(N)ASM LoadLibrary,GetProcAddress and MessageBox!

When i was reading shellcode writing tutorial The LoadLibrary and GetProcAddress was been just confused me. But it was really easy to understand in normal asm code. It was bit harder for me when i first tried to write a bit dynamic windows shellcode.  So for understanding the dynamic dll loading in shellcode first i decide to learn to load the dll dynamically in normal (n)asm code and it was easy:

section .data

ldlibry dd 0
pro dd 0
dll db "user32.dll",0
myFtion db "MessageBoxA",0
MSG db "ASM GetProcAddress",0

extern _LoadLibraryA@4
extern _FreeLibrary@4
extern _GetProcAddress@8
extern _ExitProcess@4

global _start

section .text

push dll ;push user32.dll
call _LoadLibraryA@4 ;Call the API.
mov [ldlibry],eax ;eax hold return address. So eax=LoadLibrary("user32.dll") and now ldlibry=LoadLibrary("user32.dll")

;now we need to call GetProcAddress

push myFtion ;The API name we are going to call
push eax ;LoadLibrary("user32.dll")
call _GetProcAddress@8 ;GetProcAddress(LoadLibrary("user32.dll"),"MessageBoxA"). Again eax holding the return address

push 0x0 ;MB_OK
push MSG ;TITLE="ASM GetProcAddress"
push MSG ;Messgage="ASM GetProcAddress"
push 0 ;Reserved=0
call eax ;Call MessageBoxA through GetProcAddress.

push dword [ldlibry] ; ldlibry holding the LoadLibrary("user32.dll"). Again load to Free up.
call _FreeLibrary@4 ;Call the Windows api FreeLibrary()

;We should exit the process otherwise it may cause "access violation"
push 0 ;load 0 to stack
call _ExitProcess@4 ;Call ExitProcess

;nasm -fwin32 ldlibrary.asm
;ld -o ldlibrary.exe ldlibrary.obj -lkernel32 

Leave a Reply

Close Menu