Windows/x86 (NT/XP) - IsDebuggerPresent Shellcode (39 bytes)

Author: ex-pb
type: 
platform: windows_x86
port: 39.0
date_added: 2007-05-30 
date_updated:  
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 

/* Shellcode Length: 39 bytes  */
/* sets PEB->BeingDebugged to 0 */
/* IsDebuggerPresent()/BeingDebugged bypass */
/* by ex-pb @ screw_you@web.de */
/* greets: xgx and all i forgot */

#include <stdio.h>
#include <windows.h>

char ShellCode[] = "\xEB"
"\x0F\x58\x80\x30\x95\x40\x81\x38\x68\x61\x63\x6B\x75\xF4\xEB\x05\xE8\xEC\xFF\xFF"
"\xFF\xF1\x34\xA5\x95\x95\x95\xAB\x53\xD5\x97\x95\x56\x68\x61\x63\x6B\xCD";

int main()
{
	printf("Shellcode length: %d\n", strlen(ShellCode));
	return 0;
}

// milw0rm.com [2007-05-31]