Windows/x86 - Dynamic MessageBoxA PEB & Export Directory Table

Description:

This is a shellcode that pop a MessageBox and show the text "Pwn3d by h4pp1n3ss". In order to accomplish this task the shellcode uses the PEB method to locate the baseAddress of the required module and the Export Directory Table to locate symbols. Also the shellcode uses a hash function to gather dynamically the required symbols without worry about the length.

Author: h4pp1n3ss
Date: Wed 09/23/2021
Tested on: Microsoft Windows [Version 10.0.19042.1237]

Windows API

This shellcode uses two Windows API

MessageBoxA

MessageBoxA Function Prototype

int MessageBoxA(
  HWND   hWnd,
  LPCSTR lpText,
  LPCSTR lpCaption,
  UINT   uType
);

and

TerminateProcess

TerminateProcess Function Prototype

 BOOL TerminateProcess(
  HANDLE hProcess,	 -> 0xffffffff
  UINT   uExitCode	 -> EAX
 );

Resources

Corelan - Exploit writing tutorial part 9
Shell-storm
Phrack - History and Advances in Windows Shellcode
Skape - Understanding Windows Shellcode

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

Windows/x86 - Dynamic MessageBoxA PEB & Export Directory Table

Description:

Windows API

MessageBoxA

TerminateProcess

Resources

Files

README.md

Latest commit

History

README.md

File metadata and controls

Windows/x86 - Dynamic MessageBoxA PEB & Export Directory Table

Description:

Windows API

MessageBoxA

TerminateProcess

Resources