Shellcode

Тема в разделе "WASM.ENGLISH", создана пользователем dcskm4200, 29 авг 2005.

  1. dcskm4200

    dcskm4200 New Member

    Публикаций:
    0
    Регистрация:
    12 окт 2004
    Сообщения:
    173
    Адрес:
    China
    Hello, Bill/TPOC



    Nothing happens while The shellcode in the article (От зеленого к красному: Глава 3: Программирование в Shell-код стиле. Важные техники системного программирования: SEH, VEH и API Hooking. Отключение Windows File Protection.) runs .



    regards



    [​IMG] _688190570__shellcode_1.rar
     
  2. dcskm4200

    dcskm4200 New Member

    Публикаций:
    0
    Регистрация:
    12 окт 2004
    Сообщения:
    173
    Адрес:
    China
    None read The article?
     
  3. shoo

    shoo New Member

    Публикаций:
    0
    Регистрация:
    17 июл 2003
    Сообщения:
    1.537
    Адрес:
    Ukraine
    hi! send him e-mail directly: BILL_TPOC*MAIL.RU
     
  4. dcskm4200

    dcskm4200 New Member

    Публикаций:
    0
    Регистрация:
    12 окт 2004
    Сообщения:
    173
    Адрес:
    China
    Hello,shoo



    Thanks you for awaking me.



    regards
     
  5. shoo

    shoo New Member

    Публикаций:
    0
    Регистрация:
    17 июл 2003
    Сообщения:
    1.537
    Адрес:
    Ukraine
    i guess there is night where you are ;)



    well, exactly I did not read that article yet and I do not think it is easy for everybody, and author can be not often here on forum. did you read the article? it is too often examples from articles do not work on other hardware/systems - they provided just as examples. it is need to read, understand and then use them.



    there are a lot unanswered question on forums, i just like you are visiting our ;)

    if i'll can i'll try to read it ;)



    regards!
     
  6. dcskm4200

    dcskm4200 New Member

    Публикаций:
    0
    Регистрация:
    12 окт 2004
    Сообщения:
    173
    Адрес:
    China
    Hello,shoo



    Yes, it is the time in night. there is four hours discrepancy between Beijing's time to Moscow's time. it is time for supper where you are.

    although i know nothing about russian, but I'v known the article is well from its asm code. the code is slowly becoming integrative from simple to complex.

    if I have not a lot work to do, or goen on errands, I usually visit your website. because i think it is one of the best asm website in the world.



    Thanks you for response.
     
  7. Broken Sword

    Broken Sword Robert

    Публикаций:
    0
    Регистрация:
    30 авг 2002
    Сообщения:
    433
    dcskm4200

    What you think it should do? it's just a shellcode, a part of other program. If you run it apart it'll fail on



    lea ebx,[ebp+address]

    ...

    mov dword ptr [ebx],eax

    (last string is commented in your attach, uncomment it)



    with exception, because ebx points to "address" label which is placed in code section (it's not writable by default).



    What that means at all: I think that other part of virus, which injects shellcode in victims body should somehow enable writing capability of victims code section before injecting, or inject it in data section which is writable, or anything else.



    If you want to use this shellcode apart you must compile it with /section:.text,ERW option.
     
  8. dcskm4200

    dcskm4200 New Member

    Публикаций:
    0
    Регистрация:
    12 окт 2004
    Сообщения:
    173
    Адрес:
    China
    Hey, Broken Sword


    Код (Text):
    1. If you want to use this shellcode apart you must compile it with /section:.text,ERW option.




    thanks you for guiding.