Jason Geffner posted a piece of code to demonstrate how to print out a bulk of assembler hex in one pass,
http://blogs.msdn.com/geffner/archive/2006/02/10/529320.aspx, i managed to work out another way to
accomplish the same work:
#include "stdafx.h"
typedef unsigned char __u8;
void __declspec(naked) shellcode(void)
{
__asm {
mov eax, 0x15db
rol eax, 0x13
xor eax, 0xdeadbeef
shr eax, 0x10
mov ebx, eax
shl eax, 0x2
add eax, ebx
add eax, ebx
add eax, ebx
add eax, 0x4
}
}
void __declspec(naked) stub(void)
{
}
int __cdecl main(int argc, char* argv[])
{
int i;
for (i = 0; i < (__u8 *)stub - (__u8 *)shellcode; i++)
{
printf ("\x%02x", ((__u8*)shellcode)[i]);
}
printf("\n");
return 0;
}
don't forget to turn on Minimize Size optimization option in Visual C++ compiler, missing this option will make the compiler align the machine code with 4 bytes, so for the sample code, there're 2 byte nop instruction in tail.
Jason is a Virus Analyst of Microsoft Anti Malware team, his blog is worth of a reading.
