25 byte shellcode that checks Retrieve PEB->BeingDebugged and if a process is being debugged, it crashes.
b1c3b715dfffadd5dcc701ba4de12731/* IsProcessDebugged ShellCode (25 bytes) by Touron Guillaume */
// Retrieve PEB->BeingDebugged to check if Process is debugged
// If BeingDebugged == 1 (debugged) -> process CRASH !!
// If not, continue execution after the shellcode...
// No null bytes
// contact: touron [dot] guillaume [at] gmail [dot] com
#include <stdio.h>
#include <string.h>
char shellcode_dbg[] = "\x60\x33\xDB\x83\xC3\x18\x64\x8B\x03\x8B\x40\x30"
"\x0F\xB6\x40\x02\x8B\xFD\x83\xC7\x04\x29\x07\x61\xC3";
int main()
{
fprintf(stdout, "Shellcode lenght: %d bytes only!\n", strlen(shellcode_dbg));
void (*myShellcode)();
*(long *)&myShellcode = (long)shellcode_dbg;
myShellcode();
return 0;
}
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!