Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Functions in DLLs

From: mmiller at hick.org (mmiller at hick.org)
Date: Thu, 27 Mar 2008 11:24:45 -0700
On Thu, Mar 27, 2008 at 08:55:02PM +1100, Ty Miller wrote:

Hey guys,

Is there a program or website that maps which functions exist in which DLLs
so that I can determine the address of a function?

Wow, does that sentence make any sence??? ... In other words, if I am
creating shellcode and I am using a function, say "strlen", I need to
replace this call with the address of where it exists in memory within a
loaded DLL ... so how do I determine the best DLL to use?


Hardcoding the address of a function to be called in shellcode is
generally bad practice.  I'd suggest taking a look at how the Metasploit
payloads resolve the address of a function to be called.  There is some
explanation as to how this works here:

http://hick.org/code/skape/papers/win32-shellcode.pdf

If you must hardcode the address just use a debugger, run a program that
uses msvcrt, and find the address of msvcrt!strlen (such as by trying to
disassemble it).
Previous By Date Next
Previous By Thread Next

Current thread: