CoCalc -- win32_template.asm

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
Path: blob/master/external/source/shellcode/windows/templates/win32_template.asm
Views: ¹¹⁷⁸⁴

1
%include "pe.inc"
2

3
BIN_Begin
4
 MZHeader
5
 MZExtendedHeader
6
 MZSection.text_Begin
7
  push cs
8
  pop ds
9
  mov dx,MZSection.text_VA(text_string)
10
  mov ah,09
11
  int 21h
12
  mov ax,4C01h
13
  int 21h
14
  text_string: db 'This program cannot be run in DOS mode.',0Dh,0Ah,'$'
15
 MZSection.text_End
16

17
 PEHeader
18
 %define PEOptionalheader_EipRVA PESection.text_RVA(PayloadEntry)
19
 PEOptionalHeader_Begin
20
  PEOptionalHeader_Directory Export,0,0
21
  PEOptionalHeader_Directory Import,Import_Directorys_RVA,Import_Directorys_VS
22
 PEOptionalHeader_End
23

24
 PESectionHeader .text,'.text',PESectionHeader_Flags_EXECUTABLECODE | PESectionHeader_Flags_DATAFROMFILE | PESectionHeader_Flags_EXECUTEACCESS | PESectionHeader_Flags_READACCESS| PESectionHeader_Flags_WRITEACCESS
25
 PESectionHeader .rdata,'.rdata',PESectionHeader_Flags_DATAFROMFILE | PESectionHeader_Flags_READACCESS
26
 PESectionHeader .data,'.data',PESectionHeader_Flags_DATAFROMFILE | PESectionHeader_Flags_READACCESS | PESectionHeader_Flags_WRITEACCESS
27
 PESectionHeader .bss,'.bss', PESectionHeader_Flags_DATA0 | PESectionHeader_Flags_READACCESS | PESectionHeader_Flags_WRITEACCESS
28
 PESectionHeader .idata,'.idata',PESectionHeader_Flags_DATAFROMFILE | PESectionHeader_Flags_READACCESS
29
 PESections_Begin
30
  
31
  PESection.text_Begin
32
PayloadEntry:
33
   incbin "payload.bin"
34
   call [PESection.idata_VA(Import.KERNEL32.ExitProcess)]
35
  PESection.text_End
36

37
  PESection.rdata_Begin
38
    db 0x90
39
  PESection.rdata_End
40

41
  PESection.data_Begin
42
    db 0x90
43
  PESection.data_End
44

45
  PESection.bss_Begin
46
    resb 0x100
47
  PESection.bss_End
48

49
  PESection.idata_Begin
50
  
51
   Import_Directorys_Begin .idata
52
    Import_Directory KERNEL32
53
   Import_Directorys_End
54

55
   Import_RVAs_Begin KERNEL32
56
    Import_RVA KERNEL32,ExitProcess
57
   Import_RVAs_End
58

59
   Import_VAs_Begin KERNEL32
60
    Import_VA KERNEL32,ExitProcess,0BFF8D4CAh
61
   Import_VAs_End
62

63
   Import_Strings_Begin KERNEL32
64
    Import_String_Function KERNEL32,ExitProcess,"ExitProcess",07Fh
65
    Import_String_Dll KERNEL32,"KERNEL32.DLL"
66
   Import_Strings_End
67
   
68
  PESection.idata_End
69

70
 PESections_End
71
BIN_End
72

73

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

Product

Resources

Company

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more, all in one place.

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.