From: Mhal (mathias.hallosseriewanadoo.fr)
Date: Sat Apr 12 2003 - 07:04:16 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

You could take a look on MSDN papers about PE file format and DBGhelp lib.
It's a good begining I guess.

Regards...
Mhal

----- Original Message -----
From: "wirepair" <wirepairroguemail.net>
To: <pen-testsecurityfocus.com>
Cc: <vuln-devsecurityfocus.com>
Sent: Wednesday, April 09, 2003 7:10 PM
Subject: connect-back win32 shellcode

> lo all,
> So I've decided to take the dive into writing windows
> based (memory) exploits *shudders*, I'm having some
> serious complications regarding shellcode and well, how to
> go about writing it. Is there some solid documentation on
> the function of LoadLibraryA/GetProcAddress
> handlers/functions? Also if anyone has a good disassembly
> of any of the connected back shellcodes (Dark
> Spyrit:null.printer/David Litchfield's:sql hello) I would
> appreciate getting my hands on them. Most of the NT
> Overflow papers I see are based on old versions of windows
> (nt4) or the examples are completely outdated. It seems
> that most of these papers do not give a good explanation
> of the importance of the LoadLibraryA/GetProcAddress
> calls. Maybe I am missing something, probably am... This
> is not as easy as unix land and for someone who codes only
> in *nix environments, I'm finding Windows API's well,
> terrifying.
> Thanks for any information,
> -wire
> _____________________________
> For the best comics, toys, movies, and more,
> please visit <http://www.tfaw.com/?qt=wmf>
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]