Didier Stevens

Tuesday 16 February 2010

MemoryLoadLibrary: From C Program to Shellcode

Filed under: Hacking,My Software,Shellcode — Didier Stevens @ 0:40

The DLL-loading shellcode I used in my cmd.xls spreadsheet was generated with a method I worked out to generate WIN32 shellcode with a C-compiler. You can find it on my new Shellcode page.

With this release, I provide you with all the tools you need to build your own version of cmd.xls:


  1. […] of the graphics. I took Solitaire from ReactOS, turned it into a DLL and embedded it with my memory loading shellcode into Excel macros (the same technique as I developed for cmd.dll and regedit.dll). I imagine that a […]

    Pingback by Frisky Solitaire – Another Info Stealer « Didier Stevens — Tuesday 9 March 2010 @ 0:01

  2. Hi,
    Thank you for sharing this.
    i have qustion, how can i replace the dll in ShellCodeMemoryModule.exe.bin with cmd.dll?

    Comment by Anonymous — Tuesday 20 April 2010 @ 15:47

  3. @Anonymous You’ll notice that the DLL is just appended to the shellcode (when you open the file with a hex editor). Just replace the bytes of the DLL with your own DLL.

    Comment by Didier Stevens — Monday 26 April 2010 @ 9:17

RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.