Search code examples
windowsnasmshellcode

Access violation error in NASM, when try to write into .myText segment in windows 8

when i try following shellcode program to pop up message box in my windows 32 bit system using NASM i get error.

section .myText progbits alloc exec write align=16
    global  _WinMain@16
_WinMain@16:
    xor eax, eax
    xor ebx, ebx
    xor ecx, ecx
    xor edx, edx

    jmp short GetLibrary
LibraryReturn:
    pop ecx
    mov BYTE [ecx+10], dl
    mov ebx, 0x76d62fe4
    push ecx
    call ebx

    jmp short FunctionName

FunctionReturn:
    pop ecx
    xor edx, edx
    mov BYTE [ecx+11], dl
    push ecx        
    push eax        ; handle to the module user32.dll
    mov ebx, 0x76d616b9    ; GetProcAddress
    call ebx
        ; now eax has the procAddress of 'MessageBoxA'
    jmp short Message

MessageReturn:    

    pop ecx
    xor edx, edx
    mov BYTE [ecx+16] , dl
    push edx
    push ecx
    push ecx 
    push edx
    call eax        ;MessageBoxA(windowhandle,msg,title,type)

ender:
    xor edx,edx
    push eax            
    mov eax, 0x76d63176        ;exitprocess(exitcode);
    call eax

Message:
    call MessageReturn
    db 'hello am melvin!'

FunctionName:
    call FunctionReturn
    db 'MessageBoxAN'    

GetLibrary:
    call LibraryReturn
    db 'user32.dllN'

i compiled

C:\SHELL>nasm -f win32 -o msgbox.o msgbox.asm

C:\SHELL>ld -o msgbox.exe msgbox.o

it doesn't show any error, but when i run this, "i get windows Debug window- with a message: 'messagebox.exe' has stopped working' "

What is the problem in my code. how can i execute a NASM code in windows without error.?

Now i disabled ASLR. And i found this is the problem.
Unhandled exception at 0x00404003 in Sample.exe: 0xC0000005: Access violation writing location 0x00404019. 00404003 C6 41 05 00 mov byte ptr [ecx+10],0
so how can i get rid of AV. i edited bcdedit.exe. but doesn't work

in linux when i try this,

section .myText progbits alloc exec write align=16

it was working but in windows, doesn't.

Solution

  • finally i myself find out the answer.....:yeye::yeye::yeye::

    we have to change only ,

    the "section"

    section .myText progbits alloc exec write align=16

    and compile it using "elf32" instead of "win32"

    nasm -f elf32 -o MessageBox.o MessageBox.asm
gcc -o MessageBox.exe MessageBox.o

    thats it ,,it would work fine....:blackhat: and don't forget to disable ASLR

    note: elf allows you to specify additional information on the SECTION directive line, to control the type and properties of sections you declare.