Testing shellcode in C/C++

Viewing 2 reply threads
  • Author
    • #4668

      Instead of using shellcode from generators etc, I decided to learn how to write shellcode myself. So the first step would be writing something that can test the shellcode before I attempt to use it in exploits.

      I googled around a bit and found a few C/C++ examples of how to do it. It makes use of a function pointer that points to the shellcode buffer. Well I keep getting an exception about some access violation. I don’t really like to ask questions, because maybe I should google around some more and find out on my own. I’m not sure if there’s something wrong with the shellcode because I don’t know how to write it yet.

      Heres my code, I compiled it with Microsoft Visual C++ 2008.


      // The x86 shellcode to run. Generated with Metasploit.
      char shellCode[] =

      int  main()
      void (*shell)(); // Function pointer.
             shell = (void(*)()) (&shellCode);

      printf("Shellcode at: %pn", shellCode);
      printf("Function pointer points to: %pn", shell);

      // Run it!
             printf("Running shellcode...n");

             return 0;

      And I’m getting this from the assembly. I see it fails after the call to the shellcode.

                            // Run it!
                            008813FC 8B F4            mov         esi,esp
                            008813FE FF 55 F8         call        dword ptr [shell]
      breaks here --> 00881401 3B F4            cmp         esi,esp
                            00881403 E8 33 FD FF FF   call        @ILT+310(__RTC_CheckEsp) (88113Bh)

      I hope you guys can help me! Or at least point me in the right direction. Thanks in advance.


    • #29065

      Nevermind guys, I found the solution. Apparently the “Data Execution Prevention” or DEP kicked in, preventing code to run from the non-executable memory regions.

      Compiling with “/NXCOMPAT:NO” prevents this from happening. Now I can finally test my shellcode  😛

      Btw, does anyone know how to bypass this? Will DEP render all buffer overflow exploits useless?


    • #29066

      I had a nice paper on bypassing DEP, but I can’t find it anywhere.  I did find this one:


Viewing 2 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.


Sign in with Caendra

Forgot password?Sign up

Forgot your details?