nasmw win32 help

Question

Zarathu -1 Newbie Poster

17 Years Ago

This is my code:

[BITS 32]

.section text
global start

start:
    xor edx, edx         ; Avoids NULL byte
    push edx             ; MsgBox type
    push edx             ; MsgBox body
    push edx             ; MsgBox caption
    push edx             ; Owner hWnd
  mov eax, 0x7E45058A  ; Addr of MessageBox, USER32 should be loaded
    call eax

Now, that should, theoretically, pop up with a blank messagebox. Right?

I assembled it with:

C:\Documents and Settings\Compaq_Owner>nasmw -fbin -l "stuff.txt" "C:\Documents and Settings\Compaq_Owner\Desktop\k.asm"

I popped open a hex editor, grabbed the bytes, threw them into shellcode, and executed this:

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

char shellcode[] =
"\x31\xD2\x52\x52\x52\x52\xB8\x8A\x05\x45\x7E\xFF\xD0";

int main()
{
    int *ret;
    ret = (int *)&ret + 2;
    (*ret) = (int)shellcode;
}

Not working. Could anybody give me a hand?

assembly

2 Contributors
3 Replies
265 Views
22 Hours Discussion Span
Latest Post 17 Years Ago Latest Post by Ancient Dragon

Salem commented: Another malware script kiddie wannabe loser type -1

Ancient Dragon 5,243 Achieved Level 70

17 Years Ago

what is all that crap? If you want to display a MS-Windows message box why not just call it directly ?

>>mov eax, 0x7E45058A
how do you know that's the address of message box function? The address may change every time the program is run.

>>Not working. Could anybody give me a hand?
Yes -- don't do that. include windows.h and call message box just like every other normal programmer.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Zarathu -1 Newbie Poster · Answer 1 · 2007-05-10T18:11:53+00:00

That's not what I'm trying to do. I'd love it if it was that easy.

I'm trying to write POC shellcode. Is there a way to get that done in ASM without calling it from the memory address? If so, how?

>> The address may change every time the program is run.
Not really.... It was the same on my computer every time it was run, and it's also the same address on my friend's computer.

Ancient Dragon 5,243 Achieved Level 70 Team Colleague Featured Poster · Answer 2 · 2007-05-10T20:57:36+00:00

C language does not recognize inline assembly instructions like that. The way to do inline assembly depends on the compiler you are using. For example, Microsoft compilers are like this:

#include <windows.h>
int main()
{
   _asm
   {
        // put assembly code here
    xor edx, edx         ; Avoids NULL byte
    push edx             ; MsgBox type
    push edx             ; MsgBox body
    push edx             ; MsgBox caption
    push edx             ; Owner hWnd
     lea eax, MessageBox  ; Addr of MessageBox, USER32 should be    loaded
    call eax   
    }
 
   return 0;
}

>>Not really.... It was the same on my computer every time it was run, and it's also the same address on my friend's computer.

You were just lucky. Don't count on that behavior.