Skip to content

h4pp1n3ss/x86Windows-PopCalcWinExec

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
README.md
README.md
 
 
runner.c
runner.c
 
 
shellcode.asm
shellcode.asm
 
 

Repository files navigation

Windows/x86 Dynamic WinExec PopCalcs PEB & Export Directory Table

Description:

This is a shellcode (PIC) that pop a calc.exe, in order to accomplish this task the shellcode uses the PEB method to locate the baseAddress of the required module and the Export Directory Table to locate symbols. Also the shellcode uses a hash function to gather dynamically the required symbols without worry about the length. Finally the shellcode pop the calc.exe using WinExec and exits gracefully using TerminateProcess.

  • Author: h4pp1n3ss
  • Date: Wed 09/22/2021
  • Tested on: Microsoft Windows [Version 10.0.19042.1237]

Windows API

This shellcode uses two Windows API

WinExec

WinExec Function Prototype

 UINT WinExec(
  LPCSTR lpCmdLine, -> EBX
  UINT   uCmdShow 	 -> EAX
 );

and

TerminateProcess

TerminateProcess Function Prototype

 BOOL TerminateProcess(
  HANDLE hProcess,	 -> 0xffffffff
  UINT   uExitCode	 -> EAX
 );

Resources

About

(Windows/x86) Null-free Position-Independent shellcode (PIC) - WinExec PopCalc

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages