You could take a look on MSDN papers about PE file format and DBGhelp lib. It's a good begining I guess. Regards... Mhal ----- Original Message ----- From: "wirepair" <wirepairat_private> To: <pen-testat_private> Cc: <vuln-devat_private> Sent: Wednesday, April 09, 2003 7:10 PM Subject: connect-back win32 shellcode > lo all, > So I've decided to take the dive into writing windows > based (memory) exploits *shudders*, I'm having some > serious complications regarding shellcode and well, how to > go about writing it. Is there some solid documentation on > the function of LoadLibraryA/GetProcAddress > handlers/functions? Also if anyone has a good disassembly > of any of the connected back shellcodes (Dark > Spyrit:null.printer/David Litchfield's:sql hello) I would > appreciate getting my hands on them. Most of the NT > Overflow papers I see are based on old versions of windows > (nt4) or the examples are completely outdated. It seems > that most of these papers do not give a good explanation > of the importance of the LoadLibraryA/GetProcAddress > calls. Maybe I am missing something, probably am... This > is not as easy as unix land and for someone who codes only > in *nix environments, I'm finding Windows API's well, > terrifying. > Thanks for any information, > -wire > _____________________________ > For the best comics, toys, movies, and more, > please visit <http://www.tfaw.com/?qt=wmf> >
This archive was generated by hypermail 2b30 : Sat Apr 12 2003 - 07:53:13 PDT