Windows/x86 nWinExec PopCalc PEB And Export Directory Table NullFree Dynamic Shellcode

Discussion in 'News Aggregator' started by Packet Storm, 1 Oct 2021.

  1. Packet Storm

    Packet Storm Guest

    178 bytes small Windows/x86 shellcode that pops calc.exe. The shellcode uses the PEB method to locate the baseAddress of the required module and the Export Directory Table to locate symbols. It also uses a hash function to dynamically gather the required symbols without worry about the length. Finally, the shellcode pops the calc.exe using WinExec and exits gracefully using TerminateProcess.

    Continue reading...

Share This Page