Забавный способ запускать шелл-коды с помощью AutoIt. Этот код получает адрес kernel32.dll FASM Code: GetKernelHandle_x86: mov eax, [fs:030h] mov eax, [eax+0ch] mov eax, [eax+01ch] mov eax, [eax] mov eax, [eax+08h] ret AutoIt Code: #include <winapi.au3> $strucGetKernelHandle_x86 = DllStructCreate("char[64]"); $GetKernelHandle_x86 = Chr(0x64)&Chr(0xA1)&Chr(0x30)&Chr(0x0)&Chr(0x0)&Chr(0x0)&Chr(0x8B)&Chr(0x40)&Chr(0x0C)&Chr(0x8B) $GetKernelHandle_x86 &= Chr(0x40)&Chr(0x1c)&Chr(0x8B)&Chr(0x0)&Chr(0x8B)&Chr(0x40)&Chr(0x08)&Chr(0xC3) DllStructSetData($strucGetKernelHandle_x86, 1, $GetKernelHandle_x86) $hKernel32 = _WinAPI_CallWindowProc(DllStructGetPtr($strucGetKernelHandle_x86), 0, 0, 0, 0) MsgBox(0, "Address of Kernel32.dll", Hex($hKernel32))
