1
; Author: Stephen Fewer (stephen_fewer[at]harmonysecurity[dot]com)
2
; Architecture: x64
3
;
4
; Assemble and link with the following command:
5
; "C:\Program Files\Microsoft Visual Studio 9.0\VC\bin\x86_amd64\ml64" template_x64_windows.asm /link /subsystem:windows /defaultlib:"C:\Program Files\Microsoft SDKs\Windows\v6.0A\Lib\x64\kernel32.lib" /entry:main 
6

7
extrn ExitProcess : proc
8
extrn VirtualAlloc : proc
9

10
.code
11

12
	main proc 
13
		sub rsp, 40        ;
14
		mov r9, 40h        ; 
15
		mov r8, 3000h      ; 
16
		mov rdx, 4096      ; 
17
		xor rcx, rcx       ; 
18
		call VirtualAlloc  ; lpPayload = VirtualAlloc( NULL, 4096, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE );
19
		mov rcx, 4096      ;
20
		mov rsi, payload   ;
21
		mov rdi, rax       ;
22
		rep movsb          ; memcpy( lpPayload, payload, 4096 );
23
		call rax           ; lpPayload();
24
		xor rcx, rcx       ;
25
		call ExitProcess   ; ExitProcess( 0 );
26
	main endp
27
	
28
	payload proc
29
		A byte 'PAYLOAD:'
30
		B db 4096-8 dup ( 0 )
31
	payload endp
32
end
33

34