The DLL-loading shellcode I used in my cmd.xls spreadsheet was generated with a method I worked out to generate WIN32 shellcode with a C-compiler. You can find it on my new Shellcode page.
With this release, I provide you with all the tools you need to build your own version of cmd.xls:
- take cmd.dll
- replace the dll in ShellCodeMemoryModule.exe.bin with cmd.dll
- generate VBA code for this shellcode + DLL with shellcode2vbscript.py
- Copy this VBA code in a spreadsheet
Didier Stevens 
[…] of the graphics. I took Solitaire from ReactOS, turned it into a DLL and embedded it with my memory loading shellcode into Excel macros (the same technique as I developed for cmd.dll and regedit.dll). I imagine that a […]
Pingback by Frisky Solitaire – Another Info Stealer « Didier Stevens — Tuesday 9 March 2010 @ 0:01
Hi,
Thank you for sharing this.
i have qustion, how can i replace the dll in ShellCodeMemoryModule.exe.bin with cmd.dll?
Comment by Anonymous — Tuesday 20 April 2010 @ 15:47
@Anonymous You’ll notice that the DLL is just appended to the shellcode (when you open the file with a hex editor). Just replace the bytes of the DLL with your own DLL.
Comment by Didier Stevens — Monday 26 April 2010 @ 9:17