Hi all,
The code below runs a Msgbox based on a byte populated with some Hex values (shellcode)
My question is how/from where do we obtain the MsgBox API shellcode Hex values ? Is there a tool in the MASM qEditor that does that or is it done in some other way ?
include \masm32\include\masm32rt.inc
.data
szCaption db "MessageBox title",0
szMessage db "My message",0
msgBox db 55h,8Bh,0ECh,0FFh,75h,14h,0FFh,75h,10h,0FFh,75h,0Ch,0FFh,75h,08h,0FFh,15h,10h,20h,40h,00h,0C9h,0C3h
.data?
pMem dd ?
buffer dd 12 dup (?)
.code
start:
invoke GlobalAlloc,GMEM_FIXED,32
mov pMem, eax
mov ecx, LENGTHOF msgBox
mov esi, OFFSET msgBox
mov edi, pMem
rep movsb
push 0 ;OK button
push offset szCaption ;Messagebox title
push offset szMessage ;Messagebox message
push 0 ;Owner
call pMem
invoke GlobalFree,pMem
invoke ExitProcess,0
mov eax, MessageBox ;to get "MessageBoxA" into the import table
end start
Shellcode, isn't it against the forum rules?
If shellcode is against the forum rules then I would like to apologise .. I just wanted to know the relationship between ASM and Shellcoding as I often see them together in many code snippets on the internet
well - it can be used maliciously - so we don't generally discuss it
as Jochen (jj2007) and others mentioned, there are cleaner ways to do it, anyways