Reconstruct the source code - Forums

Home » Forums » MAIN » Reconstruct the source code

I have search everywhere, but I can find my source code that uses NtShutDownSystem.

I have attached the .exe and the source code that IDA came up with.

Can someone help me get my source code back.

Thanks.

Attachments:

fast_sd.zip

Posted on 2010-04-16 13:48:24 by skywalker

Re: Reconstruct the source code

Here you have one ;) http://board.flatassembler.net/topic.php?t=5068 (It also demonstrates the creation of very small executables, smaller than 1 KiB)

Perhaps you won't be able to see the attachment if you're not registered so I better copy the code here:

;++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
;
; shutd0wn.exe (159 bytes)
;
; coder: chris
; assembler: fasm 1.65.17
; release date: April 7th, 2006
; contact: chris.wu.yale@gmail.com
;
; this code tries to make the smallest
; possible Win32 shutdown-system program
;
; Copyright (C) 2006 Chris Wu All Rights Reserved
;
; this program has only been tested on Windows XP SP2,
; and comes with no warranty. Test it at your own risk.
; You may redistribute this source file freely,
; provided this legal notice remains intact.
;
;++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

use32
org image_base

image_base=0x00400000
sizeof_headers=sizeof_optional_header

ShutdownPowerOff=2
SeShutdownPrivilege=0x13
SE_PRIVILEGE_ENABLED=0x2
TOKEN_ADJUST_PRIVILEGES=0x20

NtAdjustPrivilegesToken=011
NtOpenProcessToken=123
NtShutdownSystem=249

dos_header:
        dw 'MZ'
        db 'ch'

nt_header:
        dd 'PE'
        dw 0x14c ; machine
        dw 0

main:   ; 12
        push eax
        mov eax,esp
        push eax
        push TOKEN_ADJUST_PRIVILEGES
        push -1
        push eax
        jmp next_1 ;2
        db 'r'

        dw sizeof_optional_header
        dw 0x10e ; characteristics

optional_header:
        dw 0x10b   ; magic

next_1: ; 14
        push return_1 ; 5
        mov eax,NtOpenProcessToken ; 5
        jmp stub ; 2
        db 'is'

        dd main-image_base ; entry point

return_1: ; 8
        add esp,0x10
        pop edx
        push SE_PRIVILEGE_ENABLED
        jmp next_2

        dd image_base
        dd 4, 4

next_2: ; 8
        push 0
        push SeShutdownPrivilege
        push 1 ; count of privilege
        jmp next_3

        dw 3 ; major sub-system version

next_3: ; 6
        mov eax,esp
        push 0
        jmp next_4

        dd sizeof_image
        dd sizeof_headers

stub:   ; 4
        mov edx,esp
        sysenter
        dw 2 ; subsystem
        db 'wu'
        dd 0x10000,0x1000,0x10000,0x1000
        db 'yale'
        dd 0 ; number of directories

next_4:
        push 0
        push 0
        push eax
        push 0
        push edx
        push eax
        push return_2
        mov eax,NtAdjustPrivilegesToken
        jmp stub
return_2:
        add esp,0x2c
        push ShutdownPowerOff
        push eax
        push eax
        mov eax,NtShutdownSystem
        jmp stub

sizeof_optional_header=$-optional_header
sizeof_image=$

Posted on 2010-04-16 14:20:11 by LocoDelAssembly

ASM Community