Vulnerability Development mailing list archives
Re: connect-back win32 shellcode
From: "Mhal" <mathias.hallosserie () wanadoo fr>
Date: Sat, 12 Apr 2003 14:04:16 +0200
You could take a look on MSDN papers about PE file format and DBGhelp lib. It's a good begining I guess. Regards... Mhal ----- Original Message ----- From: "wirepair" <wirepair () roguemail net> To: <pen-test () securityfocus com> Cc: <vuln-dev () securityfocus com> Sent: Wednesday, April 09, 2003 7:10 PM Subject: connect-back win32 shellcode
lo all, So I've decided to take the dive into writing windows based (memory) exploits *shudders*, I'm having some serious complications regarding shellcode and well, how to go about writing it. Is there some solid documentation on the function of LoadLibraryA/GetProcAddress handlers/functions? Also if anyone has a good disassembly of any of the connected back shellcodes (Dark Spyrit:null.printer/David Litchfield's:sql hello) I would appreciate getting my hands on them. Most of the NT Overflow papers I see are based on old versions of windows (nt4) or the examples are completely outdated. It seems that most of these papers do not give a good explanation of the importance of the LoadLibraryA/GetProcAddress calls. Maybe I am missing something, probably am... This is not as easy as unix land and for someone who codes only in *nix environments, I'm finding Windows API's well, terrifying. Thanks for any information, -wire _____________________________ For the best comics, toys, movies, and more, please visit <http://www.tfaw.com/?qt=wmf>
Current thread:
- connect-back win32 shellcode wirepair (Apr 10)
- Re: connect-back win32 shellcode Mhal (Apr 12)