API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 21st, 2017
51
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.05 KB | None | 0 0
raw download clone embed print report
  1. static char * lpShellcode = "\x55\x8B\xEC\x51\x53\x56\x57\xE9\xFF\xFF\xFF\xFF";
  2.  
  3. __declspec(naked) static void TrampolineIntoAbyss(uint32_t p_Mode, void * p_Arg1, void * p_Arg2, void * p_Arg3)
  4. {
  5. __asm PUSH EBP
  6. __asm MOV EBP, ESP
  7. __asm PUSH ECX
  8. __asm PUSH EBX
  9. __asm PUSH ESI
  10. __asm PUSH EDI
  11.  
  12. if (p_Mode == 0)
  13. {
  14. // Shutdown everything in here
  15. }
  16.  
  17. __asm POP EDI
  18. __asm POP ESI
  19. __asm POP EBX
  20. __asm POP ECX
  21. __asm ESP, EBP
  22. __asm POP EBP
  23. __asm JMP lpShellcode
  24. }
  25.  
  26. coclass_implementation()
  27. {
  28. auto lpAddress = ::GetModuleHandleA("VBA6.DLL");
  29.  
  30. if (lpAddress != nullptr)
  31. {
  32. uint8_t * lpFunction = (uint8_t * ) ::GetProcAddress(lpAddress, "EbSetMode");
  33. * lpFunction = 0xE9;
  34. * (uint32_t *) (lpFunction + 1) = (uint32_t) & TrampolineIntoAbyss;
  35. * (uint32_t *) (lpShellcode + 8) = (uint32_t) lpFunction + 7;
  36. }
  37. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!