#include <stdio.h>
#include <string.h>
#include <unistd.h>
int main() {
// Hexadecimal shellcode to print "Hello, World!"
unsigned char shellcode[] =
"\xeb\x1e" // JMP SHORT +30 bytes
"\x48\x31\xc0" // XOR RAX, RAX
"\x48\x89\xc2" // MOV RDX, RAX
"\x48\x89\xc6" // MOV RSI, RAX
"\x48\x8d\x3d\x0a\x00\x00\x00" // LEA RDI, [RIP+10]
"\xb0\x01" // MOV AL, 1 (sys_write)
"\x48\xc7\xc2\x0d\x00\x00\x00" // MOV RDX, 13 (length of message)
"\x0f\x05" // SYSCALL
"\xe8\xdd\xff\xff\xff" // CALL -35 bytes
"Hello, World!\n"; // String
printf("Shellcode length: %ld bytes\n", sizeof(shellcode) - 1);
// Cast the shellcode pointer to a function and execute it
void (*execute)() = (void (*)())shellcode;
execute();
return 0;
}#include <stdio.h>
#include <sys/mman.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
unsigned char shellcode[] =
"\xeb\x1e" // JMP SHORT +30 bytes
"\x48\x31\xc0" // XOR RAX, RAX
"\x48\x89\xc2" // MOV RDX, RAX
"\x48\x89\xc6" // MOV RSI, RAX
"\x48\x8d\x3d\x0a\x00\x00\x00" // LEA RDI, [RIP+10]
"\xb0\x01" // MOV AL, 1 (sys_write)
"\x48\xc7\xc2\x0d\x00\x00\x00" // MOV RDX, 13 (length of message)
"\x0f\x05" // SYSCALL
"\xe8\xdd\xff\xff\xff" // CALL -35 bytes
"Hello, World!\n"; // String
int main() {
char input[20];
void *address;
printf("Enter memory address in hexadecimal (e.g., 0x7fffffffe000): ");
if (fgets(input, sizeof(input), stdin) == NULL) {
fprintf(stderr, "Error reading input.\n");
return 1;
}
address = (void *)strtoull(input, NULL, 16);
if (address == NULL || mprotect((void *)((size_t)address & ~(getpagesize() - 1)), getpagesize(), PROT_READ | PROT_WRITE | PROT_EXEC) != 0) {
fprintf(stderr, "Invalid or inaccessible memory address.\n");
return 1;
}
memcpy(address, shellcode, sizeof(shellcode));
printf("Executing shellcode at address: %p\n", address);
void (*execute)() = (void (*)())address;
execute();
return 0;
}