I am new to StackOverflow. I recently started to learn assembly and is pretty new to assembly, completely new to shellcode. I use RadAsm to compile using the MASM assembler, and I tried to study the shellcode from this site, "Shelving for Linux and Windows"
I am using RadAsm for Windows 64-bit. The code I used is almost the same, except that I use the absolute name of the function, not the address of the function in the DLL. Silk code must use the wait function with parameter 5000 .
This is the code that I use in MASM.
.386 .model flat, stdcall option casemap:none include kernel32.inc includelib kernel32.lib .code _start: xor eax, eax ; zero out eax mov ebx, Sleep ; function sleep goes in ebx mov ax, 5000 ; parameter goes in ax push eax ; parameter on stack call ebx ; call Sleep end _start end
This happens without error in MASM.
The generated shellcode has zero values ββand is slightly different from the website. This is as follows.
I used objdump -d nameofexecutable.exe for disassembly.
Disassembly of section .text 00401000 <.text>: 401000: 33 c0 xor %eax,%eax 401002: bb 0e 10 40 00 mov $0x40100e,% 401007: 66 b8 88 13 mov $0x1388,%ax 40100b: 50 push %eax 40100c: ff d3 call *%ebx 40100e: ff 25 00 20 40 00 jmp *0x402000
But there is no hex code 00 on the website.
Disassembly of section .text: 08048080 <_start>: 8048080: 31 c0 xor %eax,%eax 8048082: bb ea 1b e6 77 mov $0x77e61bea,%ebx 8048087: 66 b8 88 13 mov $0x1388,%ax 804808b: 50 push %eax 804808c: ff d3 call *%ebx
Maybe because I use x64 to compile or because I call the function indirectly?
Any help would be appreciated, thanks.