CAP 4145 University of Central Florida Manually Generating Shellcode Worksheet Attached are all the files needed Assn5-Shellcode.docx shellcode_cmd_fi

CAP 4145 University of Central Florida Manually Generating Shellcode Worksheet Attached are all the files needed

Assn5-Shellcode.docx

Don't use plagiarized sources. Get Your Custom Essay on
CAP 4145 University of Central Florida Manually Generating Shellcode Worksheet Attached are all the files needed Assn5-Shellcode.docx shellcode_cmd_fi
Just from $13/Page
Order Essay

shellcode_cmd_fixed.asm

TestShellcode.c

CAP 4145 Introduction to Malware Analysis

Assignment 5 – Manually Generating Shellcode

10 points

Instructions:

1. Note: Blue text points to a web link. Ctrl + Click to follow link.

2. This is a team assignment. However, every student MUST submit the term project report even if all members of a group submit the same report.

3. Answers to all questions must be put into ONE document. That is, every time, each student can only submit one report document, answering all questions of this assignment, if not explicitly stated otherwise.

4. Students must put answers following each question in this assignment. The instructor will not grade a report with only answers in it and the student gets zero for such an assignment. An assignment report must include original questions.

5. Students MUST submit the finished assignment in either Microsoft Word or pdf format to Webcourse. The doc must be submitted as ONE standalone file and cannot be tarred or zipped into a container.

6. All required files or docs must be submitted in one submission (last submission). Note: Blackboard allows unlimited number of submission of one assignment by students.

7. Refer to Print screen on how to take a screenshot. Pressing the Alt key in combination with PrtSc will capture the currently selected window.

Problems:

Answer each question following the original question. Do NOT delete the original question.

Students are provided an example assembly code shellcode_cmd_fixed.asm and an example shellcode testing code TestShellcode.c. Windows API addresses in shellcode_cmd_fixed.asm must be changed, and the shellcode in TestShellcode.c must be changed in the context of the student’s VM so that the shellcode works.

Notes [1]:

“Most Windows process (*.exe) are loaded in (user mode) memory address 0x00400000, that’s what we call the “virtual address” (VA) – because they are visible only to each process, and will be converted to different physical addresses by the OS (visible by the kernel / driver layer).”

“Regarding RVA (Relative Virtual Address), it’s simply designed to ease relocation. When loading relocable modules (eg, DLL) the system will try to slide it through process memory space. So in file layout it puts a “relative” address to help calculation.”

Hints:

To manually get the address of a function in a dll,

– Get the base address of the dll using listdlls

– Get the RVA of the function in the dll with peview

– The address of the function = dll base address + function RVA

Compile with nasm and link with GoLink
Get the shellcode with OllyDbg
Compile the shellcode test code with gcc from Mingw-w64

Requirements:

To manually get the address of a function in a dll,

– Get the base address of the dll using listdlls. Please provide a screenshot of the obtained base address. (1 point)

– Get the RVA of the function in the dll with peview. Please provide a screenshot of the base address for each of the two Windows functions (WinExec and ExitProcess) in peview. (1 point)

– The address of the Windows function = dll base address + function RVA. Write down the addresses of the two functions below. (1 point)

Update shellcode_cmd_fixed.asm with correct addresses of the two Windows functions/APIs, compile the assembly with nasm and link the object file with GoLink. The instructions of compilation and linking are inside the .asm file. Please provide a screenshot of the compilation and linking. (1 point)
Get the shellcode with OllyDbg. Please provide a screenshot of the shellcode in OllyDbg. (1 point)
Copy the shellcode into TestShellcode.c, and compile it with gcc from i686-posix-dwarf of Mingw-w64. Please provide a screenshot of the compilation. (1 point)
Run the testing shellcode code on the target VM. Please provide a screenshot of the running result. (4 points)

References

[1] VA (Virtual Address) & RVA (Relative Virtual Address), Jul 3 ’18 at 17:31 CAP 4145 Introduction to Malware Analysis
Assignment 5 – Manually Generating Shellcode
10 points
Instructions:
1. Note: Blue text points to a web link. Ctrl + Click to follow link.
2. This is a team assignment. However, every student MUST submit the term project report
even if all members of a group submit the same report.
3. Answers to all questions must be put into ONE document. That is, every time, each student
can only submit one report document, answering all questions of this assignment, if not
explicitly stated otherwise.
4. Students must put answers following each question in this assignment. The instructor will not
grade a report with only answers in it and the student gets zero for such an assignment. An
assignment report must include original questions.
5. Students MUST submit the finished assignment in either Microsoft Word or pdf format to
Webcourse. The doc must be submitted as ONE standalone file and cannot be tarred or
zipped into a container.
6. All required files or docs must be submitted in one submission (last submission). Note:
Blackboard allows unlimited number of submission of one assignment by students.
7. Refer to Print screen on how to take a screenshot. Pressing the Alt key in combination with
PrtSc will capture the currently selected window.
Problems:
Answer each question following the original question. Do NOT delete the original question.
Students are provided an example assembly code shellcode_cmd_fixed.asm and an example
shellcode testing code TestShellcode.c. Windows API addresses in shellcode_cmd_fixed.asm
must be changed, and the shellcode in TestShellcode.c must be changed in the context of the
student’s VM so that the shellcode works.
Notes [1]:
“Most Windows process (*.exe) are loaded in (user mode) memory address 0x00400000, that’s
what we call the “virtual address” (VA) – because they are visible only to each process, and will
be converted to different physical addresses by the OS (visible by the kernel / driver layer).”
“Regarding RVA (Relative Virtual Address), it’s simply designed to ease relocation. When
loading relocable modules (eg, DLL) the system will try to slide it through process memory
space. So in file layout it puts a “relative” address to help calculation.”
Hints:
• To manually get the address of a function in a dll,
– Get the base address of the dll using listdlls
– Get the RVA of the function in the dll with peview
1



