February 15, 2010 at 1:56 pm #4668zeroflawParticipant
Instead of using shellcode from generators etc, I decided to learn how to write shellcode myself. So the first step would be writing something that can test the shellcode before I attempt to use it in exploits.
I googled around a bit and found a few C/C++ examples of how to do it. It makes use of a function pointer that points to the shellcode buffer. Well I keep getting an exception about some access violation. I don’t really like to ask questions, because maybe I should google around some more and find out on my own. I’m not sure if there’s something wrong with the shellcode because I don’t know how to write it yet.
Heres my code, I compiled it with Microsoft Visual C++ 2008.
// The x86 shellcode to run. Generated with Metasploit.
char shellCode =
void (*shell)(); // Function pointer.
shell = (void(*)()) (&shellCode);
printf("Shellcode at: %pn", shellCode);
printf("Function pointer points to: %pn", shell);
// Run it!
And I’m getting this from the assembly. I see it fails after the call to the shellcode.
// Run it!
008813FC 8B F4 mov esi,esp
008813FE FF 55 F8 call dword ptr [shell]
breaks here --> 00881401 3B F4 cmp esi,esp
00881403 E8 33 FD FF FF call @ILT+310(__RTC_CheckEsp) (88113Bh)
I hope you guys can help me! Or at least point me in the right direction. Thanks in advance.
February 15, 2010 at 3:08 pm #29065zeroflawParticipant
Nevermind guys, I found the solution. Apparently the “Data Execution Prevention” or DEP kicked in, preventing code to run from the non-executable memory regions.
Compiling with “/NXCOMPAT:NO” prevents this from happening. Now I can finally test my shellcode 😛
Btw, does anyone know how to bypass this? Will DEP render all buffer overflow exploits useless?
February 15, 2010 at 4:50 pm #29066
- You must be logged in to reply to this topic.