Systém: Win XP Home Edition SP3 CZ
Klasický testovací shellcode vyvolá MessageBoxA s textem „O_o“ a regulérně se ukončí pomocí ExitProcess. Řetězce jsou pushovány na stack.
Velikost: 84 bajtů.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
#include <stdio.h>
#include <stdlib.h>
#include <windows.h>
 
int main(){
    unsigned char shellcode[] =
    "\xBE\x96\x75\x33\x31\xB9\xFA\x19\x33\x31"
    "\x33\xCE\x51\x68\x33\x32\x2E\x64\x68\x75"
    "\x73\x65\x72\x54\xBB\x7B\x1D\x80\x7C\xFF"
    "\xD3\xB9\xF9\x0D\x72\x31\x33\xCE\x51\x68"
    "\x61\x67\x65\x42\x68\x4D\x65\x73\x73\x54"
    "\x50\xBB\x40\xAE\x80\x7C\xFF\xD3\xB9\xD9"
    "\x2A\x5C\x31\x33\xCE\x51\x8B\xCC\x2B\xDB"
    "\x53\x51\x51\x53\xFF\xD0\x50\xBB\x12\xCB"
    "\x81\x7C\xFF\xD3";
 
    LPVOID lpAlloc;
    void (*opcode)();
 
    printf("Size = %d\n", strlen(shellcode));
    system("PAUSE");
 
    lpAlloc = VirtualAlloc(0, 4096,
                           MEM_COMMIT | MEM_RESERVE,
                           PAGE_READWRITE);
 
    if(lpAlloc == NULL){
        printf("Memory not allocated!\n");
        return 0;
    }
 
    memcpy(lpAlloc, shellcode, sizeof(shellcode));
 
    opcode = lpAlloc;
 
    opcode();
 
    return 0;
}

Modifikace předchozího shellcodu, která ukládá řetězce do .text sekce.
Velikost: 85 bajtů.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
#include <stdio.h>
#include <stdlib.h>
#include <windows.h>
 
int main(){
    unsigned char shellcode[] =
    "\xEB\x33\x5F\x33\xF6\x8B\xDE\x88\x5F\x0A"
    "\x88\x5F\x16\x88\x5F\x1A\x57\xBB\x7B\x1D"
    "\x80\x7C\xFF\xD3\x83\xC7\x0B\x57\x50\xBB"
    "\x40\xAE\x80\x7C\xFF\xD3\x56\x83\xC7\x0C"
    "\x57\x57\x56\xFF\xD0\x56\xBB\x12\xCB\x81"
    "\x7C\xFF\xD3\xE8\xC8\xFF\xFF\xFF\x75\x73"
    "\x65\x72\x33\x32\x2E\x64\x6C\x6C\x58\x4D"
    "\x65\x73\x73\x61\x67\x65\x42\x6F\x78\x41"
    "\x58\x4F\x5F\x6F\x58";
 
    LPVOID lpAllocMem;
    void (*opcode)();
 
    printf("Size = %d\n", strlen(shellcode));
    system("PAUSE");
 
    lpAllocMem = VirtualAlloc(0, 0x1000,
                              MEM_COMMIT | MEM_RESERVE,
                              PAGE_EXECUTE_READWRITE);
 
    if(lpAllocMem == NULL){
        printf("Memory not allocated!\n");
        return 0;
    }
 
    memcpy(lpAllocMem, shellcode, sizeof(shellcode));
 
    opcode = lpAllocMem;
 
    opcode();
 
    return 0;
}