– The address of the function = dll base address + function RVA
Compile with nasm and link with GoLink
Get the shellcode with OllyDbg
Compile the shellcode test code with gcc from Mingw-w64
Requirements:

To manually get the address of a function in a dll,
– Get the base address of the dll using listdlls. Please provide a screenshot of the obtained
base address. (1 point)
– Get the RVA of the function in the dll with peview. Please provide a screenshot of the
base address for each of the two Windows functions (WinExec and ExitProcess) in
peview. (1 point)
– The address of the Windows function = dll base address + function RVA. Write down the
addresses of the two functions below. (1 point)

Update shellcode_cmd_fixed.asm with correct addresses of the two Windows functions/APIs,
compile the assembly with nasm and link the object file with GoLink. The instructions of
compilation and linking are inside the .asm file. Please provide a screenshot of the
compilation and linking. (1 point)

Get the shellcode with OllyDbg. Please provide a screenshot of the shellcode in OllyDbg. (1
point)

Copy the shellcode into TestShellcode.c, and compile it with gcc from i686-posix-dwarf of
Mingw-w64. Please provide a screenshot of the compilation. (1 point)

Run the testing shellcode code on the target VM. Please provide a screenshot of the running
result. (4 points)
References
[1] VA (Virtual Address) & RVA (Relative Virtual Address), Jul 3 ’18 at 17:31
2

Purchase answer to see full
attachment

Homework Writings Pro
Calculate your paper price
Pages (550 words)
Approximate price: -

Why should I choose Homework Writings Pro as my essay writing service?

We Follow Instructions and Give Quality Papers

We are strict in following paper instructions. You are welcome to provide directions to your writer, who will follow it as a law in customizing your paper. Quality is guaranteed! Every paper is carefully checked before delivery. Our writers are professionals and always deliver the highest quality work.

Professional and Experienced Academic Writers

We have a team of professional writers with experience in academic and business writing. Many are native speakers and able to perform any task for which you need help.

Reasonable Prices and Free Unlimited Revisions

Typical student budget? No problem. Affordable rates, generous discounts - the more you order, the more you save. We reward loyalty and welcome new customers. Furthermore, if you think we missed something, please send your order for a free review. You can do this yourself by logging into your personal account or by contacting our support..

Essay Delivered On Time and 100% Money-Back-Guarantee

Your essay will arrive on time, or even before your deadline – even if you request your paper within hours. You won’t be kept waiting, so relax and work on other tasks.We also guatantee a refund in case you decide to cancel your order.

100% Original Essay and Confidentiality

Anti-plagiarism policy. The authenticity of each essay is carefully checked, resulting in truly unique works. Our collaboration is a secret kept safe with us. We only need your email address to send you a unique username and password. We never share personal customer information.

24/7 Customer Support

We recognize that people around the world use our services in different time zones, so we have a support team that is happy to help you use our service. Our writing service has a 24/7 support policy. Contact us and discover all the details that may interest you!

Try it now!

Calculate the price of your order

Total price:
$0.00

How it works?

Follow these simple steps to get your paper done

Place your order

Fill in the order form and provide all details of your assignment.

Proceed with the payment

Choose the payment system that suits you most.

Receive the final file

Once your paper is ready, we will email it to you.

Our Services

Our reputation for excellence in providing professional tailor-made essay writing services to students of different academic levels is the best proof of our reliability and quality of service we offer.

Essays

Essay Writing Service

When using our academic writing services, you can get help with different types of work including college essays, research articles, writing, essay writing, various academic reports, book reports and so on. Whatever your task, homeworkwritingspro.com has experienced specialists qualified enough to handle it professionally.

Admissions

Admission Essays & Business Writing Help

An admission essay is an essay or other written statement by a candidate, often a potential student enrolling in a college, university, or graduate school. You can be rest assurred that through our service we will write the best admission essay for you.

Reviews

Editing Support

Our professional editor will check your grammar to make sure it is free from errors. You can rest assured that we will do our best to provide you with a piece of dignified academic writing. Homeworkwritingpro experts can manage any assignment in any academic field.

Reviews

Revision Support

If you think your paper could be improved, you can request a review. In this case, your paper will be checked by the writer or assigned to an editor. You can use this option as many times as you see fit. This is free because we want you to be completely satisfied with the service offered.

See all services