aboutsummaryrefslogtreecommitdiff
path: root/CodeExecution/Invoke-ReflectivePEInjection_Resources/Shellcode/x64/GetFuncAddress.asm
diff options
context:
space:
mode:
Diffstat (limited to 'CodeExecution/Invoke-ReflectivePEInjection_Resources/Shellcode/x64/GetFuncAddress.asm')
-rw-r--r--CodeExecution/Invoke-ReflectivePEInjection_Resources/Shellcode/x64/GetFuncAddress.asm27
1 files changed, 27 insertions, 0 deletions
diff --git a/CodeExecution/Invoke-ReflectivePEInjection_Resources/Shellcode/x64/GetFuncAddress.asm b/CodeExecution/Invoke-ReflectivePEInjection_Resources/Shellcode/x64/GetFuncAddress.asm
new file mode 100644
index 0000000..edeffd6
--- /dev/null
+++ b/CodeExecution/Invoke-ReflectivePEInjection_Resources/Shellcode/x64/GetFuncAddress.asm
@@ -0,0 +1,27 @@
+[SECTION .text]
+
+global _start
+
+_start:
+ ; Save state of rbx and stack
+ push rbx
+ mov rbx, rsp
+
+ ; Set up stack for function call to GetProcAddress
+ sub rsp, 0x20
+ and sp, 0xffc0
+
+ ; Call getprocaddress
+ mov rcx, 0x4141414141414141 ; DllHandle, set by PS
+ mov rdx, 0x4141414141414141 ; Ptr to FuncName string, set by PS
+ mov rax, 0x4141414141414141 ; GetProcAddress address, set by PS
+ call rax
+
+ ; Store the result
+ mov rcx, 0x4141414141414141 ; Ptr to buffer to save result,set by PS
+ mov [rcx], rax
+
+ ; Restore stack
+ mov rsp, rbx
+ pop rbx
+ ret
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-26 02:34:54 +0000