Shellcode to Scroll your Desktop Vertically and Horizontally

This is another fun shellcode that I made to scroll your desktop vertically and horizontally infinitely.

[code language=”C”]
# include <stdlib.h>
# include <stdio.h>
# include <string.h>
# include <windows.h>

/*
* Title: Shellcode to scroll your desktop vertically and horizontally infinitely
* Author: Osanda Malith Jayathissa (@OsandaMalith)
* Website: https://osandamalith.com
* This was strictly made for fun : )
*/

int main() {
char *shellcode =
"\xe8\xff\xff\xff\xff\xc0\x5f\xb9\x24\x02\x01\x01\x81\xf1\x01\x01"
"\x01\x01\x83\xc7\x1d\x33\xf6\xfc\x8a\x07\x3c\x06\x0f\x44\xc6\xaa"
"\xe2\xf6\xe8\x06\x06\x06\x06\x5e\x8b\xfe\x81\xc6\xf2\x02\x06\x06"
"\xb9\x03\x06\x06\x06\xfc\xad\x01\x3c\x07\xe2\xfa\x55\x8b\xec\x83"
"\xec\x3c\x53\x56\x57\xb9\x8d\x10\xb7\xf8\xe8\x20\x02\x06\x06\x8b"
"\xf0\x68\xfe\x02\x06\x06\xff\xd6\x68\x0b\x03\x06\x06\xff\xd6\x68"
"\x15\x03\x06\x06\xff\xd6\xb9\xe0\x53\x31\x4b\xe8\xff\x01\x06\x06"
"\xb9\x49\x67\xd2\xbe\xe8\xf5\x01\x06\x06\x8b\xd8\xb9\xdb\xda\xeb"
"\xd0\x89\x5d\xcc\xe8\xe6\x01\x06\x06\xb9\x4c\x0c\x02\xae\x89\x45"
"\xfc\xe8\xd9\x01\x06\x06\xb9\xa7\x0b\x59\x08\x89\x45\xc4\xe8\xcc"
"\x01\x06\x06\xb9\xaa\xf7\xb4\x69\x89\x45\xe0\xe8\xbf\x01\x06\x06"
"\x8b\xf0\xb9\xda\x7c\x54\xcb\x89\x75\xd0\xe8\xb0\x01\x06\x06\xb9"
"\x13\xd4\x9b\xc3\x89\x45\xe8\xe8\xa3\x01\x06\x06\xb9\xe2\x9d\x97"
"\xbc\x89\x45\xf8\xe8\x96\x01\x06\x06\xb9\x33\xd6\x41\xc3\x89\x45"
"\xdc\xe8\x89\x01\x06\x06\xb9\x0f\xa4\xbf\xd1\x89\x45\xd8\xe8\x7c"
"\x01\x06\x06\xb9\x32\xe6\xd6\x1c\x89\x45\xd4\xe8\x6f\x01\x06\x06"
"\x89\x45\xe4\x6a\x06\xff\xd3\x6a\x06\x8b\xf8\xff\xd6\x8b\xd8\x6a"
"\x01\x89\x5d\xf4\xff\xd6\x8b\xf0\x8d\x0c\x36\x51\x53\x57\xff\x55"
"\xe8\x57\x89\x45\xec\xff\x55\xe4\xff\x75\xec\x8b\xd8\x53\xff\x55"
"\xf8\x68\x20\x06\xcc\x06\x89\x45\xc8\x33\xc0\x50\x50\x57\x56\xff"
"\x75\xf4\x50\x50\x53\xff\x55\xfc\x68\x20\x06\xcc\x06\x33\xc0\x50"
"\x50\x57\x56\xff\x75\xf4\x56\x50\x53\xff\x55\xfc\x8b\xc6\x89\x75"
"\xf0\x68\x20\x06\xcc\x06\x50\x33\xc0\x50\x53\x56\xff\x75\xf4\x50"
"\x50\x57\xff\x55\xfc\x6a\x05\xff\x55\xe0\x8b\x45\xf0\x83\xe8\x05"
"\x89\x45\xf0\x79\xdc\x33\xf6\x56\x57\x6a\x0f\x56\xff\x55\xdc\xff"
