Slight changes in shellcode BHEK dropped payload calls

1. 000000011138 HeapCreate // DEP violance
2. 000000011146 HeapDestroy //DEP Violanve
3.  
4.  
5. Calls analysis:
6.  
7. MSVCRT.dll.memset Hint[665]
8. MSVCRT.dll.memcpy Hint[663]
9. MSVCRT.dll.fopen Hint[599]
10. MSVCRT.dll.fseek Hint[610] //grep...
11. MSVCRT.dll.fclose Hint[588]
12. MSVCRT.dll.fabs Hint[587]
13. MSVCRT.dll.ceil Hint[577]
14. MSVCRT.dll.malloc Hint[657]
15. MSVCRT.dll.floor Hint[597]
16. MSVCRT.dll.free Hint[606]
17. MSVCRT.dll.ftell Hint[612]
18. MSVCRT.dll.fread Hint[605]
19. MSVCRT.dll.longjmp Hint[656]
20. MSVCRT.dll._setjmp3 Hint[424]
21. MSVCRT.dll.strlen Hint[702]
22. MSVCRT.dll.exit Hint[585]
23. MSVCRT.dll.__p__iob Hint[112]
24. MSVCRT.dll.fprintf Hint[600]
25. MSVCRT.dll.sprintf Hint[690]
26. MSVCRT.dll.getenv Hint[618]
27. MSVCRT.dll.sscanf Hint[693]
28. MSVCRT.dll.memmove Hint[664]
29. KERNEL32.dll.GetModuleHandleA Hint[503]
30. KERNEL32.dll.HeapCreate Hint[676]
31. KERNEL32.dll.HeapDestroy Hint[677]
32. KERNEL32.dll.ExitProcess Hint[261]
33. KERNEL32.dll.Sleep Hint[1067]
34. KERNEL32.dll.CreateThread Hint[164]
35. KERNEL32.dll.CloseHandle Hint[68]
36. KERNEL32.dll.FreeLibrary Hint[333]
37. KERNEL32.dll.HeapAlloc Hint[674]
38. KERNEL32.dll.HeapFree Hint[678]
39. KERNEL32.dll.GetProcAddress Hint[546]
40. KERNEL32.dll.LoadLibraryA Hint[758]
41. KERNEL32.dll.TlsAlloc Hint[1084]
42. KERNEL32.dll.GetVersionExA Hint[634]
43. KERNEL32.dll.EnterCriticalSection Hint[218]
44. KERNEL32.dll.HeapReAlloc Hint[681]
45. KERNEL32.dll.LeaveCriticalSection Hint[756]
46. KERNEL32.dll.InitializeCriticalSection Hint[697]
47. KERNEL32.dll.TlsGetValue Hint[1086]
48. KERNEL32.dll.TlsSetValue Hint[1087]
49. KERNEL32.dll.WaitForMultipleObjects Hint[1132]
50. KERNEL32.dll.GetCurrentThreadId Hint[430] // get process
51. KERNEL32.dll.GetCurrentProcess Hint[426]// get process
52. KERNEL32.dll.GetCurrentThread Hint[429]// get process
53. KERNEL32.dll.DuplicateHandle Hint[213]
54. KERNEL32.dll.CreateSemaphoreA Hint[154] //To specify an access mask for the object
55. KERNEL32.dll.ReleaseSemaphore Hint[897] ////To release an access mask for the object
56. USER32.DLL.ShowCursor Hint[0]
57. USER32.DLL.DestroyWindow Hint[0]
58. USER32.DLL.InvalidateRect Hint[0]
59. USER32.DLL.ShowWindow Hint[0]
60. USER32.DLL.DestroyIcon Hint[0]
61. USER32.DLL.FillRect Hint[0]
62. USER32.DLL.BeginPaint Hint[0]
63. USER32.DLL.EndPaint Hint[0]
64. USER32.DLL.DefWindowProcA Hint[0]
65. USER32.DLL.LoadIconA Hint[0]
66. USER32.DLL.RegisterClassExA Hint[0] //Window class for subsequent use in calls to CreateWindowEx
67. USER32.DLL.CreateWindowExA Hint[0] //Creates an overlapped, pop-up, or child window with an extended window style
68. GDI32.DLL.GetObjectType Hint[0]
69. GDI32.DLL.DeleteObject Hint[0]
70. GDI32.DLL.GetObjectA Hint[0]
71. GDI32.DLL.CreateCompatibleDC Hint[0]
72. GDI32.DLL.GetDIBits Hint[0]
73. GDI32.DLL.DeleteDC Hint[0]
74. GDI32.DLL.CreateDIBSection Hint[0]
75. GDI32.DLL.SelectObject Hint[0]
76. GDI32.DLL.BitBlt Hint[0]
77. GDI32.DLL.CreateBitmap Hint[0]
78. GDI32.DLL.SetPixel Hint[0]
79. GDI32.DLL.GetStockObject Hint[0]
80. WINMM.DLL.timeEndPeriod Hint[0] <--- timer
81. WSOCK32.DLL.closesocket Hint[0] <---socket close
82. WSOCK32.DLL.WSACleanup Hint[0]
83. WSOCK32.DLL.WSAStartup Hint[0]
84.  
85. Note:
86. int WSAStartup(
87. __in WORD wVersionRequested,
88. __out LPWSADATA lpWSAData
89. ); //the highest version of Windows Sockets specification that the caller can use