Nytro Posted February 15, 2016 Report Share Posted February 15, 2016 Introduction to Windows shellcode development – Part 3 February 15, 2016 Ionut Popescu If you missed the first two parts of this article, you can find in Part I what is a shellcode, how it works and which are its limitations and in Part II you can read about the PEB (Process Environment Block) structure, the PE (.exe, .dll) file format and you can go through a short ASM introduction. You’ll need this information in order to properly understand Windows shellcodes. In this last part of the shellcode development introduction, we will write a simple “SwapMouseButton” shellcode, a shellcode that will swap left and right mouse buttons. We will start from an existing shellcode: “Allwin URLDownloadToFile + WinExec + ExitProcess Shellcode“. The shellcode name tells us a few things, such like it uses: URLDownloadToFile Windows API function to download a file WinExec to execute the file (executable file: .exe) ExitProcess will terminate the process running the shellcode Using this example, we will call SwapMouseButton function and ExitProcess function. I’m pretty sure it is easy to understand what these functions do. BOOL WINAPI SwapMouseButton( _In_ BOOL fSwap ); VOID WINAPI ExitProcess( _In_ UINT uExitCode ); As you can see, each function has only one parameter: fSwap parameter can be TRUE or FALSE. If it is TRUE, the mouse buttons are swapped, else they are restored. uExitCode represents the process exit code. Each process must return a value on exit (zero if everything was ok, any other value otherwise). This is the “return 0” of the main function. Link: http://securitycafe.ro/2016/02/15/introduction-to-windows-shellcode-development-part-3/ 1 Quote Link to comment Share on other sites More sharing options...
kznamst Posted February 15, 2016 Report Share Posted February 15, 2016 Vezi ca nu se vede pe frontpage titlul si nu poti da click sa vezi thread-ul: Quote Link to comment Share on other sites More sharing options...
