
This is just my tiny contribution, thanks everyone for the support and advice!
Hope ill be able to contribute with something more significant in the future
i've been coding some shellcode in nasm and found really tedious the building steps asm->bin->shellcode->c->exe so i made a script to automate that stuff, nothing fancy, anyways, here it is:
to use it just pass the name of your asm (if its potatoe.asm, you should run "builder.bat potatoe")
NOTE: the bat and asm files must be in the same directory
Code: [Select]
@ECHO OFF
nasm -f bin -o %1.bin %1.asm
xxd -c 1 -p %1.bin %1.txt
if exist %1.c (del %1.c)
set /p "=char code[] = "^"<nul >%1.c
for /F %%i in (%1.txt) do set /p "=\x%%i"<nul >>%1.c
echo ^";>>%1.c
echo int main(int argc, char **argv)>>%1.c
echo {>>%1.c
echo int (*func)();>>%1.c
echo func = (int (*)()) code;>>%1.c
echo (int)(*func)();>>%1.c
echo }>>%1.c
gcc -o %1 %1.c
@ECHO ON
This is just my tiny contribution, thanks everyone for the support and advice!
Hope ill be able to contribute with something more significant in the future
6
Assembly - Embedded / Re: [ASM] Functions and Stack
« on: April 16, 2015, 04:07:45 AM »
Thank you very much
7
Assembly - Embedded / [ASM] Functions and Stack
« on: April 16, 2015, 01:04:53 AM »
Hi everyone, i've been reading about shellcode (i know asm but for microcontrollers) and have a little doubt about this piece of code:
My question is, does "db 'user32.dllN'" even execute before "call LibraryReturn"?
if it does, does it push the beginning of the string to the stack? or how does it end there so you can pop it into ecx?
Thank you in advance
Code: [Select]
GetLibrary:
call LibraryReturn
db 'user32.dllN'
LibraryReturn:
pop ecx ;get the library string
mov [ecx + 10], dl ;insert NULL (edx was cleared right before)
mov ebx, 0x77e7d961 ;LoadLibraryA(libraryname);
push ecx ;beginning of user32.dll
call ebx ;eax will hold the module handle
My question is, does "db 'user32.dllN'" even execute before "call LibraryReturn"?
if it does, does it push the beginning of the string to the stack? or how does it end there so you can pop it into ecx?
Thank you in advance
Pages: [1]