Skip to content

A small, null-free Windows shellcode that executes calc.exe (x86/x64, all OS/SPs)

Notifications You must be signed in to change notification settings

peterferrie/win-exec-calc-shellcode

Repository files navigation

win-exec-calc-shellcode

Small null-free shellcode that execute calc.exe. Runs on x86 and x64 versions of Windows 5.0-6.3 (2000, XP, 2003, 2008, 7, 8, 8.1), all service packs.

Sizes (build 306)

platform size stack align function wrapper func+save regs func+stack func+stack+regs
x86 72 75 77 77 84 84
x64 85 90 98 105 106 112
x86+x64 113 118 179 188 188 196

Features

  • NUL Free
  • Windows version and service pack independent.
  • ISA independent: runs on x86 (w32-exec-calc-shellcode) or x64 (w64-exec-calc-shellcode) architecture, or both (win-exec-calc-shellcode).
  • Stack pointer can be aligned if needed (if you are seeing crashes in WinExec, try using the stack aligning version).
  • No assumptions are made about the values in registers or on the stack.
  • x86: /3GB and WoW64" compatible (pointers are not assumed to be smaller than 0x80000000).
  • DEP / ASLR compatible: data is not executed, code is not modified.
  • Able to save and restore registers and return, for use in PoC code that calls the shellcode as a function (using cdecl/stdcall/fastcall calling convention.

Credits

Skylined and Peter Ferrie

About

A small, null-free Windows shellcode that executes calc.exe (x86/x64, all OS/SPs)

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published