Metasploit mailing list archives
Creating Shellcode
From: hdm at metasploit.com (H D Moore)
Date: Thu, 7 Feb 2008 13:26:46 -0600
The objdump output does not equal shellcode, especially if you make *any* library calls. On Linux and BSD, you can avoid library calls by going directly to inlined syscalls in your C code, however, on Windows, you really need to access functions inside kernel32 to make any progress. Unless you write your C code very carefully (and essentially mimic what most Windows shellcode does with regards to finding the base of kernel32), it just won't work. There are a few options available for doing this properly: InlineEgg - http://oss.coresecurity.com/projects/inlineegg.html MOSDEF - http://immunitysec.com/resources-freesoftware.shtml METASM - http://metasm.cr0.org/ (C compiler is new, not sure if does Windows yet) -HD On Thursday 07 February 2008, macubergeek at comcast.net wrote:
I just ran objdump -Dslx against nc.exe on a Linux box. It seems to work ok. Can you see any reason why objdump wouldn't work properly against windows executables as well as Linux binaries?
Current thread:
- Creating Shellcode Ty Miller (Feb 06)
- Creating Shellcode base64 (Feb 06)
- Creating Shellcode Ty Miller (Feb 07)
- Creating Shellcode nnp (Feb 07)
- Creating Shellcode Ty Miller (Feb 07)
- Creating Shellcode Ty Miller (Feb 07)
- Creating Shellcode base64 (Feb 06)
- Creating Shellcode Michael Behan (Feb 06)
- can there be a succeeded exploit? Prince Brave (Feb 06)
- can there be a succeeded exploit? H D Moore (Feb 06)
- can there be a succeeded exploit? Prince Brave (Feb 06)
- can there be a succeeded exploit? Prince Brave (Feb 06)
- <Possible follow-ups>
- Creating Shellcode macubergeek at comcast.net (Feb 07)
- Creating Shellcode H D Moore (Feb 07)
- Creating Shellcode J.M. Seitz (Feb 07)
- Creating Shellcode Ty Miller (Feb 07)
- Creating Shellcode Leo Jackson (Feb 08)
- Creating Shellcode H D Moore (Feb 09)
- Creating Shellcode H D Moore (Feb 07)
- Creating Shellcode Leo Jackson (Feb 08)