Hey,
I thought I would share some code snippets used in various projects of mine. The code I will be sharing can be compiled with Visual Studio 2015 or later (probably).
The first one is a piece of code to get any of the KNOWNFOLDERID‘s in Windows.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
#include "stdafx.h" #include <Windows.h> #include <string> #include <Shlobj.h> #include <comutil.h> //for _bstr_t (used in the string conversion below) #pragma comment(lib, "Advapi32.lib") //To get the FOLDERID_vars #pragma comment(lib, "comsuppw") //For the _bstr_t conversion using namespace std; string GetAppDataPath() { //Get the folder C:\Users\<user>\AppData\Local which is given by FOLDERID_LocalAppData LPWSTR wszPath = NULL; SHGetKnownFolderPath(FOLDERID_LocalAppData, 0, NULL, &wszPath); //Convert the unicode char to string. _bstr_t bstrPath(wszPath); std::string strPath((char*)bstrPath); return strPath; } int main() { string tmp = GetAppDataPath(); //Will give you a messagebox showing the path. MessageBoxA(0, tmp.c_str(), "Demo", 0); return 0; } |
If you are using shellcode from meterpreter and you are going to bundle this into another executable, you can execute the shellcode by using this code.
1 2 3 4 5 6 7 8 9 10 11 12 |
void executeShellcode() { //My NOP-sled unsigned char buf[] = "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90" "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90" "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90"; //Executing the NOP-sled void *exec = VirtualAlloc(0, sizeof buf, MEM_COMMIT, PAGE_EXECUTE_READWRITE); memcpy(exec, buf, sizeof buf); ((void(*)())exec)(); } |
The last snippet is code that can be used to convert a string in hex to the char values.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
#include "stdafx.h" #include <Windows.h> #include <string> #include <sstream> using namespace std; int main() { string hex = "414243"; //ABC in hex, 41=A, 42=B, 43=C int len = hex.length(); stringstream ss; for (int i = 0; i< len; i += 2) { string byte = hex.substr(i, 2); char chr = (char)(int)strtol(byte.c_str(), NULL, 16); ss << chr; } MessageBoxA(0, ss.str().c_str(), "Decoded", 0); return 0; } |
Good luck!