++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title: win32/xp pro Sp3 (EN) 32-bit - Beep Beep Shell Code. Description:On execution a Beep will occur with an interval of 20 seconds. Author: Debasish Mandal Blog : http://www.debasish.in/ Tested on: WinXP Pro SP3 (EN) 32bit. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Hardcoded opcodes (kernel32.Beep and Kernel32.Sleep) Win32 API Used: BOOL WINAPI Beep( __in DWORD dwFreq, __in DWORD dwDuration ); AND VOID WINAPI Sleep( __in DWORD dwMilliseconds ); +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Assembly Code! +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ;Beep.asm [SECTION .text] global _start _start: mov ecx,5 ; Loop loop: xor eax,eax xor ebx,ebx xor ecx,ecx xor edx,edx mov eax, 0x7c837aa7 ;address of Beep mov bx, 750 ;Frequency mov dx, 50 ;Duration push ebx push edx call eax ;Call Beep xor eax,eax xor ebx,ebx mov ebx, 0x7c802446 ;address of Sleep mov ax, 20000 ;pause for 20 Seconds push eax call ebx dec ecx jnz loop +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Testing the Code! +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ /*shellcodetest.c*/ char code[] = "\x31\xc0 \x31\xdb \x31\xc9 \x31\xd2 \xb8\xa7\x7a\x83\x7c \x66\xbb\xee\x02 \x66\xba\x32\x00 \x53 \x52 \xff\xd0 \x31\xc0 \x31\xdb \xbb 46\x24\x80\x7c \x66\xb8\xe8\x03 \x50 \xff\xd3 \x49 \x75\xd4 \x31\xc0 \xb8\x12\xcb\x81\x7c \x50 \xff\xd0"; int main(int argc, char **argv) { int (*func)(); func = (int (*)()) code; (int)(*func)(); }