|
|
#1
09-22-2013, 20:30
|
|||
|
|||
|
MASM RunPE Shell Code
First I don't know if this the Right forum to post My code
 so Here's My MASM Shell Code  http://pastebin.com/32Ntt5zG# and Shell AS Bytes ( Delphi ) http://pastebin.com/tFP1UpqR# and remember { XOR AL,00h ; XOR Key 1 (Byte Number $686 ) XOR AL,00h ; XOR Key 2 (Byte Number $684) } { NewRunPE [$684] := KEY2; NewRunPE [$686] := KEY1; } i hope it helps
|
| The Following User Gave Reputation+1 to Coldzer0 For This Useful Post: | ||
nikre (09-23-2013) | ||
| The Following User Says Thank You to Coldzer0 For This Useful Post: | ||
Dr.FarFar (11-20-2021) | ||
|
#2
09-26-2013, 18:43
|
|||
|
|||
|
Thanks Coldzer0, i'll try it. Is it works also in x64 machine?
|
| The Following User Gave Reputation+1 to DaGoN For This Useful Post: | ||
Coldzer0 (09-26-2013) | ||
|
#3
09-26-2013, 20:19
|
|||
|
|||
|
thanks DaGoN for reply
and yes i test it on x64 and x32 and here's some update in shellcode i add small code to convert module name to UpperCase cuz in XP module name in lowerCase and in Win8 it's UpperCase new code : http://pastebin.com/WgMv0ncX
|
| The Following User Gave Reputation+1 to Coldzer0 For This Useful Post: | ||
DaGoN (09-26-2013) | ||
| The Following User Says Thank You to Coldzer0 For This Useful Post: | ||
Dr.FarFar (11-20-2021) | ||
 |
|
|
Linear Mode