"\x75\xec\xff\x55\xd8\xff\x75\xc8\x53\xff\x55\xf8\x53\xff\x55\xd4"
"\x56\xff\x55\xcc\x8b\x7d\xd0\x6a\x06\x8b\xf0\xff\xd7\x6a\x01\x8b"
"\xd8\xff\xd7\x50\x8d\x0c\x1b\x51\x56\x89\x45\xf4\xff\x55\xe8\x56"
"\x89\x45\xf0\xff\x55\xe4\xff\x75\xf0\x8b\xf8\x57\xff\x55\xf8\x68"
"\x20\x06\xcc\x06\x89\x45\xc8\x33\xc0\x50\x50\x56\xff\x75\xf4\x53"
"\x50\x50\x57\xff\x55\xfc\x68\x20\x06\xcc\x06\x33\xc0\x50\x50\x56"
"\xff\x75\xf4\x53\x50\x53\x57\xff\x55\xfc\x8b\xc3\x89\x5d\xec\x68"
"\x20\x06\xcc\x06\x33\xc9\x51\x50\x57\xff\x75\xf4\x53\x51\x51\x56"
"\xff\x55\xfc\x6a\x05\xff\x55\xe0\x8b\x45\xec\x83\xe8\x08\x89\x45"
"\xec\x79\xdc\x33\xdb\x53\x56\x6a\x0f\x53\xff\x55\xdc\xff\x75\xf0"
"\xff\x55\xd8\xff\x75\xc8\x57\xff\x55\xf8\x57\xff\x55\xd4\x56\x53"
"\xff\x55\xc4\x8b\x75\xd0\x8b\x5d\xcc\xe9\xb5\xfe\xff\xff\x33\xd2"
"\xeb\x10\xc1\xca\x0d\x3c\x61\x0f\xbe\xc0\x7c\x03\x83\xe8\x20\x03"
"\xd0\x41\x8a\x01\x84\xc0\x75\xea\x8b\xc2\xc3\x8d\x41\xf8\xc3\x55"
"\x8b\xec\x83\xec\x14\x53\x56\x57\x89\x4d\xf4\x64\xa1\x30\x06\x06"
"\x06\x89\x45\xfc\x8b\x45\xfc\x8b\x40\x0c\x8b\x40\x14\x89\x45\xec"
"\x8b\xf8\x8b\xcf\xe8\xd2\xff\xff\xff\x8b\x70\x18\x8b\x3f\x85\xf6"
"\x74\x4f\x8b\x46\x3c\x8b\x5c\x30\x78\x85\xdb\x74\x44\x8b\x4c\x33"
"\x0c\x03\xce\xe8\x96\xff\xff\xff\x8b\x4c\x33\x20\x89\x45\xf8\x33"
"\xc0\x03\xce\x89\x4d\xf0\x89\x45\xfc\x39\x44\x33\x18\x76\x22\x8b"
"\x0c\x81\x03\xce\xe8\x75\xff\xff\xff\x03\x45\xf8\x39\x45\xf4\x74"
"\x1c\x8b\x45\xfc\x8b\x4d\xf0\x40\x89\x45\xfc\x3b\x44\x33\x18\x72"
"\xde\x3b\x7d\xec\x75\x9c\x33\xc0\x5f\x5e\x5b\xc9\xc3\x8b\x4d\xfc"
"\x8b\x44\x33\x24\x8d\x04\x48\x0f\xb7\x0c\x30\x8b\x44\x33\x1c\x8d"
"\x04\x88\x8b\x04\x30\x03\xc6\xeb\xdf\x2b\x06\x06\x06\x32\x06\x06"
"\x06\x39\x06\x06\x06\x6b\x65\x72\x6e\x65\x6c\x33\x32\x2e\x64\x6c"
"\x6c\x06\x67\x64\x69\x33\x32\x2e\x64\x6c\x6c\x06\x75\x73\x65\x72"
"\x33\x32\x2e\x64\x6c\x6c\x06";

DWORD oldProtect;

wprintf(L"Length : %d bytes\n@OsandaMalith", strlen(shellcode));
BOOL ret = VirtualProtect (shellcode, strlen(shellcode), PAGE_EXECUTE_READWRITE, &oldProtect);

if (!ret) {
fprintf(stderr, "%s", "Error Occured");
return EXIT_FAILURE;
}

((void(*)(void))shellcode)();

VirtualProtect (shellcode, strlen(shellcode), oldProtect, &oldProtect);

return EXIT_SUCCESS;
}
[/code]

Leave a Reply