public static byte[] GetExitMethod(EExitFunc method, EPlatform platform, EArquitecture arq)
{
switch (platform)
{
case EPlatform.Windows:
{
switch (arq)
{
case EArquitecture.x86:
{
string function = "";
switch (method)
{
case EExitFunc.Process: function = "ExitProcess"; break;
case EExitFunc.Thread: function = "ExitThread"; break;
default: return(null);
}
/*
* ;; eax = GetProcAddress(ebx, "ExitProcess")
* push edi
* push 01737365h
* dec byte ptr [esp + 3h]
* push 'corP'
* push 'tixE'
* push esp
* push ebx
* call esi
*/
byte[] shell1 = AsmHelper.StringToAsmX86(function);
//0x68,0x50,0x72,0x6f,0x63,0x68,0x45,0x78, 0x69,0x74,
/*
* ;; ExitProcess(NULL);
* push edi
* call eax
*/
byte[] shell2 = new byte[]
{
0x54, 0x53, 0xff, 0xd6, 0x57, 0xff, 0xd0
};
return(shell1.Concat(shell2));
}
}
break;
}
}
return(null);
}
public static byte[] GetExitMethod(EExitFunc method, EPlatform platform, EArquitecture arq)
{
switch (platform)
{
case EPlatform.Windows:
{
switch (arq)
{
case EArquitecture.x86:
{
string function = "";
switch (method)
{
case EExitFunc.Process: function = "ExitProcess"; break;
case EExitFunc.Thread: function = "ExitThread"; break;
default: return null;
}
/*
;; eax = GetProcAddress(ebx, "ExitProcess")
push edi
push 01737365h
dec byte ptr [esp + 3h]
push 'corP'
push 'tixE'
push esp
push ebx
call esi
*/
byte[] shell1 = AsmHelper.StringToAsmX86(function);
//0x68,0x50,0x72,0x6f,0x63,0x68,0x45,0x78, 0x69,0x74,
/*
;; ExitProcess(NULL);
push edi
call eax
*/
byte[] shell2 = new byte[]
{
0x54,0x53,0xff,0xd6,0x57,0xff,0xd0
};
return shell1.Concat(shell2);
}
}
break;
}
}
return null;
}