Pages: [1]

Author Topic: [AutoIt] Start shallcode  (Read 968 times)

0 Members and 1 Guest are viewing this topic.

Offline D4rkC10ud

  • /dev/null
  • *
  • Posts: 12
  • Cookies: -6
    • View Profile
[AutoIt] Start shallcode
« on: October 15, 2012, 07:57:12 pm »
fun with AutoIt.

Code: (AutoIt) [Select]
#include <winapi.au3>
$strucGetKernelHandle_x86 = DllStructCreate("char[64]");
$GetKernelHandle_x86 = Chr(0x64)&Chr(0xA1)&Chr(0x30)&Chr(0x0)&Chr(0x0)&Chr(0x0)&Chr(0x8B)&Chr(0x40)&Chr(0x0C)&Chr(0x8B)
$GetKernelHandle_x86 &= Chr(0x40)&Chr(0x1c)&Chr(0x8B)&Chr(0x0)&Chr(0x8B)&Chr(0x40)&Chr(0x08)&Chr(0xC3)
DllStructSetData ($strucGetKernelHandle_x86, 1, $GetKernelHandle_x86)
$hKernel32 = _WinAPI_CallWindowProc(DllStructGetPtr($strucGetKernelHandle_x86), 0, 0, 0, 0)
MsgBox (0, "Address of Kernel32.dll", Hex($hKernel32))
I precompiled this code for retrieving address of kernel32.dll

Code: (asm) [Select]
GetKernelHandle_x86:
mov eax, [fs:030h]
mov eax, [eax+0ch]
mov eax, [eax+01ch]
mov eax, [eax]
mov eax, [eax+08h]
ret
« Last Edit: October 17, 2012, 07:53:15 am by D4rkC10ud »
Report to moderator   Logged
In Soviet Russia TV watch You!
Pages: [1]