Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   MASM RunPE Shell Code (https://forum.exetools.com/showthread.php?t=15261)

Coldzer0 09-22-2013 20:30
MASM RunPE Shell Code
 
First I don't know if this the Right forum to post My code :D

so

Here's My MASM Shell Code ;)

http://pastebin.com/32Ntt5zG#

and Shell AS Bytes ( Delphi ) :D

http://pastebin.com/tFP1UpqR#

and remember

{
XOR AL,00h ; XOR Key 1 (Byte Number $686 )
XOR AL,00h ; XOR Key 2 (Byte Number $684)
}

{
NewRunPE [$684] := KEY2;
NewRunPE [$686] := KEY1;
}

i hope it helps ;)

DaGoN 09-26-2013 18:43
Thanks Coldzer0, i'll try it. Is it works also in x64 machine? :)

Coldzer0 09-26-2013 20:19
thanks DaGoN for reply :)

and yes i test it on x64 and x32

and here's some update in shellcode

i add small code to convert module name to UpperCase

cuz in XP module name in lowerCase and in Win8 it's UpperCase

new code : http://pastebin.com/WgMv0ncX


All times are GMT +8. The time now is 00:39.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX