C++: Shellcode Launcher
Objective
Executing shellcode in memory.
To do list
Allocate space in memory.
Put shellcode into allocated space.
Execute the shellcode.
Functions
VirtualAlloc: Allocate space in memory for shellcode.
Header: memoryapi.h
Definition: LPVOID VirtualAlloc(LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect)
lpAddress: Start address of allocated memory. Set 0 as default.
dwSize: Size of shellcode. Use sizeof function to get size of shellcode.
flAllocationType: Allocation type of memory. Set MEM_COMMIT as default. This guarantees that when the caller later initially accesses the memory, the contents will be zero. For further information check references.
flProtect: Memory privileges. Set PAGE_EXECUTE_READ_WRITE as default. This enables execute, read-only, or read/write access to the committed region of pages. For further information check references.
memcpy: Put specified bytes into specified destination.
Header: string.h
Definition: void *memcpy(void *restrict dest, const void *restrict src, size_t n)
dest: Destination address.
src: Source bytes (Shellcode)
n: Size of shellcode.
Application (launcher.cpp)
#include <string>
#include <windows.h>
int main(){
char shellcode[] = ""; //shellcode
void *memPtr= VirtualAlloc(0, sizeof shellcode, MEM_COMMIT, PAGE_EXECUTE_READWRITE); //yer ayir
memcpy(memPtr, shellcode, sizeof shellcode); //bellege shellcodeu yerlestir
((void(*)())memPtr)(); //shellcodeu aktive et
}To prevent possible problems, make sure architecture of shellcode and application are same.
References
Microsoft, VirtualAlloc function, https://docs.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-virtualalloc
Microsoft, Memory protections constants, https://docs.microsoft.com/en-us/windows/win32/memory/memory-protection-constants
man7, memcpy, https://man7.org/linux/man-pages/man3/memcpy.3.html
Last updated
Was this helpful?