Bug Fix

UEFI-code · UEFI-code · commit abc76f7ba178 · 2024-11-04T11:22:27.000+09:00
diff --git a/MonikaHijack/MonikaShellCode1.txt b/MonikaHijack/MonikaShellCode1.txt
@@ -1,3 +1,5 @@
+55
+48 8B EC
 E8 00 00 00 00
 5A
 48 83 C2 21
@@ -8,4 +10,5 @@ E8 00 00 00 00
 48 B8 60 E0 94 1A FC 7F 00 00
 FF D0
 C3
-90 90 4A 55 53 74 20 4D 6F 6E 69 6B 61 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 41 4C 45 52 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
+5D
+90 90 4A 55 53 74 20 4D 6F 6E 69 6B 61 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 41 4C 45 52 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 055
diff --git a/MonikaHijack/demo1.cpp b/MonikaHijack/demo1.cpp
@@ -4,6 +4,8 @@
 
 // Corrected Shellcode to inject
 const BYTE shellcode[] = {
+    0x55,                          // push rbp
+    0x48, 0x8B, 0xEC,              // mov rbp, rsp
     0xE8, 0x00, 0x00, 0x00, 0x00,  // call $+5 (self-relative)
     0x5A,                          // pop rdx
     0x48, 0x83, 0xC2, 0x21,        // add rdx, 0x21 (adjust rdx to point to "JUST Monika!")
@@ -13,6 +15,7 @@ const BYTE shellcode[] = {
     0x4D, 0x31, 0xC9,              // xor r9, r9 (uType = MB_OK)
     0x48, 0xB8, 0x60, 0xE0, 0x94, 0x1A, 0xFC, 0x7F, 0x00, 0x00, // mov rax, <MessageBoxA address>
     0xFF, 0xD0,                    // call rax (call MessageBoxA)
+    0x5D,                          // pop rbp
     0xC3,                          // ret
     0x90, 0x90,                    // nop nop (padding)
     // MessageBox strings (null-terminated)
diff --git a/MonikaHijack/demo1.exe b/MonikaHijack/demo1.exe
diff --git a/MonikaHijack/demo2.cpp b/MonikaHijack/demo2.cpp
@@ -4,6 +4,8 @@
 
 // Corrected Shellcode to inject
 const BYTE shellcode[] = {
+    0x55,                          // push rbp
+    0x48, 0x8B, 0xEC,              // mov rbp, rsp
     0xE8, 0x00, 0x00, 0x00, 0x00,  // call $+5 (self-relative)
     0x5A,                          // pop rdx
     0x48, 0x83, 0xC2, 0x21,        // add rdx, 0x21 (adjust rdx to point to "JUST Monika!")
@@ -13,6 +15,7 @@ const BYTE shellcode[] = {
     0x4D, 0x31, 0xC9,              // xor r9, r9 (uType = MB_OK)
     0x48, 0xB8, 0x60, 0xE0, 0x94, 0x1A, 0xFC, 0x7F, 0x00, 0x00, // mov rax, <MessageBoxA address>
     0xFF, 0xD0,                    // call rax (call MessageBoxA)
+    0x5D,                          // pop rbp
     0xC3,                          // ret
     0x90, 0x90,                    // nop nop (padding)
     // MessageBox strings (null-terminated)
diff --git a/MonikaHijack/demo2.exe b/MonikaHijack/demo2.exe
diff --git a/MonikaHijack/test.cpp b/MonikaHijack/test.cpp
@@ -0,0 +1,22 @@
+#include<windows.h>
+
+const char msg[] = "JUST Monika!";
+const char title[] = "ALERT";
+
+void display_message_box()
+{
+    MessageBoxA(0, msg, title, MB_OK);
+}
+
+int main()
+{
+    HANDLE hThread;
+	while(1)
+	{
+		// create thread to display message box
+        hThread = CreateThread(0, 0, (LPTHREAD_START_ROUTINE)display_message_box, 0, 0, 0);
+    	// wait for the thread
+        WaitForSingleObject(hThread, INFINITE);
+	}
+    
+}
