XR3X

Jump to content


Photo

Shellcode Problem

help shellcode

  • You cannot start a new topic
  • Please log in to reply
10 replies to this topic

#1 nu3lC

nu3lC

    Member

  • Associate
  • Reputation: 15
    Fair
  • 63 posts
  • Locationhackhound

Posted 25 September 2013 - 02:57 PM

hey guys i missed hackhound becuz i busy with shool stuffs, fuck school

 

anyway i wrote a shellcode yesterday in winxp using masm,,its works fine,

but its not null free,but its working :)

 

but i got a problem i wrote it in win7 but each reboot  dll  addresses  are changing,,, :(

 

ex:

messagebox 6273261

 

after reboot its comes  messagebox 5415245

 

sorry i cant explain it well  ,my englsih sucks,hope u guys got some idea

 

can someone tell me how to fix that shit??

 

excuse for my english 



#2 Tony

Tony

    Intermediate Member

  • Associate
  • Reputation: 145
    Very Good
  • 270 posts
Contributor

Posted 25 September 2013 - 03:35 PM

Google "Windows Address Space Randomization" and you will find your problem + solution ;)


  • nu3lC likes this

#3 DualCoder

DualCoder

    Member

  • Associate
  • Reputation: 37
    Fair
  • 34 posts
  • LocationSweden

Posted 25 September 2013 - 04:59 PM

It is due to ASLR (

Please Login or Register to see this Hidden Content

)

 

Get the loaded modules from PEB (

Please Login or Register to see this Hidden Content

) at FS:[0x30] and get the addresses from the module's export table (EAT).

 

//DualCoder


  • nu3lC likes this

#4 sonykuccio

sonykuccio

    Intermediate Member

  • Loyalist
  • Reputation: 188
    Very Good
  • 155 posts
  • LocationALU

Posted 25 September 2013 - 05:50 PM

maybe this example can help you

 

Please Login or Register to see this Hidden Content



#5 Coldzer0

Coldzer0

    Member

  • Members
  • Reputation: 42
    Fair
  • 38 posts

Posted 25 September 2013 - 07:01 PM

see these tut

 

i write it in Arabic  :P

 

but i put comments in English

 

lesson1 :

Please Login or Register to see this Hidden Content

lesson2 : 

Please Login or Register to see this Hidden Content

lesson3 : 

Please Login or Register to see this Hidden Content

lesson4 : 

Please Login or Register to see this Hidden Content

 

  i think it 'll help alot 


  • x58 and nu3lC like this

#6 nu3lC

nu3lC

    Member

  • Associate
  • Reputation: 15
    Fair
  • 63 posts
  • Locationhackhound

Posted 26 September 2013 - 02:48 PM

Thank you all u guys :)

i'll try :) 



#7 nu3lC

nu3lC

    Member

  • Associate
  • Reputation: 15
    Fair
  • 63 posts
  • Locationhackhound

Posted 26 September 2013 - 02:50 PM

see these tut

 

i write it in Arabic  :P

 

but i put comments in English

 

lesson1 :

Please Login or Register to see this Hidden Content

lesson2 : 

Please Login or Register to see this Hidden Content

lesson3 : 

Please Login or Register to see this Hidden Content

lesson4 : 

Please Login or Register to see this Hidden Content

 

  i think it 'll help alot 

tnx dude,,its in arabic,,but i'll try to understand it by actions 



#8 nu3lC

nu3lC

    Member

  • Associate
  • Reputation: 15
    Fair
  • 63 posts
  • Locationhackhound

Posted 29 September 2013 - 01:54 PM

hey plz someone can give a example.???



#9 steve10120

steve10120

    Member

  • Notorious
  • Reputation: 55
    Good
  • 61 posts
  • Locationic0de.org

Posted 29 September 2013 - 02:12 PM

Get kernel32 from PEB, walk the EAT of kernel32 to get LoadLibraryA and GetProcAddress, done. :)


  • x58 and nu3lC like this

#10 nu3lC

nu3lC

    Member

  • Associate
  • Reputation: 15
    Fair
  • 63 posts
  • Locationhackhound

Posted 01 October 2013 - 02:30 AM

:)

Please Login or Register to see this Hidden Content

Please Login or Register to see this Hidden Content


  • Hess likes this

#11 delphifocus

delphifocus

    Intermediate Member

  • Associate
  • Reputation: 67
    Good
  • 116 posts

Posted 01 November 2013 - 02:58 PM

:)

Please Login or Register to see this Hidden Content

Please Login or Register to see this Hidden Content

 

Did your problem had been solved? If yes, may be this thread should be marked with [Solved] tag. Thank you ;)







Also tagged with one or more of these keywords: help, shellcode