Re: connect-back win32 shellcode

["Mhal" <mathias.hallosserie () wanadoo fr>]

You could take a look on MSDN papers about PE file format and DBGhelp lib.
It's a good begining I guess.

Regards...
Mhal

----- Original Message -----
From: "wirepair" <wirepair () roguemail net>
To: <pen-test () securityfocus com>
Cc: <vuln-dev () securityfocus com>
Sent: Wednesday, April 09, 2003 7:10 PM
Subject: connect-back win32 shellcode


> lo all,
> So I've decided to take the dive into writing windows
> based (memory) exploits *shudders*, I'm having some
> serious complications regarding shellcode and well, how to
> go about writing it. Is there some solid documentation on
> the function of LoadLibraryA/GetProcAddress
> handlers/functions? Also if anyone has a good disassembly
> of any of the connected back shellcodes (Dark
> Spyrit:null.printer/David Litchfield's:sql hello) I would
> appreciate getting my hands on them. Most of the NT
> Overflow papers I see are based on old versions of windows
> (nt4) or the examples are completely outdated. It seems
> that most of these papers do not give a good explanation
> of the importance of the LoadLibraryA/GetProcAddress
> calls. Maybe I am missing something, probably am... This
> is not as easy as unix land and for someone who codes only
> in *nix environments, I'm finding Windows API's well,
> terrifying.
>   Thanks for any information,
> -wire
> _____________________________
> For the best comics, toys, movies, and more,
> please visit <http://www.tfaw.com/?qt=wmf>