Th3carpenter
Reputation: 201
WinExec shellcode
Can anyone help me implement a winexec to execute commands or to start cmd.exe using x86 asm ?
Below is an example on how i used msvcrt.system to spawn cmd.exe ! i want to do the same with winexec please.
00446001 68 65786500 PUSH 657865 // exe
00446006 8BDC MOV EBX,ESP
00446008 68 636D642E PUSH 2E646D63 // cmd.
0044600D 8BCC MOV ECX,ESP
00446010 53 PUSH EBX
00446011 51 PUSH ECX
00446012 E8 B0337E77 CALL msvcrt.system
00446017 90 NOP
Upvotes: 0
Views: 2354
Answers (1)
milevyo
Reputation: 2180
you can try one of this two variants (one of them is commented)
;mov eax,1
;push eax
;call there
;db "notepad.exe c:\windows\system32\drivers\etc\hosts",0
;there:
;call WinExec
push "sts"
push "oh\c"
push "te\s"
push "revi"
push "rd\2"
push "3met"
push "sys\"
push "swod"
push "niw\"
push ".\:c"
push " exe"
push ".dap"
push "eton"
mov eax,esp ; the last one pushed is the head of the string
push 1
push eax
call WinExec
add esp,52 ; restore stack state (13 pushes)
xor eax,eax
push eax
call ExitProcess
Upvotes: 3
Related Questions
- writing shellcode: why my shellcode won't work?
- shellcode is truncated by \x20
- Ubuntu 16.04 assembly code for shell
- Can not understand how my shellcode works. Shellcode for windows OS( not Linux!) to open calc.exe
- x86 64 Reverse shell shellcode
- Construct a shellcode without messing with assembly
- Which are the differences between WinExec and ShellExecute?
- Re-writing a small execve shellcode
- pass arguments to execve program in shellcode
- Adding arguments to shellcode spawning a shell