Metasploit mailing list archives
Functions in DLLs
From: tyronmiller at gmail.com (Ty Miller)
Date: Thu, 3 Apr 2008 11:45:10 +1100
Thanks for the response guys. That article is really good since it allows you to use the asm code provided to derive a shellcode template, which most other articles don't provide, as well as detailed explanations of each line of the assembly code that can often be hard to follow. It has made me rethink my entire approach to creating the shellcode I am developing, so thanks. For those of you who do want to easily find addresses of functions within specific DLLs, for quick shellcode generation or whatever, I found the following really handy; http://www.vividmachines.com/shellcode/arwin.c If you use this within cygwin you can also write a bash wrapper to loop through the DLLs on your system to find which DLLs actually contain the function your after. Cheers, Ty On 3/28/08, mmiller at hick.org <mmiller at hick.org> wrote:
On Thu, Mar 27, 2008 at 08:55:02PM +1100, Ty Miller wrote:Hey guys, Is there a program or website that maps which functions exist in whichDLLsso that I can determine the address of a function? Wow, does that sentence make any sence??? ... In other words, if I am creating shellcode and I am using a function, say "strlen", I need to replace this call with the address of where it exists in memory within a loaded DLL ... so how do I determine the best DLL to use?Hardcoding the address of a function to be called in shellcode is generally bad practice. I'd suggest taking a look at how the Metasploit payloads resolve the address of a function to be called. There is some explanation as to how this works here: http://hick.org/code/skape/papers/win32-shellcode.pdf If you must hardcode the address just use a debugger, run a program that uses msvcrt, and find the address of msvcrt!strlen (such as by trying to disassemble it).
-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20080403/df851aef/attachment.htm>
Current thread:
- Functions in DLLs Ty Miller (Apr 02)
- <Possible follow-ups>
- Functions in DLLs Ty Miller (Apr 05)
- Functions in DLLs mmiller at hick.org (Apr 05)
- Functions in DLLs Vlad Tsyrklevich (Apr 05)
- Functions in DLLs mmiller at hick.org (Apr 05)