Author Topic: [ASM] Functions and Stack (Read 857 times)

R4k0Z · « **on:** April 16, 2015, 01:04:53 am »

Hi everyone, i've been reading about shellcode (i know asm but for microcontrollers) and have a little doubt about this piece of code:

Code: [Select]

GetLibrary: 
      call LibraryReturn 
      db 'user32.dllN'

LibraryReturn: 
      pop ecx                   ;get the library string 
      mov [ecx + 10], dl        ;insert NULL (edx was cleared right before)
      mov ebx, 0x77e7d961       ;LoadLibraryA(libraryname); 
      push ecx                  ;beginning of user32.dll 
      call ebx                  ;eax will hold the module handle

My question is, does "db 'user32.dllN'" even execute before "call LibraryReturn"?

if it does, does it push the beginning of the string to the stack? or how does it end there so you can pop it into ecx?

Thank you in advance

HTH · « **Reply #1 on:** April 16, 2015, 02:58:36 am »

Db isnt an instruction that "executes" when it is assembled it literally sets those bytes to that value. Usually for use with a pointer to said data. Thats the point. The rest happens because when you call a function the return point (the address of the bytes defined as the library name) gets pushed for when returning.

So it pops it off, does its thing with the data, then pushes it back because it stills needs to return.

So in short, that data isnt manipulated at all, they're just using a kinda near trick to pass a reference to it.

R4k0Z · « **Reply #2 on:** April 16, 2015, 04:07:45 am »

Thank you very much

EvilZone

News:

Author Topic: [ASM] Functions and Stack (Read 857 times)

R4k0Z

[ASM] Functions and Stack

HTH

Re: [ASM] Functions and Stack

R4k0Z

Re: [ASM] Functions and Stack