API tools faq
paste
Guest User

nim shellcode testing

a guest
Feb 13th, 2018
135
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Nim 2.06 KB | None | 0 0
raw download clone embed print report
  1. import winim, strutils
  2.  
  3. var
  4.   someCode: array[0x10, uint8]
  5.   codeAddr: pointer = addr(someCode)
  6.  
  7. # some dummy testing code for PoC purposes
  8. someCode[0] = 0x90 # NOP
  9. someCode[1] = 0x90 # NOP
  10. someCode[2] = 0x90 # NOP
  11. someCode[3] = 0xc3 # RETN
  12.  
  13. # note: repr(ptr) will show the addr and reference
  14. echo "placed code at address 0x" & cast[int](codeAddr).toHex
  15.  
  16. # allocate memory
  17. # https://msdn.microsoft.com/en-us/library/windows/desktop/aa366887(v=vs.85).aspx
  18. #
  19. # VirtualAlloc(
  20. #   _In_opt_ LPVOID lpAddress,
  21. #   _In_     SIZE_T dwSize,
  22. #   _In_     DWORD  flAllocationType,
  23. #   _In_     DWORD  flProtect);
  24. #
  25. # winim:
  26. # proc VirtualAlloc*(P1: PVOID, P2: DWORD, P3: DWORD, P4: DWORD): PVOID
  27. # {.winapi, dynlib: "kernel32", importc.}
  28.  
  29. var lpvAddr: LPVOID
  30.  
  31. lpvAddr = VirtualAlloc(nil, DWORD(sizeof(someCode)), MEM_COMMIT, PAGE_READWRITE)
  32. echo "VirtualAlloc returned 0x" & cast[int](lpvAddr).toHex
  33.  
  34. # copy code to allocated memory
  35. copyMem(lpvAddr, codeAddr, sizeof(someCode))
  36.  
  37. # create a thread
  38. # https://msdn.microsoft.com/en-us/library/windows/desktop/ms682453(v=vs.85).aspx
  39. #
  40. # CreateThread(
  41. #  _In_opt_  LPSECURITY_ATTRIBUTES  lpThreadAttributes,
  42. #  _In_      SIZE_T                 dwStackSize,
  43. #  _In_      LPTHREAD_START_ROUTINE lpStartAddress,
  44. #  _In_opt_  LPVOID                 lpParameter,
  45. #  _In_      DWORD                  dwCreationFlags,
  46. #  _Out_opt_ LPDWORD                lpThreadId);
  47. #
  48. # winim:
  49. # proc CreateThread*(P1: LPSECURITY_ATTRIBUTES, P2: DWORD, P3: LPTHREAD_START_ROUTINE,
  50. # P4: PVOID, P5: DWORD, P6: PDWORD): HANDLE {.winapi, dynlib: "kernel32", importc.}
  51.  
  52. var
  53.   dummyThreadId: PDWORD
  54.   thread: HANDLE
  55.  
  56. thread = CreateThread(nil, DWORD(0), lpvAddr, nil, DWORD(0), dummyThreadId)
  57.  
  58. # COMPILE/RUN RESULT:
  59. # win_test.nim(55, 22) Error: type mismatch: got (nil, DWORD, LPVOID, nil, DWORD, PDWORD)
  60. # but expected one of:
  61. # proc CreateThread(self: DEBUG_EVENT): CREATE_THREAD_DEBUG_INFO
  62. # proc CreateThread(P1: LPSECURITY_ATTRIBUTES; P2: DWORD; P3: LPTHREAD_START_ROUTINE;
  63. #                P4: PVOID; P5: DWORD; P6: PDWORD): HANDLE
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!